diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml new file mode 100644 index 0000000000..784fc28593 --- /dev/null +++ b/.github/workflows/build-and-test.yml @@ -0,0 +1,66 @@ +name: Build & Test + +on: + push: + branches: ["*"] + +env: + # Cross-compilation for aarch64 requires a different linker + CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc + +permissions: + contents: read + +jobs: + Tests: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + target: + - x86_64-unknown-linux-gnu + - aarch64-unknown-linux-gnu + - x86_64-pc-windows-msvc + - x86_64-apple-darwin + - aarch64-apple-darwin + rustup_toolchain: [stable] + include: + - os: windows-2022 + target: x86_64-pc-windows-msvc + - os: ubuntu-20.04 + target: x86_64-unknown-linux-gnu + - os: ubuntu-20.04 + target: aarch64-unknown-linux-gnu + - os: macos-13 + target: x86_64-apple-darwin + - os: macos-14 + target: aarch64-apple-darwin + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Rust + uses: dtolnay/rust-toolchain@stable + with: + toolchain: ${{ matrix.rustup_toolchain }} + + - name: Install Rust crosscompile tools + if: ${{ contains(matrix.target, 'aarch64-unknown-linux-gnu') }} + run: | + sudo apt-get update -y + sudo apt-get install -y make g++ libssl-dev gcc-aarch64-linux-gnu + rustup target add aarch64-unknown-linux-gnu + + - name: Cargo build (Native TLS) + run: | + cargo build --all --no-default-features --features=native-tls + cargo clean + + - name: Cargo build (Rust TLS) + run: cargo build --all + + - name: Cargo test + run: cargo test --all + + - name: Cargo fmt + run: cargo fmt --check diff --git a/.github/workflows/cd-workflow.yml b/.github/workflows/cd-workflow.yml deleted file mode 100644 index 6d20ea7664..0000000000 --- a/.github/workflows/cd-workflow.yml +++ /dev/null @@ -1,50 +0,0 @@ -# Mostly copied from https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#publishing-a-package-using-an-action -# Main difference is the push filter on the tag. -# -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -name: Create and publish a Docker image - -on: - push: - tags: [ 'v*.*.*' ] - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - -jobs: - build-and-push-image: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Log in to the Container registry - uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - flavor: latest=false - - - name: Build and push Docker image - uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 1f1db2fb77..ba06fdeccf 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -20,7 +20,7 @@ jobs: env: BUILD_DIR: docs/ BUILD_ONLY: true - + build_and_deploy: runs-on: ubuntu-latest if: github.ref == 'refs/heads/master' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000000..ae79c850ba --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,165 @@ +name: Release + +on: + push: + tags: ["v*.*.*"] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + # Cross-compilation for aarch64 requires a different linker + CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc + +permissions: + contents: read + +jobs: + Release-Build: + runs-on: ${{ matrix.os }} + permissions: + contents: read + attestations: write + id-token: write + strategy: + matrix: + target: + - x86_64-unknown-linux-gnu + - aarch64-unknown-linux-gnu + - x86_64-pc-windows-msvc + - x86_64-apple-darwin + - aarch64-apple-darwin + rustup_toolchain: [stable] + include: + - os: windows-2022 + target: x86_64-pc-windows-msvc + - os: ubuntu-20.04 + target: x86_64-unknown-linux-gnu + - os: ubuntu-20.04 + target: aarch64-unknown-linux-gnu + - os: macos-13 + target: x86_64-apple-darwin + - os: macos-14 + target: aarch64-apple-darwin + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Rust + uses: dtolnay/rust-toolchain@stable + with: + toolchain: ${{ matrix.rustup_toolchain }} + + - name: Install Rust crosscompile tools + if: ${{ contains(matrix.target, 'aarch64-unknown-linux-gnu') }} + run: | + sudo apt-get update -y + sudo apt-get install -y make g++ libssl-dev gcc-aarch64-linux-gnu + rustup target add aarch64-unknown-linux-gnu + + - name: Cargo build + run: cargo build --release --target ${{ matrix.target }} + + - name: Archive (UNIX) + run: | + mkdir -p artifacts + cp -av target/${{ matrix.target }}/release/zola . + tar -czf ${{ github.event.repository.name }}-${{ github.ref_name }}-${{ matrix.target }}.tar.gz zola + if: ${{ ! startsWith(matrix.os, 'windows') }} + + - name: Archive (Windows) + run: | + mkdir -p artifacts + cp target/${{ matrix.target }}/release/zola.exe . + Compress-Archive zola.exe ${{ github.event.repository.name }}-${{ github.ref_name }}-${{ matrix.target }}.zip + if: ${{ startsWith(matrix.os, 'windows') }} + + - name: Attest Build Provenance + uses: actions/attest-build-provenance@v1 + continue-on-error: true + with: + subject-path: ${{ github.event.repository.name }}-${{ github.ref_name }}-${{ matrix.target }}.* + + - uses: actions/upload-artifact@v4 + with: + name: ${{ github.event.repository.name }}-${{ github.ref_name }}-${{ matrix.target }} + path: ${{ github.event.repository.name }}-${{ github.ref_name }}-${{ matrix.target }}.* + if-no-files-found: error + retention-days: 7 + + Release: + needs: [Release-Build] + runs-on: ubuntu-22.04 + permissions: + contents: write + + steps: + - name: Ensure artifacts dir exists + run: mkdir -p artifacts + + - name: Download Artifact + uses: actions/download-artifact@v4 + with: + path: artifacts + merge-multiple: true + + - name: Release + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 + with: + name: ${{ github.ref_name }} + tag_name: ${{ github.ref_name }} + generate_release_notes: true + fail_on_unmatched_files: true + body: | + Welcome to this new release of Zola ${{ github.ref_name }}! + + All artifacts are signed with this repos identity using Sigstore. + You can verify the signatures using the `GitHub` CLI. + + ```shell + gh attestation verify --owner ${{ github.repository_owner }} + ``` + token: ${{ secrets.GITHUB_TOKEN }} + prerelease: ${{ contains(github.ref, '-pre') }} + files: artifacts/* + + Release-Container-Image: + needs: [Release] + runs-on: ubuntu-22.04 + permissions: + contents: read + packages: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf + + - name: Setup Docker buildx + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db + + - name: Log in to the Container registry + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + flavor: latest=false + + - name: Build and push Docker image + uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc + with: + context: . + push: true + build-args: | + USE_GH_RELEASE=true + ZOLA_RELEASE_VERSION=${{ github.ref_name }} + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index 87b3ec247b..0741cc93c4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,15 +1,26 @@ FROM rust:slim-bookworm AS builder +ARG USE_GH_RELEASE=false +ARG ZOLA_RELEASE_VERSION=latest RUN apt-get update -y && \ - apt-get install -y make g++ libssl-dev && \ - rustup target add x86_64-unknown-linux-gnu + apt-get install -y pkg-config make g++ libssl-dev curl jq tar gzip WORKDIR /app COPY . . -RUN cargo build --release --target x86_64-unknown-linux-gnu - +RUN if [ "${USE_GH_RELEASE}" = "true" ]; then \ + if [ "${ZOLA_RELEASE_VERSION}" = "latest" ]; then \ + export ZOLA_VERSION=$(curl -sL https://api.github.com/repos/getzola/zola/releases/latest | jq -r .name); \ + else \ + export ZOLA_VERSION="${ZOLA_RELEASE_VERSION}"; \ + fi && \ + curl -sL --fail --output zola.tar.gz https://github.com/getzola/zola/releases/download/${ZOLA_VERSION}/zola-${ZOLA_VERSION}-$(uname -m)-unknown-linux-gnu.tar.gz && \ + tar -xzvf zola.tar.gz zola; \ + else \ + cargo build --release && \ + cp target/$(uname -m)-unknown-linux-gnu/release/zola zola; \ + fi && ./zola --version FROM gcr.io/distroless/cc-debian12 -COPY --from=builder /app/target/x86_64-unknown-linux-gnu/release/zola /bin/zola +COPY --from=builder /app/zola /bin/zola ENTRYPOINT [ "/bin/zola" ]