ci: Build the ubuntu-aarch64 binary with new ARM runners #676
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - v[0-9]+ | |
| tags: | |
| - devel | |
| - v* | |
| concurrency: | |
| # Terminate all previous runs of the same workflow for the same tag, but never | |
| # cancel for the main / release branch pipelines. | |
| group: ci-${{ (github.ref_type == 'tag' && github.ref) || github.run_id }} | |
| # TODO: Enable this once https://github.com/orgs/community/discussions/13015 is solved | |
| cancel-in-progress: false | |
| jobs: | |
| check: | |
| name: Check | |
| if: startsWith(github.ref, 'refs/heads/') | |
| uses: ./.github/workflows/check.yaml | |
| secrets: | |
| CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| docs: | |
| name: Docs | |
| if: startsWith(github.ref, 'refs/heads/') | |
| uses: ./.github/workflows/docs.yaml | |
| secrets: | |
| CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| test: | |
| name: Test | |
| if: startsWith(github.ref, 'refs/heads/') | |
| uses: ./.github/workflows/test.yaml | |
| secrets: | |
| CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| build: | |
| name: Build | |
| uses: ./.github/workflows/build.yaml | |
| secrets: | |
| CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| tag: | |
| name: Release / Tag | |
| concurrency: | |
| # Never tag outdated commits on the main branch by skipping superseded commits | |
| group: ci-tag-${{ (github.ref == 'refs/heads/main' && github.ref) || github.run_id }} | |
| # TODO: Enable this once https://github.com/orgs/community/discussions/13015 is solved | |
| cancel-in-progress: false | |
| if: | | |
| vars.RELEASE_ENABLED && | |
| startsWith(github.ref, 'refs/heads/') | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - docs | |
| - test | |
| - build | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| ssh-key: ${{ secrets.POSTGREST_SSH_KEY }} | |
| - name: Tag latest commit | |
| run: | | |
| cabal_version="$(grep -oP '^version:\s*\K.*' postgrest.cabal)" | |
| if [[ "$cabal_version" == *.*.* ]]; then | |
| git fetch --tags | |
| if [ -z "$(git tag --list "v$cabal_version")" ]; then | |
| git tag "v$cabal_version" | |
| git push origin "v$cabal_version" | |
| fi | |
| else | |
| git tag -f "devel" | |
| git push -f origin "devel" | |
| fi | |
| prepare: | |
| name: Release / Prepare | |
| if: | | |
| startsWith(github.ref, 'refs/tags/') | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - build | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Check the version to be released | |
| run: | | |
| cabal_version="$(grep -oP '^version:\s*\K.*' postgrest.cabal)" | |
| if [ "${GITHUB_REF_NAME}" != "devel" ] && [ "${GITHUB_REF_NAME}" != "v$cabal_version" ]; then | |
| echo "Tagged version ($GITHUB_REF_NAME) does not match the one in postgrest.cabal (v$cabal_version). Aborting release..." | |
| exit 1 | |
| fi | |
| - name: Identify changes from CHANGELOG.md | |
| run: | | |
| if [ "${GITHUB_REF_NAME}" == "devel" ]; then | |
| echo "Getting unreleased changes..." | |
| sed -n "1,/## Unreleased/d;/## \[/q;p" CHANGELOG.md > CHANGES.md | |
| else | |
| version="$(grep -oP '^version:\s*\K.*' postgrest.cabal)" | |
| echo "Propper release, getting changes for version $version ..." | |
| sed -n "1,/## \[$version\]/d;/## \[/q;p" CHANGELOG.md > CHANGES.md | |
| fi | |
| echo "Relevant extract from CHANGELOG.md:" | |
| cat CHANGES.md | |
| - name: Save CHANGES.md as artifact | |
| uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
| with: | |
| name: release-changes | |
| path: CHANGES.md | |
| if-no-files-found: error | |
| github: | |
| name: Release / GitHub | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - prepare | |
| if: success() || needs.prepare.result == 'success' | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| path: artifacts | |
| - name: Create release bundle with archives for all builds | |
| run: | | |
| find artifacts -type f -iname postgrest -exec chmod +x {} \; | |
| mkdir -p release-bundle | |
| tar cJvf "release-bundle/postgrest-${GITHUB_REF_NAME}-linux-static-x86-64.tar.xz" \ | |
| -C artifacts/postgrest-linux-static-x86-64 postgrest | |
