merge #518 into opencontainers/umoci:main

Aleksa Sarai (2): release: build binaries for common architectures gha: add release build to CI LGTMs: tych0 cyphar
opencontainers · Dec 8, 2023 · 757bae8 · 757bae8
2 parents 741a2a5 + 1ed5475
commit 757bae8
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 20 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -26,6 +26,18 @@ on:
     - cron: '0 0 * * *'
 
 jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v5
+      - run: make release
+      - name: upload artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: release-${{ github.run_id }}
+          path: release/*
+
   validate:
     runs-on: ubuntu-latest
     steps:

diff --git a/Makefile b/Makefile
@@ -107,7 +107,9 @@ umoci.cover: $(GO_SRC)
 
 .PHONY: release
 release:
-	hack/release.sh -v $(VERSION) -S "$(GPG_KEYID)"
+	hack/release.sh \
+		-a 386 -a amd64 -a arm64 -a ppc64le -a riscv64 -a s390x \
+		-v $(VERSION) -S "$(GPG_KEYID)"
 
 .PHONY: install
 install: umoci docs

diff --git a/hack/release.sh b/hack/release.sh
@@ -7,16 +7,18 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 set -Eeuo pipefail
-source "$(dirname "$BASH_SOURCE")/readlinkf.sh"
+# shellcheck source=./readlinkf.sh
+source "$(dirname "${BASH_SOURCE[0]}")/readlinkf.sh"
 
 ## --->
 # Project-specific options and functions. In *theory* you shouldn't need to
 # touch anything else in this script in order to use this elsewhere.
 project="umoci"
-root="$(readlinkf_posix "$(dirname "${BASH_SOURCE}")/..")"
+root="$(readlinkf_posix "$(dirname "${BASH_SOURCE[0]}")/..")"
 
 # These functions allow you to configure how the defaults are computed.
-function get_arch()    { go env GOARCH || uname -m; }
+function get_os()      { go env GOOS ; }
+function get_arch()    { go env GOARCH ; }
 function get_version() { cat "$root/VERSION" ; }
 
 # Any pre-configuration steps should be done here -- for instance ./configure.
@@ -27,7 +29,7 @@ function setup_project() { true ; }
 function build_project() {
 	tmprootfs="$(mktemp -dt "$project-build.XXXXXX")"
 
-	make -C "$root" BUILD_DIR="$tmprootfs" COMMIT_NO= "$project.static"
+	make -C "$root" GOOS="$GOOS" GOARCH="$GOARCH" BUILD_DIR="$tmprootfs" COMMIT_NO= "$project.static"
 	mv "$tmprootfs/$project.static" "$1"
 	rm -rf "$tmprootfs"
 }
@@ -61,30 +63,36 @@ function gpg_cansign() {
 # of the current commit, and generate detached signatures for both.
 keyid=""
 version=""
-arch=""
+targets=("$(get_os)/$(get_arch)")
 commit="HEAD"
 hashcmd="sha256sum"
-while getopts ":h:v:c:o:S:H:" opt; do
+while getopts ":a:c:H:h:o:S:t:v:" opt; do
 	case "$opt" in
-		S)
-			keyid="$OPTARG"
+		a)
+			targets+=("$(get_os)/$OPTARG")
 			;;
 		c)
 			commit="$OPTARG"
 			;;
-		o)
-			outputdir="$OPTARG"
-			;;
-		v)
-			version="$OPTARG"
-			;;
 		H)
 			hashcmd="$OPTARG"
 			;;
 		h)
 			usage ; exit 0
 			;;
-		\:)
+		o)
+			outputdir="$OPTARG"
+			;;
+		S)
+			keyid="$OPTARG"
+			;;
+		t)
+			targets+=("$OPTARG")
+			;;
+		v)
+			version="$OPTARG"
+			;;
+		:)
 			echo "Missing argument: -$OPTARG" >&2
 			usage ; exit 1
 			;;
@@ -101,10 +109,10 @@ done
 # Generate the defaults for version and so on *after* argument parsing and
 # setup_project, to avoid calling get_version() needlessly.
 version="${version:-$(get_version)}"
-arch="${arch:-$(get_arch)}"
 outputdir="${outputdir:-release/$version}"
 
 log "[[ $project ]]"
+log "targets: ${targets[*]}"
 log "version: $version"
 log "commit: $commit"
 log "output_dir: $outputdir"
@@ -118,21 +126,29 @@ set -x
 rm -rf "$outputdir" && mkdir -p "$outputdir"
 
 # Build project.
-build_project "$outputdir/$project.$arch"
+for target in "${targets[@]}"; do
+	target="${target//\//.}"
+	os="$(cut -d. -f1 <<<"$target")"
+	arch="$(cut -d. -f2 <<<"$target")"
+	GOOS="$os" GOARCH="$arch" build_project "$outputdir/$project.$target"
+done
 
 # Generate new archive.
 git archive --format=tar --prefix="$project-$version/" "$commit" | xz > "$outputdir/$project.tar.xz"
 
 # Generate sha256 checksums for both.
-( cd "$outputdir" ; "$hashcmd" "$project".{"$arch",tar.xz} > "$project.$hashcmd" ; )
+( cd "$outputdir" ; "$hashcmd" "$project".* > "$project.$hashcmd" ; )
 
 # Set up the gpgflags.
 gpgflags=()
 [[ -z "$keyid" ]] || gpgflags+=("--default-key=$keyid")
 gpg_cansign "${gpgflags[@]}" || quit "Could not find suitable GPG key, skipping signing step."
 
 # Sign everything.
-gpg "${gpgflags[@]}" --detach-sign --armor "$outputdir/$project.$arch"
+for target in "${targets[@]}"; do
+	target="${target//\//.}"
+	gpg "${gpgflags[@]}" --detach-sign --armor "$outputdir/$project.$target"
+done
 gpg "${gpgflags[@]}" --detach-sign --armor "$outputdir/$project.tar.xz"
 gpg "${gpgflags[@]}" --clear-sign --armor \
 	--output "$outputdir/$project.$hashcmd"{.tmp,} && \