[build/release] Refactor GH workflows. Add new Docker images (#3014)
This commit is contained in:
parent
8e401a90c4
commit
7cd921b8eb
16 changed files with 1671 additions and 819 deletions
|
@ -1,3 +1 @@
|
|||
*
|
||||
!amd64/surreal
|
||||
!arm64/surreal
|
||||
target
|
||||
|
|
4
.github/workflows/bench.yml
vendored
4
.github/workflows/bench.yml
vendored
|
@ -46,7 +46,7 @@ jobs:
|
|||
cargo install --quiet --locked critcmp cargo-make
|
||||
|
||||
- name: Checkout changes
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Run benchmark
|
||||
run: |
|
||||
|
@ -115,7 +115,7 @@ jobs:
|
|||
# features: "protocol-ws"
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install stable toolchain
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
|
|
46
.github/workflows/ci.yml
vendored
46
.github/workflows/ci.yml
vendored
|
@ -1,5 +1,7 @@
|
|||
name: Continuous integration
|
||||
|
||||
run-name: "CI run '${{ github.head_ref || github.ref_name }}'"
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
push:
|
||||
|
@ -13,6 +15,16 @@ defaults:
|
|||
shell: bash
|
||||
|
||||
jobs:
|
||||
# TODO: Do not run it on CI because it's very slow right now.
|
||||
# Build the Docker image but don't push it.
|
||||
# docker:
|
||||
# uses: ./.github/workflows/reusable_docker.yml
|
||||
# with:
|
||||
# git-ref: ${{ github.ref }}
|
||||
# tag-prefix: ${{ github.head_ref || github.ref_name }}
|
||||
# build: true
|
||||
# push: false
|
||||
# secrets: inherit
|
||||
|
||||
format:
|
||||
name: Check format
|
||||
|
@ -26,7 +38,7 @@ jobs:
|
|||
components: rustfmt
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -50,7 +62,7 @@ jobs:
|
|||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -79,7 +91,7 @@ jobs:
|
|||
targets: wasm32-unknown-unknown
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -104,7 +116,7 @@ jobs:
|
|||
components: clippy
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -132,7 +144,7 @@ jobs:
|
|||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -170,7 +182,7 @@ jobs:
|
|||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -198,7 +210,7 @@ jobs:
|
|||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -226,7 +238,7 @@ jobs:
|
|||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -277,7 +289,7 @@ jobs:
|
|||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -314,7 +326,7 @@ jobs:
|
|||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -351,7 +363,7 @@ jobs:
|
|||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -388,7 +400,7 @@ jobs:
|
|||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -412,7 +424,7 @@ jobs:
|
|||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -436,7 +448,7 @@ jobs:
|
|||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -460,7 +472,7 @@ jobs:
|
|||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -484,7 +496,7 @@ jobs:
|
|||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
@ -528,7 +540,7 @@ jobs:
|
|||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
|
409
.github/workflows/nightly.yml
vendored
409
.github/workflows/nightly.yml
vendored
|
@ -1,7 +1,20 @@
|
|||
name: Nightly release
|
||||
|
||||
run-name: "Nightly release '${{ inputs.git-ref || github.ref_name }}' (publish: ${{ inputs.publish || github.event_name == 'schedule' }})"
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
git-ref:
|
||||
required: true
|
||||
type: string
|
||||
description: "The github ref of this nightly version (i.e. main, 1234567)"
|
||||
default: main
|
||||
publish:
|
||||
required: false
|
||||
type: boolean
|
||||
default: false
|
||||
description: "Publish the nightly release"
|
||||
schedule:
|
||||
- cron: '0 0 * * *'
|
||||
|
||||
|
@ -10,207 +23,22 @@ defaults:
|
|||
shell: bash
|
||||
|
||||
jobs:
|
||||
|
||||
test:
|
||||
name: Test
|
||||
runs-on: ubuntu-latest-16-cores
|
||||
steps:
|
||||
|
||||
- name: Install stable toolchain
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
release:
|
||||
name: Prepare nightly release
|
||||
uses: ./.github/workflows/reusable_publish_version.yml
|
||||
with:
|
||||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
with:
|
||||
save-if: ${{ github.ref == 'refs/heads/main' }}
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
sudo apt-get -y update
|
||||
|
||||
- name: Free up some disk space
|
||||
run: |
|
||||
(set -x; df -h)
|
||||
# Free up some disk space by removing unused files
|
||||
(set -x; sudo rm -rf /imagegeneration || true)
|
||||
(set -x; sudo rm -rf /opt/az || true)
|
||||
(set -x; sudo rm -rf /opt/hostedtoolcache || true)
|
||||
(set -x; sudo rm -rf /opt/google || true)
|
||||
(set -x; sudo rm -rf /opt/pipx || true)
|
||||
(set -x; df -h)
|
||||
|
||||
- name: Install cargo-llvm-cov
|
||||
uses: taiki-e/install-action@cargo-llvm-cov
|
||||
|
||||
- name: Install cargo-make
|
||||
run: cargo install --debug --locked cargo-make
|
||||
|
||||
- name: Test workspace + coverage
|
||||
run: cargo make ci-workspace-coverage
|
||||
|
||||
- name: Debug info
|
||||
if: always()
|
||||
run: |
|
||||
set -x
|
||||
free -m
|
||||
df -h
|
||||
ps auxf
|
||||
cat /tmp/surrealdb.log || true
|
||||
|
||||
- name: Upload coverage report
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: code-coverage-report
|
||||
path: target/llvm-cov/html/
|
||||
retention-days: 5
|
||||
|
||||
lint:
|
||||
name: Lint
|
||||
runs-on: ubuntu-latest-16-cores
|
||||
steps:
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
sudo apt-get -y update
|
||||
|
||||
- name: Install stable toolchain
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
toolchain: 1.71.1
|
||||
targets: wasm32-unknown-unknown
|
||||
components: rustfmt, clippy
|
||||
|
||||
- name: Install cargo-make
|
||||
run: cargo install --debug --locked cargo-make
|
||||
|
||||
- name: Check workspace
|
||||
run: cargo make ci-check
|
||||
|
||||
- name: Check format
|
||||
run: cargo make ci-format
|
||||
|
||||
- name: Check wasm
|
||||
run: cargo make ci-check-wasm
|
||||
|
||||
- name: Check clippy
|
||||
run: cargo make ci-clippy
|
||||
|
||||
build:
|
||||
name: Build ${{ matrix.arch }}
|
||||
needs: [test, lint]
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- arch: x86_64-apple-darwin
|
||||
os: macos-latest-xl
|
||||
file: surreal-nightly.darwin-amd64
|
||||
opts: --features storage-tikv,http-compression
|
||||
- arch: aarch64-apple-darwin
|
||||
os: macos-latest-xl
|
||||
file: surreal-nightly.darwin-arm64
|
||||
opts: --features storage-tikv,http-compression
|
||||
- arch: x86_64-unknown-linux-gnu
|
||||
os: ubuntu-latest-16-cores
|
||||
file: surreal-nightly.linux-amd64
|
||||
opts: --features storage-tikv,http-compression
|
||||
- arch: aarch64-unknown-linux-gnu
|
||||
os: ubuntu-latest-16-cores
|
||||
file: surreal-nightly.linux-arm64
|
||||
opts: --features storage-tikv,http-compression
|
||||
- arch: x86_64-pc-windows-msvc
|
||||
os: windows-latest
|
||||
file: surreal-nightly.windows-amd64
|
||||
opts:
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Prepare environment
|
||||
if: contains(matrix.arch, 'windows') && endsWith(matrix.arch, '-gnu')
|
||||
run: echo "C:\msys64\usr\bin;$Env:Path" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
|
||||
|
||||
- name: Install dependencies
|
||||
if: contains(matrix.arch, 'windows') && endsWith(matrix.arch, '-msvc')
|
||||
run: |
|
||||
vcpkg integrate install
|
||||
|
||||
- name: Install dependencies
|
||||
if: contains(matrix.arch, 'apple') && endsWith(matrix.arch, '-darwin')
|
||||
run: |
|
||||
brew install protobuf
|
||||
|
||||
- name: Install dependencies
|
||||
if: contains(matrix.arch, 'linux') && endsWith(matrix.arch, '-gnu')
|
||||
run: |
|
||||
sudo apt-get -y update
|
||||
sudo apt-get -y install musl-tools qemu-user libc6-dev-arm64-cross
|
||||
sudo apt-get -y install g++-aarch64-linux-gnu gcc-aarch64-linux-gnu
|
||||
|
||||
- name: Install FoundationDB
|
||||
if: contains(matrix.arch, 'linux') && startsWith(matrix.arch, 'x86_64')
|
||||
run: |
|
||||
curl -sLO https://github.com/apple/foundationdb/releases/download/6.3.23/foundationdb-clients_6.3.23-1_amd64.deb
|
||||
sudo dpkg -i --force-architecture foundationdb-clients_6.3.23-1_amd64.deb
|
||||
rm -rf foundationdb-clients_6.3.23-1_amd64.deb
|
||||
|
||||
- name: Install stable toolchain
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
toolchain: 1.71.1
|
||||
targets: ${{ matrix.arch }}
|
||||
|
||||
- name: Output package versions
|
||||
run: set -x; go version ; cargo version ; rustc --version ; cmake --version ; gcc --version ; g++ --version ; perl -v
|
||||
|
||||
- name: Run cargo build
|
||||
run: cargo build ${{ matrix.opts }} --release --locked --target ${{ matrix.arch }}
|
||||
env:
|
||||
BINDGEN_EXTRA_CLANG_ARGS_aarch64-unknown-linux-gnu: "-I/usr/aarch64-linux-gnu/include/"
|
||||
|
||||
- name: Package binaries
|
||||
if: ${{ !contains(matrix.arch, 'windows') }}
|
||||
shell: bash
|
||||
run: |
|
||||
cd target/${{ matrix.arch }}/release
|
||||
chmod +x surreal
|
||||
tar -zcvf ${{ matrix.file }}.tgz surreal
|
||||
echo $(shasum -a 256 ${{ matrix.file }}.tgz | cut -f1 -d' ') > ${{ matrix.file }}.txt
|
||||
|
||||
- name: Package binaries
|
||||
if: ${{ contains(matrix.arch, 'windows') }}
|
||||
shell: bash
|
||||
run: |
|
||||
cd target/${{ matrix.arch }}/release
|
||||
cp surreal.exe ${{ matrix.file }}.exe
|
||||
echo $(shasum -a 256 ${{ matrix.file }}.exe | cut -f1 -d' ') > ${{ matrix.file }}.txt
|
||||
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: ${{ matrix.file }}
|
||||
path: |
|
||||
target/${{ matrix.arch }}/release/surreal
|
||||
target/${{ matrix.arch }}/release/${{ matrix.file }}.tgz
|
||||
target/${{ matrix.arch }}/release/${{ matrix.file }}.txt
|
||||
target/${{ matrix.arch }}/release/${{ matrix.file }}.exe
|
||||
name: nightly
|
||||
git-ref: ${{ inputs.git-ref || github.ref_name }}
|
||||
publish: ${{ inputs.publish || github.event_name == 'schedule' }}
|
||||
secrets: inherit
|
||||
|
||||
crate:
|
||||
name: Publish surrealdb-nightly to crates.io
|
||||
needs: [lint, test]
|
||||
needs: [release]
|
||||
environment: crate-nightly
|
||||
if: ${{ inputs.publish || github.event_name == 'schedule' }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
- name: Install stable toolchain
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
|
@ -218,11 +46,12 @@ jobs:
|
|||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: ${{ inputs.git-ref || github.ref_name }}
|
||||
|
||||
- name: Publish
|
||||
env:
|
||||
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
|
||||
shell: bash
|
||||
run: |
|
||||
# Replace the crate name
|
||||
# We are just going to replace the first occurance of surrealdb
|
||||
|
@ -256,191 +85,3 @@ jobs:
|
|||
|
||||
# Publish cargo crate
|
||||
/home/runner/.cargo/bin/release-plz release --config .config/release-nightly-plz.toml
|
||||
|
||||
docker:
|
||||
name: Build and publish Docker image
|
||||
needs: [build]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Download amd64 binary
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: surreal-nightly.linux-amd64
|
||||
path: amd64
|
||||
|
||||
- name: Download arm64 binary
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: surreal-nightly.linux-arm64
|
||||
path: arm64
|
||||
|
||||
- name: Set file permissions
|
||||
shell: bash
|
||||
run: |
|
||||
chmod +x amd64/surreal arm64/surreal
|
||||
|
||||
- name: Configure DockerHub
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USER }}
|
||||
password: ${{ secrets.DOCKER_PASS }}
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v2
|
||||
|
||||
- name: Set up Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
|
||||
- name: Configure tag
|
||||
shell: bash
|
||||
run: |
|
||||
VERSION=nightly
|
||||
echo "VERSION=${VERSION}" >> $GITHUB_ENV
|
||||
|
||||
- name: Build the Docker image
|
||||
uses: docker/build-push-action@v4
|
||||
with:
|
||||
context: .
