build(CI): improve ci jobs

dasch-swiss · Apr 1, 2024 · 6ebd0e8 · 6ebd0e8
1 parent 0f0d3e6
commit 6ebd0e8
Show file tree

Hide file tree

Showing 12 changed files with 2,033 additions and 307 deletions.
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -54,11 +54,7 @@ jobs:
         with:
           toolchain: ${{ matrix.toolchain }}
           components: clippy
-      - name: cargo clippy
-        uses: giraffate/clippy-action@v1
-        with:
-          reporter: 'github-pr-check'
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - run: cargo clippy -- -D warnings
   doc:
     # run docs generation on nightly rather than stable. This enables features like
     # https://doc.rust-lang.org/beta/unstable-book/language-features/doc-cfg.html which allows an

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -0,0 +1,45 @@
+name: CI
+
+on:
+  pull_request:
+
+jobs:
+
+  # Docker build for amd64
+  build_amd64:
+    name: amd64
+    runs-on: buildjet-4vcpu-ubuntu-2204
+    concurrency:
+      group: ${{ github.ref }}-docker-build-amd64
+      cancel-in-progress: true
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # gets additionally all tags which we need
+      - uses: extractions/setup-just@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+      - run: just docker-build-amd64
+
+  # Docker build for arm64
+  build_arm64:
+    runs-on: buildjet-4vcpu-ubuntu-2204-arm
+    concurrency:
+      group: ${{ github.ref }}-docker-build-arm64
+      cancel-in-progress: true
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # gets additionally all tags which we need
+      - uses: extractions/setup-just@v1
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+      - run: just docker-build-arm64
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -0,0 +1,107 @@
+name: publish
+
+on:
+  push:
+    branches:
+      - main
+  # This triggers for any tag or branch creation. We'll filter for tags in the job.
+  create:
+
+jobs:
+
+  # Build for release and publish amd64
+  publish_amd64:
+    if: github.ref == 'refs/heads/main' || (github.event_name == 'create' && startsWith(github.ref, 'refs/tags/'))
+    name: amd64
+    runs-on: buildjet-4vcpu-ubuntu-2204
+    concurrency:
+      group: ${{ github.ref }}-publish-amd64
+      cancel-in-progress: true
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # gets additionally all tags which we need
+      - uses: extractions/setup-just@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+      - run: just docker-build-amd64
+      - name: Push image to Docker hub
+        run: just docker-push-amd64
+
+  # Run tests and publish arm64
+  publish_arm64:
+    if: github.ref == 'refs/heads/main' || (github.event_name == 'create' && startsWith(github.ref, 'refs/tags/'))
+    name: arm64
+    runs-on: buildjet-4vcpu-ubuntu-2204-arm
+    concurrency:
+      group: ${{ github.ref }}-publish-arm64
+      cancel-in-progress: true
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # gets additionally all tags which we need
+      - uses: extractions/setup-just@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+      - run: just docker-build-arm64
+      - name: Push image to Docker hub
+        run: just docker-push-arm64
+
+  # publish manifest combining aarch64 and amd64 images
+  publish_manifest:
+    name: manifest
+    runs-on: ubuntu-latest
+    needs: [ publish_amd64, publish_arm64 ]
+    if: (github.ref_name == 'main' || startsWith(github.ref, 'refs/tags/dsp-meta-cmd'))
+    outputs:
+      tag: ${{ steps.output_docker_image_tag.outputs.tag }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: extractions/setup-just@v1
+      - uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+      - name: Output docker image tag
+        id: output_docker_image_tag
+        run: echo "tag=$(just docker-image-tag | tr -d '\n')" >> "$GITHUB_OUTPUT"
+        shell: bash # Explicit for fail-fast behaviour
+      - run: just docker-publish-manifest
+
+  trigger-dev-deployment:
+    name: Trigger deployment to DEV
+    runs-on: ubuntu-latest
+    needs: publish_manifest
+    if: github.ref_name == 'main'
+    steps:
+      - name: Trigger deployment to DEV
+        env:
+          IMAGE_TAG: ${{ needs.publish_manifest.outputs.tag }}
+          JENKINS_BASIC_AUTH_USER: ${{ secrets.JENKINS_BASIC_AUTH_USER }}
+          JENKINS_BASIC_AUTH_PASS: ${{ secrets.JENKINS_BASIC_AUTH_PASS }}
+          JENKINS_UPDATE_RELEASE_WEBHOOK: ${{ secrets.JENKINS_UPDATE_RELEASE_WEBHOOK }}
+        run: |
+          curl -f -u "${JENKINS_BASIC_AUTH_USER}:${JENKINS_BASIC_AUTH_PASS}" \
+               -X POST "${JENKINS_UPDATE_RELEASE_WEBHOOK}" \
+               -d "Service=meta&Version=${IMAGE_TAG}"
+
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: google-github-actions/release-please-action@v4
+        with:
+          token: ${{ secrets.DASCHBOT_PAT }}
+          config-file: .github/release-please/config.json
+          manifest-file: .github/release-please/manifest.json
diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml
@@ -24,11 +24,9 @@ jobs:
           submodules: true
       - name: Install nightly
         uses: dtolnay/rust-toolchain@nightly
-      - name: cargo generate-lockfile
-        if: hashFiles('Cargo.lock') == ''
-        run: cargo generate-lockfile
+      - uses: taiki-e/install-action@nextest
       - name: cargo test --locked
-        run: cargo test --locked --all-features --all-targets
+        run: cargo nextest run --locked --all-features --all-targets
   # https://twitter.com/alcuadrado/status/1571291687837732873
   update:
     # This action checks that updating the dependencies of this crate to the latest available that
@@ -38,21 +36,16 @@ jobs:
     # to).
     runs-on: ubuntu-latest
     name: ubuntu / beta / updated
-    # There's no point running this if no Cargo.lock was checked in in the first place, since we'd
-    # just redo what happened in the regular test job. Unfortunately, hashFiles only works in if on
-    # steps, so we repeat it.
     steps:
       - uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install beta
-        if: hashFiles('Cargo.lock') != ''
         uses: dtolnay/rust-toolchain@beta
+      - uses: taiki-e/install-action@nextest
       - name: cargo update
-        if: hashFiles('Cargo.lock') != ''
         run: cargo update
       - name: cargo test
-        if: hashFiles('Cargo.lock') != ''
-        run: cargo test --locked --all-features --all-targets
+        run: cargo nextest run --locked --all-features --all-targets
         env:
           RUSTFLAGS: -D deprecated