fix: running as root without "--no-sandbox" is not supported #203
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish to npm / Docker | |
on: | |
push: | |
branches: | |
- "**" | |
release: | |
types: [prereleased, released] | |
jobs: | |
build-static: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Free Disk Space | |
run: | | |
sudo rm -rf /usr/share/dotnet | |
sudo rm -rf /opt/ghc | |
sudo rm -rf "/usr/local/share/boost" | |
sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
- uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build statically linked package | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: docker/Dockerfile | |
push: false | |
load: true | |
tags: osnap:build | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Get packages from container | |
run: | | |
docker create -ti --name build osnap:build sh | |
docker cp build:/usr/app/_build ./_build | |
docker rm -f build | |
- name: Copy binary | |
run: | | |
mkdir -p _release/bin | |
cp _build/default/bin/Main.exe _release/bin/osnap | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ubuntu-latest | |
path: _release/ | |
build-platform: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
# - windows-latest | |
- macOS-latest | |
ocaml-compiler: | |
- 5.2.x | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Use OCaml ${{ matrix.ocaml-compiler }} | |
uses: ocaml/setup-ocaml@v3 | |
with: | |
ocaml-compiler: ${{ matrix.ocaml-compiler }} | |
- name: Install dependencies | |
run: | | |
brew install openssl@3 | |
ls -l /opt/homebrew/opt/openssl@3/include/openssl | |
export LDFLAGS="-L/opt/homebrew/opt/openssl@3/lib" | |
export CPPFLAGS="-I/opt/homebrew/opt/openssl@3/include" | |
export PKG_CONFIG_PATH="/opt/homebrew/opt/openssl@3/lib/pkgconfig" | |
env | |
opam install . --locked --deps-only --with-test --yes | |
- name: Build OSnap | |
run: opam exec -- dune build -p osnap --profile=release | |
- name: Move binary | |
run: | | |
mkdir -p _release/bin | |
mv _build/default/bin/Main.exe _release/bin/osnap | |
# Upload the npm package as an artifact | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.os }} | |
path: _release/ | |
prepare-publish: | |
name: Prepare publish to npm | |
needs: [build-platform, build-static] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
registry-url: https://registry.npmjs.org/ | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
ref: ${{ github.ref }} | |
submodules: true | |
# Download platform artifacts | |
- name: Download Linux release | |
uses: actions/download-artifact@v4 | |
with: | |
name: ubuntu-latest | |
path: ubuntu-latest | |
# - name: Download Windows release | |
# uses: actions/download-artifact@v2 | |
# with: | |
# name: windows-latest | |
# path: windows-latest | |
- name: Download macOS release | |
uses: actions/download-artifact@v4 | |
with: | |
name: macOS-latest | |
path: macOS-latest | |
- name: Prepare _release directory | |
run: node .github/workflows/bundle-release.js | |
# Move artifacts in place | |
- name: Move artifacts into release | |
run: | | |
mkdir -p _release/platform-linux | |
mkdir -p _release/platform-darwin | |
cp -a ubuntu-latest/. _release/platform-linux | |
cp -a macOS-latest/. _release/platform-darwin | |
- name: Increment nightly version | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} | |
run: node ./.github/workflows/incr-nightly-version.js ./_release/package.json | |
# Create a npm package that can easily be published and tested | |
- name: npm pack | |
run: npm pack . | |
working-directory: _release | |
- name: move package | |
run: mv _release/*.tgz osnap.tgz | |
# Upload artifacts | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: release | |
path: _release/ | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: release-tarball | |
path: osnap.tgz | |
test-platform: | |
name: Test installing ${{ matrix.os }} | |
needs: prepare-publish | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- ubuntu-latest | |
- macOS-latest | |
# - windows-latest | |
steps: | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: Download ${{ matrix.os }} release | |
uses: actions/download-artifact@v4 | |
with: | |
name: release-tarball | |
- name: test install | |
run: npm -g install ./osnap.tgz | |
- name: test binary | |
run: npx osnap --help=plain | |
publish: | |
if: ${{ github.event_name != 'push' || github.ref == 'refs/heads/master' }} | |
runs-on: ubuntu-latest | |
needs: [prepare-publish, test-platform] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
registry-url: https://registry.npmjs.org/ | |
- name: Download release package | |
uses: actions/download-artifact@v2 | |
with: | |
name: release-tarball | |
- name: npm publish nightly | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} | |
run: npm publish ./osnap.tgz --tag=nightly --access=public | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
- name: npm publish prerelease | |
if: ${{ github.event_name == 'release' && github.event.release.prerelease }} | |
run: | | |
npm publish ./osnap.tgz --tag=next --access=public | |
npm dist-tag add @space-labs/osnap@$(npm pkg get version | sed 's/"//g') nightly | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
- name: npm publish | |
if: ${{ github.event_name == 'release' && !github.event.release.prerelease }} | |
run: | | |
npm publish ./osnap.tgz --tag=latest --access=public | |
npm dist-tag add @space-labs/osnap@$(npm pkg get version | sed 's/"//g') next | |
npm dist-tag add @space-labs/osnap@$(npm pkg get version | sed 's/"//g') nightly | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
publish-docker-containers: | |
needs: build-static | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- debian | |
- node-lts | |
steps: | |
- name: Free Disk Space | |
run: | | |
sudo rm -rf /usr/share/dotnet | |
sudo rm -rf /opt/ghc | |
sudo rm -rf "/usr/local/share/boost" | |
sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- uses: actions/checkout@v4 | |
- name: Download Linux release | |
uses: actions/download-artifact@v4 | |
with: | |
name: ubuntu-latest | |
path: ./_release | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build & Publish Nightly ${{ matrix.container }} | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: docker/Dockerfile.${{ matrix.container }} | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: osnap/${{ matrix.container }}:nightly | |
# Enabling this overwrites all other caches, so no container is cached... | |
# cache-from: type=gha | |
# cache-to: type=gha,mode=max | |
- name: Build & Publish nightly-${{ github.ref_name }} ${{ matrix.container }} | |
if: ${{ github.event_name == 'push' && github.ref != 'refs/heads/master' }} | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: docker/Dockerfile.${{ matrix.container }} | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: osnap/${{ matrix.container }}:nightly-${{ github.ref_name }} | |
# Enabling this overwrites all other caches, so no container is cached... | |
# cache-from: type=gha | |
# cache-to: type=gha,mode=max | |
- name: Build & Publish Next ${{ matrix.container }} | |
if: ${{ github.event_name == 'release' }} | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: docker/Dockerfile.${{ matrix.container }} | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: osnap/${{ matrix.container }}:next | |
# Enabling this overwrites all other caches, so no container is cached... | |
# cache-from: type=gha | |
# cache-to: type=gha,mode=max | |
- name: Build & Publish ${{ matrix.container }} | |
if: ${{ github.event_name == 'release' && !github.event.release.prerelease }} | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: docker/Dockerfile.${{ matrix.container }} | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: osnap/${{ matrix.container }}:${{ github.event.release.tag_name }} | |
# Enabling this overwrites all other caches, so no container is cached... | |
# cache-from: type=gha | |
# cache-to: type=gha,mode=max | |
- name: Build & Publish Latest ${{ matrix.container }} | |
if: ${{ github.event_name == 'release' && !github.event.release.prerelease }} | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: docker/Dockerfile.${{ matrix.container }} | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: osnap/${{ matrix.container }}:latest | |
# Enabling this overwrites all other caches, so no container is cached... | |
# cache-from: type=gha | |
# cache-to: type=gha,mode=max |