Test Docker manifest #18
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Upload release artifacts | |
on: | |
release: | |
types: [published] | |
workflow_dispatch: | |
inputs: | |
release_tag: | |
description: "The release tag to target" | |
permissions: | |
id-token: write | |
contents: write | |
packages: write | |
jobs: | |
start-runner: | |
name: Start EC2 runner | |
runs-on: ubuntu-latest | |
outputs: | |
instance_id: ${{ steps.invoke-start.outputs.INSTANCE_ID }} | |
steps: | |
- uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
role-to-assume: ${{ secrets.EC2_ROLE }} | |
aws-region: ${{ vars.EC2_REGION }} | |
- name: Start EC2 instance | |
id: invoke-start | |
env: | |
GH_TOKEN: ${{ secrets.GH_TOKEN_FOR_UPDATES }} | |
EC2_START: ${{ secrets.EC2_START }} | |
run: | | |
RUNNER_TOKEN=$(gh api -X POST -q '.token' /repos/${{ github.repository }}/actions/runners/registration-token) | |
aws lambda invoke \ | |
--cli-binary-format raw-in-base64-out \ | |
--function-name "$EC2_START" \ | |
--payload '{"ref_name":"${{ github.ref_name }}","runner_token":"'"${RUNNER_TOKEN}"'"}' \ | |
response.json | |
INSTANCE_ID=$(jq -r '.body.instance_id' < response.json) | |
echo "INSTANCE_ID=${INSTANCE_ID}" >>"$GITHUB_OUTPUT" | |
echo "Got EC2 instance ${INSTANCE_ID}" | |
echo 'Waiting for GitHub runner to start' | |
while [[ -z "$(gh api /repos/${{ github.repository }}/actions/runners | jq '.runners[] | select(.name == "ec2-spot")')" ]]; do | |
sleep 60 | |
done | |
echo 'Done 🎉' | |
stop-runner: | |
name: Stop EC2 runner | |
runs-on: ubuntu-latest | |
# Ensure that `stop-runner` will always stop the EC2 instance, even if other jobs failed or were canceled | |
if: ${{ always() }} | |
needs: | |
- start-runner | |
- docker-multiplatform-image | |
- static-binary | |
steps: | |
- uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
role-to-assume: ${{ secrets.EC2_ROLE }} | |
aws-region: ${{ vars.EC2_REGION }} | |
- name: Delete GitHub Runner | |
env: | |
GH_TOKEN: ${{ secrets.GH_TOKEN_FOR_UPDATES }} | |
run: | | |
RUNNER_ID=$(gh api /repos/${{ github.repository }}/actions/runners | jq '.runners[] | select(.name == "ec2-spot") | .id') | |
if [[ -n "${RUNNER_ID}" ]]; then | |
gh api -X DELETE /repos/${{ github.repository }}/actions/runners/${RUNNER_ID} | |
fi | |
- name: Lambda Invoke Stop | |
env: | |
EC2_STOP: ${{ secrets.EC2_STOP }} | |
run: | | |
aws lambda invoke \ | |
--cli-binary-format raw-in-base64-out \ | |
--function-name "$EC2_STOP" \ | |
--payload '{"instance_id":"${{ needs.start-runner.outputs.instance_id }}"}' \ | |
response.json | |
cat response.json | |
docker-image: | |
name: "Build docker image" | |
strategy: | |
matrix: | |
os: | |
- runs-on: ubuntu-latest | |
architecture: x86_64 | |
- runs-on: [EC2, ARM64, Linux] | |
architecture: arm64 | |
runs-on: ${{ matrix.os.runs-on }} | |
needs: | |
- start-runner | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event_name == 'release' && '' || github.event.inputs.release_tag }} | |
- uses: cachix/install-nix-action@v22 | |
name: "Installing Nix" | |
with: | |
extra_nix_config: | | |
experimental-features = nix-command flakes | |
accept-flake-config = true | |
nix_path: "nixpkgs=channel:nixos-unstable" | |
- id: build-image | |
name: "Build docker image" | |
run: | | |
nix build --print-build-logs .#dockerImage | |
cp ./result nickel-${{ matrix.os.architecture }}-docker-image.tar.gz | |
echo "imageName=$(nix eval --raw .#dockerImage.imageName)" >> "$GITHUB_OUTPUT" | |
echo "imageTag=$(nix eval --raw .#dockerImage.imageTag)" >> "$GITHUB_OUTPUT" | |
- name: "Upload docker image as release asset" | |
env: | |
GH_TOKEN: ${{ github.token }} | |
RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.release_tag }} | |
run: | | |
gh release upload --clobber $RELEASE_TAG nickel-${{ matrix.os.architecture }}-docker-image.tar.gz | |
- name: Log in to registry | |
# This is where you will update the personal access token to GITHUB_TOKEN | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
- name: Push image | |
env: | |
RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.release_tag }} | |
TARBALL_TAG: ${{ steps.build-image.outputs.imageName }}:${{ steps.build-image.outputs.imageTag }} | |
run: | | |
docker load -i nickel-${{ matrix.os.architecture }}-docker-image.tar.gz | |
docker tag "$TARBALL_TAG" ghcr.io/tweag/nickel:$RELEASE_TAG-${{ matrix.os.architecture}} | |
docker push ghcr.io/tweag/nickel:$RELEASE_TAG-${{ matrix.os.architecture}} | |
docker-multiplatform-image: | |
name: "Assemble multi-platform Docker image" | |
runs-on: ubuntu-latest | |
needs: docker-image | |
steps: | |
- name: Log in to registry | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
- name: Assemble and push image | |
env: | |
RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.release_tag }} | |
run: | | |
docker manifest create \ | |
ghcr.io/tweag/nickel:$RELEASE_TAG \ | |
--amend ghcr.io/tweag/nickel:$RELEASE_TAG-x86_64 \ | |
--amend ghcr.io/tweag/nickel:$RELEASE_TAG-arm64 \ | |
docker manifest push ghcr.io/tweag/nickel:$RELEASE_TAG | |
static-binary: | |
name: "Build Nickel release binary" | |
strategy: | |
matrix: | |
os: | |
- runs-on: ubuntu-latest | |
architecture: x86_64 | |
- runs-on: [EC2, ARM64, Linux] | |
architecture: arm64 | |
runs-on: ${{ matrix.os.runs-on }} | |
needs: | |
- start-runner | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event_name == 'release' && '' || github.event.inputs.release_tag }} | |
- uses: cachix/install-nix-action@v22 | |
name: "Installing Nix" | |
with: | |
extra_nix_config: | | |
experimental-features = nix-command flakes | |
accept-flake-config = true | |
nix_path: "nixpkgs=channel:nixos-unstable" | |
- name: "Build static binary" | |
run: | | |
nix build --print-build-logs .#nickel-static | |
cp ./result/bin/nickel nickel-${{ matrix.os.architecture }}-linux | |
- name: "Upload static binary as release asset" | |
env: | |
GH_TOKEN: ${{ github.token }} | |
RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.release_tag }} | |
run: | | |
gh release upload --clobber $RELEASE_TAG nickel-${{ matrix.os.architecture }}-linux |