ci: run on merge to main, also build docker

NexusSocial · Oct 6, 2024 · 5327d07 · 5327d07
1 parent 3e40940
commit 5327d07
Show file tree

Hide file tree

Showing 5 changed files with 281 additions and 148 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,54 +1,49 @@
-name: CI
+name: CI/CD
 on:
+  workflow_call:
   push:
     branches:
       - main
   pull_request:
   workflow_dispatch:
 
-jobs:
-  fmt:
-    name: Check Formatting
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - name: Cache cargo dependencies
-        uses: Swatinem/rust-cache@v2
-
-      - name: Check formatting
-        run: cargo fmt --check --all
-
-  check:
-    name: Lint and Build
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - name: Cache cargo dependencies
-        uses: Swatinem/rust-cache@v2
+env:
+  CI_IS_DEFAULT_BRANCH: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+  CI_IS_TAG: ${{ startsWith(github.ref, 'refs/tags/') }}
 
-      - name: Clippy lints
-        run: cargo clippy --all --all-features --all-targets --no-deps -- -D warnings
+# https://stackoverflow.com/a/72408109
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
 
-      - name: Cargo Doc
-        run: RUSTDOCFLAGS="-D warnings" cargo doc --all --all-features --no-deps --document-private-items
-
-  test:
-    name: Run Tests on all platforms
-    strategy:
-      matrix:
-        runs-on: ["ubuntu-24.04", "windows-2022", "macos-14"]
-    runs-on: ${{ matrix.runs-on }}
+jobs:
+  check-inputs:
+    runs-on: ubuntu-24.04
+    outputs:
+      CI_CARGO_PROFILE: ${{ steps.set-profile.outputs.CI_CARGO_PROFILE }}
     steps:
-      - uses: actions/checkout@v4
-      - name: Cache cargo dependencies
-        uses: Swatinem/rust-cache@v2
+      - name: Set CI_CARGO_PROFILE
+        id: set-profile
+        run: |
+          if [[ ${CI_IS_DEFAULT_BRANCH} == 'true' ]]; then
+            CI_CARGO_PROFILE="artifact" >> $GITHUB_OUTPUT
+          else
+            CI_CARGO_PROFILE="artifact-dev" >> $GITHUB_OUTPUT
+          fi
+          echo "CI_CARGO_PROFILE=${CI_CARGO_PROFILE}" >> $GITHUB_OUTPUT
+          echo "CI_CARGO_PROFILE=${CI_CARGO_PROFILE}"
+
+
+  rust:
+    needs: check-inputs
+    uses: ./.github/workflows/rust.yaml
+    with:
+      cargo-profile: ${{ needs.check-inputs.outputs.CI_CARGO_PROFILE }}
+
+  container:
+    needs: rust
+    uses: ./.github/workflows/container.yaml
+    with:
+      push: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+      additional-tags: ${{ (github.ref == format('refs/heads/{0}', github.event.repository.default_branch)) && 'latest' || '' }}
 
-      - name: Test
-        run: cargo test --all --all-features --all-targets
-
-  deny:
-    name: Run cargo deny
-    runs-on: ubuntu-22.04
-    steps:
-    - uses: actions/checkout@v4
-    - uses: EmbarkStudios/cargo-deny-action@v1
diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml
@@ -0,0 +1,53 @@
+name: Build Containers
+on:
+  workflow_call:
+    inputs:
+      additional-tags:
+        type: string
+      push:
+        required: true
+        type: bool
+
+# See https://stackoverflow.com/questions/66335225/how-to-cancel-previous-runs-in-the-pr-when-you-push-new-commitsupdate-the-curre
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: Build Container
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/[email protected]
+      - name: Download Rust Artifacts
+        uses: actions/[email protected]
+        with:
+          name: rust
+          path: artifacts
+
+      - name: Build Image
+        id: build-image
+        uses: redhat-actions/[email protected]
+        with:
+          image: identity-server
+          tags: commit-${{ github.sha }} ${{ inputs.additional-tags }}
+          oci: true
+          containerfiles: |
+            ./identity-server/Dockerfile
+
+      - name: Get registry url
+        run: |
+          # Container registries don't support upper case letters
+          CI_REGISTRY_URL="ghcr.io/${GITHUB_REPOSITORY_OWNER@L}"
+          echo "CI_REGISTRY_URL=${CI_REGISTRY_URL}" >> "${GITHUB_ENV}"
+
+      - name: Push To Github Packages
+        if: ${{ inputs.push }}
+        uses: redhat-actions/[email protected]
+        with:
+          image: ${{ steps.build-image.outputs.image }}
+          tags: ${{ steps.build-image.outputs.tags }}
+          registry: ${{ env.CI_REGISTRY_URL }}
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+          extra-args: --disable-content-trust     
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml