Tomáš Mládek
e32233c4f7
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
272 lines
No EOL
7 KiB
Text
272 lines
No EOL
7 KiB
Text
VERSION 0.8
|
|
|
|
# Base targets
|
|
|
|
base-rust:
|
|
FROM rust:bookworm
|
|
RUN rustup component add clippy
|
|
RUN curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C /usr/local/cargo/bin
|
|
RUN cargo install wasm-pack wasm-bindgen-cli && rustup target add wasm32-unknown-unknown
|
|
RUN cargo install cargo-audit
|
|
WORKDIR /upend
|
|
CACHE $HOME/.cargo
|
|
COPY Cargo.toml Cargo.lock .
|
|
COPY base/Cargo.toml base/Cargo.toml
|
|
COPY cli/Cargo.toml cli/Cargo.toml
|
|
COPY db/Cargo.toml db/Cargo.toml
|
|
COPY wasm/Cargo.toml wasm/Cargo.toml
|
|
RUN cargo fetch --locked
|
|
|
|
base-backend:
|
|
FROM +base-rust
|
|
COPY --dir base cli db wasm .
|
|
|
|
base-node:
|
|
FROM node:lts-iron
|
|
RUN npm install -g pnpm
|
|
WORKDIR /upend
|
|
CACHE $HOME/.local/share/pnpm
|
|
COPY +wasmlib/pkg-web wasm/pkg-web
|
|
COPY +wasmlib/pkg-node wasm/pkg-node
|
|
COPY sdks/js/package.json sdks/js/pnpm-lock.yaml sdks/js/
|
|
RUN cd sdks/js && rm -rf node_modules && pnpm install --frozen-lockfile
|
|
COPY webui/package.json webui/pnpm-lock.yaml webui/
|
|
RUN cd webui && rm -rf node_modules && pnpm install --frozen-lockfile
|
|
COPY --dir webui webext .
|
|
COPY --dir sdks/js sdks/
|
|
|
|
base-frontend:
|
|
FROM +base-node
|
|
COPY +jslib/jslib sdks/js
|
|
WORKDIR webui
|
|
RUN rm -rf node_modules && pnpm install --frozen-lockfile
|
|
|
|
# Intermediate targets
|
|
|
|
upend-bin:
|
|
FROM +base-backend
|
|
CACHE --id=rust-target target
|
|
COPY +git-version/version.txt .
|
|
RUN UPEND_VERSION=$(cat version.txt) cargo build --release
|
|
RUN cp target/release/upend upend.bin
|
|
SAVE ARTIFACT upend.bin upend
|
|
|
|
webui:
|
|
FROM +base-frontend
|
|
RUN pnpm build
|
|
SAVE ARTIFACT dist
|
|
|
|
wasmlib:
|
|
FROM --platform=linux/amd64 +base-rust
|
|
COPY --dir base wasm .
|
|
WORKDIR wasm
|
|
CACHE target
|
|
RUN wasm-pack build --target web --out-dir pkg-web && \
|
|
wasm-pack build --target nodejs --out-dir pkg-node
|
|
RUN sed -e 's%"name": "upend_wasm"%"name": "@upnd/wasm-web"%' -i pkg-web/package.json && \
|
|
sed -e 's%"name": "upend_wasm"%"name": "@upnd/wasm-node"%' -i pkg-node/package.json
|
|
SAVE ARTIFACT pkg-web AS LOCAL wasm/pkg-web
|
|
SAVE ARTIFACT pkg-node AS LOCAL wasm/pkg-node
|
|
|
|
jslib:
|
|
FROM +base-node
|
|
WORKDIR sdks/js
|
|
RUN pnpm build
|
|
SAVE ARTIFACT . jslib
|
|
|
|
webext:
|
|
FROM +base-node
|
|
WORKDIR webext
|
|
RUN pnpm build
|
|
SAVE ARTIFACT web-ext-artifacts/*.zip
|
|
|
|
# Final targets
|
|
|
|
appimage:
|
|
FROM debian:bookworm
|
|
RUN apt-get update && \
|
|
apt-get -y install wget pipx binutils coreutils desktop-file-utils fakeroot fuse libgdk-pixbuf2.0-dev patchelf python3-pip python3-setuptools squashfs-tools strace util-linux zsync && \
|
|
pipx ensurepath && \
|
|
pipx install appimage-builder
|
|
COPY +upend-bin/upend AppDir/usr/bin/upend
|
|
COPY --dir +webui/dist AppDir/usr/share/upend/webui
|
|
COPY assets/upend.png AppDir/usr/share/icons/upend.png
|
|
COPY build/AppImageBuilder.yml .
