diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5e5a699..41c2689 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,12 +12,11 @@ jobs: name: Build runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: DeterminateSystems/determinate-nix-action@7c4cc317e802185875512bfcb68259257279d767 # v3.19.1 with: - determinate: true github-token: ${{ secrets.GITHUB_TOKEN }} - - uses: DeterminateSystems/flakehub-cache-action@main + - uses: DeterminateSystems/flakehub-cache-action@7085070a1431418586d7e5f65ffa0379d6dc5e9a # v3.19.1 - name: Build connet run: nix develop --command make build @@ -26,12 +25,11 @@ jobs: runs-on: ubuntu-latest needs: [build] steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: DeterminateSystems/determinate-nix-action@7c4cc317e802185875512bfcb68259257279d767 # v3.19.1 with: - determinate: true github-token: ${{ secrets.GITHUB_TOKEN }} - - uses: DeterminateSystems/flakehub-cache-action@main + - uses: DeterminateSystems/flakehub-cache-action@7085070a1431418586d7e5f65ffa0379d6dc5e9a # v3.19.1 - name: Run tests run: nix develop --command make test - name: Run lint @@ -48,13 +46,12 @@ jobs: runs-on: ubuntu-latest needs: [build] steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: DeterminateSystems/determinate-nix-action@7c4cc317e802185875512bfcb68259257279d767 # v3.19.1 with: - determinate: true github-token: ${{ secrets.GITHUB_TOKEN }} - - uses: DeterminateSystems/flakehub-cache-action@main - - uses: DeterminateSystems/flake-checker-action@main + - uses: DeterminateSystems/flakehub-cache-action@7085070a1431418586d7e5f65ffa0379d6dc5e9a # v3.19.1 + - uses: DeterminateSystems/flake-checker-action@3164002371bc90729c68af0e24d5aacf20d7c9f6 # v12 - name: Build default run: nix build . - name: Build docker diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml deleted file mode 100644 index 734f14b..0000000 --- a/.github/workflows/release-tag.yml +++ /dev/null @@ -1,61 +0,0 @@ -on: - workflow_run: - workflows: [ci] - types: [completed] - branches: [main] - push: - branches: [main] - -concurrency: - group: ${{ github.workflow }}-tag - cancel-in-progress: false - -jobs: - changes: - name: Detect version change - runs-on: ubuntu-latest - permissions: - contents: read - outputs: - version: ${{ steps.filter.outputs.version }} - steps: - - uses: actions/checkout@v4 - - uses: dorny/paths-filter@v3 - id: filter - with: - filters: | - version: - - 'VERSION' - - tag-release: - name: Tag release on version change - runs-on: ubuntu-latest - needs: changes - if: ${{ needs.changes.outputs.version == 'true' }} - permissions: - contents: write - outputs: - version: ${{ steps.extract_version.outputs.version }} - steps: - - uses: actions/checkout@v4 - - name: Extract Version - id: extract_version - run: | - echo "version=$(cat VERSION)" >> $GITHUB_OUTPUT - - name: Create release - uses: softprops/action-gh-release@v2 - with: - tag_name: v${{ steps.extract_version.outputs.version }} - draft: true - generate_release_notes: true - - perform-release: - name: Perform release - needs: tag-release - uses: ./.github/workflows/release.yml - with: - version: ${{ needs.tag-release.outputs.version }} - permissions: - contents: write - packages: write - id-token: write diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2399fdc..2e906bb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,22 +3,8 @@ on: workflows: [ci] types: [completed] branches: [main] - workflow_dispatch: - inputs: - version: - description: "Version to release (format: vX.Y.Z)" - required: true - upload: - description: "Upload final artifacts to github" - default: false - workflow_call: - inputs: - version: - required: true - type: string push: - tags: - - "v[0-9]+.[0-9]+.