many syncv3 optimisations; database, RocksDB, and misc performance improvements; refactoring and cleanup; fix private read receipt support; and some more bug fixes #2122
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI and Artifacts | |
on: | |
pull_request: | |
push: | |
paths-ignore: | |
- '.gitlab-ci.yml' | |
- '.gitignore' | |
- 'renovate.json' | |
- 'debian/**' | |
- 'docker/**' | |
branches: | |
- main | |
tags: | |
- '*' | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.head_ref || github.ref_name }} | |
cancel-in-progress: true | |
env: | |
# sccache only on main repo | |
SCCACHE_GHA_ENABLED: "${{ (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'true' || 'false' }}" | |
RUSTC_WRAPPER: "${{ (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'sccache' || '' }}" | |
SCCACHE_BUCKET: "${{ (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'sccache' || '' }}" | |
SCCACHE_S3_USE_SSL: ${{ vars.SCCACHE_S3_USE_SSL }} | |
SCCACHE_REGION: ${{ vars.SCCACHE_REGION }} | |
SCCACHE_ENDPOINT: ${{ vars.SCCACHE_ENDPOINT }} | |
SCCACHE_CACHE_MULTIARCH: ${{ vars.SCCACHE_CACHE_MULTIARCH }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# Required to make some things output color | |
TERM: ansi | |
# Publishing to my nix binary cache | |
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
# conduwuit.cachix.org | |
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
# Just in case incremental is still being set to true, speeds up CI | |
CARGO_INCREMENTAL: 0 | |
# Custom nix binary cache if fork is being used | |
ATTIC_ENDPOINT: ${{ vars.ATTIC_ENDPOINT }} | |
ATTIC_PUBLIC_KEY: ${{ vars.ATTIC_PUBLIC_KEY }} | |
# Get error output from nix that we can actually use, and use our binary caches for the earlier CI steps | |
NIX_CONFIG: | | |
show-trace = true | |
extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net | |
extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg= | |
experimental-features = nix-command flakes | |
extra-experimental-features = nix-command flakes | |
accept-flake-config = true | |
# complement uses libolm | |
NIXPKGS_ALLOW_INSECURE: 1 | |
permissions: | |
packages: write | |
contents: read | |
jobs: | |
tests: | |
name: Test | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Install liburing | |
run: | | |
sudo apt install liburing-dev -y | |
- name: Free up a bit of runner space | |
run: | | |
set +o pipefail | |
sudo docker image prune --all --force || true | |
sudo apt purge -y 'php.*' '^mongodb-.*' '^mysql-.*' azure-cli google-cloud-cli google-chrome-stable firefox powershell microsoft-edge-stable || true | |
sudo apt clean | |
sudo rm -v -rf /usr/local/games /usr/local/sqlpackage /usr/local/share/powershell /usr/local/share/edge_driver /usr/local/share/gecko_driver /usr/local/share/chromium /usr/local/share/chromedriver-linux64 /usr/lib/google-cloud-sdk /usr/lib/jvm /usr/lib/mono /usr/lib/heroku | |
set -o pipefail | |
- name: Sync repository | |
uses: actions/checkout@v4 | |
- name: Tag comparison check | |
if: ${{ startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') }} | |
run: | | |
# Tag mismatch with latest repo tag check to prevent potential downgrades | |
LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`) | |
if [ $LATEST_TAG != ${{ github.ref_name }} ]; then | |
echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' | |
echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' >> $GITHUB_STEP_SUMMARY | |
exit 1 | |
fi | |
- uses: nixbuild/nix-quick-install-action@master | |
- name: Restore and cache Nix store | |
uses: nix-community/[email protected] | |
with: | |
# restore and save a cache using this key | |
primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/.lock') }} | |
# if there's no cache hit, restore a cache by this prefix | |
restore-prefixes-first-match: nix-${{ runner.os }}- | |
# collect garbage until Nix store size (in bytes) is at most this number | |
# before trying to save a new cache | |
gc-max-store-size-linux: 2073741824 | |
