Authenticate to GitHub with credential store #77

Workflow file for this run

	name: Build artifacts

	on:
	push:
	branches:
	- main
	release:

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: ${{ github.repository }}
	CARGO_INCREMENTAL: 0
	CARGO_NET_GIT_FETCH_WITH_CLI: true
	CARGO_NET_RETRY: 10
	CARGO_TERM_COLOR: always
	RUST_BACKTRACE: 1
	RUSTUP_MAX_RETRIES: 10

	concurrency:
	group: ${{ github.workflow }}-${{ github.event.pull_request.number \|\| github.ref }}
	cancel-in-progress: true

	jobs:
	plan:
	name: "Create build plan"
	runs-on: ubuntu-24.04
	outputs:
	docker-distributions: ${{ steps.plan_docker.outputs.docker_distributions }}
	native-distributions: ${{ steps.plan.outputs.native_distributions }}
	version: ${{ steps.version.outputs.version }}
	steps:
	- uses: actions/checkout@v4
	with:
	token: ${{ secrets.REPO_PAT }}
	submodules: recursive
	persist-credentials: true
	- name: Configure git for private modules
	env:
	TOKEN: ${{ secrets.REPO_PAT }}
	run: \|
	git config --global url."https://garyttierney:${TOKEN}@github.com".insteadOf "https://github.com"
	git config --global url."https://garyttierney:${TOKEN}@github.com/".insteadOf "[email protected]:"
	git config --global url."https://garyttierney:${TOKEN}@github.com/".insteadOf "ssh://[email protected]/"
	- id: plan_docker
	run: \|
	docker_distributions=$(cargo metadata --format-version=1 \| jq -c '.metadata.distributions \| map(select(.docker != false))')
	echo "docker_distributions=$docker_distributions" >> "$GITHUB_OUTPUT"
	- id: plan
	run: \|
	native_distributions=$(cargo metadata --format-version=1 \| jq -c '.metadata.distributions \| map(select(.generic == true))')
	echo "native_distributions=$native_distributions" >> "$GITHUB_OUTPUT"
	- id: version
	run: echo "version=$(cargo pkgid \| cut -d '@' -f2)" >> $GITHUB_OUTPUT
	build-native:
	needs: plan
	name: "${{ matrix.name }} (Native)"
	runs-on: "${{ matrix.runner \|\| 'ubuntu-24.04' }}"
	strategy:
	fail-fast: false
	matrix:
	include: ${{ fromJson(needs.plan.outputs.native-distributions) }}
	steps:
	- uses: actions/checkout@v4
	with:
	token: ${{ secrets.REPO_PAT }}
	submodules: recursive
	persist-credentials: true
	- name: Configure git for private modules
	env:
	TOKEN: ${{ secrets.REPO_PAT }}
	run: \|
	git config --global url."https://garyttierney:${TOKEN}@github.com".insteadOf "https://github.com"
	git config --global url."https://garyttierney:${TOKEN}@github.com/".insteadOf "[email protected]:"
	git config --global url."https://garyttierney:${TOKEN}@github.com/".insteadOf "ssh://[email protected]/"
	- uses: dtolnay/rust-toolchain@stable
	- uses: Swatinem/rust-cache@v2
	- uses: taiki-e/setup-cross-toolchain-action@v1
	with:
	target: ${{ matrix.triple }}
	- name: Build
	run: \|
	mkdir artifacts
	cargo build --target ${{ matrix.triple }} --release --bin laya
	cp target/${{ matrix.triple }}/release/laya artifacts/laya-${{ matrix.name }}
	env:
	TARGET_CPU: ${{ matrix.cpu }}
	RUSTC: share/rustc.wrap