[0-9]+" + branches: [main] concurrency: group: ${{ github.workflow }}-release @@ -30,126 +16,118 @@ permissions: id-token: write jobs: - setup: - name: Setup + version-change: + name: Detect version change runs-on: ubuntu-latest outputs: - version: ${{ steps.extract_version.outputs.version }} - publish: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.upload == 'true' || github.event_name == 'push' }} + version-changed: ${{ steps.filter.outputs.version }} + version: ${{ steps.extract-version.outputs.version }} steps: - - name: Exract the Version - id: extract_version + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 + name: Detect versions change + id: filter + with: + filters: | + version: + - 'VERSION' + - name: Extract Version + id: extract-version run: | - if [[ "${{ github.event_name }}" == "push" ]]; then - IN_VERSION=${{ inputs.version }} - # Remove the leading 'v' from the tag - GIT_VERSION=${GITHUB_REF#refs/tags/v} - VERSION=${IN_VERSION:-$GIT_VERSION} - echo "version=$VERSION" >> $GITHUB_OUTPUT - elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then - VERSION=${{ github.event.inputs.version }} - VERSION=${VERSION#v} - echo "version=$VERSION" >> $GITHUB_OUTPUT - else - echo "Error: Unsupported event type." - exit 1 - fi + echo "version=$(cat VERSION)" >> $GITHUB_OUTPUT - binary: - name: Binaries + release: + name: Release runs-on: ubuntu-latest - needs: [setup] + needs: [version-change] + if: ${{ needs.version-change.outputs.version-changed == 'true' }} env: - CONNET_VERSION: ${{ needs.setup.outputs.version }} + CONNET_VERSION: ${{ needs.version-change.outputs.version }} steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: DeterminateSystems/determinate-nix-action@7c4cc317e802185875512bfcb68259257279d767 # v3.19.1 with: - determinate: true github-token: ${{ secrets.GITHUB_TOKEN }} - - uses: DeterminateSystems/flakehub-cache-action@main + - uses: DeterminateSystems/flakehub-cache-action@7085070a1431418586d7e5f65ffa0379d6dc5e9a # v3.19.1 - name: Build release run: nix develop --command make release - - name: Upload release - uses: softprops/action-gh-release@v2 - if: ${{ needs.setup.outputs.publish }} + - name: Publish release + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: tag_name: v${{ env.CONNET_VERSION }} + generate_release_notes: true files: | dist/archive/connet-${{ env.CONNET_VERSION }}-*.tar.gz dist/archive/connet-${{ env.CONNET_VERSION }}-*.zip docker-x86: - name: Docker x86 + name: Release Docker x86 runs-on: ubuntu-latest - needs: [setup] + needs: [version-change] + if: ${{ needs.version-change.outputs.version-changed == 'true' }} env: - CONNET_VERSION: ${{ needs.setup.outputs.version }} + CONNET_VERSION: ${{ needs.version-change.outputs.version }} steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: DeterminateSystems/determinate-nix-action@7c4cc317e802185875512bfcb68259257279d767 # v3.19.1 with: - determinate: true github-token: ${{ secrets.GITHUB_TOKEN }} - - uses: DeterminateSystems/flakehub-cache-action@main + - uses: DeterminateSystems/flakehub-cache-action@7085070a1431418586d7e5f65ffa0379d6dc5e9a # v3.19.1 - name: Docker build run: nix build .#docker - name: Docker login - uses: docker/login-action@v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker push - if: ${{ needs.setup.outputs.publish }} run: nix develop --command skopeo copy "docker-archive:result" "docker://ghcr.io/connet-dev/connet:${CONNET_VERSION}-amd64" docker-arm: - name: Docker arm + name: Release Docker arm runs-on: ubuntu-latest - needs: [setup] + needs: [version-change] + if: ${{ needs.version-change.outputs.version-changed == 'true' }} env: - CONNET_VERSION: ${{ needs.setup.outputs.version }} + CONNET_VERSION: ${{ needs.version-change.outputs.version }} steps: - - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: DeterminateSystems/nix-installer-action@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 + - uses: DeterminateSystems/determinate-nix-action@7c4cc317e802185875512bfcb68259257279d767 # v3.19.1 with: - determinate: true github-token: ${{ secrets.GITHUB_TOKEN }} extra-conf: system = aarch64-linux - - uses: DeterminateSystems/flakehub-cache-action@main + - uses: DeterminateSystems/flakehub-cache-action@7085070a1431418586d7e5f65ffa0379d6dc5e9a # v3.19.1 - name: Docker build run: nix build .