build(deps): bump cachix/install-nix-action from V27 to 28 (#24) #67
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ship | |
on: | |
push: | |
jobs: | |
nix-build: | |
name: nix build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
target: | |
- x86_64-linux | |
- aarch64-linux | |
steps: | |
- name: Checkout ποΈ | |
uses: actions/checkout@v4 | |
- name: Install Nix β | |
uses: cachix/install-nix-action@V28 | |
with: | |
github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up the Nix Cache π | |
uses: cachix/cachix-action@v15 | |
with: | |
name: hasura-v3-dev | |
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
useDaemon: false # attempt to stop hanging on cleanup | |
- name: Build a binary with Nix | |
run: nix build --print-build-logs '.#${{ matrix.target }}' | |
- name: Build a Docker image with Nix | |
run: nix build --print-build-logs '.#docker-${{ matrix.target }}' | |
# scream into Slack if something goes wrong | |
- name: Report Status | |
if: always() && github.ref == 'refs/heads/main' | |
uses: ravsamhq/notify-slack-action@v2 | |
with: | |
status: ${{ job.status }} | |
notify_when: failure | |
notification_title: "π§ Error on <{repo_url}|{repo}>" | |
message_format: "π΄ *{workflow}* {status_message} for <{repo_url}|{repo}>" | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.BROKEN_BUILD_SLACK_WEBHOOK_URL }} | |
push-docker-images: | |
name: push Docker images | |
needs: | |
- nix-build | |
runs-on: ubuntu-latest | |
# Only run on the `main` branch or version tags. | |
# Note we currently tag the image with 'latest', so will want to stop doing | |
# so if we run this on PR branches, etc. | |
if: (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) | |
permissions: | |
contents: read | |
id-token: write | |
packages: write | |
steps: | |
- name: Checkout ποΈ | |
uses: actions/checkout@v4 | |
- name: Install Nix β | |
uses: cachix/install-nix-action@V28 | |
with: | |
github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up the Nix Cache π | |
uses: cachix/cachix-action@v15 | |
with: | |
name: hasura-v3-dev | |
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
useDaemon: false # attempt to stop hanging on cleanup | |
- id: gcloud-auth | |
name: Authenticate to Google Cloud π | |
uses: google-github-actions/auth@v2 | |
with: | |
token_format: access_token | |
service_account: "[email protected]" | |
workload_identity_provider: "projects/1025009031284/locations/global/workloadIdentityPools/hasura-ddn/providers/github" | |
- name: Login to Google Container Registry π¦ | |
uses: "docker/login-action@v3" | |
with: | |
registry: "us-docker.pkg.dev" | |
username: "oauth2accesstoken" | |
password: "${{ steps.gcloud-auth.outputs.access_token }}" | |
- name: Login to GitHub Container Registry π¦ | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Push Docker images to Google Container Registry π’ | |
run: nix run .#publish-docker-image '${{ github.ref }}' 'us-docker.pkg.dev/hasura-ddn/ddn/ndc-bigquery' | |
- name: Push Docker images to GitHub Packages π’ | |
run: nix run .#publish-docker-image '${{ github.ref }}' 'ghcr.io/hasura/ndc-bigquery' | |
# scream into Slack if something goes wrong | |
- name: Report Status | |
if: always() | |
uses: ravsamhq/notify-slack-action@v2 | |
with: | |
status: ${{ job.status }} | |
notify_when: failure | |
notification_title: "π§ Error on <{repo_url}|{repo}>" | |
message_format: "π΄ *{workflow}* {status_message} for <{repo_url}|{repo}>" | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.BROKEN_BUILD_SLACK_WEBHOOK_URL }} | |
build-cli-binaries: | |
name: build the CLI binaries | |
strategy: | |
matrix: | |
include: | |
- runner: ubuntu-20.04 | |
target: x86_64-unknown-linux-gnu | |
- runner: ubuntu-20.04 | |
target: aarch64-unknown-linux-gnu | |
linux-packages: gcc-aarch64-linux-gnu | |
linker: /usr/bin/aarch64-linux-gnu-gcc | |
