-
Notifications
You must be signed in to change notification settings - Fork 96
149 lines (144 loc) · 6.12 KB
/
release-artifacts.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: Test Docker manifest
on:
release:
types: [published]
workflow_dispatch:
inputs:
release_tag:
description: "The release tag to target"
permissions:
id-token: write
contents: write
packages: write
jobs:
start-runner:
name: Start EC2 runner
runs-on: ubuntu-latest
outputs:
instance_id: ${{ steps.invoke-start.outputs.INSTANCE_ID }}
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.EC2_ROLE }}
aws-region: ${{ vars.EC2_REGION }}
- name: Start EC2 instance
id: invoke-start
env:
GH_TOKEN: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
EC2_START: ${{ secrets.EC2_START }}
run: |
RUNNER_TOKEN=$(gh api -X POST -q '.token' /repos/${{ github.repository }}/actions/runners/registration-token)
aws lambda invoke \
--cli-binary-format raw-in-base64-out \
--function-name "$EC2_START" \
--payload '{"ref_name":"${{ github.ref_name }}","runner_token":"'"${RUNNER_TOKEN}"'"}' \
response.json
INSTANCE_ID=$(jq -r '.body.instance_id' < response.json)
echo "INSTANCE_ID=${INSTANCE_ID}" >>"$GITHUB_OUTPUT"
echo "Got EC2 instance ${INSTANCE_ID}"
echo 'Waiting for GitHub runner to start'
while [[ -z "$(gh api /repos/${{ github.repository }}/actions/runners | jq '.runners[] | select(.name == "ec2-spot")')" ]]; do
sleep 60
done
echo 'Done 🎉'
stop-runner:
name: Stop EC2 runner
runs-on: ubuntu-latest
# Ensure that `stop-runner` will always stop the EC2 instance, even if other jobs failed or were canceled
if: ${{ always() }}
needs:
- start-runner
- docker-multiplatform-image
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.EC2_ROLE }}
aws-region: ${{ vars.EC2_REGION }}
- name: Delete GitHub Runner
env:
GH_TOKEN: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
run: |
RUNNER_ID=$(gh api /repos/${{ github.repository }}/actions/runners | jq '.runners[] | select(.name == "ec2-spot") | .id')
if [[ -n "${RUNNER_ID}" ]]; then
gh api -X DELETE /repos/${{ github.repository }}/actions/runners/${RUNNER_ID}
fi
- name: Lambda Invoke Stop
env:
EC2_STOP: ${{ secrets.EC2_STOP }}
run: |
aws lambda invoke \
--cli-binary-format raw-in-base64-out \
--function-name "$EC2_STOP" \
--payload '{"instance_id":"${{ needs.start-runner.outputs.instance_id }}"}' \
response.json
cat response.json
release-artifacts:
name: "Build Nickel binary and Docker image"
strategy:
matrix:
os:
- runs-on: ubuntu-latest
architecture: x86_64
- runs-on: [EC2, ARM64, Linux]
architecture: arm64
runs-on: ${{ matrix.os.runs-on }}
needs:
- start-runner
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'release' && '' || github.event.inputs.release_tag }}
- uses: cachix/install-nix-action@v30
name: "Installing Nix"
with:
extra_nix_config: |
experimental-features = nix-command flakes
accept-flake-config = true
nix_path: "nixpkgs=channel:nixos-unstable"
- name: "Build static binary"
run: |
nix build --log-format raw-with-logs .#nickel-static
cp ./result/bin/nickel nickel-${{ matrix.os.architecture }}-linux
- name: "Upload static binary as release asset"
env:
GH_TOKEN: ${{ github.token }}
RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.release_tag }}
run: |
gh release upload --clobber $RELEASE_TAG nickel-${{ matrix.os.architecture }}-linux
- id: build-image
name: "Build docker image"
run: |
nix build --log-format raw-with-logs .#dockerImage
cp ./result nickel-${{ matrix.os.architecture }}-docker-image.tar.gz
echo "imageName=$(nix eval --raw .#dockerImage.imageName)" >> "$GITHUB_OUTPUT"
echo "imageTag=$(nix eval --raw .#dockerImage.imageTag)" >> "$GITHUB_OUTPUT"
- name: "Upload docker image as release asset"
env:
GH_TOKEN: ${{ github.token }}
RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.release_tag }}
run: |
gh release upload --clobber $RELEASE_TAG nickel-${{ matrix.os.architecture }}-docker-image.tar.gz
- name: Log in to registry
# This is where you will update the personal access token to GITHUB_TOKEN
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
- name: Push image
env:
RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.release_tag }}
TARBALL_TAG: ${{ steps.build-image.outputs.imageName }}:${{ steps.build-image.outputs.imageTag }}
run: |
docker load -i nickel-${{ matrix.os.architecture }}-docker-image.tar.gz
docker tag "$TARBALL_TAG" ghcr.io/tweag/nickel:$RELEASE_TAG-${{ matrix.os.architecture}}
docker push ghcr.io/tweag/nickel:$RELEASE_TAG-${{ matrix.os.architecture}}
docker-multiplatform-image:
name: "Assemble multi-platform Docker image"
runs-on: ubuntu-latest
needs: release-artifacts
steps:
- name: Log in to registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
- name: Assemble and push image
env:
RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.release_tag }}
run: |
docker buildx imagetools create -t ghcr.io/tweag/nickel:$RELEASE_TAG ghcr.io/tweag/nickel:$RELEASE_TAG-x86_64 ghcr.io/tweag/nickel:$RELEASE_TAG-arm64
docker buildx imagetools inspect ghcr.io/tweag/nickel:$RELEASE_TAG