|
||||
load: true
|
||||
tags: surrealdb/surrealdb:${{ env.VERSION }}
|
||||
|
||||
# Start the docker image as server and wait until it is ready
|
||||
- name: Test the Docker image
|
||||
run: |
|
||||
docker run --net=host --rm surrealdb/surrealdb:${{ env.VERSION }} start 2>&1 >surreal.log &
|
||||
|
||||
retries=5
|
||||
until docker run --net=host --rm surrealdb/surrealdb:${{ env.VERSION }} is-ready; do
|
||||
retries=$((retries-1))
|
||||
if [[ $retries -eq 0 ]]; then
|
||||
echo "###"
|
||||
echo "### The container is not ready after 5 seconds!"
|
||||
echo "###"
|
||||
cat surreal.log
|
||||
echo "###"
|
||||
echo "### ERROR: The docker image is not valid. Aborting."
|
||||
echo "###"
|
||||
exit 1
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
|
||||
# This second build reuses the cache from the build above
|
||||
- name: Push the Docker image
|
||||
uses: docker/build-push-action@v4
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
platforms: linux/amd64,linux/arm64
|
||||
tags: surrealdb/surrealdb:${{ env.VERSION }}
|
||||
|
||||
publish:
|
||||
name: Publish binaries for ${{ matrix.arch }}
|
||||
needs: [docker]
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- arch: x86_64-apple-darwin
|
||||
os: macos-latest
|
||||
file: surreal-nightly.darwin-amd64
|
||||
- arch: aarch64-apple-darwin
|
||||
os: macos-latest
|
||||
file: surreal-nightly.darwin-arm64
|
||||
- arch: x86_64-unknown-linux-gnu
|
||||
os: ubuntu-latest
|
||||
file: surreal-nightly.linux-amd64
|
||||
- arch: aarch64-unknown-linux-gnu
|
||||
os: ubuntu-latest
|
||||
file: surreal-nightly.linux-arm64
|
||||
- arch: x86_64-pc-windows-msvc
|
||||
os: windows-latest
|
||||
file: surreal-nightly.windows-amd64
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- name: Download artifacts
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: ${{ matrix.file }}
|
||||
|
||||
- name: Configure AWS
|
||||
uses: aws-actions/configure-aws-credentials@v1-node16
|
||||
with:
|
||||
aws-region: us-east-2
|
||||
aws-access-key-id: ${{ secrets.AMAZON_ACCESS_KEY }}
|
||||
aws-secret-access-key: ${{ secrets.AMAZON_SECRET_KEY }}
|
||||
|
||||
- name: Publish non-windows binaries
|
||||
if: ${{ !contains(matrix.arch, 'windows') }}
|
||||
shell: bash
|
||||
run: |
|
||||
aws s3 cp --cache-control 'no-store' ${{ matrix.file }}.tgz s3://download.surrealdb.com/nightly/
|
||||
aws s3 cp --cache-control 'no-store' ${{ matrix.file }}.txt s3://download.surrealdb.com/nightly/
|
||||
|
||||
- name: Publish windows binaries
|
||||
if: ${{ contains(matrix.arch, 'windows') }}
|
||||
shell: bash
|
||||
run: |
|
||||
aws s3 cp --cache-control 'no-store' ${{ matrix.file }}.exe s3://download.surrealdb.com/nightly/
|
||||
aws s3 cp --cache-control 'no-store' ${{ matrix.file }}.txt s3://download.surrealdb.com/nightly/
|
||||
|
||||
package-macos:
|
||||
name: Package macOS universal binary
|
||||
needs: [publish]
|
||||
runs-on: macos-latest
|
||||
steps:
|
||||
- name: Download amd64 binary
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: surreal-nightly.darwin-amd64
|
||||
path: amd64
|
||||
|
||||
- name: Download arm64 binary
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: surreal-nightly.darwin-arm64
|
||||
path: arm64
|
||||
|
||||
- name: Configure AWS
|
||||
uses: aws-actions/configure-aws-credentials@v1-node16
|
||||
with:
|
||||
aws-region: us-east-2
|
||||
aws-access-key-id: ${{ secrets.AMAZON_ACCESS_KEY }}
|
||||
aws-secret-access-key: ${{ secrets.AMAZON_SECRET_KEY }}
|
||||
|
||||
- name: Package universal MacOS binary
|
||||
shell: bash
|
||||
run: |
|
||||
FILE="surreal-nightly.darwin-universal"
|
||||
lipo -create -output surreal amd64/surreal arm64/surreal
|
||||
chmod +x surreal
|
||||
tar -zcvf $FILE.tgz surreal
|
||||
echo $(shasum -a 256 $FILE.tgz | cut -f1 -d' ') > $FILE.txt
|
||||
aws s3 cp --cache-control 'no-store' $FILE.tgz s3://download.surrealdb.com/nightly/
|
||||
aws s3 cp --cache-control 'no-store' $FILE.txt s3://download.surrealdb.com/nightly/
|
||||
|
||||
deploy:
|
||||
name: Deploy
|
||||
needs: [publish, package-macos]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Configure AWS
|
||||
uses: aws-actions/configure-aws-credentials@v1-node16
|
||||
with:
|
||||
aws-region: us-east-2
|
||||
aws-access-key-id: ${{ secrets.AMAZON_ACCESS_KEY }}
|
||||
aws-secret-access-key: ${{ secrets.AMAZON_SECRET_KEY }}
|
||||
|
||||
- name: Distribute binaries
|
||||
shell: bash
|
||||
run: |
|
||||
regions=("af-south-1" "ap-east-1" "ap-south-1" "ap-southeast-1" "ap-southeast-2" "ca-central-1" "eu-central-1" "eu-west-2" "me-south-1" "sa-east-1" "us-west-2")
|
||||
for region in ${regions[@]}; do
|
||||
aws s3 sync --delete --storage-class INTELLIGENT_TIERING --source-region eu-west-2 --region ${region} s3://download.surrealdb.com s3://download.${region}.surrealdb.com
|
||||
done
|
||||
|
|
4
.github/workflows/nix.yml
vendored
4
.github/workflows/nix.yml
vendored
|
@ -33,7 +33,7 @@ jobs:
|
|||
if: ${{ github.ref == 'refs/heads/main' }} || ${{ github.event.label.name == 'nix' }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: cachix/install-nix-action@v20
|
||||
- uses: cachix/cachix-action@v12
|
||||
with:
|
||||
|
@ -48,7 +48,7 @@ jobs:
|
|||
if: ${{ github.ref == 'refs/heads/main' }} || ${{ github.event.label.name == 'nix' }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: cachix/install-nix-action@v20
|
||||
- uses: cachix/cachix-action@v12
|
||||
with:
|
||||
|
|
433
.github/workflows/release.yml
vendored
433
.github/workflows/release.yml
vendored
|
@ -1,6 +1,25 @@
|
|||
name: Version release
|
||||
name: Tag release
|
||||
|
||||
run-name: "Tag release '${{ inputs.git-ref || github.ref_name }}' (publish: ${{ inputs.publish || github.event_name == 'push' }}, latest: ${{ inputs.latest || github.event_name == 'schedule' }})"
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
git-ref:
|
||||
required: true
|
||||
type: string
|
||||
description: "The github ref of this release. If you are publishing it, use a tag (i.e. v1.0.0)."
|
||||
default: main
|
||||
latest:
|
||||
required: false
|
||||
type: boolean
|
||||
default: false
|
||||
description: "Consider this release as the latest one and update the Docker image tag and the binary pointer for the installers"
|
||||
publish:
|
||||
required: false
|
||||
type: boolean
|
||||
default: false
|
||||
description: "Publish the release"
|
||||
push:
|
||||
tags:
|
||||
- "v*.*.*"
|
||||
|
@ -10,404 +29,24 @@ defaults:
|
|||
shell: bash
|
||||
|
||||
jobs:
|
||||
|
||||
test:
|
||||
name: Test
|
||||
runs-on: ubuntu-latest-16-cores
|
||||
steps:
|
||||
|
||||
- name: Install stable toolchain
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
with:
|
||||
save-if: ${{ github.ref == 'refs/heads/main' }}
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
sudo apt-get -y update
|
||||
|
||||
- name: Free up some disk space
|
||||
run: |
|
||||
(set -x; df -h)
|
||||
# Free up some disk space by removing unused files
|
||||
(set -x; sudo rm -rf /imagegeneration || true)
|
||||
(set -x; sudo rm -rf /opt/az || true)
|
||||
(set -x; sudo rm -rf /opt/hostedtoolcache || true)
|
||||
(set -x; sudo rm -rf /opt/google || true)
|
||||
(set -x; sudo rm -rf /opt/pipx || true)
|
||||
(set -x; df -h)
|
||||
|
||||
- name: Install cargo-llvm-cov
|
||||
uses: taiki-e/install-action@cargo-llvm-cov
|
||||
|
||||
- name: Install cargo-make
|
||||
run: cargo install --debug --locked cargo-make
|
||||
|
||||
- name: Test workspace + coverage
|
||||
run: cargo make ci-workspace-coverage
|
||||
|
||||
- name: Debug info
|
||||
if: always()
|
||||
run: |
|
||||
set -x
|
||||
free -m
|
||||
df -h
|
||||
ps auxf
|
||||
cat /tmp/surrealdb.log || true
|
||||
|
||||
- name: Upload coverage report
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: code-coverage-report
|
||||
path: target/llvm-cov/html/
|
||||
retention-days: 30
|
||||
|
||||
lint:
|
||||
name: Lint
|
||||
runs-on: ubuntu-latest-16-cores
|
||||
steps:
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
sudo apt-get -y update
|
||||
|
||||
- name: Install stable toolchain
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
toolchain: 1.71.1
|
||||
targets: wasm32-unknown-unknown
|
||||
components: rustfmt, clippy
|
||||
|
||||
- name: Install cargo-make
|
||||
run: cargo install --debug --locked cargo-make
|
||||
|
||||
- name: Check workspace
|
||||
run: cargo make ci-check
|
||||
|
||||
- name: Check format
|
||||
run: cargo make ci-format
|
||||
|
||||
- name: Check wasm
|
||||
run: cargo make ci-check-wasm
|
||||
|
||||
- name: Check clippy
|
||||
run: cargo make ci-clippy
|
||||
|
||||
build:
|
||||
name: Build ${{ matrix.arch }}
|
||||
needs: [test, lint]
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- arch: x86_64-apple-darwin
|
||||
os: macos-latest-xl
|
||||
file: surreal-${{ github.ref_name }}.darwin-amd64
|
||||
opts: --features storage-tikv,http-compression
|
||||
- arch: aarch64-apple-darwin
|
||||
os: macos-latest-xl
|
||||
file: surreal-${{ github.ref_name }}.darwin-arm64
|
||||
opts: --features storage-tikv,http-compression
|
||||
- arch: x86_64-unknown-linux-gnu
|
||||
os: ubuntu-latest-16-cores
|
||||
file: surreal-${{ github.ref_name }}.linux-amd64
|
||||
opts: --features storage-tikv,http-compression
|
||||
- arch: aarch64-unknown-linux-gnu
|
||||
os: ubuntu-latest-16-cores
|
||||
file: surreal-${{ github.ref_name }}.linux-arm64
|
||||
opts: --features storage-tikv,http-compression
|
||||
- arch: x86_64-pc-windows-msvc
|
||||
os: windows-latest
|
||||
file: surreal-${{ github.ref_name }}.windows-amd64
|
||||
opts:
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Prepare environment
|
||||
if: contains(matrix.arch, 'windows') && endsWith(matrix.arch, '-gnu')
|
||||
run: echo "C:\msys64\usr\bin;$Env:Path" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
|
||||
|
||||
- name: Install dependencies
|
||||
if: contains(matrix.arch, 'windows') && endsWith(matrix.arch, '-msvc')
|
||||
run: |
|
||||
vcpkg integrate install
|
||||
|
||||
- name: Install dependencies
|
||||
if: contains(matrix.arch, 'apple') && endsWith(matrix.arch, '-darwin')
|
||||
run: |
|
||||
brew install protobuf
|
||||
|
||||
- name: Install dependencies
|
||||
if: contains(matrix.arch, 'linux') && endsWith(matrix.arch, '-gnu')
|
||||
run: |
|
||||
sudo apt-get -y update
|
||||
sudo apt-get -y install musl-tools qemu-user libc6-dev-arm64-cross
|
||||
sudo apt-get -y install g++-aarch64-linux-gnu gcc-aarch64-linux-gnu
