mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-21 20:41:57 +00:00
68f2bac3a1
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's releases</a>.</em></p> <blockquote> <h2>v3.0.0</h2> <ul> <li>Node 20 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.308.0">Actions Runner v2.308.0</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/102">docker/setup-qemu-action#102</a></li> <li>Bump <code>@actions/core</code> from 1.10.0 to 1.10.1 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/103">docker/setup-qemu-action#103</a></li> <li>Bump semver from 6.3.0 to 6.3.1 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/89">docker/setup-qemu-action#89</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v2.2.0...v3.0.0">https://github.com/docker/setup-qemu-action/compare/v2.2.0...v3.0.0</a></p> <h2>v2.2.0</h2> <ul> <li>Trim off spaces in <code>platforms</code> input by <a href="https://github.com/Chocobo1"><code>@Chocobo1</code></a> in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/64">docker/setup-qemu-action#64</a></li> <li>Switch to actions-toolkit implementation by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/70">docker/setup-qemu-action#70</a> <a href="https://redirect.github.com/docker/setup-qemu-action/pull/80">docker/setup-qemu-action#80</a> <a href="https://redirect.github.com/docker/setup-qemu-action/pull/83">docker/setup-qemu-action#83</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v2.1.0...v2.2.0">https://github.com/docker/setup-qemu-action/compare/v2.1.0...v2.2.0</a></p> <h2>v2.1.0</h2> <ul> <li>Use context for inputs by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> (<a href="https://redirect.github.com/docker/setup-qemu-action/issues/62">#62</a>)</li> <li>Use built-in <code>getExecOutput</code> by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> (<a href="https://redirect.github.com/docker/setup-qemu-action/issues/61">#61</a>)</li> <li>Remove workaround for <code>setOutput</code> by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> (<a href="https://redirect.github.com/docker/setup-qemu-action/issues/63">#63</a>)</li> <li>Bump <code>@actions/core</code> from 1.6.0 to 1.10.0 (<a href="https://redirect.github.com/docker/setup-qemu-action/issues/54">#54</a> <a href="https://redirect.github.com/docker/setup-qemu-action/issues/58">#58</a> <a href="https://redirect.github.com/docker/setup-qemu-action/issues/59">#59</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0">https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="68827325e0"><code>6882732</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/103">#103</a> from docker/dependabot/npm_and_yarn/actions/core-1.10.1</li> <li><a href="183f4af504"><code>183f4af</code></a> chore: update generated content</li> <li><a href="f17493529e"><code>f174935</code></a> build(deps): bump <code>@actions/core</code> from 1.10.0 to 1.10.1</li> <li><a href="2e423eb500"><code>2e423eb</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/89">#89</a> from docker/dependabot/npm_and_yarn/semver-6.3.1</li> <li><a href="ecc406afa7"><code>ecc406a</code></a> Bump semver from 6.3.0 to 6.3.1</li> <li><a href="12dec5e201"><code>12dec5e</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/102">#102</a> from crazy-max/update-node20</li> <li><a href="c29b312130"><code>c29b312</code></a> chore: node 20 as default runtime</li> <li><a href="34ae628c8f"><code>34ae628</code></a> chore: update generated content</li> <li><a href="1f3d2e1ac0"><code>1f3d2e1</code></a> chore: fix author in package.json</li> <li><a href="277dbe8c9c"><code>277dbe8</code></a> vendor: bump <code>@docker/actions-toolkit</code> from 0.3.0 to 0.12.0</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-qemu-action/compare/v2...v3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
221 lines
7.9 KiB
YAML
221 lines
7.9 KiB
YAML
name: Rust
|
|
on:
|
|
merge_group:
|
|
types: [checks_requested]
|
|
pull_request:
|
|
paths:
|
|
- "rust/**"
|
|
- ".github/workflows/rust.yml"
|
|
workflow_call:
|
|
workflow_dispatch:
|
|
|
|
# Cancel old workflow runs if new code is pushed
|
|
concurrency:
|
|
group: "rust-${{ github.workflow }}-${{ github.ref }}"
|
|
cancel-in-progress: true
|
|
|
|
defaults:
|
|
run:
|
|
working-directory: ./rust
|
|
|
|
jobs:
|
|
rust_test:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
runs-on:
|
|
- ubuntu-20.04
|
|
- ubuntu-22.04
|
|
- macos-11
|
|
- macos-12
|
|
- windows-2019
|
|
- windows-2022
|
|
# TODO: https://github.com/rust-lang/cargo/issues/5220
|
|
include:
|
|
- runs-on: ubuntu-20.04
|
|
packages: -p headless -p gateway
|
|
- runs-on: ubuntu-22.04
|
|
packages: -p headless -p gateway
|
|
- runs-on: macos-11
|
|
packages: -p connlib-apple
|
|
- runs-on: macos-12
|
|
packages: -p connlib-apple
|
|
- runs-on: windows-2019
|
|
packages: -p firezone-client-connlib
|
|
- runs-on: windows-2022
|
|
packages: -p firezone-client-connlib
|
|
runs-on: ${{ matrix.runs-on }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