- runner: macos-latest | |
target: x86_64-apple-darwin | |
- runner: macos-latest | |
target: aarch64-apple-darwin | |
- runner: windows-latest | |
target: x86_64-pc-windows-msvc | |
extension: .exe | |
extra-rust-flags: "-C target-feature=+crt-static" | |
runs-on: ${{ matrix.runner }} | |
env: | |
CARGO_BUILD_TARGET: ${{ matrix.target }} | |
CARGO_NET_GIT_FETCH_WITH_CLI: "true" | |
RUSTFLAGS: "-D warnings" # fail on warnings | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- uses: actions/checkout@v4 | |
- name: install protoc | |
uses: arduino/setup-protoc@v3 | |
with: | |
version: "25.x" | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: install tools | |
run: | | |
rustup show | |
rustup target add ${{ matrix.target }} | |
- name: install other packages required | |
if: matrix.linux-packages | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y ${{ matrix.linux-packages }} | |
- uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "build-${matrix.runner}" # share the cache across jobs | |
- name: build the CLI | |
run: | | |
# If we're on a tag, use the tag name as the release version. | |
if [[ "$GITHUB_REF_TYPE" == 'tag' ]]; then | |
# Ensure that the version specified in Cargo.toml is the same as the tag (with a 'v' prefix). | |
CARGO_VERSION="$(cargo metadata --format-version=1 | jq -r '.packages | .[] | select(.name == "ndc-bigquery") | .version')" | |
echo "Git tag: ${GITHUB_REF_NAME}" | |
echo "Cargo version: ${CARGO_VERSION}" | |
if [[ "$GITHUB_REF_NAME" != "v${CARGO_VERSION}" ]]; then | |
echo >&2 "The Git tag is \"${GITHUB_REF_NAME}\", but the version in Cargo.toml is \"${CARGO_VERSION}\"." | |
echo >&2 'These must be the same, with a "v" prefix for the tag. Aborting.' | |
exit 1 | |
fi | |
export RELEASE_VERSION="$GITHUB_REF_NAME" | |
echo "RELEASE_VERSION = ${RELEASE_VERSION}" | |
fi | |
if [[ -n '${{ matrix.linker }}' ]]; then | |
TARGET_SCREAMING="$(echo '${{ matrix.target }}' | tr '[:lower:]' '[:upper:]' | tr '-' '_')" | |
echo "CARGO_TARGET_${TARGET_SCREAMING}_LINKER"='${{ matrix.linker }}' | |
declare "CARGO_TARGET_${TARGET_SCREAMING}_LINKER"='${{ matrix.linker }}' | |
export "CARGO_TARGET_${TARGET_SCREAMING}_LINKER" | |
fi | |
if [[ -n '${{ matrix.extra-rust-flags }}' ]]; then | |
RUSTFLAGS="${RUSTFLAGS} ${{ matrix.extra-rust-flags }}" | |
export RUSTFLAGS | |
fi | |
echo "RUSTFLAGS = ${RUSTFLAGS}" | |
echo "Building for target: ${CARGO_BUILD_TARGET}" | |
cargo build --release --package=ndc-bigquery-cli | |
mkdir -p release | |
mv -v target/${{ matrix.target }}/release/ndc-bigquery-cli release/ndc-bigquery-cli-${{ matrix.target }}${{ matrix.extension }} | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ndc-bigquery-cli-${{ matrix.target }} | |
path: release | |
if-no-files-found: error | |
release: | |
name: release to GitHub | |
needs: | |
- push-docker-images # not strictly necessary, but if this fails, we should abort | |
- build-cli-binaries | |
runs-on: ubuntu-latest | |
# We release when a tag is pushed. | |
if: startsWith(github.ref, 'refs/tags/v') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
path: release/artifacts | |
merge-multiple: true | |
- name: generate SHA-256 checksums | |
run: | | |
cd release/artifacts | |
sha256sum * > ./sha256sum | |
- name: generate a changelog | |
run: | | |
./scripts/release-notes.py "${GITHUB_REF_NAME}" >> release/notes.md | |
- name: generate a connector package | |
run: | | |
chmod +x ./release/artifacts/ndc-bigquery-cli-* | |
mkdir release/package | |
./release/artifacts/ndc-bigquery-cli-x86_64-unknown-linux-gnu --context=release/package initialize --with-metadata | |
tar vczf release/artifacts/package.tar.gz -C release/package . | |
- name: create a draft release | |
uses: ncipollo/release-action@v1 | |
with: | |
draft: true | |
bodyFile: release/notes.md | |
artifacts: release/artifacts/* |