Skip to content

Commit

Permalink
ci(container-build-push): set RUST_VERSION from rust-toolchain.toml
Browse files Browse the repository at this point in the history
Signed-off-by: Siddhesh Mhadnak <[email protected]>
  • Loading branch information
sid-maddy committed Aug 31, 2024
1 parent 29804f5 commit bdbd503
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 8 deletions.
27 changes: 20 additions & 7 deletions .github/workflows/container-build-push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ on:
- v*
pull_request:

defaults:
run:
shell: bash

permissions:
contents: read
packages: write
Expand All @@ -35,10 +39,9 @@ jobs:
platform:
- linux/amd64

runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Install cosign
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
Expand Down Expand Up @@ -90,11 +93,24 @@ jobs:
restore-keys: |
rust-buildkit-cache-${{ matrix.platform }}-
- name: Read Rust channel
id: rust-channel
run: |
python3 <<'EOF' >"${GITHUB_ENV}"
from tomllib import loads
from pathlib import Path
rust_toolchain = loads(Path("./rust-toolchain.toml").read_text())
print(f"RUST_VERSION={rust_toolchain['toolchain']['channel']}")
EOF
- name: Build and push Docker image
id: docker_build_push
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0
with:
builder: ${{ steps.buildx.outputs.name }}
build-args: |
RUST_VERSION=${{ env.RUST_VERSION }}
cache-from: type=gha,scope=${{ matrix.platform }}
cache-to: type=gha,mode=max,scope=${{ matrix.platform }}
file: Containerfile
Expand All @@ -118,7 +134,6 @@ jobs:
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ github.ref == 'refs/heads/main' || startswith(github.event.ref, 'refs/tags/v') }}
shell: bash
# This step uses the identity token to provision an ephemeral certificate against the sigstore community Fulcio
# instance.
run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.docker_build_push.outputs.digest }}
Expand All @@ -144,7 +159,7 @@ jobs:
needs:
- build-push

runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- name: Download digests
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
Expand Down Expand Up @@ -175,15 +190,13 @@ jobs:
type=sha,format=long
- name: Create manifest list and push
shell: bash
working-directory: /tmp/digests
run: >
docker buildx imagetools create \
$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "${DOCKER_METADATA_OUTPUT_JSON}") \
$(printf ' ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
- name: Inspect image
shell: bash
run: >-
docker buildx imagetools inspect \
'${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.docker_meta.outputs.version }}'
2 changes: 1 addition & 1 deletion Containerfile
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
ARG DEBIAN_VERSION=bookworm
ARG DEBIAN_VERSION_NUMBER=12
ARG PROJECT=dragonfly-client-rs
ARG RUST_VERSION=1.80
ARG RUST_VERSION=1
ARG RUSTFLAGS="-L/usr/local/lib"

ARG YARA_VERSION=4.5.1
Expand Down

0 comments on commit bdbd503

Please sign in to comment.