-
Notifications
You must be signed in to change notification settings - Fork 0
282 lines (254 loc) · 11.4 KB
/
build-and-publish.yml
File metadata and controls
282 lines (254 loc) · 11.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
---
name: Build and Publish Container Image
on:
push:
branches: [main, develop]
tags: ['v*']
pull_request:
branches: [main, develop]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Cache cargo registry
uses: actions/cache@v4
continue-on-error: true
id: cache-cargo
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('**/Cargo.toml') }}
restore-keys: |
${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-
${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.toml') }}-
${{ runner.os }}-cargo-
- name: Pre-fetch dependencies
run: |
# Download dependencies without interfering with existing source
cargo fetch --locked
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr,prefix=pr-
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha,prefix={{branch}}-,enable={{is_default_branch}}
type=sha,prefix=pr-{{number}}-,enable=${{ github.event_name == 'pull_request' }}
- name: Extract version from Cargo.toml
id: extract_version
uses: ./.github/actions/extract-version
- name: Build container image (status check)
run: |
docker buildx build \
--platform ${{ startsWith(github.ref, 'refs/tags/v') && 'linux/amd64,linux/arm64' || 'linux/amd64' }} \
--cache-from type=gha \
--cache-to type=gha,mode=max \
--build-arg VERSION=${{ steps.extract_version.outputs.cargo_version }} \
--tag temp-build-check \
.
publish:
runs-on: ubuntu-latest
needs: build
if: startsWith(github.ref, 'refs/tags/v')
permissions:
contents: write
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract version from Cargo.toml
id: extract_version
uses: ./.github/actions/extract-version
# Check for version mismatch and emit warning instead of failing
# NOTE: The automatic version sync step that used to follow this check is now DISABLED
# due to main branch protection requiring all changes to go through Pull Requests.
# Version mismatches will be detected and warned about, but not automatically fixed.
- name: Check version consistency (warning only)
id: version_check
run: |
TAG_VERSION=${GITHUB_REF#refs/tags/v}
CARGO_VERSION=${{ steps.extract_version.outputs.cargo_version }}
echo "Git tag version: $TAG_VERSION"
echo "Cargo.toml version: $CARGO_VERSION"
if [ "$TAG_VERSION" != "$CARGO_VERSION" ]; then
echo "⚠️ Version mismatch detected!"
echo "Git tag version ($TAG_VERSION) does not match Cargo.toml version ($CARGO_VERSION)"
echo "❌ AUTOMATIC SYNC DISABLED: Please manually update Cargo.toml via Pull Request"
echo "version_mismatch=true" >> $GITHUB_OUTPUT
echo "tag_version=$TAG_VERSION" >> $GITHUB_OUTPUT
else
echo "✅ Version consistency validated: $CARGO_VERSION"