# do purge caches | |
purge: true | |
# purge all versions of the cache | |
purge-prefixes: nix-${{ runner.os }}- | |
# created more than this number of seconds ago relative to the start of the `Post Restore` phase | |
purge-last-accessed: 86400 | |
# except the version with the `primary-key`, if it exists | |
purge-primary-key: never | |
# always save the cache | |
save-always: true | |
- name: Enable Cachix binary cache | |
run: | | |
nix profile install nixpkgs#cachix | |
cachix use crane | |
cachix use nix-community | |
- name: Apply Nix binary cache configuration | |
run: | | |
sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF | |
extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net | |
extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg= | |
experimental-features = nix-command flakes | |
extra-experimental-features = nix-command flakes | |
accept-flake-config = true | |
EOF | |
- name: Use alternative Nix binary caches if specified | |
if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }} | |
run: | | |
sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF | |
extra-substituters = ${{ env.ATTIC_ENDPOINT }} | |
extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }} | |
EOF | |
- name: Prepare build environment | |
run: | | |
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc" | |
nix profile install --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv | |
direnv allow | |
nix develop .#all-features --command true | |
- name: Cache CI dependencies | |
run: | | |
bin/nix-build-and-cache ci | |
bin/nix-build-and-cache just '.#devShells.x86_64-linux.default' | |
bin/nix-build-and-cache just '.#devShells.x86_64-linux.all-features' | |
bin/nix-build-and-cache just '.#devShells.x86_64-linux.dynamic' | |
# use sccache for Rust | |
- name: Run sccache-cache | |
if: (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') | |
uses: mozilla-actions/sccache-action@main | |
with: | |
version: "v0.8.2" | |
# use rust-cache | |
- uses: Swatinem/rust-cache@v2 | |
with: | |
cache-all-crates: "true" | |
- name: Run CI tests | |
env: | |
CARGO_PROFILE: "test" | |
run: | | |
direnv exec . engage > >(tee -a test_output.log) | |
- name: Run Complement tests | |
env: | |
CARGO_PROFILE: "test" | |
run: | | |
# the nix devshell sets $COMPLEMENT_SRC, so "/dev/null" is no-op | |
direnv exec . bin/complement "/dev/null" complement_test_logs.jsonl complement_test_results.jsonl > >(tee -a test_output.log) | |
cp -v -f result complement_oci_image.tar.gz | |
- name: Upload Complement OCI image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: complement_oci_image.tar.gz | |
path: complement_oci_image.tar.gz | |
if-no-files-found: error | |
- name: Upload Complement logs | |
uses: actions/upload-artifact@v4 | |
with: | |
name: complement_test_logs.jsonl | |
path: complement_test_logs.jsonl | |
if-no-files-found: error | |
- name: Upload Complement results | |
uses: actions/upload-artifact@v4 | |
with: | |
name: complement_test_results.jsonl | |
path: complement_test_results.jsonl | |
if-no-files-found: error | |
- name: Diff Complement results with checked-in repo results | |
run: | | |
diff -u --color=always tests/test_results/complement/test_results.jsonl complement_test_results.jsonl > >(tee -a complement_diff_output.log) | |
- name: Update Job Summary | |
if: success() || failure() | |
run: | | |
if [ ${{ job.status }} == 'success' ]; then | |
echo '# ✅ completed suwuccessfully' >> $GITHUB_STEP_SUMMARY | |
else | |
echo '# CI failure' >> $GITHUB_STEP_SUMMARY | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
tail -n 40 test_output.log | sed 's/\x1b\[[0-9;]*m//g' >> $GITHUB_STEP_SUMMARY | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
echo '# Complement diff results' >> $GITHUB_STEP_SUMMARY | |
echo '```diff' >> $GITHUB_STEP_SUMMARY | |
tail -n 100 complement_diff_output.log | sed 's/\x1b\[[0-9;]*m//g' >> $GITHUB_STEP_SUMMARY | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
fi | |
