feat: path-scoped repository visibility (Phase 1) for #18 (#25) #23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| concurrency: | |
| group: release-${{ github.ref }} | |
| cancel-in-progress: false | |
| jobs: | |
| release-please: | |
| if: ${{ github.repository == 'Gitlawb/node' }} | |
| name: Release Please | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| outputs: | |
| release_created: ${{ steps.release.outputs.release_created }} | |
| tag_name: ${{ steps.release.outputs.tag_name }} | |
| version: ${{ steps.release.outputs.version }} | |
| steps: | |
| - name: Run release-please | |
| id: release | |
| uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.3.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| docker: | |
| name: Build & Push Docker Image | |
| needs: release-please | |
| if: ${{ needs.release-please.outputs.release_created == 'true' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout release tag | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| ref: ${{ needs.release-please.outputs.tag_name }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=semver,pattern={{version}},value=${{ needs.release-please.outputs.version }} | |
| type=semver,pattern={{major}}.{{minor}},value=${{ needs.release-please.outputs.version }} | |
| type=raw,value=latest | |
| - name: Build and load locally (smoke) | |
| uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 | |
| with: | |
| context: . | |
| load: true | |
| tags: gitlawb-node:smoke | |
| cache-from: type=gha | |
| - name: Smoke test | |
| run: docker run --rm gitlawb-node:smoke --version | |
| - name: Build and push (multi-arch) | |
| uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Release summary | |
| run: | | |
| { | |
| echo "## Released ${{ needs.release-please.outputs.tag_name }}" | |
| echo | |
| echo "- Image: \`ghcr.io/${{ github.repository }}:${{ needs.release-please.outputs.version }}\`" | |
| echo "- GitHub: https://github.com/${{ github.repository }}/releases/tag/${{ needs.release-please.outputs.tag_name }}" | |
| } >> "$GITHUB_STEP_SUMMARY" | |
| release-binaries: | |
| name: Build & Attach Binaries | |
| needs: release-please | |
| if: ${{ needs.release-please.outputs.release_created == 'true' }} | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| contents: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - target: x86_64-unknown-linux-musl | |
| os: ubuntu-latest | |
| - target: aarch64-unknown-linux-musl | |
| os: ubuntu-latest | |
| - target: x86_64-apple-darwin | |
| os: macos-13 | |
| - target: aarch64-apple-darwin | |
| os: macos-14 | |
| steps: | |
| - name: Checkout release tag | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| ref: ${{ needs.release-please.outputs.tag_name }} | |
| - name: Set up Rust toolchain | |
| uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # stable | |
| with: | |
| toolchain: stable | |
| targets: ${{ matrix.target }} | |
| - name: Install musl tools (linux) | |
| if: contains(matrix.target, 'linux-musl') | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y musl-tools | |
| if [ "${{ matrix.target }}" = "aarch64-unknown-linux-musl" ]; then | |
| sudo apt-get install -y gcc-aarch64-linux-gnu | |
| echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=aarch64-linux-gnu-gcc" >> "$GITHUB_ENV" | |
| echo "CC_aarch64_unknown_linux_musl=aarch64-linux-gnu-gcc" >> "$GITHUB_ENV" | |
| fi | |
| - name: Cache cargo | |
| uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 | |
| with: | |
| key: ${{ matrix.target }} | |
| - name: Build | |
| run: cargo build --release --target ${{ matrix.target }} -p gl -p git-remote-gitlawb -p gitlawb-node | |
| - name: Package | |
| id: pkg | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| NAME="gitlawb-node-${{ needs.release-please.outputs.version }}-${{ matrix.target }}" | |
| mkdir -p "dist/$NAME" | |
| cp "target/${{ matrix.target }}/release/gl" "dist/$NAME/" | |
| cp "target/${{ matrix.target }}/release/git-remote-gitlawb" "dist/$NAME/" | |
| cp "target/${{ matrix.target }}/release/gitlawb-node" "dist/$NAME/" | |
| cp README.md LICENSE-MIT LICENSE-APACHE "dist/$NAME/" | |
| cd dist | |
| tar czf "$NAME.tar.gz" "$NAME" | |
| shasum -a 256 "$NAME.tar.gz" > "$NAME.tar.gz.sha256" | |
| echo "asset=dist/$NAME.tar.gz" >> "$GITHUB_OUTPUT" | |
| echo "checksum=dist/$NAME.tar.gz.sha256" >> "$GITHUB_OUTPUT" | |
| - name: Attach to release | |
| uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2 | |
| with: | |
| tag_name: ${{ needs.release-please.outputs.tag_name }} | |
| files: | | |
| ${{ steps.pkg.outputs.asset }} | |
| ${{ steps.pkg.outputs.checksum }} |