feat: seperate auth function, update workflow and docs #33

Workflow file for this run

.github/workflows/build_then_release.yml at 111d386

	name: Build then release

	on:
	push:
	tags:
	- "v*"
	branches:
	- "main"

	env:
	CARGO_TERM_COLOR: always

	jobs:
	gen_version:
	name: Generate version
	runs-on: ubuntu-latest
	outputs:
	version: ${{ steps.generated-tag.outputs.tag }}
	steps:
	- uses: actions/checkout@v4
	- name: Get latest tag
	id: get-latest-tag
	run: \|
	echo "tag=`gh release list -L 1 \| cut -f 1`" >> $GITHUB_OUTPUT
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: Bump version
	id: generated-tag
	uses: actions/github-script@v6
	with:
	script: \|
	if (context.ref.startsWith("refs/tags/")) {
	let tag = context.ref.replace("refs/tags/", "");
	core.setOutput('tag', tag);
	console.log(`This event pushed a tag ${tag}, return directly.`)
	return
	}
	console.log('Use default tag "prerelease".')
	core.setOutput('tag', 'prerelease');

	build:
	needs: gen_version
	name: Build
	runs-on: ${{ matrix.runner }}
	strategy:
	matrix:
	include:
	- target: aarch64-apple-darwin
	runner: macos-latest
	build_env: {}
	- target: x86_64-unknown-linux-musl
	runner: ubuntu-latest
	build_env: {}
	- target: aarch64-unknown-linux-musl
	runner: ubuntu-latest
	build_env:
	CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUSTFLAGS: "-Clink-self-contained=yes -Clinker=rust-lld"
	CC_aarch64_unknown_linux_musl: clang
	AR_aarch64_unknown_linux_musl: llvm-ar

	steps:
	- uses: actions/checkout@v4
	- name: Setup protoc
	uses: arduino/setup-protoc@v3.0.0
	with:
	repo-token: ${{ secrets.GITHUB_TOKEN }}
	- name: Install musl-tools
	if: matrix.runner == 'ubuntu-latest'
	run: sudo apt update && sudo apt install -y musl-tools
	- name: Install cross build deps for aarch64-unknown-linux-musl
	if: matrix.target == 'aarch64-unknown-linux-musl'
	run: sudo apt update && sudo apt install -y clang llvm gcc-aarch64-linux-gnu
	- name: Add target
	run: rustup target add ${{ matrix.target }}
	- name: Setup rust toolchain
	run: rustup show
	- uses: Swatinem/rust-cache@v2
	with:
	shared-key: build-then-release-${{ matrix.target }}-v1
	- name: Build
	env: ${{ matrix.build_env }}
	run: \|
	cargo build --release --target ${{ matrix.target }}
	- name: Compress
	run: \|
	zip -j dstack-mining-backend-${{ needs.gen_version.outputs.version }}-${{ matrix.target }}.zip ./target/${{ matrix.target }}/release/dstack-backend
	- uses: actions/upload-artifact@v4
	name: Upload artifacts
	with:
	name: dstack-mining-backend-${{ needs.gen_version.outputs.version }}-${{ matrix.target }}
	path: "*.zip"
	retention-days: 1

	image:
	needs: [gen_version, build]
	runs-on: ubuntu-latest

	permissions:
	attestations: write
	id-token: write
	contents: write
	packages: write

	steps:
	- uses: actions/checkout@v4
	- uses: docker/setup-buildx-action@v3
	- uses: actions/download-artifact@v4
	- name: Log in to Docker Hub
	uses: docker/login-action@v3.3.0
	with:
	username: ${{ vars.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	- name: Extract metadata for dstack-backend image
	id: dstack_backend_meta
	uses: docker/metadata-action@v5.6.1
	with:
	images: \|
	${{ vars.DOCKERHUB_ORG }}/dstack-backend
	- name: Extract all released executable files
	run: \|
	for dir in dstack-mining-backend-${{ needs.gen_version.outputs.version }}-*/; do
	for zip_file in "$dir"*.zip; do
	[ -f "$zip_file" ] && unzip "$zip_file" -d "$dir" && rm "$zip_file"
	done
	done
	- name: Display fetched artifacts
	run: ls -R
	- name: Move directory for platforms
	run: \|
	mkdir linux &&
	mv dstack-mining-backend-${{ needs.gen_version.outputs.version }}-x86_64-unknown-linux-musl linux/amd64 &&
	mv dstack-mining-backend-${{ needs.gen_version.outputs.version }}-aarch64-unknown-linux-musl linux/arm64
	- name: Display moved files
	run: ls -R
	- name: Build and push dstack-backend image
	id: build-and-push
	uses: docker/build-push-action@v6.10.0
	with:
	context: .
	platforms: linux/amd64,linux/arm64
	tags: ${{ steps.dstack_backend_meta.outputs.tags }}
	push: true

	- name: Generate artifact attestation
	uses: actions/attest-build-provenance@v1
	with:
	subject-name: "docker.io/${{ vars.DOCKERHUB_ORG }}/dstack-backend"
	subject-digest: ${{ steps.build-and-push.outputs.digest }}
	push-to-registry: true
	env:
	DOCKER_USERNAME: ${{ vars.DOCKERHUB_USERNAME }}
	DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Release
	uses: softprops/action-gh-release@v1
	with:
	body: \|
	## Docker Image Digest (SHA256)

	\| Image \| Digest \| Verification \|
	\|---\|---\|---\|
	\| `docker.io/${{ vars.DOCKERHUB_ORG }}/dstack-backend:${{ github.ref_name }}` \| `${{ steps.build-and-push.outputs.digest }}` \| [Verify on Sigstore](https://search.sigstore.dev/?hash=${{ steps.build-and-push.outputs.digest }}) \|

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: seperate auth function, update workflow and docs #33

Workflow file

feat: seperate auth function, update workflow and docs #33

Uh oh!

Workflow file for this run