- name: Run cargo clean test artifacts to free up space | |
run: | | |
cargo clean --profile test | |
build: | |
name: Build | |
runs-on: ubuntu-24.04 | |
needs: tests | |
strategy: | |
matrix: | |
include: | |
- target: aarch64-linux-musl | |
- target: x86_64-linux-musl | |
steps: | |
- name: Sync repository | |
uses: actions/checkout@v4 | |
- name: Setup SSH web publish | |
if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && github.event.pull_request.user.login != 'renovate[bot]' | |
run: | | |
mkdir -p -v ~/.ssh | |
echo "${{ secrets.WEB_UPLOAD_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts | |
echo "${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}" >> ~/.ssh/id_ed25519 | |
chmod 600 ~/.ssh/id_ed25519 | |
cat >>~/.ssh/config <<END | |
Host website | |
HostName ${{ secrets.WEB_UPLOAD_SSH_HOSTNAME }} | |
User ${{ secrets.WEB_UPLOAD_SSH_USERNAME }} | |
IdentityFile ~/.ssh/id_ed25519 | |
StrictHostKeyChecking yes | |
AddKeysToAgent no | |
ForwardX11 no | |
BatchMode yes | |
END | |
echo "Creating commit rev directory on web server" | |
ssh -q website "rm -rf /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${{ github.sha }}/" | |
ssh -q website "mkdir -v /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${{ github.sha }}/" | |
- uses: nixbuild/nix-quick-install-action@master | |
- name: Restore and cache Nix store | |
uses: nix-community/[email protected] | |
with: | |
# restore and save a cache using this key | |
primary-key: nix-${{ runner.os }}-${{ matrix.target }}-${{ hashFiles('**/*.nix', '**/.lock') }} | |
# if there's no cache hit, restore a cache by this prefix | |
restore-prefixes-first-match: nix-${{ runner.os }}- | |
# collect garbage until Nix store size (in bytes) is at most this number | |
# before trying to save a new cache | |
gc-max-store-size-linux: 2073741824 | |
# do purge caches | |
purge: true | |
# purge all versions of the cache | |
purge-prefixes: nix-${{ runner.os }}- | |
# created more than this number of seconds ago relative to the start of the `Post Restore` phase | |
purge-last-accessed: 86400 | |
# except the version with the `primary-key`, if it exists | |
purge-primary-key: never | |
# always save the cache | |
save-always: true | |
- name: Enable Cachix binary cache | |
run: | | |
nix profile install nixpkgs#cachix | |
cachix use crane | |
cachix use nix-community | |
- name: Apply Nix binary cache configuration | |
run: | | |
sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF | |
extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net | |
extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg= | |
experimental-features = nix-command flakes | |
extra-experimental-features = nix-command flakes | |
accept-flake-config = true | |
EOF | |
- name: Use alternative Nix binary caches if specified | |
if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }} | |
run: | | |
sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF | |
extra-substituters = ${{ env.ATTIC_ENDPOINT }} | |
extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }} | |
EOF | |
- name: Prepare build environment | |
run: | | |
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc" | |
nix profile install --impure --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv | |
direnv allow | |
nix develop .#all-features --command true --impure | |
# use sccache for Rust | |
- name: Run sccache-cache | |
if: (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') | |
uses: mozilla-actions/sccache-action@main | |
with: | |
version: "v0.8.2" | |
# use rust-cache | |
- uses: Swatinem/rust-cache@v2 | |
with: | |
cache-all-crates: "true" | |
- name: Build static ${{ matrix.target }}-all-features | |
run: | | |
if [[ ${{ matrix.target }} == "x86_64-linux-musl" ]] | |
then | |
CARGO_DEB_TARGET_TUPLE="x86_64-unknown-linux-musl" | |
elif [[ ${{ matrix.target }} == "aarch64-linux-musl" ]] | |
then | |
CARGO_DEB_TARGET_TUPLE="aarch64-unknown-linux-musl" | |
fi | |
SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) | |