|
||||
|
||||
- name: Install FoundationDB
|
||||
if: contains(matrix.arch, 'linux') && startsWith(matrix.arch, 'x86_64')
|
||||
run: |
|
||||
curl -sLO https://github.com/apple/foundationdb/releases/download/6.3.23/foundationdb-clients_6.3.23-1_amd64.deb
|
||||
sudo dpkg -i --force-architecture foundationdb-clients_6.3.23-1_amd64.deb
|
||||
rm -rf foundationdb-clients_6.3.23-1_amd64.deb
|
||||
|
||||
- name: Install stable toolchain
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
toolchain: 1.71.1
|
||||
targets: ${{ matrix.arch }}
|
||||
|
||||
- name: Output package versions
|
||||
run: set -x; go version ; cargo version ; rustc --version ; cmake --version ; gcc --version ; g++ --version ; perl -v
|
||||
|
||||
- name: Run cargo build
|
||||
run: cargo build ${{ matrix.opts }} --release --locked --target ${{ matrix.arch }}
|
||||
checks:
|
||||
name: Pre-release checks
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
BINDGEN_EXTRA_CLANG_ARGS_aarch64-unknown-linux-gnu: "-I/usr/aarch64-linux-gnu/include/"
|
||||
|
||||
- name: Package binaries
|
||||
if: ${{ !contains(matrix.arch, 'windows') }}
|
||||
shell: bash
|
||||
run: |
|
||||
cd target/${{ matrix.arch }}/release
|
||||
chmod +x surreal
|
||||
tar -zcvf ${{ matrix.file }}.tgz surreal
|
||||
echo $(shasum -a 256 ${{ matrix.file }}.tgz | cut -f1 -d' ') > ${{ matrix.file }}.txt
|
||||
|
||||
- name: Package binaries
|
||||
if: ${{ contains(matrix.arch, 'windows') }}
|
||||
shell: bash
|
||||
run: |
|
||||
cd target/${{ matrix.arch }}/release
|
||||
cp surreal.exe ${{ matrix.file }}.exe
|
||||
echo $(shasum -a 256 ${{ matrix.file }}.exe | cut -f1 -d' ') > ${{ matrix.file }}.txt
|
||||
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: ${{ matrix.file }}
|
||||
path: |
|
||||
target/${{ matrix.arch }}/release/surreal
|
||||
target/${{ matrix.arch }}/release/${{ matrix.file }}.tgz
|
||||
target/${{ matrix.arch }}/release/${{ matrix.file }}.txt
|
||||
target/${{ matrix.arch }}/release/${{ matrix.file }}.exe
|
||||
|
||||
docker:
|
||||
name: Build and publish Docker image
|
||||
needs: [build]
|
||||
runs-on: ubuntu-latest
|
||||
GIT_REF: ${{ inputs.git-ref || github.ref_name }}
|
||||
steps:
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Download amd64 binary
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: surreal-${{ github.ref_name }}.linux-amd64
|
||||
path: amd64
|
||||
|
||||
- name: Download arm64 binary
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: surreal-${{ github.ref_name }}.linux-arm64
|
||||
path: arm64
|
||||
|
||||
- name: Set file permissions
|
||||
shell: bash
|
||||
- name: Verify that the provided git_ref is a tag when 'publish' is true
|
||||
if: ${{ inputs.publish || github.event_name == 'push' }}
|
||||
run: |
|
||||
chmod +x amd64/surreal arm64/surreal
|
||||
git tag -l | grep -w $GIT_REF || (echo "The provided git_ref '$GIT_REF' is not a tag" && exit 1)
|
||||
|
||||
- name: Configure DockerHub
|
||||
uses: docker/login-action@v2
|
||||
release:
|
||||
name: Prepare release
|
||||
needs: [checks]
|
||||
uses: ./.github/workflows/reusable_publish_version.yml
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USER }}
|
||||
password: ${{ secrets.DOCKER_PASS }}
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v2
|
||||
|
||||
- name: Set up Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
|
||||
- name: Configure tag
|
||||
shell: bash
|
||||
run: |
|
||||
VERSION=${{ github.ref_name }}
|
||||
echo "VERSION=${VERSION:1}" | tr + - >> $GITHUB_ENV
|
||||
|
||||
- name: Build the Docker image
|
||||
uses: docker/build-push-action@v4
|
||||
with:
|
||||
context: .
|
||||
load: true
|
||||
tags: surrealdb/surrealdb:latest,surrealdb/surrealdb:${{ env.VERSION }}
|
||||
|
||||
# Start the docker image as server and wait until it is ready
|
||||
- name: Test the Docker image
|
||||
run: |
|
||||
docker run --net=host --rm surrealdb/surrealdb:${{ env.VERSION }} start 2>&1 >surreal.log &
|
||||
|
||||
retries=5
|
||||
until docker run --net=host --rm surrealdb/surrealdb:${{ env.VERSION }} is-ready; do
|
||||
retries=$((retries-1))
|
||||
if [[ $retries -eq 0 ]]; then
|
||||
echo "###"
|
||||
echo "### The container is not ready after 5 seconds!"
|
||||
echo "###"
|
||||
cat surreal.log
|
||||
echo "###"
|
||||
echo "### ERROR: The docker image is not valid. Aborting."
|
||||
echo "###"
|
||||
exit 1
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
|
||||
# This second build reuses the cache from the build above
|
||||
- name: Push the Docker image
|
||||
uses: docker/build-push-action@v4
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
platforms: linux/amd64,linux/arm64
|
||||
tags: surrealdb/surrealdb:latest,surrealdb/surrealdb:${{ env.VERSION }}
|
||||
|
||||
publish:
|
||||
name: Publish binaries for ${{ matrix.arch }}
|
||||
needs: [docker]
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- arch: x86_64-apple-darwin
|
||||
os: macos-latest
|
||||
file: surreal-${{ github.ref_name }}.darwin-amd64
|
||||
- arch: aarch64-apple-darwin
|
||||
os: macos-latest
|
||||
file: surreal-${{ github.ref_name }}.darwin-arm64
|
||||
- arch: x86_64-unknown-linux-gnu
|
||||
os: ubuntu-latest
|
||||
file: surreal-${{ github.ref_name }}.linux-amd64
|
||||
- arch: aarch64-unknown-linux-gnu
|
||||
os: ubuntu-latest
|
||||
file: surreal-${{ github.ref_name }}.linux-arm64
|
||||
- arch: x86_64-pc-windows-msvc
|
||||
os: windows-latest
|
||||
file: surreal-${{ github.ref_name }}.windows-amd64
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- name: Download artifacts
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: ${{ matrix.file }}
|
||||
|
||||
- name: Configure AWS
|
||||
uses: aws-actions/configure-aws-credentials@v1-node16
|
||||
with:
|
||||
aws-region: us-east-2
|
||||
aws-access-key-id: ${{ secrets.AMAZON_ACCESS_KEY }}
|
||||
aws-secret-access-key: ${{ secrets.AMAZON_SECRET_KEY }}
|
||||
|
||||
- name: Publish non-windows binaries
|
||||
if: ${{ !contains(matrix.arch, 'windows') }}
|
||||
shell: bash
|
||||
run: |
|
||||
aws s3 cp --cache-control 'no-store' ${{ matrix.file }}.tgz s3://download.surrealdb.com/${{ github.ref_name }}/
|
||||
aws s3 cp --cache-control 'no-store' ${{ matrix.file }}.txt s3://download.surrealdb.com/${{ github.ref_name }}/
|
||||
|
||||
- name: Publish windows binaries
|
||||
if: ${{ contains(matrix.arch, 'windows') }}
|
||||
shell: bash
|
||||
run: |
|
||||
aws s3 cp --cache-control 'no-store' ${{ matrix.file }}.exe s3://download.surrealdb.com/${{ github.ref_name }}/
|
||||
aws s3 cp --cache-control 'no-store' ${{ matrix.file }}.txt s3://download.surrealdb.com/${{ github.ref_name }}/
|
||||
|
||||
package-macos:
|
||||
name: Package macOS universal binary
|
||||
needs: [publish]
|
||||
runs-on: macos-latest
|
||||
steps:
|
||||
- name: Download amd64 binary
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: surreal-${{ github.ref_name }}.darwin-amd64
|
||||
path: amd64
|
||||
|
||||
- name: Download arm64 binary
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: surreal-${{ github.ref_name }}.darwin-arm64
|
||||
path: arm64
|
||||
|
||||
- name: Configure AWS
|
||||
uses: aws-actions/configure-aws-credentials@v1-node16
|
||||
with:
|
||||
aws-region: us-east-2
|
||||
aws-access-key-id: ${{ secrets.AMAZON_ACCESS_KEY }}
|
||||
aws-secret-access-key: ${{ secrets.AMAZON_SECRET_KEY }}
|
||||
|
||||
- name: Package universal MacOS binary
|
||||
shell: bash
|
||||
run: |
|
||||
FILE="surreal-${{ github.ref_name }}.darwin-universal"
|
||||
lipo -create -output surreal amd64/surreal arm64/surreal
|
||||
chmod +x surreal
|
||||
tar -zcvf $FILE.tgz surreal
|
||||
echo $(shasum -a 256 $FILE.tgz | cut -f1 -d' ') > $FILE.txt
|
||||
aws s3 cp --cache-control 'no-store' $FILE.tgz s3://download.surrealdb.com/${{ github.ref_name }}/
|
||||
aws s3 cp --cache-control 'no-store' $FILE.txt s3://download.surrealdb.com/${{ github.ref_name }}/
|
||||
|
||||
deploy:
|
||||
name: Deploy
|
||||
needs: [publish, package-macos]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Configure AWS
|
||||
uses: aws-actions/configure-aws-credentials@v1-node16
|
||||
with:
|
||||
aws-region: us-east-2
|
||||
aws-access-key-id: ${{ secrets.AMAZON_ACCESS_KEY }}
|
||||
aws-secret-access-key: ${{ secrets.AMAZON_SECRET_KEY }}
|
||||
|
||||
- name: Download artifacts
|
||||
uses: actions/download-artifact@v3
|
||||
|
||||
- name: Publish release
|
||||
uses: softprops/action-gh-release@v1
|
||||
with:
|
||||
name: "Release ${{ github.ref_name }}"
|
||||
files: |
|
||||
LICENSE
|
||||
**/*.tgz
|
||||
**/*.exe
|
||||
|
||||
- name: Set version
|
||||
shell: bash
|
||||
run: |
|
||||
echo ${{ github.ref_name }} > latest.txt
|
||||
aws s3 cp --cache-control 'no-store' latest.txt s3://download.surrealdb.com/
|
||||
|
||||
- name: Distribute binaries
|
||||
shell: bash
|
||||
run: |
|
||||
regions=("af-south-1" "ap-east-1" "ap-south-1" "ap-southeast-1" "ap-southeast-2" "ca-central-1" "eu-central-1" "eu-west-2" "me-south-1" "sa-east-1" "us-west-2")
|
||||
for region in ${regions[@]}; do
|
||||
aws s3 sync --delete --storage-class INTELLIGENT_TIERING --source-region eu-west-2 --region ${region} s3://download.surrealdb.com s3://download.${region}.surrealdb.com
|
||||
done
|
||||
git-ref: ${{ inputs.git-ref || github.ref_name }}
|
||||
latest: ${{ inputs.latest || github.event_name == 'push' }}
|
||||
publish: ${{ inputs.publish || github.event_name == 'push' }}
|
||||
create-release: ${{ inputs.publish || github.event_name == 'push' }}
|
||||
secrets: inherit
|
||||
|
|
343
.github/workflows/reusable_docker.yml
vendored
Normal file
343
.github/workflows/reusable_docker.yml
vendored
Normal file
|
@ -0,0 +1,343 @@
|
|||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
git-ref:
|
||||
required: true
|
||||
type: string
|
||||
description: "The github ref to checkout for building the Docker images."
|
||||
tag-prefix:
|
||||
required: true
|
||||
type: string
|
||||
description: "The prefix of the Docker image tag. i.e. 'nightly' for 'surrealdb/surrealdb:nightly-dev' or 'surrealdb/surrealdb:nightly-fdb'."
|
||||
build:
|
||||
required: false
|
||||
type: boolean
|
||||
default: true
|
||||
description: "Build the Docker images."
|
||||
push:
|
||||
required: false
|
||||
type: boolean
|
||||
default: false
|
||||
description: "Publish the Docker images."
|
||||
latest:
|
||||
required: false
|
||||
type: boolean
|
||||
default: false
|
||||
description: "Update the latest tag of the Docker image."
