Skip to content

Release

Release #523

Workflow file for this run

name: Release
on:
push:
tags:
- "*.*.*"
# Running from workflow dispatch (AKA manual) will not publish anything.
# This is intended for testing changes to this flow.
workflow_dispatch:
jobs:
build_binaries_aarch64-unknown-linux-gnu:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
rustflags: ""
- uses: taiki-e/install-action@v2
with:
tool: cross
# building layer and cli together leads to weird situation where embedded layer is x64, so split.
- name: build mirrord-layer
run: RUSTFLAGS="$RUSTFLAGS -A dead_code" cross build --release -p mirrord-layer --target=aarch64-unknown-linux-gnu
- name: build mirrord cli
env:
MIRRORD_LAYER_FILE: ../../../target/aarch64-unknown-linux-gnu/release/libmirrord_layer.so
run: RUSTFLAGS="$RUSTFLAGS -A dead_code" cross build --release -p mirrord --target=aarch64-unknown-linux-gnu
- uses: actions/upload-artifact@v4
with:
name: aarch64-unknown-linux-gnu
path: |
target/aarch64-unknown-linux-gnu/release/mirrord
target/aarch64-unknown-linux-gnu/release/libmirrord_layer.so
if-no-files-found: error
build_binaries_x86_64-unknown-linux-gnu:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
rustflags: ""
- uses: taiki-e/install-action@v2
with:
tool: cross
- name: build mirrord-layer and cli
run: cross build --release -p mirrord -p mirrord-layer --target=x86_64-unknown-linux-gnu
- uses: actions/upload-artifact@v4
with:
name: x86_64-unknown-linux-gnu
path: |
target/x86_64-unknown-linux-gnu/release/mirrord
target/x86_64-unknown-linux-gnu/release/libmirrord_layer.so
if-no-files-found: error
build_binaries_macos:
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- run: rm rust-toolchain.toml
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
target: x86_64-apple-darwin,aarch64-apple-darwin
toolchain: nightly-2024-10-11
rustflags: ""
- name: Import Code-Signing Certificates
uses: Apple-Actions/import-codesign-certs@v3
with:
# The certificates in a PKCS12 file encoded as a base64 string
p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
# The password used to import the PKCS12 file.
p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
- name: Install gon via HomeBrew for code signing and app notarization
run: |
brew tap mitchellh/gon
brew install mitchellh/gon/gon
# Instead of spoofing an arm64e by changing bits, we now use a code shim compiled as arm64e that loads the arm64 layer
- name: build mirrord-layer x86-64, arm and code shim
run: |
cargo +nightly-2024-10-11 build --release -p mirrord-layer --target=aarch64-apple-darwin
cargo +nightly-2024-10-11 build --release -p mirrord-layer --target=x86_64-apple-darwin
clang -arch arm64e -dynamiclib -o target/aarch64-apple-darwin/release/shim.dylib mirrord/layer/shim.c
- name: Sign layer binaries and code shim
env:
AC_USERNAME: ${{ secrets.APPLE_DEVELOPER }}
AC_PASSWORD: ${{ secrets.APPLE_DEVELOPER_PASSWORD }}
run: gon -log-level=debug -log-json .github/workflows/arch_dylib_sign.json
- name: create universal target dir
run: mkdir -p /tmp/target/universal-apple-darwin/release
- name: create universal dylib
run: lipo -create -output /tmp/target/universal-apple-darwin/release/libmirrord_layer.dylib target/aarch64-apple-darwin/release/shim.dylib target/aarch64-apple-darwin/release/libmirrord_layer.dylib target/x86_64-apple-darwin/release/libmirrord_layer.dylib
- name: Sign layer universal
env:
AC_USERNAME: ${{ secrets.APPLE_DEVELOPER }}
AC_PASSWORD: ${{ secrets.APPLE_DEVELOPER_PASSWORD }}
run: gon -log-level=debug -log-json .github/workflows/universal_dylib_sign.json
- name: build macOS arm cli with universal dylib
env:
MIRRORD_LAYER_FILE: /tmp/target/universal-apple-darwin/release/libmirrord_layer.dylib
MIRRORD_LAYER_FILE_MACOS_ARM64: ../../../target/aarch64-apple-darwin/release/libmirrord_layer.dylib
run: cargo +nightly-2024-10-11 build --release -p mirrord --target=aarch64-apple-darwin
- name: build macOS x86-64 cli with universal dylib
env:
MIRRORD_LAYER_FILE: /tmp/target/universal-apple-darwin/release/libmirrord_layer.dylib
run: cargo +nightly-2024-10-11 build --release -p mirrord --target=x86_64-apple-darwin
- name: Sign cli binaries
env:
AC_USERNAME: ${{ secrets.APPLE_DEVELOPER }}
AC_PASSWORD: ${{ secrets.APPLE_DEVELOPER_PASSWORD }}
run: gon -log-level=debug -log-json .github/workflows/arch_cli_sign.json
- name: create universal macOS cli
run: lipo -create -output /tmp/target/universal-apple-darwin/release/mirrord target/aarch64-apple-darwin/release/mirrord target/x86_64-apple-darwin/release/mirrord
- name: Sign universal cli
env:
AC_USERNAME: ${{ secrets.APPLE_DEVELOPER }}
AC_PASSWORD: ${{ secrets.APPLE_DEVELOPER_PASSWORD }}
run: gon -log-level=debug -log-json .github/workflows/universal_cli_sign.json
- name: adjust directory layout for upload
run: cp -rf /tmp/target .
