stages: - ci - artifacts - publish variables: # Makes some things print in color TERM: ansi before_script: # Enable nix-command and flakes - if command -v nix > /dev/null; then echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf; fi # Add our own binary cache - if command -v nix > /dev/null; then echo "extra-substituters = https://nix.computer.surgery/conduit" >> /etc/nix/nix.conf; fi - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = conduit:ZGAf6P6LhNvnoJJ3Me3PRg7tlLSrPxcQ2RiE5LIppjo=" >> /etc/nix/nix.conf; fi # Add crane binary cache - if command -v nix > /dev/null; then echo "extra-substituters = https://crane.cachix.org" >> /etc/nix/nix.conf; fi - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk=" >> /etc/nix/nix.conf; fi # Add nix-community binary cache - if command -v nix > /dev/null; then echo "extra-substituters = https://nix-community.cachix.org" >> /etc/nix/nix.conf; fi - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" >> /etc/nix/nix.conf; fi # Install direnv and nix-direnv - if command -v nix > /dev/null; then nix-env -iA nixpkgs.direnv nixpkgs.nix-direnv; fi # Allow .envrc - if command -v nix > /dev/null; then direnv allow; fi # Set CARGO_HOME to a cacheable path - export CARGO_HOME="$(git rev-parse --show-toplevel)/.gitlab-ci.d/cargo" ci: stage: ci image: nixos/nix:2.19.2 script: - direnv exec . engage cache: key: nix paths: - target - .gitlab-ci.d static:x86_64-unknown-linux-musl: stage: artifacts image: nixos/nix:2.19.2 script: # Push artifacts and build requirements to binary cache - ./bin/nix-build-and-cache .#static-x86_64-unknown-linux-musl # Make the output less difficult to find - cp result/bin/conduit conduit artifacts: paths: - conduit static:aarch64-unknown-linux-musl: stage: artifacts image: nixos/nix:2.19.2 script: # Push artifacts and build requirements to binary cache - ./bin/nix-build-and-cache .#static-aarch64-unknown-linux-musl # Make the output less difficult to find - cp result/bin/conduit conduit artifacts: paths: - conduit # Note that although we have an `oci-image-x86_64-unknown-linux-musl` output, # we don't build it because it would be largely redundant to this one since it's # all containerized anyway. oci-image:x86_64-unknown-linux-gnu: stage: artifacts image: nixos/nix:2.19.2 script: # Push artifacts and build requirements to binary cache # # Since the OCI image package is based on the binary package, this has the # fun side effect of uploading the normal binary too. Conduit users who are # deploying with Nix can leverage this fact by adding our binary cache to # their systems. - ./bin/nix-build-and-cache .#oci-image # Make the output less difficult to find - cp result oci-image-amd64.tar.gz artifacts: paths: - oci-image-amd64.tar.gz oci-image:aarch64-unknown-linux-musl: stage: artifacts needs: # Wait for the static binary job to finish before starting so we don't have # to build that twice for no reason - static:aarch64-unknown-linux-musl image: nixos/nix:2.19.2 script: # Push artifacts and build requirements to binary cache - ./bin/nix-build-and-cache .#oci-image-aarch64-unknown-linux-musl # Make the output less difficult to find - cp result oci-image-arm64v8.tar.gz artifacts: paths: - oci-image-arm64v8.tar.gz debian:x86_64-unknown-linux-gnu: stage: artifacts # See also `rust-toolchain.toml` image: rust:1.75.0 script: - apt-get update && apt-get install -y --no-install-recommends libclang-dev - cargo install cargo-deb - cargo deb # Make the output less difficult to find - mv target/debian/*.deb conduit.deb artifacts: paths: - conduit.deb cache: key: debian paths: - target - .gitlab-ci.d docker-publish: stage: publish image: docker:25.0.0 services: - docker:25.0.0-dind variables: IMAGE_NAME: $CI_REGISTRY_IMAGE/matrix-conduit IMAGE_SUFFIX_AMD64: amd64 IMAGE_SUFFIX_ARM64V8: arm64v8 before_script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY script: - docker load -i oci-image-amd64.tar.gz - IMAGE_ID_AMD64=$(docker images -q conduit:next) - docker load -i oci-image-arm64v8.tar.gz - IMAGE_ID_ARM64V8=$(docker images -q conduit:next) # Tag and push the architecture specific images - docker tag $IMAGE_ID_AMD64 $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64 - docker tag $IMAGE_ID_ARM64V8 $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8 - docker push $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64 - docker push $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8 # Tag the multi-arch image - docker manifest create $IMAGE_NAME:$CI_COMMIT_SHA --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8 - docker manifest push $IMAGE_NAME:$CI_COMMIT_SHA # Tag and push the git ref - docker manifest create $IMAGE_NAME:$CI_COMMIT_REF_NAME --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8 - docker manifest push $IMAGE_NAME:$CI_COMMIT_REF_NAME # Tag git tags as 'latest' - | if [[ -n "$CI_COMMIT_TAG" ]]; then docker manifest create $IMAGE_NAME:latest --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8 docker manifest push $IMAGE_NAME:latest fi dependencies: - oci-image:x86_64-unknown-linux-gnu - oci-image:aarch64-unknown-linux-musl only: - next - master - tags