|
||||
secrets:
|
||||
DOCKER_USER:
|
||||
required: false
|
||||
DOCKER_PASS:
|
||||
required: false
|
||||
AWS_CI_ACCESS_KEY_ID:
|
||||
required: false
|
||||
AWS_CI_SECRET_ACCESS_KEY:
|
||||
required: false
|
||||
|
||||
defaults:
|
||||
run:
|
||||
shell: bash
|
||||
|
||||
jobs:
|
||||
prepare:
|
||||
name: Prepare steps
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
with-ecr: ${{ steps.aws-credentials.outputs.with-ecr }}
|
||||
tag-prefix: ${{ steps.tag-prefix.outputs.tag-prefix }}
|
||||
build-matrix: ${{ steps.set-matrix.outputs.build-matrix }}
|
||||
push-matrix: ${{ steps.set-matrix.outputs.push-matrix }}
|
||||
steps:
|
||||
- name: Check if AWS credentials are set
|
||||
id: aws-credentials
|
||||
run: |
|
||||
if [[ "${{ secrets.AWS_CI_ACCESS_KEY_ID }}" == "" ]]; then
|
||||
echo "###"
|
||||
echo "### AWS credentials are not set. Will skip any AWS ECR action."
|
||||
echo "###"
|
||||
|
||||
echo "with-ecr=false" >> $GITHUB_OUTPUT
|
||||
else
|
||||
echo "with-ecr=true" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
- name: Sanitize tag name
|
||||
id: tag-prefix
|
||||
run: |
|
||||
echo "tag-prefix=$(echo '${{ inputs.tag-prefix }}' | sed 's/[^a-zA-Z0-9_.-]/-/g' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
|
||||
|
||||
# Define matrix here so we don't need to search for it when making changes
|
||||
- name: Set matrix
|
||||
id: set-matrix
|
||||
env:
|
||||
BUILD_MATRIX: |
|
||||
include:
|
||||
########
|
||||
# Binary image
|
||||
########
|
||||
- name: Binary image
|
||||
dockerfile: Dockerfile.binary
|
||||
platform: amd64
|
||||
runner: ubuntu-latest-4-cores
|
||||
tag: amd64-${{ steps.tag-prefix.outputs.tag-prefix }}-binary
|
||||
########################################
|
||||
# Base images
|
||||
########################################
|
||||
# Prod AMD64 image
|
||||
- &base_image
|
||||
name: Base image
|
||||
dockerfile: Dockerfile
|
||||
build-target: prod
|
||||
platform: amd64
|
||||
runner: ubuntu-latest-4-cores
|
||||
tag: amd64-${{ steps.tag-prefix.outputs.tag-prefix }}
|
||||
# Prod ARM64 image
|
||||
- <<: *base_image
|
||||
platform: arm64
|
||||
runner: ["self-hosted", "arm64", "4-cores"]
|
||||
tag: arm64-${{ steps.tag-prefix.outputs.tag-prefix }}
|
||||
# Dev AMD64 image
|
||||
- <<: *base_image
|
||||
build-target: dev
|
||||
tag: amd64-${{ steps.tag-prefix.outputs.tag-prefix }}-dev
|
||||
# Dev ARM64 image
|
||||
- <<: *base_image
|
||||
build-target: dev
|
||||
platform: arm64
|
||||
runner: ["self-hosted", "arm64", "4-cores"]
|
||||
tag: arm64-${{ steps.tag-prefix.outputs.tag-prefix }}-dev
|
||||
|
||||
########################################
|
||||
# FoundationDB images (FDB client library is only available for amd64)
|
||||
########################################
|
||||
# Prod AMD64 image
|
||||
- &fdb_image
|
||||
name: FDB image
|
||||
dockerfile: Dockerfile.fdb
|
||||
build-target: prod
|
||||
platform: amd64
|
||||
runner: ubuntu-latest-4-cores
|
||||
tag: amd64-${{ steps.tag-prefix.outputs.tag-prefix }}-fdb
|
||||
# Dev AMD64 image
|
||||
- <<: *fdb_image
|
||||
build-target: dev
|
||||
tag: amd64-${{ steps.tag-prefix.outputs.tag-prefix }}-fdb-dev
|
||||
|
||||
PUSH_MATRIX: |
|
||||
include:
|
||||
########################################
|
||||
# Base images
|
||||
########################################
|
||||
# Prod images
|
||||
- &base_image
|
||||
platforms: linux/amd64,linux/arm64
|
||||
tag: ${{ steps.tag-prefix.outputs.tag-prefix }}
|
||||
tag-latest: latest
|
||||
# Dev images
|
||||
- <<: *base_image
|
||||
platforms: linux/amd64,linux/arm64
|
||||
tag: ${{ steps.tag-prefix.outputs.tag-prefix }}-dev
|
||||
tag-latest: latest-dev
|
||||
|
||||
# TODO: Decide whether or not we want a dedicated image for FoundationDB
|
||||
# ########################################
|
||||
# # FoundationDB images (FDB client library is only available for amd64)
|
||||
# ########################################
|
||||
# # Prod images
|
||||
# - &fdb_image
|
||||
# platforms: linux/amd64
|
||||
# tag: ${{ steps.tag-prefix.outputs.tag-prefix }}-fdb
|
||||
# tag-latest: latest-fdb
|
||||
# # Dev images
|
||||
# - <<: *fdb_image
|
||||
# tag: ${{ steps.tag-prefix.outputs.tag-prefix }}-fdb-dev
|
||||
# tag-latest: latest-fdb-dev
|
||||
|
||||
run: |
|
||||
echo '${{ env.BUILD_MATRIX }}' > build-matrix.yaml
|
||||
echo "build-matrix=$(yq -o json -I=0 build-matrix.yaml)" >> $GITHUB_OUTPUT
|
||||
echo '${{ env.PUSH_MATRIX }}' > push-matrix.yaml
|
||||
echo "push-matrix=$(yq -o json -I=0 push-matrix.yaml)" >> $GITHUB_OUTPUT
|
||||
|
||||
build:
|
||||
name: Build ${{ matrix.name }} (${{ matrix.build-target || 'default' }}, ${{ matrix.platform }})
|
||||
runs-on: ${{ matrix.runner }}
|
||||
needs: prepare
|
||||
if: ${{ inputs.build }}
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix: ${{ fromJson(needs.prepare.outputs.build-matrix) }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: ${{ inputs.git-ref }}
|
||||
|
||||
- name: Checkout docker
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
path: _docker
|
||||
|
||||
# Replace docker files. It allows us to test new Dockerfiles with workflow_dispatch and a custom git ref.
|
||||
# When triggered by a push or a schedule, this git ref will be the same as 'inputs.git-ref'
|
||||
- name: Replace docker files
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
run: |
|
||||
rm -rf docker .dockerignore
|
||||
mv _docker/docker .
|
||||
mv _docker/.dockerignore .
|
||||
rm -rf _docker
|
||||
|
||||
- name: Set up Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Build and export to Docker.
|
||||
uses: docker/build-push-action@v5
|
||||
id: build
|
||||
with:
|
||||
context: .
|
||||
load: true
|
||||
platforms: linux/${{ matrix.platform }}
|
||||
file: docker/${{ matrix.dockerfile }}
|
||||
target: ${{ matrix.build-target }}
|
||||
tags: surrealdb-ci:${{ matrix.tag }}-${{ github.run_id }}
|
||||
|
||||
# Start the docker image as server and wait until it is ready
|
||||
- name: Test the Docker image
|
||||
run: |
|
||||
docker run --net=host --rm ${{ steps.build.outputs.imageid }} start 2>&1 >surreal.log &
|
||||
|
||||
retries=5
|
||||
until docker run --net=host --rm ${{ steps.build.outputs.imageid }} is-ready; do
|
||||
retries=$((retries-1))
|
||||
if [[ $retries -eq 0 ]]; then
|
||||
echo "###"
|
||||
echo "### The container is not ready after 5 seconds!"
|
||||
echo "###"
|
||||
cat surreal.log
|
||||
echo "###"
|
||||
echo "### ERROR: The docker image is not valid. Aborting."
|
||||
echo "###"
|
||||
exit 1
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
|
||||
- name: Configure AWS credentials
|
||||
if: ${{ needs.prepare.outputs.with-ecr == 'true' }}
|
||||
uses: aws-actions/configure-aws-credentials@v4
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_CI_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_CI_SECRET_ACCESS_KEY }}
|
||||
aws-region: us-east-1
|
||||
|
||||
- name: Login to Amazon ECR
|
||||
if: ${{ needs.prepare.outputs.with-ecr == 'true' }}
|
||||
id: login-ecr
|
||||
uses: aws-actions/amazon-ecr-login@v2
|
||||
|
||||
- name: Push individual images to CI registry.
|
||||
if: ${{ needs.prepare.outputs.with-ecr == 'true' }}
|
||||
run: |
|
||||
docker tag ${{ steps.build.outputs.imageid }} ${{ steps.login-ecr.outputs.registry }}/surrealdb-ci:${{ matrix.tag }}-${{ github.run_id }}
|
||||
docker push ${{ steps.login-ecr.outputs.registry }}/surrealdb-ci:${{ matrix.tag }}-${{ github.run_id }}
|
||||
|
||||
# Push a multi-arch manifest to the CI registry
|
||||
push-all-to-ecr-ci:
|
||||
name: Push ${{ matrix.tag }} to CI registry
|
||||
runs-on: ubuntu-latest
|
||||
needs: [prepare, build]
|
||||
if: ${{ inputs.build && needs.prepare.outputs.with-ecr == 'true' }}
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix: ${{ fromJson(needs.prepare.outputs.push-matrix) }}
|
||||
steps:
|
||||
# Checkout the workflow code, we don't need the code to build SurrealDB, that's why we don't checkout "input.git-ref" here
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Configure AWS credentials
|
||||
uses: aws-actions/configure-aws-credentials@v4
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_CI_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_CI_SECRET_ACCESS_KEY }}
|
||||
aws-region: us-east-1
|
||||
|
||||
- name: Login to Amazon ECR
|
||||
id: login-ecr
|
||||
uses: aws-actions/amazon-ecr-login@v2
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Push multi-arch Docker manifest to CI registry
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
file: ./docker/Dockerfile.multi-arch
|
||||
platforms: ${{ matrix.platforms }}
|
||||
push: true
|
||||
tags: ${{ steps.login-ecr.outputs.registry }}/surrealdb-ci:${{ matrix.tag }}
|
||||
build-args: |
|
||||
IMAGE_REPO=${{ steps.login-ecr.outputs.registry }}/surrealdb-ci
|
||||
TAG=${{ matrix.tag }}-${{ github.run_id }}
|
||||
|
||||
# Push a multi-arch manifest to DockerHub
|
||||
push-all-to-dockerhub:
|
||||
name: Push ${{ matrix.tag }} to DockerHub
|
||||
runs-on: ubuntu-latest
|
||||
needs: [prepare]
|
||||
if: ${{ inputs.push }}
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix: ${{ fromJson(needs.prepare.outputs.push-matrix) }}
|
||||
steps:
|
||||
# Checkout the workflow code, we don't need the code to build SurrealDB, that's why we don't checkout "input.git-ref" here
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Configure AWS credentials
|
||||
uses: aws-actions/configure-aws-credentials@v4
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_CI_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_CI_SECRET_ACCESS_KEY }}
|
||||
aws-region: us-east-1
|
||||
|
||||
- name: Login to Amazon ECR
|
||||
id: login-ecr
|
||||
uses: aws-actions/amazon-ecr-login@v2
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Configure DockerHub
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USER }}
|
||||
password: ${{ secrets.DOCKER_PASS }}
|
||||
|
||||
- name: Push multi-arch Docker manifest to DockerHub
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
file: ./docker/Dockerfile.multi-arch
|
||||
platforms: ${{ matrix.platforms }}
|
||||
push: true
|
||||
tags: surrealdb/surrealdb:${{ matrix.tag }}
|
||||
build-args: |
|
||||
IMAGE_REPO=${{ steps.login-ecr.outputs.registry }}/surrealdb-ci
|
||||
TAG=${{ matrix.tag }}-${{ github.run_id }}
|
||||
|
||||
- name: Tag multi-arch Docker manifest as latest
|
||||
uses: docker/build-push-action@v5
|
||||
if: ${{ inputs.latest }}
|
||||
with:
|
||||
context: .
