Skip to content

Commit

Permalink
ci: Add release job
Browse files Browse the repository at this point in the history
  • Loading branch information
sbernauer committed Jan 16, 2024
1 parent 2857db8 commit c381071
Show file tree
Hide file tree
Showing 2 changed files with 85 additions and 0 deletions.
1 change: 1 addition & 0 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ jobs:

docker-image:
name: Build and push docker image
needs: [test, clippy, fmt, docs]
permissions:
id-token: write
runs-on: ubuntu-latest
Expand Down
84 changes: 84 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
name: Release pipeline
on:
push:
tags: ['v[0-9]+.[0-9]+.[0-9]+']

env:
RUSTFLAGS: "-D warnings"
RUSTDOCFLAGS: "-D warnings"
CARGO_TERM_COLOR: always

jobs:
test:
name: Run tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/[email protected]
- run: cargo test --all-features

clippy:
name: Check clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/[email protected]
with:
components: clippy
- run: cargo clippy --all-targets -- -D warnings

fmt:
name: Check formatting
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/[email protected]
with:
components: rustfmt
- run: cargo fmt --all -- --check

docs:
name: Generate docs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/[email protected]
- run: cargo doc --document-private-items

docker-image:
name: Build and push docker image
needs: [test, clippy, fmt, docs]
permissions:
id-token: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Cosign
uses: sigstore/[email protected]
- name: Login to Stackable Harbor
uses: docker/login-action@v3
with:
registry: oci.stackable.tech
username: robot$stackable+github-action-build
password: ${{ secrets.HARBOR_ROBOT_STACKABLE_GITHUB_ACTION_BUILD_SECRET }}
- name: Build and push docker image
env:
GITHUB_REF: ${{ github.ref }}
run: |
# trino-lb is not (yet) a product as the SDP, but a community project, so use "stackable" instead of "sdp"
IMAGE_NAME="oci.stackable.tech/stackable/trino-lb"
TAG_NAME="${GITHUB_REF#refs/tags/v}"
docker build -f docker/Dockerfile . -t "$IMAGE_NAME:$TAG_NAME"
# Store the output of `docker image push` into a variable, so we can parse it for the digest
PUSH_OUTPUT=$(docker image push "$IMAGE_NAME:$TAG_NAME" 2>&1)
echo "$PUSH_OUTPUT"
# Obtain the digest of the pushed image from the output of `docker image push`, because signing by tag is deprecated and will be removed from cosign in the future
DIGEST=$(echo "$PUSH_OUTPUT" | awk "/: digest: sha256:[a-f0-9]{64} size: [0-9]+$/ { print \$3 }")
# Refer to image via its digest (oci.stackable.tech/stackable/trino-dev@sha256:0a1b2c...)
# This generates a signature and publishes it to the registry, next to the image
# Uses the keyless signing flow with Github Actions as identity provider
cosign sign -y "$IMAGE_NAME@$DIGEST"

0 comments on commit c381071

Please sign in to comment.