- uses: actions/upload-artifact@v4
with:
name: universal-apple-darwin
path: |
target/universal-apple-darwin/release/mirrord
target/universal-apple-darwin/release/libmirrord_layer.dylib
if-no-files-found: error
release_docker_image:
runs-on: ubuntu-24.04
permissions:
packages: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
id: qemu
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get release version
run: |
echo "version=$(grep -m 1 version Cargo.toml | cut -d' ' -f3 | tr -d '\"')" >> $GITHUB_OUTPUT
id: version
- name: Build and push (test)
if: github.event_name == 'workflow_dispatch'
uses: docker/build-push-action@v6
with:
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: mirrord/agent/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
ghcr.io/metalbear-co/mirrord-staging:${{ github.sha }}
- name: Build and push (final/release)
if: github.event_name != 'workflow_dispatch'
uses: docker/build-push-action@v6
with:
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: mirrord/agent/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
ghcr.io/metalbear-co/mirrord:latest
ghcr.io/metalbear-co/mirrord:${{ steps.version.outputs.version }}
release_cli_docker_image:
runs-on: ubuntu-24.04
permissions:
packages: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
id: qemu
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get release version
run: |
echo "version=$(grep -m 1 version Cargo.toml | cut -d' ' -f3 | tr -d '\"')" >> $GITHUB_OUTPUT
id: version
- name: Build and push (test)
if: github.event_name == 'workflow_dispatch'
uses: docker/build-push-action@v6
with:
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: mirrord/cli/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
ghcr.io/metalbear-co/mirrord-cli-staging:${{ github.sha }}
- name: Build and push (final/release)
if: github.event_name != 'workflow_dispatch'
uses: docker/build-push-action@v6
with:
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: mirrord/cli/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
ghcr.io/metalbear-co/mirrord-cli:${{ steps.version.outputs.version }}
release_gh:
needs:
[
build_binaries_aarch64-unknown-linux-gnu,
build_binaries_x86_64-unknown-linux-gnu,
build_binaries_macos,
release_docker_image,
release_cli_docker_image,
]
runs-on: ubuntu-24.04
if: github.event_name != 'workflow_dispatch'
permissions:
packages: write
contents: write
deployments: write
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
path: /tmp/artifacts
pattern: +(*-unknown-linux-gnu|*-apple-darwin)
- uses: montudor/action-zip@v1
- name: Create mirrord linux-x64 zip file
run: |
zip mirrord_linux_x86_64.zip mirrord
shasum -a 256 mirrord_linux_x86_64.zip > mirrord_linux_x86_64.shasum256
working-directory: /tmp/artifacts/x86_64-unknown-linux-gnu
- name: Create mirrord linux-aarch64 zip file
run: |
zip mirrord_linux_aarch64.zip mirrord
shasum -a 256 mirrord_linux_aarch64.zip > mirrord_linux_aarch64.shasum256
working-directory: /tmp/artifacts/aarch64-unknown-linux-gnu
- name: Create mirrord macos zip file
run: |
zip mirrord_mac_universal.zip mirrord
shasum -a 256 mirrord_mac_universal.zip > mirrord_mac_universal.shasum256
working-directory: /tmp/artifacts/universal-apple-darwin
# used for the homebrew formula
- uses: actions/upload-artifact@v4
with:
name: shasum
path: |
/tmp/artifacts/x86_64-unknown-linux-gnu/mirrord_linux_x86_64.shasum256
/tmp/artifacts/aarch64-unknown-linux-gnu/mirrord_linux_aarch64.shasum256
/tmp/artifacts/universal-apple-darwin/mirrord_mac_universal.shasum256
if-no-files-found: error
- name: Prepare binaries for upload
run: |
mkdir /tmp/release