|
||||
file: ./docker/Dockerfile.multi-arch
|
||||
platforms: ${{ matrix.platforms }}
|
||||
push: true
|
||||
tags: surrealdb/surrealdb:${{ matrix.tag-latest }}
|
||||
build-args: |
|
||||
IMAGE_REPO=${{ steps.login-ecr.outputs.registry }}/surrealdb-ci
|
||||
TAG=${{ matrix.tag }}-${{ github.run_id }}
|
||||
|
390
.github/workflows/reusable_publish_version.yml
vendored
Normal file
390
.github/workflows/reusable_publish_version.yml
vendored
Normal file
|
@ -0,0 +1,390 @@
|
|||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
# i.e. nightly, 1.0.0
|
||||
name:
|
||||
required: false
|
||||
type: string
|
||||
description: "The name of this release version. It can be a 'nightly' version or a semver version that represents a tag (i.e. 'v1.0.0')"
|
||||
git-ref:
|
||||
required: true
|
||||
type: string
|
||||
description: "The git ref of this release version. All 'actions/checkout' steps will use it"
|
||||
latest:
|
||||
required: false
|
||||
type: boolean
|
||||
default: false
|
||||
description: "Consider this release as the latest one and update the Docker image tag and the binary pointer for the installers"
|
||||
publish:
|
||||
required: false
|
||||
type: boolean
|
||||
default: false
|
||||
description: "Whether to publish this release"
|
||||
create-release:
|
||||
required: false
|
||||
type: boolean
|
||||
default: false
|
||||
description: "Create a GitHub release"
|
||||
|
||||
defaults:
|
||||
run:
|
||||
shell: bash
|
||||
|
||||
jobs:
|
||||
prepare-vars:
|
||||
name: Prepare vars
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
git-ref: ${{ steps.outputs.outputs.git-ref }}
|
||||
name: ${{ steps.outputs.outputs.name }}
|
||||
steps:
|
||||
- name: Set outputs
|
||||
id: outputs
|
||||
run: |
|
||||
echo "git-ref=${{ inputs.git-ref || github.ref_name }}" >> $GITHUB_OUTPUT
|
||||
# If the name is not provided, use the git_ref (i.e. v1.0.0)
|
||||
echo "name=${{ inputs.name || inputs.git-ref || github.ref_name }}" >> $GITHUB_OUTPUT
|
||||
test:
|
||||
name: Test
|
||||
needs: [prepare-vars]
|
||||
runs-on: ubuntu-latest-16-cores
|
||||
steps:
|
||||
- name: Install stable toolchain
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
toolchain: 1.71.1
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: ${{ needs.prepare-vars.outputs.git-ref }}
|
||||
|
||||
- name: Setup cache
|
||||
uses: Swatinem/rust-cache@v2
|
||||
with:
|
||||
save-if: ${{ needs.prepare-vars.outputs.git-ref == 'main' }}
|
||||
|
||||
- name: Install cargo-llvm-cov
|
||||
uses: taiki-e/install-action@cargo-llvm-cov
|
||||
|
||||
- name: Install cargo-make
|
||||
run: cargo install --debug --locked cargo-make
|
||||
|
||||
- name: Test workspace + coverage
|
||||
run: cargo make ci-workspace-coverage
|
||||
|
||||
- name: Debug info
|
||||
if: always()
|
||||
run: |
|
||||
set -x
|
||||
free -m
|
||||
df -h
|
||||
ps auxf
|
||||
cat /tmp/surrealdb.log || true
|
||||
|
||||
- name: Upload coverage report
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: code-coverage-report
|
||||
path: target/llvm-cov/html/
|
||||
retention-days: 5
|
||||
|
||||
lint:
|
||||
name: Lint
|
||||
needs: [prepare-vars]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: ${{ needs.prepare-vars.outputs.git-ref }}
|
||||
|
||||
- name: Install stable toolchain
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
toolchain: 1.71.1
|
||||
targets: wasm32-unknown-unknown
|
||||
components: rustfmt, clippy
|
||||
|
||||
- name: Install cargo-make
|
||||
run: cargo install --debug --locked cargo-make
|
||||
|
||||
- name: Check workspace
|
||||
run: cargo make ci-check
|
||||
|
||||
- name: Check format
|
||||
run: cargo make ci-format
|
||||
|
||||
- name: Check wasm
|
||||
run: cargo make ci-check-wasm
|
||||
|
||||
- name: Check clippy
|
||||
run: cargo make ci-clippy
|
||||
|
||||
docker-build:
|
||||
name: Build Docker images
|
||||
needs: [prepare-vars]
|
||||
uses: ./.github/workflows/reusable_docker.yml
|
||||
with:
|
||||
git-ref: ${{ needs.prepare-vars.outputs.git-ref }}
|
||||
tag-prefix: ${{ needs.prepare-vars.outputs.name }}
|
||||
build: true
|
||||
push: false
|
||||
secrets: inherit
|
||||
|
||||
build:
|
||||
name: Build ${{ matrix.arch }} binary
|
||||
needs: [prepare-vars]
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
# MacOS amd64
|
||||
- arch: x86_64-apple-darwin
|
||||
runner: macos-latest-xl
|
||||
file: surreal-${{ needs.prepare-vars.outputs.name }}.darwin-amd64
|
||||
build-step: |
|
||||
# Prepare deps
|
||||
brew install protobuf
|
||||
|
||||
# Build
|
||||
cargo build --features storage-tikv,http-compression --release --locked --target x86_64-apple-darwin
|
||||
|
||||
# Package
|
||||
cp target/x86_64-apple-darwin/release/surreal surreal
|
||||
chmod +x surreal
|
||||
tar -zcvf surreal-${{ needs.prepare-vars.outputs.name }}.darwin-amd64.tgz surreal
|
||||
echo $(shasum -a 256 surreal-${{ needs.prepare-vars.outputs.name }}.darwin-amd64.tgz | cut -f1 -d' ') > surreal-${{ needs.prepare-vars.outputs.name }}.darwin-amd64.txt
|
||||
|
||||
# MacOS arm64
|
||||
- arch: aarch64-apple-darwin
|
||||
runner: macos-latest-xl
|
||||
file: surreal-${{ needs.prepare-vars.outputs.name }}.darwin-arm64
|
||||
build-step: |
|
||||
# Prepare deps
|
||||
brew install protobuf
|
||||
|
||||
# Build
|
||||
cargo build --features storage-tikv,http-compression --release --locked --target aarch64-apple-darwin
|
||||
|
||||
# Package
|
||||
cp target/aarch64-apple-darwin/release/surreal surreal
|
||||
chmod +x surreal
|
||||
tar -zcvf surreal-${{ needs.prepare-vars.outputs.name }}.darwin-arm64.tgz surreal
|
||||
echo $(shasum -a 256 surreal-${{ needs.prepare-vars.outputs.name }}.darwin-arm64.tgz | cut -f1 -d' ') > surreal-${{ needs.prepare-vars.outputs.name }}.darwin-arm64.txt
|
||||
|
||||
# Linux amd64
|
||||
- arch: x86_64-unknown-linux-gnu
|
||||
runner: ubuntu-latest-16-cores
|
||||
file: surreal-${{ needs.prepare-vars.outputs.name }}.linux-amd64
|
||||
build-step: |
|
||||
# Build
|
||||
docker build \
|
||||
--platform linux/amd64 \
|
||||
--build-arg="CARGO_EXTRA_FEATURES=storage-tikv,http-compression" \
|
||||
-t binary \
|
||||
-f docker/Dockerfile.binary \
|
||||
.
|
||||
docker create --name binary binary
|
||||
docker cp binary:/surrealdb/target/release/surreal surreal
|
||||
|
||||
# Package
|
||||
chmod +x surreal
|
||||
tar -zcvf surreal-${{ needs.prepare-vars.outputs.name }}.linux-amd64.tgz surreal
|
||||
echo $(shasum -a 256 surreal-${{ needs.prepare-vars.outputs.name }}.linux-amd64.tgz | cut -f1 -d' ') > surreal-${{ needs.prepare-vars.outputs.name }}.linux-amd64.txt
|
||||
|
||||
# Linux arm64
|
||||
- arch: aarch64-unknown-linux-gnu
|
||||
runner: ["self-hosted", "arm64", "4-cores"]
|
||||
file: surreal-${{ needs.prepare-vars.outputs.name }}.linux-arm64
|
||||
build-step: |
|
||||
# Build
|
||||
docker build \
|
||||
--platform linux/arm64 \
|
||||
--build-arg="CARGO_EXTRA_FEATURES=storage-tikv,http-compression" \
|
||||
-t binary \
|
||||
-f docker/Dockerfile.binary \
|
||||
.
|
||||
docker create --name binary binary
|
||||
docker cp binary:/surrealdb/target/release/surreal surreal
|
||||
|
||||
# Package
|
||||
chmod +x surreal
|
||||
tar -zcvf surreal-${{ needs.prepare-vars.outputs.name }}.linux-arm64.tgz surreal
|
||||
echo $(shasum -a 256 surreal-${{ needs.prepare-vars.outputs.name }}.linux-arm64.tgz | cut -f1 -d' ') > surreal-${{ needs.prepare-vars.outputs.name }}.linux-arm64.txt
|
||||
|
||||
# Windows amd64
|
||||
- arch: x86_64-pc-windows-msvc
|
||||
runner: windows-latest
|
||||
file: surreal-${{ needs.prepare-vars.outputs.name }}.windows-amd64
|
||||
build-step: |
|
||||
# Prepare deps
|
||||
vcpkg integrate install
|
||||
|
||||
# Build
|
||||
cargo build --features storage-tikv,http-compression --release --locked --target x86_64-pc-windows-msvc
|
||||
|
||||
# Package
|
||||
cp target/x86_64-pc-windows-msvc/release/surreal.exe surreal-${{ needs.prepare-vars.outputs.name }}.windows-amd64.exe
|
||||
echo $(shasum -a 256 surreal-${{ needs.prepare-vars.outputs.name }}.windows-amd64.exe | cut -f1 -d' ') > surreal-${{ needs.prepare-vars.outputs.name }}.windows-amd64.txt
|
||||
|
||||
runs-on: ${{ matrix.runner }}
|
||||
steps:
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: ${{ needs.prepare-vars.outputs.git-ref }}
|
||||
|
||||
- name: Checkout docker
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
path: _docker
|
||||
|
||||
# Replace docker files. It allows us to test new Dockerfiles with workflow_dispatch and a custom git ref.
|
||||
# When triggered by a push or a schedule, this git ref will be the same as 'inputs.git-ref'
|
||||
- name: Replace docker files
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
run: |
|
||||
rm -rf docker .dockerignore
|
||||
mv _docker/docker .
|
||||
mv _docker/.dockerignore .
