Merge pull request #101 from junkurihara/develop

0.6.2
junkurihara · Oct 12, 2023 · 9340679 · 9340679
2 parents 4783446 + 85beedc
commit 9340679
Show file tree

Hide file tree

Showing 14 changed files with 278 additions and 92 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,23 +5,28 @@ version: 2
 updates:
   # Enable version updates for cargo
   - package-ecosystem: "cargo"
-    # Look for `Cargo.toml` and `lock` files in the `root` directory
     directory: "/"
-    # Check the crates.io for updates every day (weekdays)
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "cargo"
+    directory: "/rpxy-bin"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "cargo"
+    directory: "/rpxy-lib"
     schedule:
       interval: "daily"
 
   # Enable version updates for Docker
   - package-ecosystem: "docker"
-    # Look for a `Dockerfile` in the `root` directory
-    directory: "/"
-    # Check for updates everyday
+    directory: "/docker"
     schedule:
       interval: "daily"
 
   # Enable version updates for GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      # Check for updates everyday
       interval: "daily"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -2,22 +2,20 @@ name: Unit Test
 
 on:
   push:
-    branches: [ main, develop ]
   pull_request:
-    branches: [ main, develop ]
+    types: [synchronize, opened]
 
 env:
   CARGO_TERM_COLOR: always
 
 jobs:
   test:
-
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
-      with:
-        submodules: recursive
-    - name: Run unit tests
-      run: |
-        cargo test --verbose
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: Run unit tests
+        run: |
+          cargo test --verbose
diff --git a/.github/workflows/docker_build_push.yml b/.github/workflows/docker_build_push.yml
@@ -1,11 +1,11 @@
-name: Build and Publish Docker
+name: Build and publish docker
 on:
   push:
     branches:
       - "develop"
       - "main"
-  pull_request:
-    types: [synchronize, opened]
+    tags:
+      - "*.*.*"
 
 env:
   GHCR: ghcr.io
@@ -51,6 +51,43 @@ jobs:
               jqtype/rpxy:s2n
               ghcr.io/junkurihara/rust-rpxy:s2n
 
+          - target: "native-roots"
+            dockerfile: ./docker/Dockerfile
+            platforms: linux/amd64,linux/arm64
+            build-args: |
+              "CARGO_FEATURES=--no-default-features --features=http3-quinn,cache,native-roots"
+            tags-suffix: "-native-roots"
+            # Aliases must be used only for release builds
+            aliases: |
+              jqtype/rpxy:native-roots
+              ghcr.io/junkurihara/rust-rpxy:native-roots
+
+          - target: "slim-native-roots"
+            dockerfile: ./docker/Dockerfile-slim
+            build-args: |
+              "CARGO_FEATURES=--no-default-features --features=http3-quinn,cache,native-roots"
+            build-contexts: |
+              messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl
+              messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl
+            platforms: linux/amd64,linux/arm64
+            tags-suffix: "-slim-native-roots"
+            # Aliases must be used only for release builds
+            aliases: |
+              jqtype/rpxy:slim-native-roots
+              ghcr.io/junkurihara/rust-rpxy:slim-native-roots
+
+          - target: "s2n-native-roots"
+            dockerfile: ./docker/Dockerfile
+            build-args: |
+              "CARGO_FEATURES=--no-default-features --features=http3-s2n,cache,native-roots"
+              "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++"
+            platforms: linux/amd64,linux/arm64
+            tags-suffix: "-s2n-native-roots"
+            # Aliases must be used only for release builds
+            aliases: |
+              jqtype/rpxy:s2n-native-roots
+              ghcr.io/junkurihara/rust-rpxy:s2n-native-roots
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -59,46 +96,46 @@ jobs:
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.GHCR }}/${{ env.GHCR_IMAGE_NAME }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.GHCR }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Nightly build test on amd64 for pull requests
-        if: ${{ github.event_name == 'pull_request' }}
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          build-args: ${{ matrix.build-args }}
-          push: false
-          build-contexts: ${{ matrix.build-contexts }}
-          file: ${{ matrix.dockerfile }}
-          cache-from: type=gha,scope=rpxy-nightly-${{ matrix.target }}
-          cache-to: type=gha,mode=max,scope=rpxy-nightly-${{ matrix.target }}
-          platforms: linux/amd64
-          labels: ${{ steps.meta.outputs.labels }}
+      # - name: Nightly build test on amd64 for pull requests
+      #   if: ${{ github.event_name == 'pull_request' }}
+      #   uses: docker/build-push-action@v5
+      #   with:
+      #     context: .
+      #     build-args: ${{ matrix.build-args }}
+      #     push: false
+      #     build-contexts: ${{ matrix.build-contexts }}
+      #     file: ${{ matrix.dockerfile }}
+      #     cache-from: type=gha,scope=rpxy-nightly-${{ matrix.target }}
+      #     cache-to: type=gha,mode=max,scope=rpxy-nightly-${{ matrix.target }}
+      #     platforms: linux/amd64
+      #     labels: ${{ steps.meta.outputs.labels }}
 
