ci: run on merge to main, also build docker

NexusSocial · Oct 6, 2024 · d46a80e · d46a80e
1 parent 3e40940
commit d46a80e
Show file tree

Hide file tree

Showing 3 changed files with 115 additions and 74 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,54 +1,41 @@
-name: CI
+name: CI/CD
 on:
+  workflow_call:
   push:
     branches:
       - main
   pull_request:
   workflow_dispatch:
 
-jobs:
-  fmt:
-    name: Check Formatting
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - name: Cache cargo dependencies
-        uses: Swatinem/rust-cache@v2
-
-      - name: Check formatting
-        run: cargo fmt --check --all
-
-  check:
-    name: Lint and Build
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - name: Cache cargo dependencies
-        uses: Swatinem/rust-cache@v2
-
-      - name: Clippy lints
-        run: cargo clippy --all --all-features --all-targets --no-deps -- -D warnings
-
-      - name: Cargo Doc
-        run: RUSTDOCFLAGS="-D warnings" cargo doc --all --all-features --no-deps --document-private-items
-
-  test:
-    name: Run Tests on all platforms
-    strategy:
-      matrix:
-        runs-on: ["ubuntu-24.04", "windows-2022", "macos-14"]
-    runs-on: ${{ matrix.runs-on }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Cache cargo dependencies
-        uses: Swatinem/rust-cache@v2
+on:
+  pull_request:
+  workflow_dispatch:
 
-      - name: Test
-        run: cargo test --all --all-features --all-targets
+env:
+  CI_IS_DEFAULT_BRANCH: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+  CI_IS_TAG: ${{ startsWith(github.ref, 'refs/tags/') }}
 
-  deny:
-    name: Run cargo deny
-    runs-on: ubuntu-22.04
+jobs:
+  check-inputs:
+    runs-on: ubuntu-24.04
+    outputs:
+      CI_CARGO_PROFILE: ${{ steps.set-profile.outputs.CI_CARGO_PROFILE }}
     steps:
-    - uses: actions/checkout@v4
-    - uses: EmbarkStudios/cargo-deny-action@v1
+      - name: Set CI_CARGO_PROFILE
+        id: set-profile
+        run: |
+          if [[ ${CI_IS_DEFAULT_BRANCH} == 'true' ]]; then
+            echo "CI_CARGO_PROFILE=artifact" >> $GITHUB_OUTPUT
+          else
+            echo "CI_CARGO_PROFILE=debug" >> $GITHUB_OUTPUT
+          fi
+
+  rust:
+    needs: check-inputs
+    uses: ./.github/workflows/rust.yaml
+    with:
+      profile: ${{ needs.check-inputs.outputs.CI_CARGO_PROFILE }}
+
+  container:
+    needs: rust
+    uses: ./.github/workflows/container.yaml
diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml
@@ -0,0 +1,26 @@
+name: Build Containers
+on:
+  workflow_call:
+
+# See https://stackoverflow.com/questions/66335225/how-to-cancel-previous-runs-in-the-pr-when-you-push-new-commitsupdate-the-curre
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: Build Docker/OCI Image
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/[email protected]
+      - name: Download Rust Artifacts
+        uses: actions/[email protected]
+        with:
+          name: rust
+          path: artifacts
+      - name: Run buildah to build OCI image
+        run: |
+          buildah build . \
+            --platform linux/arm64,linux/amd64,windows/amd64 \
+            -f identity-server/Dockerfile
+
diff --git a/.github/workflows/release.yaml → .github/workflows/rust.yaml b/.github/workflows/release.yaml → .github/workflows/rust.yaml
@@ -1,15 +1,58 @@
-name: Release
+name: Rust CI
 on:
-  workflow_dispatch:
+  workflow_call:
     inputs:
-      component:
-        description: "The component to release"
+      profile:
         required: true
-        type: choice
-        options:
-          - identity-server
+        type: string
 
 jobs:
+  fmt:
+    name: Check Formatting
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/[email protected]
+      - name: Cache cargo dependencies
+        uses: Swatinem/[email protected]
+
+      - name: Check formatting
+        run: cargo fmt --check --all
+
+  check:
+    name: Lint and Build
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/[email protected]
+      - name: Cache cargo dependencies
+        uses: Swatinem/[email protected]
+
+      - name: Clippy lints
+        run: cargo clippy --all --all-features --all-targets --no-deps -- -D warnings
+
+      - name: Cargo Doc
+        run: RUSTDOCFLAGS="-D warnings" cargo doc --all --all-features --no-deps --document-private-items
+
+  test:
+    name: Run Tests on all platforms
+    strategy:
+      matrix:
+        runs-on: ["ubuntu-24.04", "windows-2022", "macos-14"]
+    runs-on: ${{ matrix.runs-on }}
+    steps:
+      - uses: actions/[email protected]
+      - name: Cache cargo dependencies
+        uses: Swatinem/[email protected]
+
+      - name: Test
+        run: cargo test --all --all-features --all-targets
+
+  deny:
+    name: Run cargo deny
+    runs-on: ubuntu-24.04
+    steps:
+    - uses: actions/[email protected]
+    - uses: EmbarkStudios/[email protected]
+
   build:
     name: Build the code for each platform
     # unless we use osxcross, we can only target mac from a mac machine
@@ -26,8 +69,6 @@ jobs:
           version: 0.13.0
       - name: Cache cargo dependencies
         uses: Swatinem/[email protected]
-      # - name: Install mingw
-      #   run: sudo apt-get install -y mingw-w64
 
       - name: Install cargo-zigbuild
         run: cargo install --locked [email protected]
@@ -39,14 +80,18 @@ jobs:
             --target ${LINUX_ARM} \
             --target ${WINDOWS} \
             --target ${MACOS} \
-            --profile artifact \
-            -p ${{ inputs.component }}
+            --profile ${{ inputs.profile }} \
+            --all
+
       - name: Arrange artifact directory
         run: |
           set -Eeuxo pipefail
           mkdir artifacts
-          component="${{ inputs.component }}"
-          for f in target/*/artifact/"${component}"{,\.exe}; do
+          # TODO: Make it possible to release *all* binaries in these artifacts, not 
+          # just the identity-server.
+          component="identity-server"
+          profile="${{ inputs.profile }}"
+          for f in target/*/"${profile}"/"${component}"{,\.exe}; do
             target_triple="$(echo "${f}" | cut -d '/' -f2)"
             case "${target_triple}" in
               "${LINUX}")
@@ -62,7 +107,6 @@ jobs:
                 exit 1 ;;
             esac
           done
-
           ls -aRsh artifacts
       
       - name: Compute sha256 checksums
@@ -84,19 +128,3 @@ jobs:
           path: |
             artifacts
 
-  release:
-    name: Create Release and Tag
-    runs-on: ubuntu-24.04
-    needs: build
-    steps:
-      - name: Download Rust Artifacts
-        uses: actions/[email protected]
-        with:
-          # didn't specify artifact name, so all artifacts are downloaded and merged
-          # into the `artifacts` dir
-          path: artifacts
-          merge-multiple: true
-
-      - name: List Downloaded Artifacts
-        run: ls -aRsh artifacts
-