|
||||
rm -rf _docker
|
||||
|
||||
- name: Install stable toolchain
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
toolchain: 1.71.1
|
||||
targets: ${{ matrix.arch }}
|
||||
|
||||
- name: Output package versions
|
||||
run: |
|
||||
set -x
|
||||
set +e
|
||||
go version ; cargo version ; rustc --version ; cmake --version ; gcc --version ; g++ --version ; perl -v
|
||||
|
||||
- name: Build step
|
||||
run: ${{ matrix.build-step }}
|
||||
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: ${{ matrix.file }}
|
||||
path: |
|
||||
surreal
|
||||
${{ matrix.file }}.tgz
|
||||
${{ matrix.file }}.txt
|
||||
${{ matrix.file }}.exe
|
||||
|
||||
publish:
|
||||
name: Publish artifacts binaries
|
||||
needs: [prepare-vars, test, lint, build, docker-build]
|
||||
if: ${{ inputs.publish }}
|
||||
environment: ${{ needs.prepare-vars.outputs.name == 'nightly' && 'nightly' || 'release' }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Download artifacts
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
path: artifacts
|
||||
|
||||
- name: Publish release
|
||||
uses: softprops/action-gh-release@v1
|
||||
if: ${{ inputs.create-release }}
|
||||
with:
|
||||
name: "Release ${{ github.ref_name }}"
|
||||
files: |
|
||||
LICENSE
|
||||
artifacts/*.tgz
|
||||
artifacts/*.exe
|
||||
|
||||
- name: Set latest version
|
||||
if: ${{ inputs.create-release }}
|
||||
run: |
|
||||
echo ${{ github.ref_name }} > latest.txt
|
||||
aws s3 cp --cache-control 'no-store' latest.txt s3://download.surrealdb.com/latest.txt
|
||||
|
||||
- name: Configure AWS
|
||||
uses: aws-actions/configure-aws-credentials@v4
|
||||
with:
|
||||
aws-region: us-east-2
|
||||
aws-access-key-id: ${{ secrets.AMAZON_ACCESS_KEY }}
|
||||
aws-secret-access-key: ${{ secrets.AMAZON_SECRET_KEY }}
|
||||
|
||||
- name: Publish binaries
|
||||
run: |
|
||||
for file in artifacts/**/*.{tgz,txt,exe}; do
|
||||
aws s3 cp --cache-control 'no-store' $file s3://download.surrealdb.com/${{ needs.prepare-vars.outputs.name }}/
|
||||
done
|
||||
|
||||
docker-publish:
|
||||
name: Publish Docker images
|
||||
needs: [prepare-vars, publish]
|
||||
uses: ./.github/workflows/reusable_docker.yml
|
||||
with:
|
||||
git-ref: ${{ needs.prepare-vars.outputs.git-ref }}
|
||||
tag-prefix: ${{ needs.prepare-vars.outputs.name }}
|
||||
latest: ${{ inputs.latest }}
|
||||
build: false
|
||||
push: true
|
||||
secrets: inherit
|
||||
|
||||
package-macos:
|
||||
name: Package and publish macOS universal binary
|
||||
needs: [prepare-vars, publish]
|
||||
runs-on: macos-latest
|
||||
env:
|
||||
FILE: surreal-${{ needs.prepare-vars.outputs.name }}.darwin-universal
|
||||
steps:
|
||||
- name: Download amd64 binary
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: surreal-${{ needs.prepare-vars.outputs.name }}.darwin-amd64
|
||||
path: amd64
|
||||
|
||||
- name: Download arm64 binary
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: surreal-${{ needs.prepare-vars.outputs.name }}.darwin-arm64
|
||||
path: arm64
|
||||
|
||||
- name: Configure AWS
|
||||
uses: aws-actions/configure-aws-credentials@v4
|
||||
with:
|
||||
aws-region: us-east-2
|
||||
aws-access-key-id: ${{ secrets.AMAZON_ACCESS_KEY }}
|
||||
aws-secret-access-key: ${{ secrets.AMAZON_SECRET_KEY }}
|
||||
|
||||
- name: Package universal MacOS binary
|
||||
run: |
|
||||
lipo -create -output surreal amd64/surreal arm64/surreal
|
||||
chmod +x surreal
|
||||
tar -zcvf $FILE.tgz surreal
|
||||
echo $(shasum -a 256 $FILE.tgz | cut -f1 -d' ') > $FILE.txt
|
||||
|
||||
- name: Publish universal MacOS binary
|
||||
if: ${{ inputs.publish }}
|
||||
run: |
|
||||
aws s3 cp --cache-control 'no-store' $FILE.tgz s3://download.surrealdb.com/${{ needs.prepare-vars.outputs.name }}/
|
||||
aws s3 cp --cache-control 'no-store' $FILE.txt s3://download.surrealdb.com/${{ needs.prepare-vars.outputs.name }}/
|
||||
|
||||
propagate:
|
||||
name: Propagate binaries to all regions
|
||||
if: ${{ inputs.publish }}
|
||||
needs: [publish, package-macos]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Configure AWS
|
||||
uses: aws-actions/configure-aws-credentials@v4
|
||||
with:
|
||||
aws-region: us-east-2
|
||||
aws-access-key-id: ${{ secrets.AMAZON_ACCESS_KEY }}
|
||||
aws-secret-access-key: ${{ secrets.AMAZON_SECRET_KEY }}
|
||||
|
||||
- name: Distribute binaries
|
||||
run: |
|
||||
regions=("af-south-1" "ap-east-1" "ap-south-1" "ap-southeast-1" "ap-southeast-2" "ca-central-1" "eu-central-1" "eu-west-2" "me-south-1" "sa-east-1" "us-west-2")
|
||||
for region in ${regions[@]}; do
|
||||
aws s3 sync --delete --storage-class INTELLIGENT_TIERING --source-region eu-west-2 --region ${region} s3://download.surrealdb.com s3://download.${region}.surrealdb.com
|
||||
done
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -39,7 +39,6 @@ Temporary Items
|
|||
.vscode/
|
||||
/result
|
||||
/bin/
|
||||
/docker/
|
||||
/.direnv/
|
||||
|
||||
# -----------------------------------
|
||||
|
|
11
Dockerfile
11
Dockerfile
|
@ -1,11 +0,0 @@
|
|||
# Use ChainGuard's glibc-dynamic image as the base image. More information about this image can be found at https://www.chainguard.dev/chainguard-images
|
||||
FROM cgr.dev/chainguard/glibc-dynamic
|
||||
|
||||
# Declare a build-time argument for the target architecture
|
||||
ARG TARGETARCH
|
||||
|
||||
# Add the binary file 'surreal' from the specified path on the host machine to the root directory in the container
|
||||
ADD $TARGETARCH/surreal /
|
||||
|
||||
# Set the entry point for the container to be the 'surreal' binary
|
||||
ENTRYPOINT ["/surreal"]
|
36
docker/Dockerfile
Normal file
36
docker/Dockerfile
Normal file
|
@ -0,0 +1,36 @@
|
|||
#
|
||||
# Dockerfile that builds a SurrealDB docker image.
|
||||
#
|
||||
|
||||
FROM cgr.dev/chainguard/rust:latest-dev as builder
|
||||
|
||||
USER root
|
||||
RUN apk update
|
||||
RUN apk add patch clang curl gcc cmake
|
||||
|
||||
ENV CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-unknown-linux-gnu-gcc
|
||||
|
||||
RUN mkdir /surrealdb
|
||||
WORKDIR /surrealdb
|
||||
COPY . /surrealdb/
|
||||
|
||||
RUN cargo build --features http-compression,storage-tikv --release --locked
|
||||
|
||||
#
|
||||
# Development image
|
||||
#
|
||||
FROM cgr.dev/chainguard/glibc-dynamic:latest-dev as dev
|
||||
|
||||
USER root
|
||||
COPY --from=builder /surrealdb/target/release/surreal /surreal
|
||||
|
||||
ENTRYPOINT ["/surreal"]
|
||||
|
||||
#
|
||||
# Production image
|
||||
#
|
||||
FROM cgr.dev/chainguard/glibc-dynamic:latest as prod
|
||||
|
||||
COPY --from=builder /surrealdb/target/release/surreal /surreal
|
||||
|
||||
ENTRYPOINT ["/surreal"]
|
26
docker/Dockerfile.binary
Normal file
26
docker/Dockerfile.binary
Normal file
|
@ -0,0 +1,26 @@
|
|||
#
|
||||
# Dockerfile that builds the SurrealDB Linux binary and makes it depend on GLIBC 2.17.
|
||||
#
|
||||
|
||||
FROM docker.io/ubuntu:18.04
|
||||
|
||||
ARG CARGO_EXTRA_FEATURES="http-compression,storage-tikv"
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
RUN apt-get update && apt-get install -y curl patch clang gpg build-essential git
|
||||
|
||||
# Install rust
|
||||
COPY docker/files/rustup-init.sh /tmp/rustup-init.sh
|
||||
RUN /tmp/rustup-init.sh -y
|
||||
ENV PATH="/root/.cargo/bin:${PATH}"
|
||||
|
||||
RUN mkdir /surrealdb
|
||||
WORKDIR /surrealdb
|
||||
COPY . /surrealdb/
|
||||
|
||||
RUN cargo build --features ${CARGO_EXTRA_FEATURES} --release --locked
|
||||
|
||||
# For testing purposes
|
||||
RUN cp target/release/surreal /surreal
|
||||
|
||||
ENTRYPOINT ["/surreal"]
|
39
docker/Dockerfile.fdb
Normal file
39
docker/Dockerfile.fdb
Normal file
|
@ -0,0 +1,39 @@
|
|||
#
|
||||
# Dockerfile that builds a SurrealDB docker image with FoundationDB support.
|
||||
#
|
||||
|
||||
FROM --platform=linux/amd64 cgr.dev/chainguard/rust:latest-dev as builder
|
||||
|
||||
USER root
|
||||
RUN apk update
|
||||
RUN apk add patch clang curl cmake
|
||||
|
||||
RUN mkdir /surrealdb
|
||||
WORKDIR /surrealdb
|
||||
COPY . /surrealdb/
|
||||
|
||||
RUN curl -L https://github.com/apple/foundationdb/releases/download/7.1.42/libfdb_c.x86_64.so -o libfdb_c.so && \
|
||||
echo "9501a7910fe2d47b805c48c467fddaf485ccf4b1195863e3c5fb0c86648084f1 libfdb_c.so" | sha256sum -c -s - || exit 1 && \
|
||||
mv libfdb_c.so /usr/lib/ && \
|
||||
cargo build --features http-compression,storage-tikv,storage-fdb --release --locked
|
||||
|
||||
#
|
||||
# Development image
|
||||
#
|
||||
FROM cgr.dev/chainguard/glibc-dynamic:latest-dev as dev
|
||||
|
||||
USER root
|
||||
COPY --from=builder /surrealdb/target/release/surreal /surreal
|
||||
COPY --from=builder /usr/lib/libfdb_c.so /usr/lib/libfdb_c.so
|
||||
|
||||
ENTRYPOINT ["/surreal"]
|
||||
|
||||
#
|
||||
# Production image
|
||||
#
|
||||
FROM cgr.dev/chainguard/glibc-dynamic:latest as prod
|
||||
|
||||
COPY --from=builder /surrealdb/target/release/surreal /surreal
|
||||
COPY --from=builder /usr/lib/libfdb_c.so /usr/lib/libfdb_c.so
|
||||
|
||||
ENTRYPOINT ["/surreal"]
|
9
docker/Dockerfile.multi-arch
Normal file
9
docker/Dockerfile.multi-arch
Normal file
|
@ -0,0 +1,9 @@
|
|||
#
|
||||
# Dockerfile that builds SurrealDB docker images for multiple architectures.
|
||||
#
|
||||
|
||||
ARG TAG IMAGE_REPO
|
||||
|
||||
FROM ${IMAGE_REPO}:${TARGETARCH}-${TAG}
|
||||
|
||||
ARG TARGETARCH
|
731
docker/files/rustup-init.sh
Executable file
731
docker/files/rustup-init.sh
Executable file
|
@ -0,0 +1,731 @@
|
|||
#!/bin/sh
|
||||
# shellcheck shell=dash
|
||||
|
||||
# This is just a little script that can be downloaded from the internet to
|
||||
# install rustup. It just does platform detection, downloads the installer
|
||||
# and runs it.
|
||||
|
||||
# It runs on Unix shells like {a,ba,da,k,z}sh. It uses the common `local`
|
||||
# extension. Note: Most shells limit `local` to 1 var per line, contra bash.
|
||||
|
||||
if [ "$KSH_VERSION" = 'Version JM 93t+ 2010-03-05' ]; then
|
||||
# The version of ksh93 that ships with many illumos systems does not
|
||||
# support the "local" extension. Print a message rather than fail in
|
||||
# subtle ways later on:
|
||||
echo 'rustup does not work with this ksh93 version; please try bash!' >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
set -u
|
||||
|
||||
# If RUSTUP_UPDATE_ROOT is unset or empty, default it.
|
||||
RUSTUP_UPDATE_ROOT="${RUSTUP_UPDATE_ROOT:-https://static.rust-lang.org/rustup}"
|
||||
|
||||
# NOTICE: If you change anything here, please make the same changes in setup_mode.rs
|
||||
usage() {
|
||||
cat <<EOF
|
||||
rustup-init 1.26.0 (577bf51ae 2023-04-05)
|
||||
The installer for rustup
|
||||
|
||||
USAGE:
|
||||
rustup-init [OPTIONS]
|
||||
|
||||
OPTIONS:
|
||||
-v, --verbose
|
||||
Enable verbose output
|
||||
|
||||
-q, --quiet
|
||||
Disable progress output
|
||||
|
||||
-y
|
||||
Disable confirmation prompt.
|
||||
|
||||
--default-host <default-host>
|
||||
Choose a default host triple
|
||||
|
||||
--default-toolchain <default-toolchain>
|
||||
Choose a default toolchain to install. Use 'none' to not install any toolchains at all
|
||||
|
||||
--profile <profile>
|
||||
[default: default] [possible values: minimal, default, complete]
|
||||
|
||||
-c, --component <components>...
|
||||
Component name to also install
|
||||
|
||||
-t, --target <targets>...