echo "version_mismatch=false" >> $GITHUB_OUTPUT
echo "tag_version=$TAG_VERSION" >> $GITHUB_OUTPUT
fi
# DISABLED: Automatically sync Cargo.toml version to match Git tag when there's a mismatch
# This step is currently disabled because direct commits to the main branch are prohibited
# due to branch protection rules that require all changes to go through Pull Requests.
#
# The automated push to main (git push origin main) fails because:
# - Main branch protection requires PR reviews
# - Direct commits are not allowed, even from GitHub Actions
#
# FUTURE ENHANCEMENT:
# Consider creating a separate release workflow that:
# 1. Detects version mismatches during tag creation
# 2. Opens a Pull Request to update Cargo.toml version
# 3. Automatically merges the PR after CI validation
# 4. Re-triggers the build after version sync
#
# The code below is preserved for easy re-enablement once a proper
# PR-based version sync mechanism is implemented.
#
# - name: Sync Cargo.toml version with Git tag
# if: steps.version_check.outputs.version_mismatch == 'true'
# run: |
# TAG_VERSION=${{ steps.version_check.outputs.tag_version }}
# echo "🔄 Syncing Cargo.toml version to match Git tag: $TAG_VERSION"
#
# # Configure git for the automated commit
# git config --local user.email "action@github.com"
# git config --local user.name "GitHub Action"
#
# # Update the version field in Cargo.toml in the current working directory
# sed -i "s/^version = \".*\"/version = \"$TAG_VERSION\"/" Cargo.toml
#
# # Verify the change
# NEW_VERSION=$(grep '^version\s*=\s*"' Cargo.toml | sed 's/.*"\([^"]*\)".*/\1/')
# echo "Updated Cargo.toml version to: $NEW_VERSION"
#
# # Fetch the main branch and create a temporary branch for the commit
# git fetch origin main:main
# git checkout main
#
# # Apply the same change to main branch
# sed -i "s/^version = \".*\"/version = \"$TAG_VERSION\"/" Cargo.toml
#
# # Commit and push the version sync to main
# git add Cargo.toml
# git commit -m "chore: sync Cargo.toml version to $TAG_VERSION for release"
# git push origin main
#
# # Return to the tag for the build process
# git checkout ${GITHUB_REF#refs/tags/}
#
# # Ensure our working directory has the updated version for the build
# sed -i "s/^version = \".*\"/version = \"$TAG_VERSION\"/" Cargo.toml
#
# echo "✅ Successfully synced and committed Cargo.toml version update"
# DISABLED: Re-extract version after sync (part of disabled version sync functionality)
# This step was used to re-extract the version after the automated sync step above.
# Since the sync step is disabled, this step is also commented out.
#
# - name: Re-extract version from Cargo.toml
# if: steps.version_check.outputs.version_mismatch == 'true'
# id: extract_version_updated
# uses: ./.github/actions/extract-version
# Set the final version to use for Docker build
# Since the version sync step is disabled, we always use the original extracted version
# When version sync is re-enabled, this logic should be updated to handle synced versions
- name: Set final version for build
id: final_version
run: |
# ORIGINAL LOGIC (when sync was enabled):
# if [ "${{ steps.version_check.outputs.version_mismatch }}" = "true" ]; then
# FINAL_VERSION="${{ steps.extract_version_updated.outputs.cargo_version }}"
# echo "Using synced version: $FINAL_VERSION"
# else
# FINAL_VERSION="${{ steps.extract_version.outputs.cargo_version }}"
# echo "Using original version: $FINAL_VERSION"
# fi
# CURRENT LOGIC (sync disabled - always use original version):
FINAL_VERSION="${{ steps.extract_version.outputs.cargo_version }}"
echo "Using original Cargo.toml version: $FINAL_VERSION"
# Warn if there's a version mismatch since sync is disabled
if [ "${{ steps.version_check.outputs.version_mismatch }}" = "true" ]; then
echo "⚠️ WARNING: Version mismatch detected but sync is disabled!"
echo "Git tag version: ${{ steps.version_check.outputs.tag_version }}"
echo "Cargo.toml version: $FINAL_VERSION"
echo "Consider manually updating Cargo.toml or re-enabling the sync mechanism via PR."
fi
echo "version=$FINAL_VERSION" >> $GITHUB_OUTPUT
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value=latest
- name: Build and push container image
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: |
type=gha
cache-to: |
type=gha,mode=max
build-args: |
BUILDKIT_INLINE_CACHE=1
VERSION=${{ steps.final_version.outputs.version }}
- name: Generate build summary
run: |
echo "## Container Image Published" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "🎉 Successfully built and published container image!" \
>> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Image Details" >> $GITHUB_STEP_SUMMARY
echo "- **Registry**: \`${{ env.REGISTRY }}\`" \
>> $GITHUB_STEP_SUMMARY
echo "- **Repository**: \`${{ env.IMAGE_NAME }}\`" \
>> $GITHUB_STEP_SUMMARY
echo "- **Version**: \`${{ steps.final_version.outputs.version }}\`" \
>> $GITHUB_STEP_SUMMARY
echo "- **Tags**: \`${{ steps.meta.outputs.tags }}\`" \
>> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Usage" >> $GITHUB_STEP_SUMMARY
echo "Pull the image:" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
echo "docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" \
>> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Minikube Deployment" >> $GITHUB_STEP_SUMMARY
echo "Use with Minikube:" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
echo "export IMAGE_REGISTRY=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" \
>> $GITHUB_STEP_SUMMARY
echo "make minikube-deploy-registry" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY