chore(deps): lock file maintenance #1242
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI and Artifacts | |
on: | |
pull_request: | |
push: | |
# documentation workflow deals with this or is not relevant for this workflow | |
paths-ignore: | |
- '*.md' | |
- 'conduwuit-example.toml' | |
- 'book.toml' | |
- '.gitlab-ci.yml' | |
- '.gitignore' | |
- 'renovate.json' | |
- 'docs/**' | |
- 'debian/**' | |
- 'docker/**' | |
branches: | |
- main | |
tags: | |
- '*' | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.head_ref || github.ref_name }} | |
cancel-in-progress: true | |
env: | |
# Required to make some things output color | |
TERM: ansi | |
# Publishing to my nix binary cache | |
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
# Just in case incremental is still being set to true, speeds up CI | |
CARGO_INCREMENTAL: 0 | |
# Custom nix binary cache if fork is being used | |
ATTIC_ENDPOINT: ${{ vars.ATTIC_ENDPOINT }} | |
ATTIC_PUBLIC_KEY: ${{ vars.ATTIC_PUBLIC_KEY }} | |
# Use the all-features devshell instead of default, to ensure that features | |
# match between nix and cargo | |
DIRENV_DEVSHELL: all-features | |
# Get error output from nix that we can actually use | |
NIX_CONFIG: show-trace = true | |
permissions: | |
packages: write | |
contents: read | |
jobs: | |
tests: | |
name: Test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Sync repository | |
uses: actions/checkout@v4 | |
- name: Tag comparison check | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: | | |
# Tag mismatch with latest repo tag check to prevent potential downgrades | |
LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`) | |
if [ $LATEST_TAG != ${{ github.ref_name }} ]; then | |
echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' | |
echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' >> $GITHUB_STEP_SUMMARY | |
exit 1 | |
fi | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@main | |
- name: Enable Cachix binary cache | |
run: | | |
nix profile install nixpkgs#cachix | |
cachix use crane | |
cachix use nix-community | |
- name: Configure Magic Nix Cache | |
uses: DeterminateSystems/magic-nix-cache-action@main | |
- name: Apply Nix binary cache configuration | |
run: | | |
sudo tee -a /etc/nix/nix.conf > /dev/null <<EOF | |
extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit https://cache.lix.systems | |
extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= | |
EOF | |
- name: Use alternative Nix binary caches if specified | |
if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }} | |
run: | | |
sudo tee -a /etc/nix/nix.conf > /dev/null <<EOF | |
extra-substituters = ${{ env.ATTIC_ENDPOINT }} | |
extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }} | |
EOF | |
- name: Prepare build environment | |
run: | | |
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc" | |
nix profile install --impure --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv | |
direnv allow | |
nix develop .#all-features --command true | |
- name: Cache CI dependencies | |
run: | | |
bin/nix-build-and-cache ci | |
- name: Run CI tests | |
run: | | |
direnv exec . engage > >(tee -a test_output.log) | |
- name: Sync Complement repository | |
uses: actions/checkout@v4 | |
with: | |
repository: 'matrix-org/complement' | |
path: complement_src | |
- name: Run Complement tests | |
run: | | |
direnv exec . bin/complement 'complement_src' 'complement_test_logs.jsonl' 'complement_test_results.jsonl' | |
cp -v -f result complement_oci_image.tar.gz | |
- name: Upload Complement OCI image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: complement_oci_image.tar.gz | |
path: complement_oci_image.tar.gz | |
if-no-files-found: error | |
- name: Upload Complement logs | |
uses: actions/upload-artifact@v4 | |
with: | |
name: complement_test_logs.jsonl | |
path: complement_test_logs.jsonl | |
if-no-files-found: error | |
- name: Upload Complement results | |
uses: actions/upload-artifact@v4 | |
with: | |
name: complement_test_results.jsonl | |
path: complement_test_results.jsonl | |
if-no-files-found: error | |
- name: Diff Complement results with checked-in repo results | |
run: | | |
