Push docker image to GitHub packages

jgautheron · Oct 19, 2023 · b347ca7 · b347ca7
1 parent c44a034
commit b347ca7
Show file tree

Hide file tree

Showing 9 changed files with 81 additions and 190 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -13,17 +13,22 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
       - uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
           override: true
           components: clippy, rustfmt
+
       - name: Check format
         run: cargo fmt --all -- --check
+
       - name: Check with clippy
         run: cargo clippy --all
+
       - name: Build
         run: cargo build --all --verbose
+
       - name: Run tests
         run: cargo test --all --verbose
diff --git a/.github/workflows/code-coverage.yml b/.github/workflows/code-coverage.yml
@@ -9,24 +9,29 @@ jobs:
   cover:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+
       - uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
           override: true
+
       - name: Install libsqlite3-dev
         run: |
           sudo apt-get update
           sudo apt-get install -y libsqlite3-dev
+
       - name: Run cargo-tarpaulin
         uses: actions-rs/[email protected]
         with:
-          version: '0.14.3'
+          version: "0.14.3"
           args: --out Xml --all
-      - name: Upload to codecov.io
-        uses: codecov/[email protected]
-        with:
-          token: ${{secrets.CODECOV_TOKEN}}
+
+      # - name: Upload to codecov.io
+      #   uses: codecov/[email protected]
+      #   with:
+      #     token: ${{secrets.CODECOV_TOKEN}}
+
       - name: Archive code coverage results
         uses: actions/upload-artifact@v1
         with:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -2,124 +2,46 @@ name: Release
 
 on:
   push:
-    branches:
-      - release
+    tags:
+      - v*
+  workflow_dispatch:
 
 jobs:
   graphgate-docker:
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - amd64
+          - arm64
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
       - name: Get version
         run: echo PACKAGE_VERSION=$(sed -nE 's/^\s*version = "(.*?)"/\1/p' Cargo.toml) >> $GITHUB_ENV
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKER_USER }}
-          password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Build and push
-        uses: docker/build-push-action@v5
-        with:
-          push: true
-          context: .
-          tags: |
-            scott829/graphgate:${{ env.PACKAGE_VERSION }}
-            scott829/graphgate:latest
-      -
-        name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}
 
-  examples-docker:
-    runs-on: ubuntu-latest
-    needs: graphgate-docker
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKER_USER }}
-          password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Build and push ${{ matrix.package.name }}
-        uses: docker/build-push-action@v5
-        with:
-          push: true
-          context: .
-          file: Dockerfile-examples
-          tags: scott829/graphgate-examples:latest
-      - name: Deploy to Kubernetes
-        uses: WyriHaximus/github-action-helm3@v3
-        with:
-          kubeconfig: '${{ secrets.K8S_CONFIG }}'
-          exec: |
-            helm uninstall -n graphgate graphgate
-            helm upgrade --create-namespace -i -n graphgate graphgate examples/helm
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
 
