Skip to content
CI

Merge pull request #85 from encryption4all/release-plz-2026-03-27T14-… #3

Sign in to view logs

Merge pull request #85 from encryption4all/release-plz-2026-03-27T14-…

Merge pull request #85 from encryption4all/release-plz-2026-03-27T14-… #3

Workflow file for this run

.github/workflows/ci.yml at a586448
name: CI
on:
push:
branches:
- main
pull_request:
jobs:
# Release unpublished packages.
release-plz-release:
name: Release-plz release
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: read
id-token: write
outputs:
releases_created: ${{ steps.release-plz.outputs.releases_created }}
version: ${{ steps.parse-release.outputs.version }}
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
fetch-depth: 0
persist-credentials: false
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Run release-plz
id: release-plz
uses: release-plz/action@v0.5
with:
command: release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
- name: Parse released version
id: parse-release
if: steps.release-plz.outputs.releases_created == 'true'
run: |
VERSION=$(echo '${{ steps.release-plz.outputs.releases }}' | jq -r '.[0].version')
echo "version=$VERSION" >> $GITHUB_OUTPUT
# Create a PR with the new versions and changelog, preparing the next release.
release-plz-pr:
name: Release-plz PR
needs: release-plz-release
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
concurrency:
group: release-plz-${{ github.ref }}
cancel-in-progress: false
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
fetch-depth: 0
persist-credentials: false
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Run release-plz
uses: release-plz/action@v0.5
with:
command: release-pr
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
# Build each platform on its native runner and push by digest (no tag yet).
build:
name: Build (${{ matrix.name }})
runs-on: ${{ matrix.runner }}
permissions:
contents: read
packages: write
strategy:
fail-fast: false
matrix:
include:
- platform: linux/amd64
runner: ubuntu-24.04
name: amd64
- platform: linux/arm64
runner: ubuntu-24.04-arm
name: arm64
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
platforms: ${{ matrix.platform }}
outputs: type=image,name=ghcr.io/${{ github.repository }},push-by-digest=true,name-canonical=true,push=true
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digest-${{ matrix.name }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
# Merge platform digests into a single multi-platform manifest and apply tags.
# - push to main (no release) → ghcr.io/.../cryptify:edge
# - push to main (release) → ghcr.io/.../cryptify:edge + cryptify:0.1.3
# - pull request → ghcr.io/.../cryptify:pr-123
finalize:
name: Finalize Docker manifest
needs: [build, release-plz-release]
if: always() && needs.build.result == 'success'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digest-*
merge-multiple: true
- name: Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=edge,branch=main
type=ref,event=pr
type=raw,value=${{ needs.release-plz-release.outputs.version }},enable=${{ needs.release-plz-release.outputs.releases_created == 'true' }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create and push manifest
working-directory: /tmp/digests
run: |
docker buildx imagetools create \
$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf 'ghcr.io/${{ github.repository }}@sha256:%s ' *)