-
Notifications
You must be signed in to change notification settings - Fork 0
131 lines (112 loc) · 3.89 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: Release
on:
push:
tags:
# For root tags, such as v0.4.2
- "v[0-9]+.[0-9]+.[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+"
# For subfolder tags, such as workflow-engine-v1.18.0
#- "[a-zA-Z-_]+v[0-9]+.[0-9]+.[0-9]+"
#- "[a-zA-Z-_]+v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+"
- "ci-testing[a-zA-Z]+"
jobs:
build:
permissions:
id-token: write
contents: read
attestations: write
strategy:
matrix:
include:
- platform: linux/amd64
runner: ubuntu-latest
asset_name: ${{ github.event.repository.name }}-linux-amd64-latest
- platform: linux/arm64
runner: arm-ubuntu-latest-8core
asset_name: ${{ github.event.repository.name }}-linux-aarch64-latest
runs-on: ${{ matrix.runner }}
container: docker-oss.nexus.famedly.de/rust-container:nightly
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Rust
uses: famedly/backend-build-workflows/.github/actions/rust-prepare@main
with:
gitlab_ssh: ${{ secrets.CI_SSH_PRIVATE_KEY}}
gitlab_user: ${{ secrets.GITLAB_USER }}
gitlab_pass: ${{ secrets.GITLAB_PASS }}
- name: Caching
uses: Swatinem/rust-cache@b8a6852b4f997182bdea832df3f9e153038b5191
with:
cache-on-failure: true
cache-all-crates: true
- name: Install additional cargo tooling
uses: taiki-e/cache-cargo-install-action@3d5e3efe44b020826abe522d18cb4457042280ef
with:
tool: cargo-auditable
- name: Build release
shell: bash
run: cargo auditable build --release
- name: Rename binary
shell: bash
run: "mv target/release/${{ github.event.repository.name }} target/release/${{ matrix.asset_name }}"
- name: Attest
uses: actions/attest-build-provenance@v1
with:
subject-path: '${{ github.workspace }}/target/release/${{ github.event.repository.name }}'
- name: Upload binary
uses: actions/upload-artifact@v4
with:
name: release-${{ matrix.asset_name }}
path: '${{ github.workspace }}/target/release/${{ github.event.repository.name }}'
sbom:
permissions:
id-token: write
contents: read
attestations: write
runs-on: ubuntu-latest
container: docker-oss.nexus.famedly.de/rust-container:nightly
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Rust
uses: famedly/backend-build-workflows/.github/actions/rust-prepare@main
with:
gitlab_ssh: ${{ secrets.CI_SSH_PRIVATE_KEY}}
gitlab_user: ${{ secrets.GITLAB_USER }}
gitlab_pass: ${{ secrets.GITLAB_PASS }}
- name: Caching
uses: Swatinem/rust-cache@b8a6852b4f997182bdea832df3f9e153038b5191
with:
cache-on-failure: true
cache-all-crates: true
- name: Install additional cargo tooling
uses: taiki-e/cache-cargo-install-action@3d5e3efe44b020826abe522d18cb4457042280ef
with:
tool: cargo-sbom
- name: Generate SBOM
shell: bash
run: cargo sbom > sbom.spdx.json
- name: Attest
uses: actions/attest-build-provenance@v1
with:
subject-path: '${{ github.workspace }}/sbom.spdx.json'
- name: Upload SBOM
uses: actions/upload-artifact@v4
with:
name: release-sbom-spdx
path: '${{ github.workspace }}/sbom.spdx.json'
release:
runs-on: ubuntu-latest
needs: [build, sbom]
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
with:
pattern: release-*
path: artifacts
merge-multiple: true
- name: Create release
uses: softprops/action-gh-release@79721680dfc87fb0f44dfe65df68961056d55c38
with:
files: artifacts/*