-  standalone-demo-docker:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Login to DockerHub
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKER_USER }}
-          password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Build and push ${{ matrix.package.name }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
         uses: docker/build-push-action@v5
         with:
-          push: true
           context: .
-          file: Dockerfile-standalone-demo
-          tags: scott829/graphgate-standalone-demo:latest
-
-  publish:
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      max-parallel: 1
-      matrix:
-        package:
-          - name: graphgate-schema
-            registryName: graphgate-schema
-            path: crates/schema
-          - name: graphgate-validation
-            registryName: graphgate-validation
-            path: crates/validation
-          - name: graphgate-planner
-            registryName: graphgate-planner
-            path: crates/planner
-          - name: graphgate-handler
-            registryName: graphgate-handler
-            path: crates/handler
-          - name: graphgate
-            registryName: graphgate
-            path: .
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: get version
-        working-directory: ${{ matrix.package.path }}
-        run: echo PACKAGE_VERSION=$(sed -nE 's/^\s*version = "(.*?)"/\1/p' Cargo.toml) >> $GITHUB_ENV
-      - name: check published version
-        run: echo PUBLISHED_VERSION=$(cargo search ${{ matrix.package.registryName }} --limit 1 | sed -nE 's/^[^"]*"//; s/".*//1p' -) >> $GITHUB_ENV
-      - name: cargo login
-        if: env.PACKAGE_VERSION != env.PUBLISHED_VERSION
-        run: cargo login ${{ secrets.CRATES_TOKEN }}
-      - name: cargo package
-        if: env.PACKAGE_VERSION != env.PUBLISHED_VERSION
-        working-directory: ${{ matrix.package.path }}
-        run: |
-          cargo package
-          echo "We will publish:" $PACKAGE_VERSION
-          echo "This is current latest:" $PUBLISHED_VERSION
-      - name: Publish ${{ matrix.package.name }}
-        if: env.PACKAGE_VERSION != env.PUBLISHED_VERSION
-        working-directory: ${{ matrix.package.path }}
-        run: |
-          echo "# Cargo Publish"
-          cargo publish --no-verify
+          file: Dockerfile-${{ matrix.platform }}
+          platforms: linux/${{ matrix.platform }}
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository }}/graphgate:${{ env.PACKAGE_VERSION }}
+            ghcr.io/${{ github.repository }}/graphgate:latest
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -30,9 +30,6 @@ tracing-subscriber = { version = "0.3.6", features = ["env-filter"] }
 value.workspace = true
 warp.workspace = true
 
-[target.x86_64-unknown-linux-musl.dependencies.jemallocator]
-version = "0.5.4"
-
 [dev-dependencies]
 async-graphql.workspace = true
 async-graphql-warp.workspace = true

diff --git a/Dockerfile b/Dockerfile
diff --git a/Dockerfile-amd64 b/Dockerfile-amd64
@@ -0,0 +1,14 @@
+FROM rust:alpine as builder
+RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static
+RUN rustup target add x86_64-unknown-linux-musl
+RUN update-ca-certificates
+WORKDIR /graphgate
+COPY ./ .
+RUN cargo build --target x86_64-unknown-linux-musl --release
+
+FROM scratch
+WORKDIR /graphgate
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=builder /graphgate/target/x86_64-unknown-linux-musl/release/graphgate ./
+USER 1000
+ENTRYPOINT [ "/graphgate/graphgate" ]
diff --git a/Dockerfile-arm64 b/Dockerfile-arm64
@@ -0,0 +1,22 @@
+FROM arm64v8/rust:alpine as builder
+
+ENV CC_aarch64_unknown_linux_musl "clang"
+ENV AR_aarch64_unknown_linux_musl "llvm-ar"
+ENV CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUSTFLAGS "-Clink-self-contained=yes -Clinker=rust-lld"
+
+RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static clang llvm lld
+RUN rustup target add aarch64-unknown-linux-musl
+RUN update-ca-certificates
+
+WORKDIR /graphgate
+COPY ./ .
+RUN cargo build --target aarch64-unknown-linux-musl --release
+
+FROM scratch
+WORKDIR /graphgate
+
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=builder /graphgate/target/aarch64-unknown-linux-musl/release/graphgate ./
+
+USER 1000
+ENTRYPOINT [ "/graphgate/graphgate" ]
diff --git a/src/main.rs b/src/main.rs
@@ -28,15 +28,6 @@ use tracing_subscriber::{fmt, layer::SubscriberExt, util::SubscriberInitExt, Env
 use value::ConstValue;
 use warp::{http::Response as HttpResponse, hyper::StatusCode, Filter, Rejection, Reply};
 
-// Use Jemalloc only for musl-64 bits platforms
-#[cfg(all(
-    target_arch = "x86_64",
-    target_env = "musl",
-    target_pointer_width = "64"
-))]
-#[global_allocator]
-static ALLOC: jemallocator::Jemalloc = jemallocator::Jemalloc;
-
 fn init_tracing() {
     tracing_subscriber::registry()
         .with(fmt::layer().compact().with_target(false))