       - name: Nightly build and push from develop branch
         if: ${{ (github.ref_name == 'develop') && (github.event_name == 'push') }}
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           build-args: ${{ matrix.build-args }}
@@ -115,7 +152,7 @@ jobs:
 
       - name: Release build and push from main branch
         if: ${{ (github.ref_name == 'main') && (github.event_name == 'push') }}
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           build-args: ${{ matrix.build-args }}

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,128 @@
+name: Extract executable binary, upload artifacts, create release
+on:
+  workflow_run:
+    workflows:
+      - "Build and publish docker"
+    types:
+      - "completed"
+
+jobs:
+  on-success:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - target: "gnu"
+            platform: linux/amd64
+
+          - target: "gnu"
+            platform: linux/arm64
+
+          - target: "musl"
+            platform: linux/amd64
+            tags-suffix: "-slim"
+
+          - target: "musl"
+            platform: linux/arm64
+            tags-suffix: "-slim"
+
+          - target: "gnu"
+            build-feature: "-s2n"
+            platform: linux/amd64
+            tags-suffix: "-s2n"
+
+          - target: "gnu"
+            build-feature: "-s2n"
+            platform: linux/arm64
+            tags-suffix: "-s2n"
+
+          - target: "gnu"
+            build-feature: "-native-roots"
+            platform: linux/amd64
+            tags-suffix: "-native-roots"
+
+          - target: "gnu"
+            build-feature: "-native-roots"
+            platform: linux/arm64
+            tags-suffix: "-native-roots"
+
+          - target: "musl"
+            build-feature: "-native-roots"
+            platform: linux/amd64
+            tags-suffix: "-slim-native-roots"
+
+          - target: "musl"
+            build-feature: "-native-roots"
+            platform: linux/arm64
+            tags-suffix: "-slim-native-roots"
+
+          - target: "gnu"
+            build-feature: "-s2n-native-roots"
+            platform: linux/amd64
+            tags-suffix: "-s2n-native-roots"
+
+          - target: "gnu"
+            build-feature: "-s2n-native-roots"
+            platform: linux/arm64
+            tags-suffix: "-s2n-native-roots"
+
+    steps:
+      - run: "echo 'The relese triggering workflows passed'"
+      - name: "set env"
+        run: |
+          if [ ${{ matrix.platform }} = "linux/amd64" ];then PLATFORM_MAP="x86_64";else PLATFORM_MAP="aarch64";fi
+          if [ ${{ github.ref_name == 'develop' }} ];then BUILD_NAME="rpxy-nightly";else BUILD_NAME="rpxy";fi
+          echo "PLATFORM_MAP=${PLATFORM_MAP}" >> $GITHUB_ENV
+          echo "TARGET_NAME=${BUILD_NAME}-${PLATFORM_MAP}-unknown-linux-${{ matrix.target }}${{ matrix.build-feature }}" >> $GITHUB_ENV
+
+      - name: "docker pull and extract binary from docker image"
+        id: "extract-binary"
+        run: |
+          CONTAINER_ID=`docker create --platform=${{ matrix.platform }} ghcr.io/junkurihara/rust-rpxy:nightly${{ matrix.tags-suffix }}`
+          docker cp ${CONTAINER_ID}:/rpxy/bin/rpxy /tmp/${TARGET_NAME}
+          cd /tmp
+          echo "artifact=${TARGET_NAME}" >> $GITHUB_OUTPUT
+
+      - name: "upload artifacts"
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ steps.extract-binary.outputs.artifact }}
+          path: "/tmp/${{ steps.extract-binary.outputs.artifact }}"
+
+  on-failure:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'failure' }}
+    steps:
+      - run: echo 'The release triggering workflows failed'
+
+  release:
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/')
+    needs: on-success
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+
+      - name: download artifacts
+        uses: actions/download-artifact@v3
+        with:
+          path: /tmp/rpxy
+
+      - name: make tar.gz of assets
+        run: |
+          mkdir /tmp/assets
+          cd /tmp/rpxy
+          for i in ./*; do sh -c "cd $i && tar zcvf $i.tar.gz $i && mv $i.tar.gz /tmp/assets/"; done
+          ls -lha /tmp/assets
+
+      - name: release
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          files: /tmp/assets/*.tar.gz
+          tag_name: ${{ github.ref }}
+          draft: true
+          prerelease: false
+          generate_release_notes: true
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,14 @@
 
