1.9.1 #40
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test Docker manifest | |
on: | |
release: | |
types: [published] | |
workflow_dispatch: | |
inputs: | |
release_tag: | |
description: "The release tag to target" | |
permissions: | |
id-token: write | |
contents: write | |
packages: write | |
jobs: | |
start-runner: | |
name: Start EC2 runner | |
runs-on: ubuntu-latest | |
outputs: | |
instance_id: ${{ steps.invoke-start.outputs.INSTANCE_ID }} | |
steps: | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.EC2_ROLE }} | |
aws-region: ${{ vars.EC2_REGION }} | |
- name: Start EC2 instance | |
id: invoke-start | |
env: | |
GH_TOKEN: ${{ secrets.GH_TOKEN_FOR_UPDATES }} | |
EC2_START: ${{ secrets.EC2_START }} | |
run: | | |
RUNNER_TOKEN=$(gh api -X POST -q '.token' /repos/${{ github.repository }}/actions/runners/registration-token) | |
aws lambda invoke \ | |
--cli-binary-format raw-in-base64-out \ | |
--function-name "$EC2_START" \ | |
--payload '{"ref_name":"${{ github.ref_name }}","runner_token":"'"${RUNNER_TOKEN}"'"}' \ | |
response.json | |
INSTANCE_ID=$(jq -r '.body.instance_id' < response.json) | |
echo "INSTANCE_ID=${INSTANCE_ID}" >>"$GITHUB_OUTPUT" | |
echo "Got EC2 instance ${INSTANCE_ID}" | |
echo 'Waiting for GitHub runner to start' | |
while [[ -z "$(gh api /repos/${{ github.repository }}/actions/runners | jq '.runners[] | select(.name == "ec2-spot")')" ]]; do | |
sleep 60 | |
done | |
echo 'Done 🎉' | |
stop-runner: | |
name: Stop EC2 runner | |
runs-on: ubuntu-latest | |
# Ensure that `stop-runner` will always stop the EC2 instance, even if other jobs failed or were canceled | |
if: ${{ always() }} | |
needs: | |
- start-runner | |
- docker-multiplatform-image | |
steps: | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.EC2_ROLE }} | |
aws-region: ${{ vars.EC2_REGION }} | |
- name: Delete GitHub Runner | |
env: | |
GH_TOKEN: ${{ secrets.GH_TOKEN_FOR_UPDATES }} | |
run: | | |
RUNNER_ID=$(gh api /repos/${{ github.repository }}/actions/runners | jq '.runners[] | select(.name == "ec2-spot") | .id') | |
if [[ -n "${RUNNER_ID}" ]]; then | |
gh api -X DELETE /repos/${{ github.repository }}/actions/runners/${RUNNER_ID} | |
fi | |
- name: Lambda Invoke Stop | |
env: | |
EC2_STOP: ${{ secrets.EC2_STOP }} | |
run: | | |
aws lambda invoke \ | |
--cli-binary-format raw-in-base64-out \ | |
--function-name "$EC2_STOP" \ | |
--payload '{"instance_id":"${{ needs.start-runner.outputs.instance_id }}"}' \ | |
response.json | |
cat response.json | |
release-artifacts: | |
name: "Build Nickel binary and Docker image" | |
strategy: | |
matrix: | |
os: | |
- runs-on: ubuntu-latest | |
architecture: x86_64 | |
- runs-on: [EC2, ARM64, Linux] | |
architecture: arm64 | |
runs-on: ${{ matrix.os.runs-on }} | |
needs: | |
- start-runner | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event_name == 'release' && '' || github.event.inputs.release_tag }} | |
- uses: cachix/install-nix-action@v30 | |
name: "Installing Nix" | |
with: | |
extra_nix_config: | | |
experimental-features = nix-command flakes | |
accept-flake-config = true | |
nix_path: "nixpkgs=channel:nixos-unstable" | |
- name: "Build static binary" | |
run: | | |
nix build --log-format raw-with-logs .#nickel-static | |
cp ./result/bin/nickel nickel-${{ matrix.os.architecture }}-linux | |
- name: "Upload static binary as release asset" | |
env: | |
GH_TOKEN: ${{ github.token }} | |
RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.release_tag }} | |
run: | | |
gh release upload --clobber $RELEASE_TAG nickel-${{ matrix.os.architecture }}-linux | |
- id: build-image | |
name: "Build docker image" | |
run: | | |
nix build --log-format raw-with-logs .#dockerImage | |
cp ./result nickel-${{ matrix.os.architecture }}-docker-image.tar.gz | |
echo "imageName=$(nix eval --raw .#dockerImage.imageName)" >> "$GITHUB_OUTPUT" | |
echo "imageTag=$(nix eval --raw .#dockerImage.imageTag)" >> "$GITHUB_OUTPUT" | |
- name: "Upload docker image as release asset" | |
env: | |
GH_TOKEN: ${{ github.token }} | |
RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.release_tag }} | |
run: | | |
gh release upload --clobber $RELEASE_TAG nickel-${{ matrix.os.architecture }}-docker-image.tar.gz | |
- name: Log in to registry | |
# This is where you will update the personal access token to GITHUB_TOKEN | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
- name: Push image | |
env: | |
RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.release_tag }} | |
TARBALL_TAG: ${{ steps.build-image.outputs.imageName }}:${{ steps.build-image.outputs.imageTag }} | |
run: | | |
docker load -i nickel-${{ matrix.os.architecture }}-docker-image.tar.gz | |
docker tag "$TARBALL_TAG" ghcr.io/tweag/nickel:$RELEASE_TAG-${{ matrix.os.architecture}} | |
docker push ghcr.io/tweag/nickel:$RELEASE_TAG-${{ matrix.os.architecture}} | |
docker-multiplatform-image: | |
name: "Assemble multi-platform Docker image" | |
runs-on: ubuntu-latest | |
needs: release-artifacts | |
steps: | |
- name: Log in to registry | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
- name: Assemble and push image | |
env: | |
RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.release_tag }} | |
run: | | |
docker buildx imagetools create -t ghcr.io/tweag/nickel:$RELEASE_TAG ghcr.io/tweag/nickel:$RELEASE_TAG-x86_64 ghcr.io/tweag/nickel:$RELEASE_TAG-arm64 | |
docker buildx imagetools inspect ghcr.io/tweag/nickel:$RELEASE_TAG |