bin/nix-build-and-cache just .#static-${{ matrix.target }}-all-features | |
mkdir -v -p target/release/ | |
mkdir -v -p target/$CARGO_DEB_TARGET_TUPLE/release/ | |
cp -v -f result/bin/conduit target/release/conduwuit | |
cp -v -f result/bin/conduit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit | |
# -p conduit is the main crate name | |
direnv exec . cargo deb --verbose --no-build --no-strip -p conduit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/${{ matrix.target }}.deb | |
mv -v target/release/conduwuit static-${{ matrix.target }} | |
mv -v target/release/${{ matrix.target }}.deb ${{ matrix.target }}.deb | |
- name: Build static x86_64-linux-musl-all-features-x86_64-haswell-optimised | |
if: ${{ matrix.target == 'x86_64-linux-musl' }} | |
run: | | |
CARGO_DEB_TARGET_TUPLE="x86_64-unknown-linux-musl" | |
SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) | |
bin/nix-build-and-cache just .#static-x86_64-linux-musl-all-features-x86_64-haswell-optimised | |
mkdir -v -p target/release/ | |
mkdir -v -p target/$CARGO_DEB_TARGET_TUPLE/release/ | |
cp -v -f result/bin/conduit target/release/conduwuit | |
cp -v -f result/bin/conduit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit | |
# -p conduit is the main crate name | |
direnv exec . cargo deb --verbose --no-build --no-strip -p conduit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/x86_64-linux-musl-x86_64-haswell-optimised.deb | |
mv -v target/release/conduwuit static-x86_64-linux-musl-x86_64-haswell-optimised | |
mv -v target/release/x86_64-linux-musl-x86_64-haswell-optimised.deb x86_64-linux-musl-x86_64-haswell-optimised.deb | |
# quick smoke test of the x86_64 static release binary | |
- name: Quick smoke test the x86_64 static release binary | |
if: ${{ matrix.target == 'x86_64-linux-musl' }} | |
run: | | |
# GH actions default runners are x86_64 only | |
if file result/bin/conduit | grep x86-64; then | |
result/bin/conduit --version | |
result/bin/conduit --help | |
result/bin/conduit -Oserver_name="'$(date -u +%s).local'" -Odatabase_path="'/tmp/$(date -u +%s)'" --execute "server admin-notice awawawawawawawawawawa" --execute "server memory-usage" --execute "server shutdown" | |
fi | |
- name: Build static debug ${{ matrix.target }}-all-features | |
run: | | |
if [[ ${{ matrix.target }} == "x86_64-linux-musl" ]] | |
then | |
CARGO_DEB_TARGET_TUPLE="x86_64-unknown-linux-musl" | |
elif [[ ${{ matrix.target }} == "aarch64-linux-musl" ]] | |
then | |
CARGO_DEB_TARGET_TUPLE="aarch64-unknown-linux-musl" | |
fi | |
SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) | |
bin/nix-build-and-cache just .#static-${{ matrix.target }}-all-features-debug | |
# > warning: dev profile is not supported and will be a hard error in the future. cargo-deb is for making releases, and it doesn't make sense to use it with dev profiles. | |
# so we need to coerce cargo-deb into thinking this is a release binary | |
mkdir -v -p target/release/ | |
mkdir -v -p target/$CARGO_DEB_TARGET_TUPLE/release/ | |
cp -v -f result/bin/conduit target/release/conduwuit | |
cp -v -f result/bin/conduit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit | |
# -p conduit is the main crate name | |
direnv exec . cargo deb --verbose --no-build --no-strip -p conduit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/${{ matrix.target }}-debug.deb | |
mv -v target/release/conduwuit static-${{ matrix.target }}-debug | |
mv -v target/release/${{ matrix.target }}-debug.deb ${{ matrix.target }}-debug.deb | |
# quick smoke test of the x86_64 static debug binary | |
- name: Run x86_64 static debug binary | |
run: | | |
# GH actions default runners are x86_64 only | |
if file result/bin/conduit | grep x86-64; then | |
result/bin/conduit --version | |
fi | |
# check validity of produced deb package, invalid debs will error on these commands | |
- name: Validate produced deb package | |
run: | | |
# List contents | |
dpkg-deb --contents ${{ matrix.target }}.deb | |