|
||||
Target name to also install
|
||||
|
||||
--no-update-default-toolchain
|
||||
Don't update any existing default toolchain after install
|
||||
|
||||
--no-modify-path
|
||||
Don't configure the PATH environment variable
|
||||
|
||||
-h, --help
|
||||
Print help information
|
||||
|
||||
-V, --version
|
||||
Print version information
|
||||
EOF
|
||||
}
|
||||
|
||||
main() {
|
||||
downloader --check
|
||||
need_cmd uname
|
||||
need_cmd mktemp
|
||||
need_cmd chmod
|
||||
need_cmd mkdir
|
||||
need_cmd rm
|
||||
need_cmd rmdir
|
||||
|
||||
get_architecture || return 1
|
||||
local _arch="$RETVAL"
|
||||
assert_nz "$_arch" "arch"
|
||||
|
||||
local _ext=""
|
||||
case "$_arch" in
|
||||
*windows*)
|
||||
_ext=".exe"
|
||||
;;
|
||||
esac
|
||||
|
||||
local _url="${RUSTUP_UPDATE_ROOT}/dist/${_arch}/rustup-init${_ext}"
|
||||
|
||||
local _dir
|
||||
if ! _dir="$(ensure mktemp -d)"; then
|
||||
# Because the previous command ran in a subshell, we must manually
|
||||
# propagate exit status.
|
||||
exit 1
|
||||
fi
|
||||
local _file="${_dir}/rustup-init${_ext}"
|
||||
|
||||
local _ansi_escapes_are_valid=false
|
||||
if [ -t 2 ]; then
|
||||
if [ "${TERM+set}" = 'set' ]; then
|
||||
case "$TERM" in
|
||||
xterm*|rxvt*|urxvt*|linux*|vt*)
|
||||
_ansi_escapes_are_valid=true
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
fi
|
||||
|
||||
# check if we have to use /dev/tty to prompt the user
|
||||
local need_tty=yes
|
||||
for arg in "$@"; do
|
||||
case "$arg" in
|
||||
--help)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
OPTIND=1
|
||||
if [ "${arg%%--*}" = "" ]; then
|
||||
# Long option (other than --help);
|
||||
# don't attempt to interpret it.
|
||||
continue
|
||||
fi
|
||||
while getopts :hy sub_arg "$arg"; do
|
||||
case "$sub_arg" in
|
||||
h)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
y)
|
||||
# user wants to skip the prompt --
|
||||
# we don't need /dev/tty
|
||||
need_tty=no
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
done
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if $_ansi_escapes_are_valid; then
|
||||
printf "\33[1minfo:\33[0m downloading installer\n" 1>&2
|
||||
else
|
||||
printf '%s\n' 'info: downloading installer' 1>&2
|
||||
fi
|
||||
|
||||
ensure mkdir -p "$_dir"
|
||||
ensure downloader "$_url" "$_file" "$_arch"
|
||||
ensure chmod u+x "$_file"
|
||||
if [ ! -x "$_file" ]; then
|
||||
printf '%s\n' "Cannot execute $_file (likely because of mounting /tmp as noexec)." 1>&2
|
||||
printf '%s\n' "Please copy the file to a location where you can execute binaries and run ./rustup-init${_ext}." 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$need_tty" = "yes" ] && [ ! -t 0 ]; then
|
||||
# The installer is going to want to ask for confirmation by
|
||||
# reading stdin. This script was piped into `sh` though and
|
||||
# doesn't have stdin to pass to its children. Instead we're going
|
||||
# to explicitly connect /dev/tty to the installer's stdin.
|
||||
if [ ! -t 1 ]; then
|
||||
err "Unable to run interactively. Run with -y to accept defaults, --help for additional options"
|
||||
fi
|
||||
|
||||
ignore "$_file" "$@" < /dev/tty
|
||||
else
|
||||
ignore "$_file" "$@"
|
||||
fi
|
||||
|
||||
local _retval=$?
|
||||
|
||||
ignore rm "$_file"
|
||||
ignore rmdir "$_dir"
|
||||
|
||||
return "$_retval"
|
||||
}
|
||||
|
||||
check_proc() {
|
||||
# Check for /proc by looking for the /proc/self/exe link
|
||||
# This is only run on Linux
|
||||
if ! test -L /proc/self/exe ; then
|
||||
err "fatal: Unable to find /proc/self/exe. Is /proc mounted? Installation cannot proceed without /proc."
|
||||
fi
|
||||
}
|
||||
|
||||
get_bitness() {
|
||||
need_cmd head
|
||||
# Architecture detection without dependencies beyond coreutils.
|
||||
# ELF files start out "\x7fELF", and the following byte is
|
||||
# 0x01 for 32-bit and
|
||||
# 0x02 for 64-bit.
|
||||
# The printf builtin on some shells like dash only supports octal
|
||||
# escape sequences, so we use those.
|
||||
local _current_exe_head
|
||||
_current_exe_head=$(head -c 5 /proc/self/exe )
|
||||
if [ "$_current_exe_head" = "$(printf '\177ELF\001')" ]; then
|
||||
echo 32
|
||||
elif [ "$_current_exe_head" = "$(printf '\177ELF\002')" ]; then
|
||||
echo 64
|
||||
else
|
||||
err "unknown platform bitness"
|
||||
fi
|
||||
}
|
||||
|
||||
is_host_amd64_elf() {
|
||||
need_cmd head
|
||||
need_cmd tail
|
||||
# ELF e_machine detection without dependencies beyond coreutils.
|
||||
# Two-byte field at offset 0x12 indicates the CPU,
|
||||
# but we're interested in it being 0x3E to indicate amd64, or not that.
|
||||
local _current_exe_machine
|
||||
_current_exe_machine=$(head -c 19 /proc/self/exe | tail -c 1)
|
||||
[ "$_current_exe_machine" = "$(printf '\076')" ]
|
||||
}
|
||||
|
||||
get_endianness() {
|
||||
local cputype=$1
|
||||
local suffix_eb=$2
|
||||
local suffix_el=$3
|
||||
|
||||
# detect endianness without od/hexdump, like get_bitness() does.
|
||||
need_cmd head
|
||||
need_cmd tail
|
||||
|
||||
local _current_exe_endianness
|
||||
_current_exe_endianness="$(head -c 6 /proc/self/exe | tail -c 1)"
|
||||
if [ "$_current_exe_endianness" = "$(printf '\001')" ]; then
|
||||
echo "${cputype}${suffix_el}"
|
||||
elif [ "$_current_exe_endianness" = "$(printf '\002')" ]; then
|
||||
echo "${cputype}${suffix_eb}"
|
||||
else
|
||||
err "unknown platform endianness"
|
||||
fi
|
||||
}
|
||||
|
||||
get_architecture() {
|
||||
local _ostype _cputype _bitness _arch _clibtype
|
||||
_ostype="$(uname -s)"
|
||||
_cputype="$(uname -m)"
|
||||
_clibtype="gnu"
|
||||
|
||||
if [ "$_ostype" = Linux ]; then
|
||||
if [ "$(uname -o)" = Android ]; then
|
||||
_ostype=Android
|
||||
fi
|
||||
if ldd --version 2>&1 | grep -q 'musl'; then
|
||||
_clibtype="musl"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$_ostype" = Darwin ] && [ "$_cputype" = i386 ]; then
|
||||
# Darwin `uname -m` lies
|
||||
if sysctl hw.optional.x86_64 | grep -q ': 1'; then
|
||||
_cputype=x86_64
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$_ostype" = SunOS ]; then
|
||||
# Both Solaris and illumos presently announce as "SunOS" in "uname -s"
|
||||
# so use "uname -o" to disambiguate. We use the full path to the
|
||||
# system uname in case the user has coreutils uname first in PATH,
|
||||
# which has historically sometimes printed the wrong value here.
|
||||
if [ "$(/usr/bin/uname -o)" = illumos ]; then
|
||||
_ostype=illumos
|
||||
fi
|
||||
|
||||
# illumos systems have multi-arch userlands, and "uname -m" reports the
|
||||
# machine hardware name; e.g., "i86pc" on both 32- and 64-bit x86
|
||||
# systems. Check for the native (widest) instruction set on the
|
||||
# running kernel:
|
||||
if [ "$_cputype" = i86pc ]; then
|
||||
_cputype="$(isainfo -n)"
|
||||
fi
|
||||
fi
|
||||
|
||||
case "$_ostype" in
|
||||
|
||||
Android)
|
||||
_ostype=linux-android
|
||||
;;
|
||||
|
||||
Linux)
|
||||
check_proc
|
||||
_ostype=unknown-linux-$_clibtype
|
||||
_bitness=$(get_bitness)
|
||||
;;
|
||||
|
||||
FreeBSD)
|
||||
_ostype=unknown-freebsd
|
||||
;;
|
||||
|
||||
NetBSD)
|
||||
_ostype=unknown-netbsd
|
||||
;;
|
||||
|
||||
DragonFly)
|
||||
_ostype=unknown-dragonfly
|
||||
;;
|
||||
|
||||
Darwin)
|
||||
_ostype=apple-darwin
|
||||
;;
|
||||
|
||||
illumos)
|
||||
_ostype=unknown-illumos
|
||||
;;
|
||||
|
||||
MINGW* | MSYS* | CYGWIN* | Windows_NT)
|
||||
_ostype=pc-windows-gnu
|
||||
;;
|
||||
|
||||
*)
|
||||
err "unrecognized OS type: $_ostype"
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
case "$_cputype" in
|
||||
|
||||
i386 | i486 | i686 | i786 | x86)
|
||||
_cputype=i686
|
||||
;;
|
||||
|
||||
xscale | arm)
|
||||
_cputype=arm
|
||||
if [ "$_ostype" = "linux-android" ]; then
|
||||
_ostype=linux-androideabi
|
||||
fi
|
||||
;;
|
||||
|
||||
armv6l)
|
||||
_cputype=arm
|
||||
if [ "$_ostype" = "linux-android" ]; then
|
||||
_ostype=linux-androideabi
|
||||
else
|
||||
_ostype="${_ostype}eabihf"
|
||||
fi
|
||||
;;
|
||||
|
||||
armv7l | armv8l)
|
||||
_cputype=armv7
|
||||
if [ "$_ostype" = "linux-android" ]; then
|
||||
_ostype=linux-androideabi
|
||||
else
|
||||
_ostype="${_ostype}eabihf"
|
||||
fi
|
||||
;;
|
||||
|
||||
aarch64 | arm64)
|
||||
_cputype=aarch64
|
||||
;;
|
||||
|
||||
x86_64 | x86-64 | x64 | amd64)
|
||||
_cputype=x86_64
|
||||
;;
|
||||
|
||||
mips)
|
||||
_cputype=$(get_endianness mips '' el)
|
||||
;;
|
||||
|
||||
mips64)
|
||||
if [ "$_bitness" -eq 64 ]; then
|
||||
# only n64 ABI is supported for now
|
||||
_ostype="${_ostype}abi64"
|
||||
_cputype=$(get_endianness mips64 '' el)
|
||||
fi
|
||||
;;
|
||||
|
||||
ppc)
|
||||
_cputype=powerpc
|
||||
;;
|
||||
|
||||
ppc64)
|
||||
_cputype=powerpc64
|
||||
;;
|
||||
|
||||
ppc64le)
|
||||
_cputype=powerpc64le
|
||||
;;
|
||||
|
||||
s390x)
|
||||
_cputype=s390x
|
||||
;;
|
||||
riscv64)
|
||||
_cputype=riscv64gc
|
||||
;;
|
||||
loongarch64)
|
||||
_cputype=loongarch64
|
||||
;;
|
||||
*)
|
||||
err "unknown CPU type: $_cputype"
|
||||
|
||||
esac
|
||||
|
||||
# Detect 64-bit linux with 32-bit userland
|
||||
if [ "${_ostype}" = unknown-linux-gnu ] && [ "${_bitness}" -eq 32 ]; then
|
||||
case $_cputype in
|
||||
x86_64)
|
||||
if [ -n "${RUSTUP_CPUTYPE:-}" ]; then
|
||||
_cputype="$RUSTUP_CPUTYPE"
|
||||
else {
|
||||
# 32-bit executable for amd64 = x32
|
||||
if is_host_amd64_elf; then {
|
||||
echo "This host is running an x32 userland; as it stands, x32 support is poor," 1>&2
|
||||
echo "and there isn't a native toolchain -- you will have to install" 1>&2
|
||||
echo "multiarch compatibility with i686 and/or amd64, then select one" 1>&2
|
||||
echo "by re-running this script with the RUSTUP_CPUTYPE environment variable" 1>&2
|
||||
echo "set to i686 or x86_64, respectively." 1>&2
|
||||
echo 1>&2
|
||||
echo "You will be able to add an x32 target after installation by running" 1>&2
|
||||
echo " rustup target add x86_64-unknown-linux-gnux32" 1>&2
|
||||
exit 1
|
||||
}; else
|
||||
_cputype=i686
|
||||
fi
|
||||
}; fi
|
||||
;;
|
||||
mips64)
|
||||
_cputype=$(get_endianness mips '' el)
|
||||
;;
|
||||
powerpc64)
|
||||
_cputype=powerpc
|
||||
;;
|
||||
aarch64)
|
||||
_cputype=armv7
|
||||
if [ "$_ostype" = "linux-android" ]; then
|
||||
_ostype=linux-androideabi
|
||||
else
|
||||
_ostype="${_ostype}eabihf"
|
||||
fi
|
||||
;;
|
||||
riscv64gc)
|
||||
err "riscv64 with 32-bit userland unsupported"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