diff -u --color=always tests/test_results/complement/test_results.jsonl complement_test_results.jsonl > >(tee -a complement_test_output.log) | |
- name: Add Complement diff result to Job Summary | |
run: | | |
echo '# Complement diff results' >> $GITHUB_STEP_SUMMARY | |
echo '```diff' >> $GITHUB_STEP_SUMMARY | |
tail -n 100 complement_test_output.log | sed 's/\x1b\[[0-9;]*m//g' >> $GITHUB_STEP_SUMMARY | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
- name: Update Job Summary | |
if: success() || failure() | |
run: | | |
if [ ${{ job.status }} == 'success' ]; then | |
echo '# ✅ completed suwuccessfully' >> $GITHUB_STEP_SUMMARY | |
else | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
tail -n 20 test_output.log | sed 's/\x1b\[[0-9;]*m//g' >> $GITHUB_STEP_SUMMARY | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
fi | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
needs: tests | |
if: github.event.pull_request.draft != true | |
strategy: | |
matrix: | |
include: | |
- target: aarch64-unknown-linux-musl | |
- target: x86_64-unknown-linux-musl | |
steps: | |
- name: Sync repository | |
uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@main | |
- name: Install and enable Cachix binary cache | |
run: | | |
nix profile install nixpkgs#cachix | |
cachix use crane | |
cachix use nix-community | |
- name: Configure Magic Nix Cache | |
uses: DeterminateSystems/magic-nix-cache-action@main | |
- name: Apply Nix binary cache configuration | |
run: | | |
sudo tee -a /etc/nix/nix.conf > /dev/null <<EOF | |
extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit https://cache.lix.systems | |
extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= | |
EOF | |
- name: Use alternative Nix binary caches if specified | |
if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }} | |
run: | | |
sudo tee -a /etc/nix/nix.conf > /dev/null <<EOF | |
extra-substituters = ${{ env.ATTIC_ENDPOINT }} | |
extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }} | |
EOF | |
- name: Prepare build environment | |
run: | | |
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc" | |
nix profile install --impure --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv | |
direnv allow | |
nix develop .#all-features --command true | |
- name: Build static ${{ matrix.target }} | |
run: | | |
CARGO_DEB_TARGET_TUPLE=$(echo ${{ matrix.target }} | grep -o -E '^([^-]*-){3}[^-]*') | |
bin/nix-build-and-cache just .#static-${{ matrix.target }} | |
mkdir -v -p target/release/ | |
mkdir -v -p target/$CARGO_DEB_TARGET_TUPLE/release/ | |
cp -v -f result/bin/conduit target/release/conduwuit | |
cp -v -f result/bin/conduit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit | |
# -p conduit is the main crate name | |
direnv exec . cargo deb --verbose --no-build --no-strip -p conduit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/${{ matrix.target }}.deb | |
mv -v target/release/conduwuit static-${{ matrix.target }} | |
mv -v target/release/${{ matrix.target }}.deb ${{ matrix.target }}.deb | |
- name: Upload static-${{ matrix.target }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: static-${{ matrix.target }} | |
path: static-${{ matrix.target }} | |
if-no-files-found: error | |
- name: Upload deb ${{ matrix.target }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: deb-${{ matrix.target }} | |
path: ${{ matrix.target }}.deb | |
if-no-files-found: error | |
compression-level: 0 | |
- name: Build OCI image ${{ matrix.target }} | |
run: | | |
bin/nix-build-and-cache just .#oci-image-${{ matrix.target }} | |
cp -v -f result oci-image-${{ matrix.target }}.tar.gz | |
- name: Upload OCI image ${{ matrix.target }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: oci-image-${{ matrix.target }} | |
path: oci-image-${{ matrix.target }}.tar.gz | |
if-no-files-found: error | |
compression-level: 0 | |
docker: | |
name: Docker publish | |
runs-on: ubuntu-latest | |
needs: build | |
if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') | |
env: | |
DOCKER_ARM64: docker.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-arm64v8 | |
DOCKER_AMD64: docker.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-amd64 | |
DOCKER_TAG: docker.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }} | |