dpkg-deb --contents ${{ matrix.target }}-debug.deb | |
# List info | |
dpkg-deb --info ${{ matrix.target }}.deb | |
dpkg-deb --info ${{ matrix.target }}-debug.deb | |
- name: Upload static-${{ matrix.target }}-all-features | |
uses: actions/upload-artifact@v4 | |
with: | |
name: static-${{ matrix.target }} | |
path: static-${{ matrix.target }} | |
if-no-files-found: error | |
- name: Upload deb ${{ matrix.target }}-all-features | |
uses: actions/upload-artifact@v4 | |
with: | |
name: deb-${{ matrix.target }} | |
path: ${{ matrix.target }}.deb | |
if-no-files-found: error | |
compression-level: 0 | |
- name: Upload static-${{ matrix.target }}-all-features to webserver | |
if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && github.event.pull_request.user.login != 'renovate[bot]' | |
run: | | |
scp static-${{ matrix.target }} website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${{ github.sha }}/static-${{ matrix.target }} | |
- name: Upload deb ${{ matrix.target }}-all-features to webserver | |
if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && github.event.pull_request.user.login != 'renovate[bot]' | |
run: | | |
scp ${{ matrix.target }}.deb website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${{ github.sha }}/${{ matrix.target }}.deb | |
- name: Upload static-${{ matrix.target }}-debug-all-features | |
uses: actions/upload-artifact@v4 | |
with: | |
name: static-${{ matrix.target }}-debug | |
path: static-${{ matrix.target }}-debug | |
if-no-files-found: error | |
- name: Upload deb ${{ matrix.target }}-debug-all-features | |
uses: actions/upload-artifact@v4 | |
with: | |
name: deb-${{ matrix.target }}-debug | |
path: ${{ matrix.target }}-debug.deb | |
if-no-files-found: error | |
compression-level: 0 | |
- name: Upload static-${{ matrix.target }}-debug-all-features to webserver | |
if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && github.event.pull_request.user.login != 'renovate[bot]' | |
run: | | |
scp static-${{ matrix.target }}-debug website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${{ github.sha }}/static-${{ matrix.target }}-debug | |
- name: Upload deb ${{ matrix.target }}-debug-all-features to webserver | |
if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && github.event.pull_request.user.login != 'renovate[bot]' | |
run: | | |
scp ${{ matrix.target }}-debug.deb website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${{ github.sha }}/${{ matrix.target }}-debug.deb | |
- name: Build OCI image ${{ matrix.target }}-all-features | |
run: | | |
bin/nix-build-and-cache just .#oci-image-${{ matrix.target }}-all-features | |
cp -v -f result oci-image-${{ matrix.target }}.tar.gz | |
- name: Build OCI image x86_64-linux-musl-all-features-x86_64-haswell-optimised | |
if: ${{ matrix.target == 'x86_64-linux-musl' }} | |
run: | | |
bin/nix-build-and-cache just .#oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised | |
cp -v -f result oci-image-x86_64-linux-musl-all-features-x86_64-haswell-optimised.tar.gz | |
- name: Build debug OCI image ${{ matrix.target }}-all-features | |
run: | | |
bin/nix-build-and-cache just .#oci-image-${{ matrix.target }}-all-features-debug | |
cp -v -f result oci-image-${{ matrix.target }}-debug.tar.gz | |
- name: Upload OCI image ${{ matrix.target }}-all-features | |
uses: actions/upload-artifact@v4 | |
with: | |
name: oci-image-${{ matrix.target }} | |
path: oci-image-${{ matrix.target }}.tar.gz | |
if-no-files-found: error | |
compression-level: 0 | |
- name: Upload OCI image ${{ matrix.target }}-debug-all-features | |
uses: actions/upload-artifact@v4 | |
with: | |
name: oci-image-${{ matrix.target }}-debug | |
path: oci-image-${{ matrix.target }}-debug.tar.gz | |
if-no-files-found: error | |
compression-level: 0 | |
- name: Upload OCI image ${{ matrix.target }}-all-features to webserver | |
if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && github.event.pull_request.user.login != 'renovate[bot]' | |
run: | | |
