name: Build permissions: contents: write on: [push, pull_request] jobs: build: strategy: matrix: include: - arch: x86_64-linux target: x86_64-unknown-linux-gnu os: ubuntu-22.04 cyclonedx-build: cyclonedx-linux-x64 cargo-cross: false - arch: arm64-linux target: aarch64-unknown-linux-gnu os: ubuntu-22.04-arm cyclonedx-build: cyclonedx-linux-arm64 cargo-cross: false - arch: x86_64-macos target: x86_64-apple-darwin os: macos-latest cyclonedx-build: cyclonedx-osx-x64 cargo-cross: false - arch: arm64-macos target: aarch64-apple-darwin os: macos-latest cyclonedx-build: cyclonedx-osx-arm64 cargo-cross: true fail-fast: false name: Build (${{ matrix.arch }}) runs-on: ${{ matrix.os }} steps: - if: startsWith(matrix.os, 'ubuntu') run: | sudo apt update sudo apt install -y libssl-dev pkg-config - uses: actions/checkout@v2 with: submodules: recursive - uses: rlespinasse/github-slug-action@v4.4.1 - uses: actions-rs/toolchain@v1 with: target: ${{ matrix.target }} override: true - uses: Swatinem/rust-cache@v2 with: key: "build" - name: Install tools run: | cargo install just cargo install cargo-deny@0.18.3 cargo install cargo-cyclonedx@^0.5 mkdir cdx wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.27.2/${{ matrix.cyclonedx-build }} -O cyclonedx chmod +x cyclonedx rm -rf ~/.cargo/registry - name: cargo-deny run: | cargo deny check - name: Install admin UI deps run: | just npm ci - name: Build admin UI run: | just npm run build - name: Generate admin UI BOM run: | NODE_ENV=dev just npx @cyclonedx/cyclonedx-npm --output-format xml > cdx/admin-ui.cdx.xml - name: Build uses: actions-rs/cargo@v1 with: command: build use-cross: ${{ matrix.cargo-cross }} args: --all-features --release --target ${{ matrix.target }} env: ENV SOURCE_DATE_EPOCH: "0" # for rust-embed determinism CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS: "--cfg tokio_unstable --remap-path-prefix=$HOME=/reproducible-home --remap-path-prefix=$PWD=/reproducible-pwd" CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUSTFLAGS: "--cfg tokio_unstable --remap-path-prefix=$HOME=/reproducible-home --remap-path-prefix=$PWD=/reproducible-pwd" CARGO_TARGET_X86_64_APPLE_DARWIN_RUSTFLAGS: "--cfg tokio_unstable --remap-path-prefix=$HOME=/reproducible-home --remap-path-prefix=$PWD=/reproducible-pwd" CARGO_TARGET_AARCH64_APPLE_DARWIN_RUSTFLAGS: "--cfg tokio_unstable --remap-path-prefix=$HOME=/reproducible-home --remap-path-prefix=$PWD=/reproducible-pwd" - name: Generate Rust BOM run: | cargo cyclonedx --all-features mv warpgate*/*.cdx.xml cdx/ - name: Merge BOMs run: ./cyclonedx merge --input-files cdx/* --input-format xml --output-format xml > cdx.xml - name: Upload artifact uses: actions/upload-artifact@master with: name: warpgate-${{ env.GITHUB_REF_SLUG }}-${{ matrix.arch }} path: target/${{ matrix.target }}/release/warpgate - name: Upload SBOM uses: actions/upload-artifact@master with: name: warpgate-${{ env.GITHUB_REF_SLUG }}-${{ matrix.arch }}.cdx.xml path: cdx.xml - name: Rename artifacts run: | mkdir dist mv target/${{ matrix.target }}/release/warpgate dist/warpgate-${{ env.GITHUB_REF_SLUG }}-${{ matrix.arch }} mv cdx.xml dist/warpgate-${{ env.GITHUB_REF_SLUG }}-${{ matrix.arch }}.cdx.xml - name: Upload release uses: softprops/action-gh-release@v1 if: startsWith(github.ref, 'refs/tags/v') with: draft: true generate_release_notes: true files: dist/* token: ${{ secrets.GITHUB_TOKEN }} config-schema: name: Config schema check runs-on: ubuntu-24.04 steps: - name: Setup run: | sudo apt update sudo apt install --no-install-recommends -y libssl-dev pkg-config - uses: actions/checkout@v2 with: submodules: recursive - name: Install tools run: | cargo install just - name: Ensure there are no changes in config schema run: | mkdir warpgate-web/dist just config-schema git diff --exit-code config-schema.json