# This implicitly triggers installation of the toolchain in the `rust-toolchain.toml` file.
|
|
# If we don't do this here, our cache action will compute a cache key based on the Rust version shipped on GitHub's runner which might differ from the one we use.
|
|
- run: rustup show
|
|
|
|
- uses: Swatinem/rust-cache@v2
|
|
with:
|
|
workspaces: ./rust
|
|
key: v2
|
|
prefix-key: rust-${{ matrix.runs-on }}
|
|
save-if: ${{ github.ref == 'refs/heads/main' }}
|
|
|
|
# TODO: Building *ring* from git requires us to install additional tools;
|
|
# once we're not using a forked *ring* these 2 steps can be removed.
|
|
- if: ${{ contains(matrix.runs-on, 'windows') }}
|
|
name: Install *ring* build tools
|
|
run: |
|
|
git clone `
|
|
--branch windows `
|
|
--depth 1 `
|
|
https://github.com/briansmith/ring-toolchain `
|
|
target/tools/windows
|
|
# The repo above is for a newer version of the *ring* build script which
|
|
# expects different paths; instead of going through the trouble of
|
|
# copying the older installation script let's just move the exe.
|
|
- if: ${{ contains(matrix.runs-on, 'windows') }}
|
|
name: Move *ring* build tools
|
|
run: |
|
|
mv target/tools/windows/nasm/nasm.exe target/tools/nasm.exe
|
|
|
|
- run: cargo fmt -- --check
|
|
- run: cargo doc --all-features --no-deps --document-private-items ${{ matrix.packages }}
|
|
env:
|
|
RUSTDOCFLAGS: "-D warnings"
|
|
- run: cargo clippy --all-targets --all-features ${{ matrix.packages }} -- -D warnings
|
|
- run: cargo test --all-features ${{ matrix.packages }}
|
|
|
|
rust_smoke-test-relay:
|
|
runs-on: ubuntu-latest
|
|
defaults:
|
|
run:
|
|
working-directory: ./rust/relay
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
# This implicitly triggers installation of the toolchain in the `rust-toolchain.toml` file.
|
|
# If we don't do this here, our cache action will compute a cache key based on the Rust version shipped on GitHub's runner which might differ from the one we use.