DOCKER_BRANCH: docker.io/${{ github.repository }}:${{ (startsWith(github.ref, 'refs/tags/v') && 'latest') || (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }} | |
GHCR_ARM64: ghcr.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-arm64v8 | |
GHCR_AMD64: ghcr.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-amd64 | |
GHCR_TAG: ghcr.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }} | |
GHCR_BRANCH: ghcr.io/${{ github.repository }}:${{ (startsWith(github.ref, 'refs/tags/v') && 'latest') || (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }} | |
GLCR_ARM64: registry.gitlab.com/conduwuit/conduwuit:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-arm64v8 | |
GLCR_AMD64: registry.gitlab.com/conduwuit/conduwuit:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-amd64 | |
GLCR_TAG: registry.gitlab.com/conduwuit/conduwuit:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }} | |
GLCR_BRANCH: registry.gitlab.com/conduwuit/conduwuit:${{ (startsWith(github.ref, 'refs/tags/v') && 'latest') || (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }} | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login to Docker Hub | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
uses: docker/login-action@v3 | |
with: | |
registry: docker.io | |
username: ${{ vars.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to GitLab Container Registry | |
if: ${{ (vars.GITLAB_USERNAME != '') && (env.GITLAB_TOKEN != '') }} | |
uses: docker/login-action@v3 | |
with: | |
registry: registry.gitlab.com | |
username: ${{ vars.GITLAB_USERNAME }} | |
password: ${{ secrets.GITLAB_TOKEN }} | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
- name: Move OCI images into position | |
run: | | |
mv -v oci-image-x86_64-*/*.tar.gz oci-image-amd64.tar.gz | |
mv -v oci-image-aarch64-*/*.tar.gz oci-image-arm64v8.tar.gz | |
- name: Load and push amd64 image | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
docker load -i oci-image-amd64.tar.gz | |
docker tag $(docker images -q conduit:main) ${{ env.DOCKER_AMD64 }} | |
docker tag $(docker images -q conduit:main) ${{ env.GHCR_AMD64 }} | |
docker tag $(docker images -q conduit:main) ${{ env.GLCR_AMD64 }} | |
docker push ${{ env.DOCKER_AMD64 }} | |
docker push ${{ env.GHCR_AMD64 }} | |
docker push ${{ env.GLCR_AMD64 }} | |
- name: Load and push arm64 image | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
docker load -i oci-image-arm64v8.tar.gz | |
docker tag $(docker images -q conduit:main) ${{ env.DOCKER_ARM64 }} | |
docker tag $(docker images -q conduit:main) ${{ env.GHCR_ARM64 }} | |
docker tag $(docker images -q conduit:main) ${{ env.GLCR_ARM64 }} | |
docker push ${{ env.DOCKER_ARM64 }} | |
docker push ${{ env.GHCR_ARM64 }} | |
docker push ${{ env.GLCR_ARM64 }} | |
- name: Create Docker combined manifests | |
run: | | |
# Dockerhub Container Registry | |
docker manifest create ${{ env.DOCKER_TAG }} --amend ${{ env.DOCKER_ARM64 }} --amend ${{ env.DOCKER_AMD64 }} | |
docker manifest create ${{ env.DOCKER_BRANCH }} --amend ${{ env.DOCKER_ARM64 }} --amend ${{ env.DOCKER_AMD64 }} | |
# GitHub Container Registry | |
docker manifest create ${{ env.GHCR_TAG }} --amend ${{ env.GHCR_ARM64 }} --amend ${{ env.GHCR_AMD64 }} | |
docker manifest create ${{ env.GHCR_BRANCH }} --amend ${{ env.GHCR_ARM64 }} --amend ${{ env.GHCR_AMD64 }} | |
# GitLab Container Registry | |
docker manifest create ${{ env.GLCR_TAG }} --amend ${{ env.GLCR_ARM64 }} --amend ${{ env.GCCR_AMD64 }} | |
docker manifest create ${{ env.GLCR_BRANCH }} --amend ${{ env.GLCR_ARM64 }} --amend ${{ env.GLCR_AMD64 }} | |
- name: Push manifests to Docker registries | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
docker manifest push ${{ env.DOCKER_TAG }} | |
docker manifest push ${{ env.DOCKER_BRANCH }} | |
docker manifest push ${{ env.GHCR_TAG }} | |
docker manifest push ${{ env.GHCR_BRANCH }} | |
docker manifest push ${{ env.GLCR_TAG }} | |
docker manifest push ${{ env.GLCR_BRANCH }} | |
- name: Add Image Links to Job Summary | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
echo "- \`docker pull ${{ env.DOCKER_TAG }}\`" >> $GITHUB_STEP_SUMMARY | |
echo "- \`docker pull ${{ env.GHCR_TAG }}\`" >> $GITHUB_STEP_SUMMARY | |
echo "- \`docker pull ${{ env.GLCR_TAG }}\`" >> $GITHUB_STEP_SUMMARY |