stackman/.github/workflows/build.yml at master · SomeBlackMagic/stackman · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
---
name: Build Docker Image (multiarch)

on:
  schedule:
    - cron: "0 4 * * 0"
  workflow_dispatch:
  pull_request:
    branches:
      - master
  push:
    branches:
      - master
    tags:
      - 'v*'

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  test:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v5

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: '1.24'

      - name: Docker swarm init
        run: docker swarm init

      - name: Run tests
        run: go test -v -race -coverprofile=coverage.out -covermode=atomic $(go list ./... | grep -v '/tests')

      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v5
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: ./coverage.out
          fail_ci_if_error: false

  docker:
    runs-on: ubuntu-latest
    needs: test

    steps:
      - name: Checkout
        uses: actions/checkout@v5

      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=raw,value=latest,enable={{is_default_branch}}

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to GHCR
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push multiarch image
        id: docker_build
        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          build-args: |
            BUILDTIME=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
            VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
            REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}

      - name: Export binaries from built images
        if: github.ref_type == 'tag'
        run: |
          set -e
          mkdir -p artifacts
          REPO_LC="${GITHUB_REPOSITORY,,}"
          TAG="${GITHUB_REF_NAME#v}"

          echo "Inspecting manifest for ghcr.io/${REPO_LC}:${TAG}"

          for arch in amd64 arm64; do
            DIGEST=$(docker buildx imagetools inspect "ghcr.io/${REPO_LC}:${TAG}" \
              --format "{{range .Manifest.Manifests}}{{if eq .Platform.Architecture \"${arch}\"}}{{.Digest}}{{end}}{{end}}")

            if [ -z "$DIGEST" ]; then
              echo "No digest found for ${arch}"
              exit 1
            fi

            IMAGE="ghcr.io/${REPO_LC}@${DIGEST}"
            echo "Pulling $IMAGE"
            docker pull "$IMAGE"

            CID=$(docker create "$IMAGE" true)
            docker cp "$CID:/usr/local/bin/stackman" "artifacts/stackman-${arch}-linux"
            docker rm "$CID"

            sha256sum "artifacts/stackman-${arch}-linux" > "artifacts/stackman-${arch}.sha256"
          done

      - name: Upload build artifacts
        if: github.ref_type == 'tag'
        uses: actions/upload-artifact@v4
        with:
          name: stackman-binaries
          path: artifacts/

      - name: Check release exists by tag
        if: github.ref_type == 'tag'
        id: rel
        uses: actions/github-script@v8
        with:
          script: |
            const tag = process.env.GITHUB_REF_NAME;
            const { owner, repo } = context.repo;
            try {
              const { data } = await github.rest.repos.getReleaseByTag({ owner, repo, tag });
              core.setOutput('upload_url', data.upload_url);
            } catch {
              core.setOutput('upload_url', '');
            }

      - name: Upload binaries to release
        if: github.ref_type == 'tag' && steps.rel.outputs.upload_url != ''
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ steps.rel.outputs.upload_url }}
          asset_path: artifacts/stackman-amd64-linux
          asset_name: stackman-linux-amd64
          asset_content_type: application/octet-stream

      - name: Upload arm64 binary to release
        if: github.ref_type == 'tag' && steps.rel.outputs.upload_url != ''
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ steps.rel.outputs.upload_url }}
          asset_path: artifacts/stackman-arm64-linux
          asset_name: stackman-linux-arm64
          asset_content_type: application/octet-stream