release #53

Workflow file for this run

.github/workflows/release.yaml at cacb63e

	name: release

	on:
	workflow_dispatch:
	inputs:
	version:
	description: 'Version'
	required: true
	type: string
	latest:
	description: 'Latest'
	required: true
	type: boolean
	default: true
	reuse_engine_version:
	description: 'Reuse artifacts from this version (skips building)'
	required: false
	type: string

	defaults:
	run:
	# Enable fail-fast behavior
	shell: bash -e {0}

	env:
	# Disable incremental compilation for faster from-scratch builds
	CARGO_INCREMENTAL: 0
	# Skip OpenAPI generation in CI (use pre-committed docs/openapi.json)
	SKIP_OPENAPI_GEN: 1

	jobs:
	setup:
	name: "Setup"
	runs-on: ubuntu-24.04
	permissions:
	# Allow pushing to GitHub
	contents: write
	# Allows authentication
	id-token: write
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- uses: dtolnay/rust-toolchain@stable

	- uses: actions/setup-node@v4
	with:
	node-version: 20

	- run: corepack enable

	- name: Setup
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	R2_RELEASES_ACCESS_KEY_ID: ${{ secrets.R2_RELEASES_ACCESS_KEY_ID }}
	R2_RELEASES_SECRET_ACCESS_KEY: ${{ secrets.R2_RELEASES_SECRET_ACCESS_KEY }}
	run: \|
	# Configure Git
	git config --global user.name "github-actions[bot]"
	git config --global user.email "github-actions[bot]@users.noreply.github.com"

	# Authenticate with NPM
	cat << EOF > ~/.npmrc
	//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}
	EOF

	# Install dependencies
	pnpm install --no-frozen-lockfile

	# Install tsx globally
	npm install -g tsx

	# Build command based on inputs
	CMD="./scripts/release/main.ts --version \"${{ github.event.inputs.version }}\" --phase setup-ci"

	if [ "${{ inputs.latest }}" != "true" ]; then
	CMD="$CMD --no-latest"
	fi

	if [ -n "${{ inputs.reuse_engine_version }}" ]; then
	CMD="$CMD --reuse-engine-version \"${{ inputs.reuse_engine_version }}\""
	fi

	eval "$CMD"

	binaries:
	name: "Build & Upload Binaries"
	needs: [setup]
	if: ${{ !inputs.reuse_engine_version }}
	strategy:
	matrix:
	include:
	- platform: linux
	runner: depot-ubuntu-24.04-8
	target: x86_64-unknown-linux-musl
	binary_ext: ""
	arch: x86_64
	- platform: windows
	runner: depot-ubuntu-24.04-8
	target: x86_64-pc-windows-gnu
	binary_ext: ".exe"
	arch: x86_64
	- platform: macos
	runner: depot-ubuntu-24.04-8
	target: x86_64-apple-darwin
	binary_ext: ""
	arch: x86_64
	- platform: macos
	runner: depot-ubuntu-24.04-8
	target: aarch64-apple-darwin
	binary_ext: ""
	arch: aarch64
	runs-on: ${{ matrix.runner }}
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build binary
	run: \|
	# Use Docker BuildKit
	export DOCKER_BUILDKIT=1

	# Build the binary using our Dockerfile
	docker/release/build.sh ${{ matrix.target }}

	# Make sure dist directory exists and binary is there
	ls -la dist/

	- name: Upload to R2
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.R2_RELEASES_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_RELEASES_SECRET_ACCESS_KEY }}
	run: \|
	# Install dependencies for AWS CLI
	sudo apt-get update
	sudo apt-get install -y unzip curl

	# Install AWS CLI
	curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
	unzip awscliv2.zip
	sudo ./aws/install --update

	COMMIT_SHA_SHORT="${GITHUB_SHA::7}"
	BINARY_PATH="dist/sandbox-agent-${{ matrix.target }}${{ matrix.binary_ext }}"

	# Must specify --checksum-algorithm for compatibility with R2
	aws s3 cp \
	"${BINARY_PATH}" \
	"s3://rivet-releases/sandbox-agent/${COMMIT_SHA_SHORT}/binaries/sandbox-agent-${{ matrix.target }}${{ matrix.binary_ext }}" \
	--region auto \
	--endpoint-url https://2a94c6a0ced8d35ea63cddc86c2681e7.r2.cloudflarestorage.com \
	--checksum-algorithm CRC32

	docker:
	name: "Build & Push Docker Images"
	needs: [setup]
	if: ${{ !inputs.reuse_engine_version }}
	strategy:
	matrix:
	include:
	- platform: linux/arm64
	runner: depot-ubuntu-24.04-arm-8
	arch_suffix: -arm64
	- platform: linux/amd64
	runner: depot-ubuntu-24.04-8
	arch_suffix: -amd64
	runs-on: ${{ matrix.runner }}
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Set outputs
	id: vars
	run: echo "sha_short=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT

	- uses: ./.github/actions/docker-setup
	with:
	docker_username: ${{ secrets.DOCKER_CI_USERNAME }}
	docker_password: ${{ secrets.DOCKER_CI_ACCESS_TOKEN }}
	github_token: ${{ secrets.GITHUB_TOKEN }}

	- name: Build & Push
	uses: docker/build-push-action@v4
	with:
	context: .
	push: true
	tags: rivetdev/sandbox-agent:${{ steps.vars.outputs.sha_short }}${{ matrix.arch_suffix }}
	file: docker/runtime/Dockerfile
	platforms: ${{ matrix.platform }}
	build-args: \|
	TARGETARCH=${{ contains(matrix.platform, 'arm64') && 'arm64' \|\| 'amd64' }}

	complete:
	name: "Complete"
	needs: [setup, docker, binaries]
	if: ${{ always() && !cancelled() && needs.setup.result == 'success' && (needs.docker.result == 'success' \|\| needs.docker.result == 'skipped') && (needs.binaries.result == 'success' \|\| needs.binaries.result == 'skipped') }}
	runs-on: ubuntu-24.04
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- uses: dtolnay/rust-toolchain@stable

	- uses: actions/setup-node@v4
	with:
	node-version: 20
	registry-url: "https://registry.npmjs.org"

	- run: corepack enable

	- uses: ./.github/actions/docker-setup
	continue-on-error: true
	with:
	docker_username: ${{ secrets.DOCKER_CI_USERNAME }}
	docker_password: ${{ secrets.DOCKER_CI_ACCESS_TOKEN }}
	github_token: ${{ secrets.GITHUB_TOKEN }}

	- name: Complete
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
	R2_RELEASES_ACCESS_KEY_ID: ${{ secrets.R2_RELEASES_ACCESS_KEY_ID }}
	R2_RELEASES_SECRET_ACCESS_KEY: ${{ secrets.R2_RELEASES_SECRET_ACCESS_KEY }}
	run: \|
	# Authenticate with NPM
	cat << EOF > ~/.npmrc
	//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}
	EOF

	# Install dependencies
	pnpm install --no-frozen-lockfile

	# Install tsx globally
	npm install -g tsx

	# Build command based on inputs
	CMD="./scripts/release/main.ts --version \"${{ github.event.inputs.version }}\" --phase complete-ci --no-validate-git"

	if [ "${{ inputs.latest }}" != "true" ]; then
	CMD="$CMD --no-latest"
	fi

	if [ -n "${{ inputs.reuse_engine_version }}" ]; then
	CMD="$CMD --reuse-engine-version \"${{ inputs.reuse_engine_version }}\""
	fi

	eval "$CMD"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

release #53

Workflow file

release #53

Uh oh!

Workflow file for this run