	build-containers:
	needs: plan
	name: "${{ matrix.name }} (Docker)"
	runs-on: "${{ matrix.runner \|\| 'ubuntu-24.04' }}"
	strategy:
	fail-fast: false
	matrix:
	include: ${{ fromJson(needs.plan.outputs.docker-distributions) }}
	permissions:
	contents: read
	packages: write
	attestations: write
	id-token: write
	steps:
	- uses: actions/checkout@v4
	with:
	token: ${{ secrets.REPO_PAT }}
	submodules: recursive
	persist-credentials: true
	- name: Configure git for private modules
	env:
	TOKEN: ${{ secrets.REPO_PAT }}
	run: \|
	git config --global url."https://garyttierney:${TOKEN}@github.com".insteadOf "https://github.com"
	git config --global url."https://garyttierney:${TOKEN}@github.com/".insteadOf "[email protected]:"
	git config --global url."https://garyttierney:${TOKEN}@github.com/".insteadOf "ssh://[email protected]/"
	- name: Prepare
	run: \|
	platform=${{ matrix.docker }}
	echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	tags: \|
	type=raw,value=latest,enable={{is_default_branch}}
	# tag event
	type=ref,enable=true,priority=600,prefix=,suffix=,event=tag
	# pull request event
	type=ref,enable=true,priority=600,prefix=pr-,suffix=,event=pr
	labels: \|
	target-cpu=${{ matrix.cpu }}
	target-triple=${{ matrix.triple }}
	flavor: \|
	latest=auto
	prefix=
	suffix=${{ matrix.generic == false && format('-{0}', matrix.name) \|\| '' }}
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Log in to the Container registry
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push generic image digest
	id: build
	uses: docker/build-push-action@v6
	with:
	context: .
	platforms: ${{ matrix.docker }}
	labels: ${{ steps.meta.outputs.labels }}
	outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true
	build-args: \|
	TARGET=${{ matrix.triple }}
	TARGET_CPU=${{ matrix.cpu }}
	cache-from: type=gha
	cache-to: type=gha,mode=max
	if: matrix.generic == true

	- name: Build and push platform specific image
	uses: docker/build-push-action@v6
	id: build_platform_specific
	with:
	context: .
	platforms: ${{ matrix.docker }}
	labels: ${{ steps.meta.outputs.labels }}
	tags: ${{ steps.meta.outputs.tags }}
	push: true
	build-args: \|
	TARGET=${{ matrix.triple }}
	TARGET_CPU=${{ matrix.cpu }}
	cache-from: type=gha
	cache-to: type=gha,mode=max
	if: matrix.generic == false

	- name: Generate artifact attestation
	uses: actions/attest-build-provenance@v1
	with:
	subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
	subject-digest: ${{ steps.build.outputs.digest \|\| steps.build_platform_specific.outputs.digest }}
	push-to-registry: true

	- name: Export digest
	run: \|
	mkdir -p /tmp/digests
	digest="${{ steps.build.outputs.digest }}"
	touch "/tmp/digests/${digest#sha256:}"
	if: matrix.generic == true

	- name: Upload digest
	uses: actions/upload-artifact@v4
	with:
	name: digests-${{ matrix.name }}
	path: /tmp/digests/*
	if-no-files-found: error
	retention-days: 1
	if: matrix.generic == true
	merge-container-manifests:
	name: Merge Docker manifests
	runs-on: ubuntu-24.04
	needs:
	- build-containers
	steps:
	- name: Download digests
	uses: actions/download-artifact@v4
	with:
	path: /tmp/digests
	pattern: digests-*
	merge-multiple: true

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Log in to the Container registry
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	tags: \|
	type=raw,value=latest,enable={{is_default_branch}}
	# tag event
	type=ref,enable=true,priority=600,prefix=,suffix=,event=tag
	# pull request event
	type=ref,enable=true,priority=600,prefix=pr-,suffix=,event=pr
	labels: \|
	target-cpu=${{ matrix.cpu }}
	target-triple=${{ matrix.triple }}

	- name: Create manifest list and push
	working-directory: /tmp/digests
	run: \|
	docker buildx imagetools create $(jq -cr '.tags \| map("-t " + .) \| join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
	$(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)

	- name: Inspect image
	run: \|
	docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Authenticate to GitHub with credential store #77

Workflow file

Authenticate to GitHub with credential store #77

Jobs

Run details

Workflow file for this run