 ## 0.7.0  (unreleased)
 
+## 0.6.2
+
+### Improvement
+
+- Feat: Add a build feature of `native-roots` to use the system's default root cert store.
+- Feat: Add binary release in addition to container release
+- Refactor: lots of minor improvements
+
 ## 0.6.1
 
 ### Bugfix

diff --git a/docker/Dockerfile-slim b/docker/Dockerfile-slim
@@ -4,6 +4,8 @@ FROM --platform=$BUILDPLATFORM messense/rust-musl-cross:${TARGETARCH}-musl AS bu
 LABEL maintainer="Jun Kurihara"
 
 ARG TARGETARCH
+ARG CARGO_FEATURES
+ENV CARGO_FEATURES ${CARGO_FEATURES}
 
 RUN if [ $TARGETARCH = "amd64" ]; then \
   echo "x86_64" > /arch; \
@@ -23,7 +25,7 @@ COPY . /tmp/
 ENV RUSTFLAGS "-C link-arg=-s"
 
 RUN echo "Building rpxy from source" && \
-  cargo build --release --target $(cat /arch)-unknown-linux-musl && \
+  cargo build --release --target $(cat /arch)-unknown-linux-musl ${CARGO_FEATURES} && \
   musl-strip --strip-all /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy && \
   cp /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy /tmp/target/release/rpxy
 

diff --git a/docker/docker-compose-slim.yml b/docker/docker-compose-slim.yml
@@ -9,15 +9,17 @@ services:
       - 127.0.0.1:8080:8080/tcp
       - 127.0.0.1:8443:8443/udp
       - 127.0.0.1:8443:8443/tcp
-    # build: # Uncomment if you build yourself
-    #   context: ../
-    #   additional_contexts:
-    #     - messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl
-    #     - messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl
-    #   dockerfile: ./docker/Dockerfile-slim # based on alpine and build x86_64-unknown-linux-musl
-    #   platforms: # Choose your platforms
-    #     - "linux/amd64"
-    #     # - "linux/arm64"
+    build: # Uncomment if you build yourself
+      context: ../
+      additional_contexts:
+        - messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl
+        - messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl
+      # args: # Uncomment when build with native cert store
+      #   - "CARGO_FEATURES=--no-default-features --features=http3-quinn,native-roots"
+      dockerfile: ./docker/Dockerfile-slim # based on alpine and build x86_64-unknown-linux-musl
+      platforms: # Choose your platforms
+        # - "linux/amd64"
+        - "linux/arm64"
     environment:
       - LOG_LEVEL=debug
       - LOG_TO_FILE=true