scp oci-image-${{ matrix.target }}.tar.gz website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${{ github.sha }}/oci-image-${{ matrix.target }}.tar.gz | |
- name: Upload OCI image ${{ matrix.target }}-debug-all-features to webserver | |
if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && github.event.pull_request.user.login != 'renovate[bot]' | |
run: | | |
scp oci-image-${{ matrix.target }}-debug.tar.gz website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${{ github.sha }}/oci-image-${{ matrix.target }}-debug.tar.gz | |
build_mac_binaries: | |
name: Build MacOS Binaries | |
strategy: | |
matrix: | |
os: [macos-latest, macos-13] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Sync repository | |
uses: actions/checkout@v4 | |
- name: Setup SSH web publish | |
if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && github.event.pull_request.user.login != 'renovate[bot]' | |
run: | | |
mkdir -p -v ~/.ssh | |
echo "${{ secrets.WEB_UPLOAD_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts | |
echo "${{ secrets.WEB_UPLOAD_SSH_PRIVATE_KEY }}" >> ~/.ssh/id_ed25519 | |
chmod 600 ~/.ssh/id_ed25519 | |
cat >>~/.ssh/config <<END | |
Host website | |
HostName ${{ secrets.WEB_UPLOAD_SSH_HOSTNAME }} | |
User ${{ secrets.WEB_UPLOAD_SSH_USERNAME }} | |
IdentityFile ~/.ssh/id_ed25519 | |
StrictHostKeyChecking yes | |
AddKeysToAgent no | |
ForwardX11 no | |
BatchMode yes | |
END | |
echo "Creating commit rev directory on web server" | |
ssh -q website "rm -rf /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${{ github.sha }}/" | |
ssh -q website "mkdir -v /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${{ github.sha }}/" | |
- name: Tag comparison check | |
if: ${{ startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') }} | |
run: | | |
# Tag mismatch with latest repo tag check to prevent potential downgrades | |
LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`) | |
if [ $LATEST_TAG != ${{ github.ref_name }} ]; then | |
echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' | |
echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' >> $GITHUB_STEP_SUMMARY | |
exit 1 | |
fi | |
# use sccache for Rust | |
- name: Run sccache-cache | |
if: (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') | |
uses: mozilla-actions/sccache-action@main | |
# use rust-cache | |
- uses: Swatinem/rust-cache@v2 | |
with: | |
cache-all-crates: "true" | |
# Nix can't do portable macOS builds yet | |
- name: Build macOS x86_64 binary | |
if: ${{ matrix.os == 'macos-13' }} | |
run: | | |
CONDUWUIT_VERSION_EXTRA="$(git rev-parse --short ${{ github.sha }})" cargo build --release | |
cp -v -f target/release/conduit conduwuit-macos-x86_64 | |
otool -L conduwuit-macos-x86_64 | |
# quick smoke test of the x86_64 macOS binary | |
- name: Run x86_64 macOS release binary | |
if: ${{ matrix.os == 'macos-13' }} | |
run: | | |
./conduwuit-macos-x86_64 --version | |
- name: Build macOS arm64 binary | |
if: ${{ matrix.os == 'macos-latest' }} | |
run: | | |
CONDUWUIT_VERSION_EXTRA="$(git rev-parse --short ${{ github.sha }})" cargo build --release | |
cp -v -f target/release/conduit conduwuit-macos-arm64 | |
otool -L conduwuit-macos-arm64 | |
# quick smoke test of the arm64 macOS binary | |
- name: Run arm64 macOS release binary | |
if: ${{ matrix.os == 'macos-latest' }} | |
run: | | |
./conduwuit-macos-arm64 --version | |
- name: Upload macOS x86_64 binary to webserver | |
if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && github.event.pull_request.user.login != 'renovate[bot]' && ${{ matrix.os == 'macos-13' }} | |
run: | | |
scp conduwuit-macos-x86_64 website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${{ github.sha }}/conduwuit-macos-x86_64 | |
- name: Upload macOS arm64 binary to webserver | |
if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && github.event.pull_request.user.login != 'renovate[bot]' && ${{ matrix.os == 'macos-latest' }} | |
run: | | |
scp conduwuit-macos-arm64 website:/var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${{ github.sha }}/conduwuit-macos-arm64 | |
