Skip to content

Consolidate tls id verification #470

Consolidate tls id verification

Consolidate tls id verification #470

Workflow file for this run

name: release
on:
pull_request:
paths:
- .github/actions/package/*
- .github/workflows/release.yml
- justfile
- Cargo.toml # For release build settings
push:
tags:
- "release/*"
permissions:
contents: write
env:
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
CHECKSEC_VERSION: 2.5.0
RUSTFLAGS: "-D warnings -A deprecated"
RUSTUP_MAX_RETRIES: 10
jobs:
meta:
timeout-minutes: 5
runs-on: ubuntu-latest
steps:
- id: meta
shell: bash
run: |
shopt -s extglob
ref="${{ github.ref }}"
if [[ "$ref" == refs/tags/release/* ]]; then
ver="${ref##refs/tags/release/}"
if [[ "$ver" != v+([0-9]).+([0-9]).+([0-9])?(-+([a-z0-9-])) ]]; then
echo "Invalid version: $ver" >&2
exit 1
fi
( echo publish=true
echo version="${ver#v}"
) >> "$GITHUB_OUTPUT"
else
sha="${{ github.sha }}"
echo version="0.0.0-test.${sha:0:7}" >> "$GITHUB_OUTPUT"
fi
outputs:
publish: ${{ steps.meta.outputs.publish }}
version: ${{ steps.meta.outputs.version }}
package:
needs: [meta]
strategy:
matrix:
arch: [amd64, arm64, arm]
libc: [gnu] # musl
# If we're not actually building on a release tag, don't short-circuit on
# errors. This helps us know whether a failure is platform-specific.
continue-on-error: ${{ !needs.meta.outputs.publish }}
runs-on: ubuntu-latest
timeout-minutes: 40
container: docker://ghcr.io/linkerd/dev:v42-rust-musl
env:
LINKERD2_PROXY_VENDOR: ${{ github.repository_owner }}
LINKERD2_PROXY_VERSION: ${{ needs.meta.outputs.version }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- run: git config --global --add safe.directory "$PWD" # actions/runner#2033
- run: just fetch
- run: just arch=${{ matrix.arch }} libc=${{ matrix.libc }} rustup
- run: just arch=${{ matrix.arch }} libc=${{ matrix.libc }} profile=release build
- run: just arch=${{ matrix.arch }} libc=${{ matrix.libc }} profile=release package
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
with:
name: ${{ matrix.arch }}-artifacts
path: target/package/*
publish:
needs: [meta, package]
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with:
path: artifacts
- run: du -h artifacts/**/*
- if: needs.meta.outputs.publish
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
with:
name: v${{ needs.meta.outputs.version }}
files: artifacts/**/*
generate_release_notes: true