| tar cJvf "release-bundle/postgrest-${GITHUB_REF_NAME}-macos-aarch64.tar.xz" \ | |
| -C artifacts/postgrest-macos-aarch64 postgrest | |
| tar cJvf "release-bundle/postgrest-${GITHUB_REF_NAME}-freebsd-x86-64.tar.xz" \ | |
| -C artifacts/postgrest-freebsd-x86-64 postgrest | |
| tar cJvf "release-bundle/postgrest-${GITHUB_REF_NAME}-ubuntu-aarch64.tar.xz" \ | |
| -C artifacts/postgrest-ubuntu-aarch64 postgrest | |
| zip --junk-paths "release-bundle/postgrest-${GITHUB_REF_NAME}-windows-x86-64.zip" \ | |
| artifacts/postgrest-windows-x86-64/postgrest.exe | |
| - name: Save release bundle | |
| uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
| with: | |
| name: release-bundle | |
| path: release-bundle | |
| if-no-files-found: error | |
| - name: Publish release on GitHub | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| echo "Releasing version ${GITHUB_REF_NAME} on GitHub..." | |
| if [ "${GITHUB_REF_NAME}" == "devel" ]; then | |
| # To replace the existing release, we must first delete the old assets, | |
| # then modify the release, then add the new assets. | |
| gh release view devel --json assets \ | |
| | jq -r '.assets[] | .name' \ | |
| | xargs -rn1 \ | |
| gh release delete-asset -y devel | |
| gh release edit devel \ | |
| -t devel \ | |
| --verify-tag \ | |
| -F artifacts/release-changes/CHANGES.md \ | |
| --prerelease | |
| gh release upload --clobber devel release-bundle/* | |
| else | |
| gh release create "${GITHUB_REF_NAME}" \ | |
| -t "${GITHUB_REF_NAME}" \ | |
| --verify-tag \ | |
| -F artifacts/release-changes/CHANGES.md \ | |
| release-bundle/* | |
| fi | |
| docker: | |
| name: Release / Docker Hub | |
| runs-on: ubuntu-24.04-arm | |
| needs: | |
| - prepare | |
| if: | | |
| vars.DOCKER_REPO && vars.DOCKER_USER | |
| env: | |
| DOCKER_REPO: ${{ vars.DOCKER_REPO }} | |
| DOCKER_USER: ${{ vars.DOCKER_USER }} | |
| DOCKER_PASS: ${{ secrets.DOCKER_PASS }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Login on Dockerhub | |
| run: docker login -u "$DOCKER_USER" -p "$DOCKER_PASS" | |
| - name: Download x86-64 Docker image | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: postgrest-docker-x86-64 | |
| - name: Download aarch64 binary | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: postgrest-ubuntu-aarch64 | |
| - name: Build aarch64 Docker image | |
| run: | | |
| # This only pushes the image via digest, not a tag. This will not appear | |
| # in the image list on Docker Hub, yet. It will be later added to the main | |
| # tag's manifest. | |
| docker buildx build \ | |
| -t "$DOCKER_REPO/postgrest:arm" \ | |
| --platform linux/arm64 \ | |
| --output push-by-digest=true,type=image,push=true \ | |
| . | |
| echo "SHA256_ARM=$(docker images --no-trunc --quiet "$DOCKER_REPO/postgrest:arm")" >> "$GITHUB_ENV" | |
| - name: Publish images on Docker Hub | |
| run: | | |
| docker load -i postgrest-docker.tar.gz | |
| docker tag postgrest:latest "$DOCKER_REPO/postgrest:${GITHUB_REF_NAME}" | |
| docker push "$DOCKER_REPO/postgrest:${GITHUB_REF_NAME}" | |
| docker buildx imagetools create --append \ | |
| -t "$DOCKER_REPO/postgrest:${GITHUB_REF_NAME}" \ | |
| "$DOCKER_REPO/postgrest@$SHA256_ARM" | |
| # Only tag 'latest' for full releases | |
| if [ "${GITHUB_REF_NAME}" != "devel" ]; then | |
| echo "Pushing to 'latest' tag for full release of ${GITHUB_REF_NAME} ..." | |
| docker tag postgrest:latest "$DOCKER_REPO"/postgrest:latest | |
| docker push "$DOCKER_REPO"/postgrest:latest | |
| docker buildx imagetools create --append \ | |
| -t "$DOCKER_REPO/postgrest:latest" \ | |
| "$DOCKER_REPO/postgrest@$SHA256_ARM" | |
| else | |
| echo "Skipping push to 'latest' tag for pre-release..." | |
| fi | |
| docker-description: | |
| name: Release / Docker Hub Description | |
| runs-on: ubuntu-24.04 | |
| if: | | |
| vars.DOCKER_REPO && vars.DOCKER_USER && | |
| github.ref == 'refs/tags/devel' | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0 | |
| with: | |
| username: ${{ vars.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_PASS }} | |
| repository: ${{ vars.DOCKER_REPO }}/postgrest | |
| short-description: ${{ github.event.repository.description }} | |
| readme-filepath: ./docker-hub-readme.md |