- name: Upload macOS x86_64 binary | |
if: ${{ matrix.os == 'macos-13' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: conduwuit-macos-x86_64 | |
path: conduwuit-macos-x86_64 | |
if-no-files-found: error | |
- name: Upload macOS arm64 binary | |
if: ${{ matrix.os == 'macos-latest' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: conduwuit-macos-arm64 | |
path: conduwuit-macos-arm64 | |
if-no-files-found: error | |
docker: | |
name: Docker publish | |
runs-on: ubuntu-24.04 | |
needs: build | |
if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && github.event.pull_request.user.login != 'renovate[bot]' | |
env: | |
DOCKER_ARM64: docker.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-arm64v8 | |
DOCKER_AMD64: docker.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-amd64 | |
DOCKER_TAG: docker.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }} | |
DOCKER_BRANCH: docker.io/${{ github.repository }}:${{ (startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') && 'latest') || (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }} | |
GHCR_ARM64: ghcr.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-arm64v8 | |
GHCR_AMD64: ghcr.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-amd64 | |
GHCR_TAG: ghcr.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }} | |
GHCR_BRANCH: ghcr.io/${{ github.repository }}:${{ (startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') && 'latest') || (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }} | |
GLCR_ARM64: registry.gitlab.com/conduwuit/conduwuit:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-arm64v8 | |
GLCR_AMD64: registry.gitlab.com/conduwuit/conduwuit:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-amd64 | |
GLCR_TAG: registry.gitlab.com/conduwuit/conduwuit:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }} | |
GLCR_BRANCH: registry.gitlab.com/conduwuit/conduwuit:${{ (startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') && 'latest') || (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }} | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login to Docker Hub | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
uses: docker/login-action@v3 | |
with: | |
registry: docker.io | |
username: ${{ vars.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to GitLab Container Registry | |
if: ${{ (vars.GITLAB_USERNAME != '') && (env.GITLAB_TOKEN != '') }} | |
uses: docker/login-action@v3 | |
with: | |
registry: registry.gitlab.com | |
username: ${{ vars.GITLAB_USERNAME }} | |
password: ${{ secrets.GITLAB_TOKEN }} | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
- name: Move OCI images into position | |
run: | | |
mv -v oci-image-x86_64-linux-musl/*.tar.gz oci-image-amd64.tar.gz | |
mv -v oci-image-aarch64-linux-musl/*.tar.gz oci-image-arm64v8.tar.gz | |
mv -v oci-image-x86_64-linux-musl-debug/*.tar.gz oci-image-amd64-debug.tar.gz | |
mv -v oci-image-aarch64-linux-musl-debug/*.tar.gz oci-image-arm64v8-debug.tar.gz | |
- name: Load and push amd64 image | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
docker load -i oci-image-amd64.tar.gz | |
docker tag $(docker images -q conduit:main) ${{ env.DOCKER_AMD64 }} | |
docker tag $(docker images -q conduit:main) ${{ env.GHCR_AMD64 }} | |
docker tag $(docker images -q conduit:main) ${{ env.GLCR_AMD64 }} | |
docker push ${{ env.DOCKER_AMD64 }} | |
docker push ${{ env.GHCR_AMD64 }} | |
docker push ${{ env.GLCR_AMD64 }} | |
- name: Load and push arm64 image | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
docker load -i oci-image-arm64v8.tar.gz | |
docker tag $(docker images -q conduit:main) ${{ env.DOCKER_ARM64 }} | |
docker tag $(docker images -q conduit:main) ${{ env.GHCR_ARM64 }} | |
docker tag $(docker images -q conduit:main) ${{ env.GLCR_ARM64 }} | |
docker push ${{ env.DOCKER_ARM64 }} | |
docker push ${{ env.GHCR_ARM64 }} | |
docker push ${{ env.GLCR_ARM64 }} | |