mv /tmp/artifacts/x86_64-unknown-linux-gnu/libmirrord_layer.so /tmp/release/libmirrord_layer_linux_x86_64.so
mv /tmp/artifacts/x86_64-unknown-linux-gnu/mirrord /tmp/release/mirrord_linux_x86_64
mv /tmp/artifacts/x86_64-unknown-linux-gnu/mirrord_linux_x86_64.zip /tmp/release/mirrord_linux_x86_64.zip
mv /tmp/artifacts/x86_64-unknown-linux-gnu/mirrord_linux_x86_64.shasum256 /tmp/release/mirrord_linux_x86_64.shasum256
mv /tmp/artifacts/aarch64-unknown-linux-gnu/libmirrord_layer.so /tmp/release/libmirrord_layer_linux_aarch64.so
mv /tmp/artifacts/aarch64-unknown-linux-gnu/mirrord /tmp/release/mirrord_linux_aarch64
mv /tmp/artifacts/aarch64-unknown-linux-gnu/mirrord_linux_aarch64.zip /tmp/release/mirrord_linux_aarch64.zip
mv /tmp/artifacts/aarch64-unknown-linux-gnu/mirrord_linux_aarch64.shasum256 /tmp/release/mirrord_linux_aarch64.shasum256
mv /tmp/artifacts/universal-apple-darwin/libmirrord_layer.dylib /tmp/release/libmirrord_layer_mac_universal.dylib
mv /tmp/artifacts/universal-apple-darwin/mirrord /tmp/release/mirrord_mac_universal
mv /tmp/artifacts/universal-apple-darwin/mirrord_mac_universal.zip /tmp/release/mirrord_mac_universal.zip
mv /tmp/artifacts/universal-apple-darwin/mirrord_mac_universal.shasum256 /tmp/release/mirrord_mac_universal.shasum256
# Consider to add changelog generation..
- name: Release
uses: softprops/action-gh-release@v1
with:
files: /tmp/release/**
release_homebrew:
needs: release_gh
runs-on: ubuntu-24.04
if: github.event_name != 'workflow_dispatch'
steps:
- uses: actions/download-artifact@v4
with:
name: shasum
path: /tmp/artifacts
- uses: actions/checkout@v4
- name: Get release version and hashes
shell: bash # for -o pipefail, see https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
run: |
echo "version=$(grep -m 1 version Cargo.toml | cut -d' ' -f3 | tr -d '\"' | cut -d'-' -f1)" >> $GITHUB_ENV
echo "sha256_mac=$(cat /tmp/artifacts/universal-apple-darwin/mirrord_mac_universal.shasum256 | awk '{ print $1 }')" >> $GITHUB_ENV
echo "sha256_linux_aarch64=$(cat /tmp/artifacts/aarch64-unknown-linux-gnu/mirrord_linux_aarch64.shasum256 | awk '{ print $1 }')" >> $GITHUB_ENV
echo "sha256_linux_x86_64=$(cat /tmp/artifacts/x86_64-unknown-linux-gnu/mirrord_linux_x86_64.shasum256 | awk '{ print $1 }')" >> $GITHUB_ENV
- name: Checkout into homebrew-mirrord
uses: actions/checkout@v4
with:
repository: metalbear-co/homebrew-mirrord
path: ./
token: ${{ secrets.BREW_GITHUB_PAT }}
- name: Update hashes and urls
run: |
sed -i -e 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\)/${{ env.version }}/g' mirrord.rb
sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.sha256_mac }}/1' mirrord.rb
sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.sha256_linux_aarch64 }}/2' mirrord.rb
sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.sha256_linux_x86_64 }}/3' mirrord.rb
- name: Display formula (For debugging purposes only)
run: cat mirrord.rb
- name: Commit to metalbear-co/homebrew-mirrord
run: |
git config --global user.email "[email protected]"
git config --global user.name "Eyal Bukchin"
git add .
git commit -m "Update to ${{ env.version }}"
git push
update_latest:
needs: release_homebrew
runs-on: ubuntu-24.04
if: github.event_name != 'workflow_dispatch'
steps:
- name: Check out code
uses: actions/checkout@v4
with:
# Get complete history
fetch-depth: 0
- name: Update major version and latest tags
uses: metalbear-co/release-tracker-action@main
env:
# GitHub token to enable pushing tags
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
# Move "latest" tag
update-latest: true
# Don't update the vX.Y tags
update-minor: false