# Detect armv7 but without the CPU features Rust needs in that build,
|
||||
# and fall back to arm.
|
||||
# See https://github.com/rust-lang/rustup.rs/issues/587.
|
||||
if [ "$_ostype" = "unknown-linux-gnueabihf" ] && [ "$_cputype" = armv7 ]; then
|
||||
if ensure grep '^Features' /proc/cpuinfo | grep -q -v neon; then
|
||||
# At least one processor does not have NEON.
|
||||
_cputype=arm
|
||||
fi
|
||||
fi
|
||||
|
||||
_arch="${_cputype}-${_ostype}"
|
||||
|
||||
RETVAL="$_arch"
|
||||
}
|
||||
|
||||
say() {
|
||||
printf 'rustup: %s\n' "$1"
|
||||
}
|
||||
|
||||
err() {
|
||||
say "$1" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
need_cmd() {
|
||||
if ! check_cmd "$1"; then
|
||||
err "need '$1' (command not found)"
|
||||
fi
|
||||
}
|
||||
|
||||
check_cmd() {
|
||||
command -v "$1" > /dev/null 2>&1
|
||||
}
|
||||
|
||||
assert_nz() {
|
||||
if [ -z "$1" ]; then err "assert_nz $2"; fi
|
||||
}
|
||||
|
||||
# Run a command that should never fail. If the command fails execution
|
||||
# will immediately terminate with an error showing the failing
|
||||
# command.
|
||||
ensure() {
|
||||
if ! "$@"; then err "command failed: $*"; fi
|
||||
}
|
||||
|
||||
# This is just for indicating that commands' results are being
|
||||
# intentionally ignored. Usually, because it's being executed
|
||||
# as part of error handling.
|
||||
ignore() {
|
||||
"$@"
|
||||
}
|
||||
|
||||
# This wraps curl or wget. Try curl first, if not installed,
|
||||
# use wget instead.
|
||||
downloader() {
|
||||
local _dld
|
||||
local _ciphersuites
|
||||
local _err
|
||||
local _status
|
||||
local _retry
|
||||
if check_cmd curl; then
|
||||
_dld=curl
|
||||
elif check_cmd wget; then
|
||||
_dld=wget
|
||||
else
|
||||
_dld='curl or wget' # to be used in error message of need_cmd
|
||||
fi
|
||||
|
||||
if [ "$1" = --check ]; then
|
||||
need_cmd "$_dld"
|
||||
elif [ "$_dld" = curl ]; then
|
||||
check_curl_for_retry_support
|
||||
_retry="$RETVAL"
|
||||
get_ciphersuites_for_curl
|
||||
_ciphersuites="$RETVAL"
|
||||
if [ -n "$_ciphersuites" ]; then
|
||||
_err=$(curl $_retry --proto '=https' --tlsv1.2 --ciphers "$_ciphersuites" --silent --show-error --fail --location "$1" --output "$2" 2>&1)
|
||||
_status=$?
|
||||
else
|
||||
echo "Warning: Not enforcing strong cipher suites for TLS, this is potentially less secure"
|
||||
if ! check_help_for "$3" curl --proto --tlsv1.2; then
|
||||
echo "Warning: Not enforcing TLS v1.2, this is potentially less secure"
|
||||
_err=$(curl $_retry --silent --show-error --fail --location "$1" --output "$2" 2>&1)
|
||||
_status=$?
|
||||
else
|
||||
_err=$(curl $_retry --proto '=https' --tlsv1.2 --silent --show-error --fail --location "$1" --output "$2" 2>&1)
|
||||
_status=$?
|
||||
fi
|
||||
fi
|
||||
if [ -n "$_err" ]; then
|
||||
echo "$_err" >&2
|
||||
if echo "$_err" | grep -q 404$; then
|
||||
err "installer for platform '$3' not found, this may be unsupported"
|
||||
fi
|
||||
fi
|
||||
return $_status
|
||||
elif [ "$_dld" = wget ]; then
|
||||
if [ "$(wget -V 2>&1|head -2|tail -1|cut -f1 -d" ")" = "BusyBox" ]; then
|
||||
echo "Warning: using the BusyBox version of wget. Not enforcing strong cipher suites for TLS or TLS v1.2, this is potentially less secure"
|
||||
_err=$(wget "$1" -O "$2" 2>&1)
|
||||
_status=$?
|
||||
else
|
||||
get_ciphersuites_for_wget
|
||||
_ciphersuites="$RETVAL"
|
||||
if [ -n "$_ciphersuites" ]; then
|
||||
_err=$(wget --https-only --secure-protocol=TLSv1_2 --ciphers "$_ciphersuites" "$1" -O "$2" 2>&1)
|
||||
_status=$?
|
||||
else
|
||||
echo "Warning: Not enforcing strong cipher suites for TLS, this is potentially less secure"
|
||||
if ! check_help_for "$3" wget --https-only --secure-protocol; then
|
||||
echo "Warning: Not enforcing TLS v1.2, this is potentially less secure"
|
||||
_err=$(wget "$1" -O "$2" 2>&1)
|
||||
_status=$?
|
||||
else
|
||||
_err=$(wget --https-only --secure-protocol=TLSv1_2 "$1" -O "$2" 2>&1)
|
||||
_status=$?
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if [ -n "$_err" ]; then
|
||||
echo "$_err" >&2
|
||||
if echo "$_err" | grep -q ' 404 Not Found$'; then
|
||||
err "installer for platform '$3' not found, this may be unsupported"
|
||||
fi
|
||||
fi
|
||||
return $_status
|
||||
else
|
||||
err "Unknown downloader" # should not reach here
|
||||
fi
|
||||
}
|
||||
|
||||
check_help_for() {
|
||||
local _arch
|
||||
local _cmd
|
||||
local _arg
|
||||
_arch="$1"
|
||||
shift
|
||||
_cmd="$1"
|
||||
shift
|
||||
|
||||
local _category
|
||||
if "$_cmd" --help | grep -q 'For all options use the manual or "--help all".'; then
|
||||
_category="all"
|
||||
else
|
||||
_category=""
|
||||
fi
|
||||
|
||||
case "$_arch" in
|
||||
|
||||
*darwin*)
|
||||
if check_cmd sw_vers; then
|
||||
case $(sw_vers -productVersion) in
|
||||
10.*)
|
||||
# If we're running on macOS, older than 10.13, then we always
|
||||
# fail to find these options to force fallback
|
||||
if [ "$(sw_vers -productVersion | cut -d. -f2)" -lt 13 ]; then
|
||||
# Older than 10.13
|
||||
echo "Warning: Detected macOS platform older than 10.13"
|
||||
return 1
|
||||
fi
|
||||
;;
|
||||
11.*)
|
||||
# We assume Big Sur will be OK for now
|
||||
;;
|
||||
*)
|
||||
# Unknown product version, warn and continue
|
||||
echo "Warning: Detected unknown macOS major version: $(sw_vers -productVersion)"
|
||||
echo "Warning TLS capabilities detection may fail"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
for _arg in "$@"; do
|
||||
if ! "$_cmd" --help "$_category" | grep -q -- "$_arg"; then
|
||||
return 1
|
||||
fi
|
||||
done
|
||||
|
||||
true # not strictly needed
|
||||
}
|
||||
|
||||
# Check if curl supports the --retry flag, then pass it to the curl invocation.
|
||||
check_curl_for_retry_support() {
|
||||
local _retry_supported=""
|
||||
# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
|
||||
if check_help_for "notspecified" "curl" "--retry"; then
|
||||
_retry_supported="--retry 3"
|
||||
if check_help_for "notspecified" "curl" "--continue-at"; then
|
||||
# "-C -" tells curl to automatically find where to resume the download when retrying.
|
||||
_retry_supported="--retry 3 -C -"
|
||||
fi
|
||||
fi
|
||||
|
||||
RETVAL="$_retry_supported"
|
||||
}
|
||||
|
||||
# Return cipher suite string specified by user, otherwise return strong TLS 1.2-1.3 cipher suites
|
||||
# if support by local tools is detected. Detection currently supports these curl backends:
|
||||
# GnuTLS and OpenSSL (possibly also LibreSSL and BoringSSL). Return value can be empty.
|
||||
get_ciphersuites_for_curl() {
|
||||
if [ -n "${RUSTUP_TLS_CIPHERSUITES-}" ]; then
|
||||
# user specified custom cipher suites, assume they know what they're doing
|
||||
RETVAL="$RUSTUP_TLS_CIPHERSUITES"
|
||||
return
|
||||
fi
|
||||
|
||||
local _openssl_syntax="no"
|
||||
local _gnutls_syntax="no"
|
||||
local _backend_supported="yes"
|
||||
if curl -V | grep -q ' OpenSSL/'; then
|
||||
_openssl_syntax="yes"
|
||||
elif curl -V | grep -iq ' LibreSSL/'; then
|
||||
_openssl_syntax="yes"
|
||||
elif curl -V | grep -iq ' BoringSSL/'; then
|
||||
_openssl_syntax="yes"
|
||||
elif curl -V | grep -iq ' GnuTLS/'; then
|
||||
_gnutls_syntax="yes"
|
||||
else
|
||||
_backend_supported="no"
|
||||
fi
|
||||
|
||||
local _args_supported="no"
|
||||
if [ "$_backend_supported" = "yes" ]; then
|
||||
# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
|
||||
if check_help_for "notspecified" "curl" "--tlsv1.2" "--ciphers" "--proto"; then
|
||||
_args_supported="yes"
|
||||
fi
|
||||
fi
|
||||
|
||||
local _cs=""
|
||||
if [ "$_args_supported" = "yes" ]; then
|
||||
if [ "$_openssl_syntax" = "yes" ]; then
|
||||
_cs=$(get_strong_ciphersuites_for "openssl")
|
||||
elif [ "$_gnutls_syntax" = "yes" ]; then
|
||||
_cs=$(get_strong_ciphersuites_for "gnutls")
|
||||
fi
|
||||
fi
|
||||
|
||||
RETVAL="$_cs"
|
||||
}
|
||||
|
||||
# Return cipher suite string specified by user, otherwise return strong TLS 1.2-1.3 cipher suites
|
||||
# if support by local tools is detected. Detection currently supports these wget backends:
|
||||
# GnuTLS and OpenSSL (possibly also LibreSSL and BoringSSL). Return value can be empty.
|
||||
get_ciphersuites_for_wget() {
|
||||
if [ -n "${RUSTUP_TLS_CIPHERSUITES-}" ]; then
|
||||
# user specified custom cipher suites, assume they know what they're doing
|
||||
RETVAL="$RUSTUP_TLS_CIPHERSUITES"
|
||||
return
|
||||
fi
|
||||
|
||||
local _cs=""
|
||||
if wget -V | grep -q '\-DHAVE_LIBSSL'; then
|
||||
# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
|
||||
if check_help_for "notspecified" "wget" "TLSv1_2" "--ciphers" "--https-only" "--secure-protocol"; then
|
||||
_cs=$(get_strong_ciphersuites_for "openssl")
|
||||
fi
|
||||
elif wget -V | grep -q '\-DHAVE_LIBGNUTLS'; then
|
||||
# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
|
||||
if check_help_for "notspecified" "wget" "TLSv1_2" "--ciphers" "--https-only" "--secure-protocol"; then
|
||||
_cs=$(get_strong_ciphersuites_for "gnutls")
|
||||
fi
|
||||
fi
|
||||
|
||||
RETVAL="$_cs"
|
||||
}
|
||||
|
||||
# Return strong TLS 1.2-1.3 cipher suites in OpenSSL or GnuTLS syntax. TLS 1.2
|
||||
# excludes non-ECDHE and non-AEAD cipher suites. DHE is excluded due to bad
|
||||
# DH params often found on servers (see RFC 7919). Sequence matches or is
|
||||
# similar to Firefox 68 ESR with weak cipher suites disabled via about:config.
|
||||
# $1 must be openssl or gnutls.
|
||||
get_strong_ciphersuites_for() {
|
||||
if [ "$1" = "openssl" ]; then
|
||||
# OpenSSL is forgiving of unknown values, no problems with TLS 1.3 values on versions that don't support it yet.
|
||||
echo "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"
|
||||
elif [ "$1" = "gnutls" ]; then
|
||||
# GnuTLS isn't forgiving of unknown values, so this may require a GnuTLS version that supports TLS 1.3 even if wget doesn't.
|
||||
# Begin with SECURE128 (and higher) then remove/add to build cipher suites. Produces same 9 cipher suites as OpenSSL but in slightly different order.
|
||||
echo "SECURE128:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS-ALL:-CIPHER-ALL:-MAC-ALL:-KX-ALL:+AEAD:+ECDHE-ECDSA:+ECDHE-RSA:+AES-128-GCM:+CHACHA20-POLY1305:+AES-256-GCM"
|
||||
fi
|
||||
}
|
||||
|
||||
main "$@" || exit 1
|
Loading…
Reference in a new issue