|
|
- run: rustup show
|
|
- uses: Swatinem/rust-cache@v2
|
|
with:
|
|
workspaces: ./rust
|
|
- run: ./run_smoke_test.sh
|
|
|
|
rust_relay-container-build:
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- rust_test
|
|
- rust_smoke-test-relay
|
|
permissions:
|
|
contents: read
|
|
id-token: "write"
|
|
env:
|
|
PACKAGE: relay
|
|
REGISTRY: us-east1-docker.pkg.dev
|
|
GCLOUD_PROJECT: firezone-staging
|
|
GOOGLE_CLOUD_PROJECT: firezone-staging
|
|
CLOUDSDK_PROJECT: firezone-staging
|
|
CLOUDSDK_CORE_PROJECT: firezone-staging
|
|
GCP_PROJECT: firezone-staging
|
|
steps:
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
- uses: actions/checkout@v4
|
|
- id: auth
|
|
uses: google-github-actions/auth@v1
|
|
with:
|
|
token_format: "access_token"
|
|
workload_identity_provider: "projects/397012414171/locations/global/workloadIdentityPools/github-actions/providers/github-actions"
|
|
service_account: "github-actions@github-iam-387915.iam.gserviceaccount.com"
|
|
export_environment_variables: false
|
|
- name: Change current gcloud account
|
|
run: gcloud --quiet config set project ${GCLOUD_PROJECT}
|
|
- name: Login to Google Artifact Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: oauth2accesstoken
|
|
password: ${{ steps.auth.outputs.access_token }}
|
|
- name: Build Tag and Version ID
|
|
id: vsn
|
|
env:
|
|
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
|
|
run: |
|
|
TAG=$(echo ${BRANCH_NAME} | sed 's/\//_/g' | sed 's/\:/_/g')
|
|
echo "TAG=branch-${TAG}" >> $GITHUB_ENV
|
|
- name: Build and push Docker image
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
platforms: linux/amd64
|
|
build-args: |
|
|
PACKAGE=${{ env.PACKAGE }}
|
|
context: rust/
|
|
cache-from: type=gha,scope=${{ env.PACKAGE }}-${{ github.sha }}
|
|
cache-to: type=gha,mode=max,scope=${{ env.PACKAGE }}-${{ github.sha }}
|
|
file: rust/Dockerfile
|
|
push: true
|
|
tags:
|
|
${{ env.REGISTRY }}/${{ env.GCLOUD_PROJECT }}/firezone/${{
|
|
env.PACKAGE }}:${{ env.TAG }} , ${{ env.REGISTRY }}/${{
|
|
env.GCLOUD_PROJECT }}/firezone/${{ env.PACKAGE }}:${{ github.sha }}
|
|
|
|
rust_gateway-container-build:
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- rust_test
|
|
permissions:
|
|
contents: read
|
|
id-token: "write"
|
|
env:
|
|
PACKAGE: gateway
|
|
REGISTRY: us-east1-docker.pkg.dev
|
|
GCLOUD_PROJECT: firezone-staging
|
|
GOOGLE_CLOUD_PROJECT: firezone-staging
|
|
CLOUDSDK_PROJECT: firezone-staging
|
|
CLOUDSDK_CORE_PROJECT: firezone-staging
|
|
GCP_PROJECT: firezone-staging
|
|
steps:
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
- uses: actions/checkout@v4
|
|
- id: auth
|
|
uses: google-github-actions/auth@v1
|
|
with:
|
|
token_format: "access_token"
|
|
workload_identity_provider: "projects/397012414171/locations/global/workloadIdentityPools/github-actions/providers/github-actions"
|
|
service_account: "github-actions@github-iam-387915.iam.gserviceaccount.com"
|
|
export_environment_variables: false
|
|
- name: Change current gcloud account
|
|
run: gcloud --quiet config set project ${GCLOUD_PROJECT}
|
|
- name: Login to Google Artifact Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: oauth2accesstoken
|
|
password: ${{ steps.auth.outputs.access_token }}
|
|
- name: Build Tag and Version ID
|
|
id: vsn
|
|
env:
|
|
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
|
|
run: |
|
|
TAG=$(echo ${BRANCH_NAME} | sed 's/\//_/g' | sed 's/\:/_/g')
|
|
echo "TAG=branch-${TAG}" >> $GITHUB_ENV
|
|
- name: Build and push Docker image
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
platforms: linux/amd64
|
|
build-args: |
|
|
PACKAGE=${{ env.PACKAGE }}
|
|
context: rust/
|
|
cache-from: type=gha,scope=${{ env.PACKAGE }}-${{ github.sha }}
|
|
cache-to: type=gha,mode=max,scope=${{ env.PACKAGE }}-${{ github.sha }}
|
|
file: rust/Dockerfile
|
|
push: true
|
|
tags:
|
|
${{ env.REGISTRY }}/${{ env.GCLOUD_PROJECT }}/firezone/${{
|
|
env.PACKAGE }}:${{ env.TAG }} , ${{ env.REGISTRY }}/${{
|
|
env.GCLOUD_PROJECT }}/firezone/${{ env.PACKAGE }}:${{ github.sha }}
|