#docker - name: Docker login - uses: docker/login-action@v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker push - if: ${{ needs.setup.outputs.publish }} run: nix develop --command skopeo copy "docker-archive:result" "docker://ghcr.io/connet-dev/connet:${CONNET_VERSION}-arm64" docker-multiarch: name: Tag multi-arch runs-on: ubuntu-latest - needs: [setup, docker-x86, docker-arm] + needs: [version-change, docker-x86, docker-arm] + if: ${{ needs.version-change.outputs.version-changed == 'true' }} env: - CONNET_VERSION: ${{ needs.setup.outputs.version }} + CONNET_VERSION: ${{ needs.version-change.outputs.version }} steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: DeterminateSystems/determinate-nix-action@7c4cc317e802185875512bfcb68259257279d767 # v3.19.1 with: - determinate: true github-token: ${{ secrets.GITHUB_TOKEN }} - - uses: DeterminateSystems/flakehub-cache-action@main + - uses: DeterminateSystems/flakehub-cache-action@7085070a1431418586d7e5f65ffa0379d6dc5e9a # v3.19.1 - name: Docker login - uses: docker/login-action@v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker tag - if: ${{ needs.setup.outputs.publish }} run: nix develop --command manifest-tool push from-args --platforms linux/amd64,linux/arm64 --template ghcr.io/connet-dev/connet:${CONNET_VERSION}-ARCHVARIANT --target ghcr.io/connet-dev/connet:${CONNET_VERSION} diff --git a/.github/workflows/tip.yaml b/.github/workflows/tip.yaml index 940ae84..9cf9ff9 100644 --- a/.github/workflows/tip.yaml +++ b/.github/workflows/tip.yaml @@ -12,12 +12,11 @@ jobs: name: Binaries runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: DeterminateSystems/determinate-nix-action@7c4cc317e802185875512bfcb68259257279d767 # v3.19.1 with: - determinate: true github-token: ${{ secrets.GITHUB_TOKEN }} - - uses: DeterminateSystems/flakehub-cache-action@main + - uses: DeterminateSystems/flakehub-cache-action@7085070a1431418586d7e5f65ffa0379d6dc5e9a # v3.19.1 - name: Build release run: nix develop --command make release @@ -25,16 +24,14 @@ jobs: name: Build x86 image runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: DeterminateSystems/determinate-nix-action@7c4cc317e802185875512bfcb68259257279d767 # v3.19.1 with: - determinate: true github-token: ${{ secrets.GITHUB_TOKEN }} - - uses: DeterminateSystems/flakehub-cache-action@main + - uses: DeterminateSystems/flakehub-cache-action@7085070a1431418586d7e5f65ffa0379d6dc5e9a # v3.19.1 - name: Docker build run: nix build .#docker - - name: Docker login - uses: docker/login-action@v3 + - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -46,18 +43,16 @@ jobs: name: Build arm image runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: docker/setup-qemu-action@v3 - - uses: DeterminateSystems/nix-installer-action@main + - uses: DeterminateSystems/determinate-nix-action@7c4cc317e802185875512bfcb68259257279d767 # v3.19.1 with: - determinate: true github-token: ${{ secrets.GITHUB_TOKEN }} extra-conf: system = aarch64-linux - - uses: DeterminateSystems/flakehub-cache-action@main + - uses: DeterminateSystems/flakehub-cache-action@7085070a1431418586d7e5f65ffa0379d6dc5e9a # v3.19.1 - name: Docker build run: nix build .#docker - - name: Docker login - uses: docker/login-action@v3 + - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -70,14 +65,12 @@ jobs: runs-on: ubuntu-latest needs: [docker-build-x86, docker-build-arm] steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: DeterminateSystems/determinate-nix-action@7c4cc317e802185875512bfcb68259257279d767 # v3.19.1 with: - determinate: true github-token: ${{ secrets.GITHUB_TOKEN }} - - uses: DeterminateSystems/flakehub-cache-action@main - - name: Docker login - uses: docker/login-action@v3 + - uses: DeterminateSystems/flakehub-cache-action@7085070a1431418586d7e5f65ffa0379d6dc5e9a # v3.19.1 + - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }}