name: CI and Artifacts on: pull_request: push: # documentation workflow deals with this or is not relevant for this workflow paths-ignore: - '*.md' - 'conduwuit-example.toml' - 'book.toml' - '.gitlab-ci.yml' - '.gitignore' - 'renovate.json' - 'docs/**' - 'debian/**' - 'docker/**' - 'test_results/**' branches: - main - dev # Allows you to run this workflow manually from the Actions tab workflow_dispatch: concurrency: group: ${{ github.head_ref || github.ref_name }} cancel-in-progress: true env: # Required to make some things output color TERM: ansi # Publishing to my nix binary cache ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} # Just in case incremental is still being set to true, speeds up CI CARGO_INCREMENTAL: 0 # Custom nix binary cache if fork is being used ATTIC_ENDPOINT: ${{ vars.ATTIC_ENDPOINT }} ATTIC_PUBLIC_KEY: ${{ vars.ATTIC_PUBLIC_KEY }} permissions: packages: write contents: read jobs: tests: name: Test runs-on: ubuntu-latest steps: - name: Sync repository uses: actions/checkout@v4 - name: Install Nix uses: DeterminateSystems/nix-installer-action@main - name: Enable Cachix binary cache run: | nix-env -iA cachix -f https://cachix.org/api/v1/install cachix use crane cachix use nix-community - name: Configure Magic Nix Cache uses: DeterminateSystems/magic-nix-cache-action@main - name: Apply Nix binary cache configuration run: | sudo tee -a /etc/nix/nix.conf > /dev/null < /dev/null < "$HOME/.direnvrc" nix-env -f "" -iA direnv -iA nix-direnv direnv allow nix develop --command true - name: Run CI tests run: | direnv exec . engage > >(tee -a test_output.log) - name: Sync Complement repository uses: actions/checkout@v4 with: repository: 'matrix-org/complement' path: complement_src - name: Run Complement tests run: | bin/complement 'complement_src' 'complement_test_logs.jsonl' 'complement_test_results.jsonl' - name: Upload Complement logs uses: actions/upload-artifact@v4 with: name: complement_test_logs.jsonl path: complement_test_logs.jsonl if-no-files-found: error - name: Upload Complement results uses: actions/upload-artifact@v4 with: name: complement_test_results.jsonl path: complement_test_results.jsonl if-no-files-found: error - name: Diff Complement results with checked-in repo results run: | diff -u --color=always complement_test_results.jsonl tests/test_results/complement/test_results.jsonl > >(tee -a test_output.log) - name: Update Job Summary if: success() || failure() run: | if [ ${{ job.status }} == 'success' ]; then echo '# ✅ completed suwuccessfully' >> $GITHUB_STEP_SUMMARY else echo '```' >> $GITHUB_STEP_SUMMARY tail -n 20 test_output.log | sed 's/\x1b\[[0-9;]*m//g' >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY fi build: name: Build runs-on: ubuntu-latest needs: tests if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' strategy: matrix: include: - target: aarch64-unknown-linux-musl - target: aarch64-unknown-linux-musl-jemalloc - target: x86_64-unknown-linux-musl - target: x86_64-unknown-linux-musl-jemalloc steps: - name: Sync repository uses: actions/checkout@v4 - name: Install Nix uses: DeterminateSystems/nix-installer-action@main - name: Enable Cachix binary cache run: | nix-env -iA cachix -f https://cachix.org/api/v1/install cachix use crane cachix use nix-community - name: Configure Magic Nix Cache uses: DeterminateSystems/magic-nix-cache-action@main - name: Apply Nix binary cache configuration run: | sudo tee -a /etc/nix/nix.conf > /dev/null < /dev/null < "$HOME/.direnvrc" nix-env -f "" -iA direnv -iA nix-direnv direnv allow nix develop --command true - name: Build static ${{ matrix.target }} run: | bin/nix-build-and-cache .#static-${{ matrix.target }} mkdir -p target/release cp -v -f result/bin/conduit target/release/ direnv exec . cargo deb --no-build --no-strip --output target/debian/${{ matrix.target }}.deb mv target/release/conduit static-${{ matrix.target }} - name: Upload static-${{ matrix.target }} uses: actions/upload-artifact@v4 with: name: static-${{ matrix.target }} path: static-${{ matrix.target }} if-no-files-found: error - name: Upload deb ${{ matrix.target }} uses: actions/upload-artifact@v4 with: name: deb-${{ matrix.target }} path: target/debian/${{ matrix.target }}.deb if-no-files-found: error - name: Build OCI image ${{ matrix.target }} run: | bin/nix-build-and-cache .#oci-image-${{ matrix.target }} cp -v -f result oci-image-${{ matrix.target }}.tar.gz - name: Upload OCI image ${{ matrix.target }} uses: actions/upload-artifact@v4 with: name: oci-image-${{ matrix.target }} path: oci-image-${{ matrix.target }}.tar.gz if-no-files-found: error compression-level: 0 docker: name: Docker publish runs-on: ubuntu-latest needs: build if: (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') && github.event_name != 'pull_request' env: DOCKER_ARM64: docker.io/${{ github.repository }}:${{ github.ref_name }}-${{ github.sha }}-arm64v8 DOCKER_AMD64: docker.io/${{ github.repository }}:${{ github.ref_name }}-${{ github.sha }}-amd64 DOCKER_TAG: docker.io/${{ github.repository }}:${{ github.ref_name }}-${{ github.sha }} DOCKER_BRANCH: docker.io/${{ github.repository }}:${{ (github.ref == 'refs/heads/main' && 'latest') || github.ref_name }} GHCR_ARM64: ghcr.io/${{ github.repository }}:${{ github.ref_name }}-${{ github.sha }}-arm64v8 GHCR_AMD64: ghcr.io/${{ github.repository }}:${{ github.ref_name }}-${{ github.sha }}-amd64 GHCR_TAG: ghcr.io/${{ github.repository }}:${{ github.ref_name }}-${{ github.sha }} GHCR_BRANCH: ghcr.io/${{ github.repository }}:${{ (github.ref == 'refs/heads/main' && 'latest') || github.ref_name }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} steps: - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to Docker Hub if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} uses: docker/login-action@v3 with: registry: docker.io username: ${{ vars.DOCKER_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Download artifacts uses: actions/download-artifact@v4 - name: Move OCI images into position run: | mv oci-image-x86_64-*-jemalloc/*.tar.gz oci-image-amd64.tar.gz mv oci-image-aarch64-*-jemalloc/*.tar.gz oci-image-arm64v8.tar.gz - name: Load and push amd64 image if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} run: | docker load -i oci-image-amd64.tar.gz docker tag $(docker images -q conduit:main) ${{ env.DOCKER_AMD64 }} docker tag $(docker images -q conduit:main) ${{ env.GHCR_AMD64 }} docker push ${{ env.DOCKER_AMD64 }} docker push ${{ env.GHCR_AMD64 }} - name: Load and push arm64 image if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} run: | docker load -i oci-image-arm64v8.tar.gz docker tag $(docker images -q conduit:main) ${{ env.DOCKER_ARM64 }} docker tag $(docker images -q conduit:main) ${{ env.GHCR_ARM64 }} docker push ${{ env.DOCKER_ARM64 }} docker push ${{ env.GHCR_ARM64 }} - name: Create Docker combined manifests run: | docker manifest create ${{ env.DOCKER_TAG }} --amend ${{ env.DOCKER_ARM64 }} --amend ${{ env.DOCKER_AMD64 }} docker manifest create ${{ env.DOCKER_BRANCH }} --amend ${{ env.DOCKER_ARM64 }} --amend ${{ env.DOCKER_AMD64 }} docker manifest create ${{ env.GHCR_TAG }} --amend ${{ env.GHCR_ARM64 }} --amend ${{ env.GHCR_AMD64 }} docker manifest create ${{ env.GHCR_BRANCH }} --amend ${{ env.GHCR_ARM64 }} --amend ${{ env.GHCR_AMD64 }} - name: Push manifests to Docker registries if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} run: | docker manifest push ${{ env.DOCKER_TAG }} docker manifest push ${{ env.DOCKER_BRANCH }} docker manifest push ${{ env.GHCR_TAG }} docker manifest push ${{ env.GHCR_BRANCH }} - name: Add Image Links to Job Summary if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} run: | echo "- \`docker pull ${{ env.DOCKER_TAG }}\`" >> $GITHUB_STEP_SUMMARY echo "- \`docker pull ${{ env.GHCR_TAG }}\`" >> $GITHUB_STEP_SUMMARY