FlexiLib/.gitea/workflows/build.yaml
Emil Lerch bf09470abd
All checks were successful
Build / build (push) Successful in 2m47s
Build / sign (push) Successful in 1m33s
Build / deploy (push) Successful in 1m46s
move executable into place for docker build
2024-01-02 10:34:51 -08:00

112 lines
3.8 KiB
YAML

name: Build
run-name: Standard build, creates docker image and deploys on success
on: [push]
env:
ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ACTIONS_RUNTIME_URL: https://git.lerch.org/api/actions_pipeline/
ZIG_URL: https://ziglang.org/download/0.11.0/zig-linux-x86_64-0.11.0.tar.xz
BUILD_TARGET: x86_64-linux-gnu # Needs to be gnu since we're using dlopen
BUILD_OPTIMIZATION: ReleaseSafe # Safety is usually a good thing
jobs:
build:
runs-on: ubuntu-latest
steps:
- run: echo "Triggered by ${{ github.event_name }} event"
- name: Check out repository code
uses: actions/checkout@v3
- name: Install zig
run: |
curl -s "$ZIG_URL" |tar -xJ -C /usr/local \
&& ln -s /usr/local/zig*/zig /usr/local/bin \
&& true
- name: Test
run: zig build test -Dtarget="$BUILD_TARGET"
- name: Build
run: zig build -Dtarget="$BUILD_TARGET" -Doptimize="$BUILD_OPTIMIZATION"
- name: Upload
uses: actions/upload-artifact@v3
with:
name: flexilib
path: 'zig-out/bin/flexilib'
- name: Notify
uses: https://git.lerch.org/lobo/action-notify-ntfy@v2
if: always()
with:
host: ${{ secrets.NTFY_HOST }}
topic: ${{ secrets.NTFY_TOPIC }}
user: ${{ secrets.NTFY_USER }}
password: ${{ secrets.NTFY_PASSWORD }}
sign:
runs-on: ubuntu-latest
needs: build
steps:
- name: Download Artifact
uses: actions/download-artifact@v3
with:
name: flexilib
- name: "Make executable actually executable"
run: "chmod 755 flexilib"
- name: Sign
id: sign
uses: https://git.lerch.org/lobo/action-hsm-sign@v1
with:
pin: ${{ secrets.HSM_USER_PIN }}
files: flexilib
public_key: 'https://emil.lerch.org/serverpublic.pem'
- name: Output signature URL
run: echo "Signature URL is ${{ steps.sign.outputs.URL_0 }}"
- name: Upload Artifact
uses: actions/upload-artifact@v3
with:
name: signature
path: ${{ steps.sign.outputs.SIG_0 }}
- name: Notify
uses: https://git.lerch.org/lobo/action-notify-ntfy@v2
if: always()
with:
host: ${{ secrets.NTFY_HOST }}
topic: ${{ secrets.NTFY_TOPIC }}
user: ${{ secrets.NTFY_USER }}
password: ${{ secrets.NTFY_PASSWORD }}
deploy:
runs-on: ubuntu-latest
container:
image: ghcr.io/catthehacker/ubuntu:act-22.04
needs: build
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: Download Artifact
uses: actions/download-artifact@v3
with:
name: flexilib
- name: "Make executable actually executable"
run: "chmod 755 flexilib && mv flexilib docker"
- name: Get short ref
id: vars
run: echo "shortsha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-
name: Login to Gitea
uses: docker/login-action@v2
with:
registry: git.lerch.org
username: ${{ github.actor }}
password: ${{ secrets.PACKAGE_PUSH }}
-
name: Build and push
uses: docker/build-push-action@v4
with:
context: docker
push: true
tags: git.lerch.org/${{ github.actor }}/flexilib:${{ steps.vars.outputs.shortsha }}
# Not sure what's up with the shortsha yet
#tags: git.lerch.org/${{ github.actor }}/flexilib:latest
- name: Notify
uses: https://git.lerch.org/lobo/action-notify-ntfy@v2
if: always()
with:
host: ${{ secrets.NTFY_HOST }}
topic: ${{ secrets.NTFY_TOPIC }}
user: ${{ secrets.NTFY_USER }}
password: ${{ secrets.NTFY_PASSWORD }}