-
Notifications
You must be signed in to change notification settings - Fork 9
100 lines (95 loc) · 3.04 KB
/
build-and-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: Build and release
run-name: "Build ${{ !inputs.skip-release && 'and release ' || '' }}v${{ inputs.version }}${{ inputs.suffix }}"
on:
workflow_dispatch:
inputs:
version:
description: Envoy version to build (don't include leading v, don't cancel the build because things might not be cleaned up by terraform properly)
type: string
required: true
suffix:
description: Additional suffix for release/tag (must include leading '-' if desired)
type: string
skip-release:
description: Skip the release?
type: boolean
required: false
schedule:
- cron: 0 4 * * 1
permissions:
id-token: write
contents: write
jobs:
check-input:
runs-on: ubuntu-latest
steps:
- name: Fail if version starts with "v"
id: check-v
run: |
VERSION=${{ inputs.version }}
if [[ $VERSION == v* ]]; then
echo "Run this action without 'v' prefix - ${VERSION:1}. Don't cancel a build in progress build because things might not be cleaned up by terraform"
exit 1
fi
shell: bash
build:
needs: check-input
strategy:
matrix:
os: [darwin, linux, windows]
arch: [arm64, amd64]
fips: ['', 'fips']
exclude:
- os: windows
fips: fips
- os: windows
arch: arm64
- os: darwin
fips: fips
- os: linux
arch: arm64
fips: fips
fail-fast: false
uses: ./.github/workflows/build.yaml
secrets:
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
with:
os: ${{ matrix.os }}
arch: ${{ matrix.arch }}
fips: ${{ matrix.fips == 'fips' }}
version: ${{ inputs.version || 'main' }}
package:
runs-on: ubuntu-latest
needs: build
steps:
- name: Download all workflow run artifacts
uses: actions/download-artifact@v4
- run: |
mkdir out
for dir in envoy*; do
IFS=- read -r envoy os arch fips <<< "${dir}"
for bin in "${dir}"/*; do
chmod +x "${bin}"
bin="$(basename "${bin}")"
IFS=- read -r envoy suffix <<< "${bin}"
archive_name="envoy-${os}-${arch}-v${{ inputs.version }}${{ inputs.suffix }}"
if [[ "${fips}" == "true" ]]; then
archive_name="${archive_name}+fips"
fi
# move file into tar.gz and rename to 'envoy' in archive
tar -C "${dir}" "--transform=flags=r;s|${bin}|envoy|" -czvf "out/${archive_name}.tar.gz" "${bin}"
done
done
- name: Release
if: ${{ !inputs.skip-release }}
uses: softprops/action-gh-release@v2
with:
tag_name: v${{ inputs.version || 'main' }}${{ inputs.suffix }}
draft: true
files: |
out/*
- uses: actions/upload-artifact@v4
with:
name: envoy-v${{ inputs.version }}${{ inputs.suffix }}
path: out/
if-no-files-found: error