nightly #188
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: nightly | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 10 * * *" | |
| permissions: | |
| contents: read | |
| jobs: | |
| full-build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: | |
| - x86_64 | |
| - aarch64 | |
| env: | |
| TARGET_ARCH: "${{ matrix.arch }}" | |
| CI_NEEDS_FPM: "1" | |
| name: nightly full build linux-${{ matrix.arch }} | |
| steps: | |
| - name: harden runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| egress-policy: audit | |
| - name: checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| submodules: recursive | |
| - name: install stable rust toolchain with ${{ matrix.arch }}-unknown-linux-gnu and ${{ matrix.arch }}-unknown-linux-musl rust targets | |
| run: | | |
| rustup update --no-self-update stable | |
| rustup default stable | |
| rustup target add ${{ matrix.arch }}-unknown-linux-gnu ${{ matrix.arch }}-unknown-linux-musl | |
| - name: install linux dependencies | |
| run: ./hack/ci/install-linux-deps.sh | |
| - name: build systemd bundle | |
| run: ./hack/dist/bundle.sh | |
| - name: upload systemd bundle | |
| uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | |
| with: | |
| name: krata-bundle-systemd-${{ matrix.arch }} | |
| path: "target/dist/bundle-systemd-${{ matrix.arch }}.tgz" | |
| compression-level: 0 | |
| - name: build deb package | |
| run: ./hack/dist/deb.sh | |
| - name: upload deb package | |
| uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | |
| with: | |
| name: krata-debian-${{ matrix.arch }} | |
| path: "target/dist/*.deb" | |
| compression-level: 0 | |
| - name: build apk package | |
| run: ./hack/dist/apk.sh | |
| - name: upload apk package | |
| uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | |
| with: | |
| name: krata-alpine-${{ matrix.arch }} | |
| path: "target/dist/*_${{ matrix.arch }}.apk" | |
| compression-level: 0 | |
| kratactl-build: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: | |
| - { os: linux, arch: x86_64, on: ubuntu-latest, deps: linux } | |
| - { os: linux, arch: aarch64, on: ubuntu-latest, deps: linux } | |
| - { os: darwin, arch: x86_64, on: macos-14, deps: darwin } | |
| - { os: darwin, arch: aarch64, on: macos-14, deps: darwin } | |
| - { os: freebsd, arch: x86_64, on: ubuntu-latest, deps: linux } | |
| - { os: windows, arch: x86_64, on: windows-latest, deps: windows } | |
| env: | |
| TARGET_OS: "${{ matrix.platform.os }}" | |
| TARGET_ARCH: "${{ matrix.platform.arch }}" | |
| runs-on: "${{ matrix.platform.on }}" | |
| name: nightly kratactl build ${{ matrix.platform.os }}-${{ matrix.platform.arch }} | |
| defaults: | |
| run: | |
| shell: bash | |
| steps: | |
| - name: harden runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| egress-policy: audit | |
| - name: configure git line endings | |
| run: git config --global core.autocrlf false && git config --global core.eol lf | |
| if: ${{ matrix.platform.os == 'windows' }} | |
| - name: checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| submodules: recursive | |
| - name: install stable rust toolchain | |
| run: | | |
| rustup update --no-self-update stable | |
| rustup default stable | |
| - name: install ${{ matrix.platform.arch }}-apple-darwin rust target | |
| run: "rustup target add --toolchain stable ${{ matrix.platform.arch }}-apple-darwin" | |
| if: ${{ matrix.platform.os == 'darwin' }} | |
| - name: setup homebrew | |
| uses: homebrew/actions/setup-homebrew@4b34604e75af8f8b23b454f0b5ffb7c5d8ce0056 # master | |
| if: ${{ matrix.platform.os == 'darwin' }} | |
| - name: install ${{ matrix.platform.deps }} dependencies | |
| run: ./hack/ci/install-${{ matrix.platform.deps }}-deps.sh | |
| - name: cargo build kratactl | |
| run: ./hack/build/cargo.sh build --release --bin kratactl | |
| - name: upload kratactl | |
| uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | |
| with: | |
| name: kratactl-${{ matrix.platform.os }}-${{ matrix.platform.arch }} | |
| path: "target/*/release/kratactl" | |
| if: ${{ matrix.platform.os != 'windows' }} | |
| - name: upload kratactl | |
| uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | |
| with: | |
| name: kratactl-${{ matrix.platform.os }}-${{ matrix.platform.arch }} | |
| path: "target/*/release/kratactl.exe" | |
| if: ${{ matrix.platform.os == 'windows' }} | |
| oci-build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| component: | |
| - kratactl | |
| - kratad | |
| - kratanet | |
| - krata-zone | |
| name: nightly oci build ${{ matrix.component }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| steps: | |
| - name: harden runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| egress-policy: audit | |
| - name: checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| submodules: recursive | |
| - name: install cosign | |
| uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 | |
| - name: setup docker buildx | |
| uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | |
| - name: login to container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: "${{ github.actor }}" | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: docker build and push ${{ matrix.component }} | |
| uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | |
| id: push | |
| with: | |
| file: ./images/Dockerfile.${{ matrix.component }} | |
| platforms: linux/amd64,linux/aarch64 | |
| tags: "ghcr.io/edera-dev/${{ matrix.component }}:nightly" | |
| push: true | |
| - name: cosign sign ${{ matrix.component }} | |
| run: cosign sign --yes "${TAGS}@${DIGEST}" | |
| env: | |
| DIGEST: "${{ steps.push.outputs.digest }}" | |
| TAGS: "ghcr.io/edera-dev/${{ matrix.component }}:nightly" | |
| COSIGN_EXPERIMENTAL: "true" |