- name: Load and push amd64 debug image | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
docker load -i oci-image-amd64-debug.tar.gz | |
docker tag $(docker images -q conduit:main) ${{ env.DOCKER_AMD64 }}-debug | |
docker tag $(docker images -q conduit:main) ${{ env.GHCR_AMD64 }}-debug | |
docker tag $(docker images -q conduit:main) ${{ env.GLCR_AMD64 }}-debug | |
docker push ${{ env.DOCKER_AMD64 }}-debug | |
docker push ${{ env.GHCR_AMD64 }}-debug | |
docker push ${{ env.GLCR_AMD64 }}-debug | |
- name: Load and push arm64 debug image | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
docker load -i oci-image-arm64v8-debug.tar.gz | |
docker tag $(docker images -q conduit:main) ${{ env.DOCKER_ARM64 }}-debug | |
docker tag $(docker images -q conduit:main) ${{ env.GHCR_ARM64 }}-debug | |
docker tag $(docker images -q conduit:main) ${{ env.GLCR_ARM64 }}-debug | |
docker push ${{ env.DOCKER_ARM64 }}-debug | |
docker push ${{ env.GHCR_ARM64 }}-debug | |
docker push ${{ env.GLCR_ARM64 }}-debug | |
- name: Create Docker combined manifests | |
run: | | |
# Dockerhub Container Registry | |
docker manifest create ${{ env.DOCKER_TAG }} --amend ${{ env.DOCKER_ARM64 }} --amend ${{ env.DOCKER_AMD64 }} | |
docker manifest create ${{ env.DOCKER_BRANCH }} --amend ${{ env.DOCKER_ARM64 }} --amend ${{ env.DOCKER_AMD64 }} | |
# GitHub Container Registry | |
docker manifest create ${{ env.GHCR_TAG }} --amend ${{ env.GHCR_ARM64 }} --amend ${{ env.GHCR_AMD64 }} | |
docker manifest create ${{ env.GHCR_BRANCH }} --amend ${{ env.GHCR_ARM64 }} --amend ${{ env.GHCR_AMD64 }} | |
# GitLab Container Registry | |
docker manifest create ${{ env.GLCR_TAG }} --amend ${{ env.GLCR_ARM64 }} --amend ${{ env.GLCR_AMD64 }} | |
docker manifest create ${{ env.GLCR_BRANCH }} --amend ${{ env.GLCR_ARM64 }} --amend ${{ env.GLCR_AMD64 }} | |
- name: Create Docker combined debug manifests | |
run: | | |
# Dockerhub Container Registry | |
docker manifest create ${{ env.DOCKER_TAG }}-debug --amend ${{ env.DOCKER_ARM64 }}-debug --amend ${{ env.DOCKER_AMD64 }}-debug | |
docker manifest create ${{ env.DOCKER_BRANCH }}-debug --amend ${{ env.DOCKER_ARM64 }}-debug --amend ${{ env.DOCKER_AMD64 }}-debug | |
# GitHub Container Registry | |
docker manifest create ${{ env.GHCR_TAG }}-debug --amend ${{ env.GHCR_ARM64 }}-debug --amend ${{ env.GHCR_AMD64 }}-debug | |
docker manifest create ${{ env.GHCR_BRANCH }}-debug --amend ${{ env.GHCR_ARM64 }}-debug --amend ${{ env.GHCR_AMD64 }}-debug | |
# GitLab Container Registry | |
docker manifest create ${{ env.GLCR_TAG }}-debug --amend ${{ env.GLCR_ARM64 }}-debug --amend ${{ env.GLCR_AMD64 }}-debug | |
docker manifest create ${{ env.GLCR_BRANCH }}-debug --amend ${{ env.GLCR_ARM64 }}-debug --amend ${{ env.GLCR_AMD64 }}-debug | |
- name: Push manifests to Docker registries | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
docker manifest push ${{ env.DOCKER_TAG }} | |
docker manifest push ${{ env.DOCKER_BRANCH }} | |
docker manifest push ${{ env.GHCR_TAG }} | |
docker manifest push ${{ env.GHCR_BRANCH }} | |
docker manifest push ${{ env.GLCR_TAG }} | |
docker manifest push ${{ env.GLCR_BRANCH }} | |
docker manifest push ${{ env.DOCKER_TAG }}-debug | |
docker manifest push ${{ env.DOCKER_BRANCH }}-debug | |
docker manifest push ${{ env.GHCR_TAG }}-debug | |
docker manifest push ${{ env.GHCR_BRANCH }}-debug | |
docker manifest push ${{ env.GLCR_TAG }}-debug | |
docker manifest push ${{ env.GLCR_BRANCH }}-debug | |
- name: Add Image Links to Job Summary | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
echo "- \`docker pull ${{ env.DOCKER_TAG }}\`" >> $GITHUB_STEP_SUMMARY | |
echo "- \`docker pull ${{ env.GHCR_TAG }}\`" >> $GITHUB_STEP_SUMMARY | |
echo "- \`docker pull ${{ env.GLCR_TAG }}\`" >> $GITHUB_STEP_SUMMARY | |
echo "- \`docker pull ${{ env.DOCKER_TAG }}-debug\`" >> $GITHUB_STEP_SUMMARY | |
echo "- \`docker pull ${{ env.GHCR_TAG }}-debug\`" >> $GITHUB_STEP_SUMMARY | |
echo "- \`docker pull ${{ env.GLCR_TAG }}-debug\`" >> $GITHUB_STEP_SUMMARY |