Release workflow and dependabot #29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| SUFFIX: ${{ (github.head_ref || github.ref_name) == 'main' && '' || format('-{0}', github.head_ref || github.ref_name) }} | |
| jobs: | |
| checks: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| - run: cargo check | |
| - run: cargo fmt -- --check | |
| - run: cargo clippy -- -D warnings | |
| build: | |
| strategy: | |
| matrix: | |
| arch: [x86_64, aarch64] | |
| runs-on: ${{ matrix.arch == 'x86_64' && 'ubuntu-24.04' || 'ubuntu-24.04-arm' }} | |
| container: amazonlinux:2023 | |
| permissions: | |
| contents: read | |
| steps: | |
| - run: dnf update -y && dnf install -y git tar gcc pkg-config openssl-devel | |
| - uses: actions/checkout@v6 | |
| - uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| - run: cargo build --release | |
| - run: mkdir -p target/opt/extensions | |
| - run: cp target/release/diet-lambda target/opt/extensions/diet-lambda | |
| - uses: actions/upload-artifact@v7 | |
| with: | |
| name: diet-lambda-${{ matrix.arch }} | |
| path: target/opt | |
| staging: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| strategy: | |
| matrix: | |
| arch: [x86_64, aarch64] | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: aws-actions/configure-aws-credentials@v6 | |
| with: | |
| role-to-assume: ${{ secrets.LAMBDA_STAGE_PUBLISHER_ARN }} | |
| aws-region: us-east-1 | |
| - uses: actions/download-artifact@v8 | |
| id: download | |
| with: | |
| name: diet-lambda-${{ matrix.arch }} | |
| skip-decompress: true | |
| - name: Publish layer | |
| run: | | |
| LAYER_ARN=$( | |
| aws lambda publish-layer-version \ | |
| --layer-name diet-lambda-${{ matrix.arch }}$SUFFIX \ | |
| --license-info "Apache 2.0" \ | |
| --compatible-architectures ${{ matrix.arch == 'x86_64' && 'x86_64' || 'arm64' }} \ | |
| --zip-file fileb://${{ steps.download.outputs.download-path }}/diet-lambda-${{ matrix.arch }}.zip \ | |
| --query 'LayerVersionArn' \ | |
| --output text | |
| ) | |
| echo "::notice::$LAYER_ARN" | |
| docker: | |
| needs: build | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| strategy: | |
| matrix: | |
| arch: [x86_64, aarch64] | |
| runs-on: ${{ matrix.arch == 'x86_64' && 'ubuntu-24.04' || 'ubuntu-24.04-arm' }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: docker/setup-buildx-action@v4 | |
| - uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/download-artifact@v8 | |
| with: | |
| name: diet-lambda-${{ matrix.arch }} | |
| - uses: docker/build-push-action@v7 | |
| with: | |
| context: . | |
| push: true | |
| tags: ghcr.io/${{ github.repository }}:${{ matrix.arch }}${{ env.SUFFIX }} | |
| multiarch: | |
| needs: docker | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| steps: | |
| - uses: docker/setup-buildx-action@v4 | |
| - uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - run: | | |
| docker buildx imagetools create \ | |
| --tag ghcr.io/${{ github.repository }}:latest$SUFFIX \ | |
| ghcr.io/${{ github.repository }}:x86_64$SUFFIX \ | |
| ghcr.io/${{ github.repository }}:aarch64$SUFFIX |