|
|
RUN sed -e "s/latest/$(./AppDir/usr/bin/upend --version | cut -d ' ' -f 2)/" -i AppImageBuilder.yml
|
|
RUN pipx run appimage-builder
|
|
SAVE ARTIFACT UpEnd*
|
|
|
|
appimage-signed:
|
|
FROM alpine
|
|
RUN apk add gpg gpg-agent
|
|
RUN --secret GPG_SIGN_KEY echo "$GPG_SIGN_KEY" | gpg --import
|
|
COPY +appimage/*.AppImage .
|
|
RUN gpg --detach-sign --sign --armor *.AppImage
|
|
SAVE ARTIFACT *.AppImage
|
|
SAVE ARTIFACT *.asc
|
|
|
|
docker-minimal:
|
|
FROM debian:bookworm
|
|
RUN apt-get update && \
|
|
apt-get -y install libssl3 ca-certificates && \
|
|
apt-get clean && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
DO +DOCKER_COMMON
|
|
ARG tag=trunk
|
|
SAVE IMAGE --push upend/upend:$tag-minimal
|
|
|
|
docker:
|
|
FROM debian:bookworm
|
|
RUN apt-get update && \
|
|
apt-get -y install --no-install-recommends ffmpeg wget libssl3 ca-certificates && \
|
|
wget https://github.com/bbc/audiowaveform/releases/download/1.8.1/audiowaveform_1.8.1-1-12_amd64.deb && \
|
|
apt-get -y install ./audiowaveform_1.8.1-1-12_amd64.deb && \
|
|
rm -v audiowaveform_1.8.1-1-12_amd64.deb && \
|
|
apt-get remove -y wget && \
|
|
apt-get clean && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
DO +DOCKER_COMMON
|
|
ARG tag=trunk
|
|
SAVE IMAGE --push upend/upend:$tag
|
|
|
|
DOCKER_COMMON:
|
|
FUNCTION
|
|
COPY +upend-bin/upend /usr/bin/upend
|
|
COPY --dir +webui/dist /usr/share/upend/webui
|
|
ENTRYPOINT ["/usr/bin/upend"]
|
|
CMD ["serve", "/vault", "--bind", "0.0.0.0:8093"]
|
|
EXPOSE 8093
|
|
ENV UPEND_NO_DESKTOP=true
|
|
ENV UPEND_ALLOW_HOST='*'
|
|
|
|
# CI targets
|
|
|
|
lint:
|
|
WAIT
|
|
BUILD +lint-backend
|
|
BUILD +lint-frontend
|
|
BUILD +lint-jslib
|
|
END
|
|
|
|
lint-backend:
|
|
FROM +base-backend
|
|
CACHE --id=rust-target target
|
|
RUN cargo clippy --workspace
|
|
|
|
lint-frontend:
|
|
FROM +base-frontend
|
|
RUN pnpm check && pnpm lint
|
|
|
|
lint-jslib:
|
|
FROM +base-node
|
|
WORKDIR sdks/js
|
|
RUN pnpm lint
|
|
|
|
audit:
|
|
WAIT
|
|
BUILD +audit-backend
|
|
BUILD +audit-frontend
|
|
END
|
|
|
|
audit-backend:
|
|
FROM +base-backend
|
|
CACHE --id=rust-target target
|
|
RUN cargo audit --workspace
|
|
|
|
audit-frontend:
|
|
FROM +base-frontend
|
|
RUN pnpm audit
|
|
|
|
test:
|
|
WAIT
|
|
BUILD +test-backend
|
|
BUILD +test-jslib
|
|
END
|
|
|
|
test-backend:
|
|
FROM +base-backend
|
|
CACHE --id=rust-target target
|
|
RUN cargo nextest run --workspace
|
|
|
|
test-jslib:
|
|
FROM +base-node
|
|
WORKDIR sdks/js
|
|
RUN pnpm build && pnpm test
|
|
|
|
# Deployment targets
|
|
|
|
deploy-appimage-nightly:
|
|
FROM alpine
|
|
RUN apk add openssh-client
|
|
RUN --secret SSH_CONFIG --secret SSH_UPLOAD_KEY --secret SSH_KNOWN_HOSTS \
|
|
mkdir -p $HOME/.ssh && \
|
|
echo "$SSH_CONFIG" > $HOME/.ssh/config && \
|
|
echo "$SSH_UPLOAD_KEY" > $HOME/.ssh/id_rsa && \
|
|
echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts && \
|
|
chmod 600 $HOME/.ssh/*
|
|
COPY +appimage-signed/* .
|
|
RUN --push scp -v *.AppImage *.asc mainsite:releases/nightly
|
|
|
|
publish-js-all:
|
|
WAIT
|
|
BUILD +publish-js-wasm
|
|
BUILD +publish-js-lib
|
|
END
|
|
|
|
publish-js-lib:
|
|
FROM +base-npm-publish
|
|
WORKDIR /upend/sdks/js
|
|
DO +NPM_PUBLISH --pkg_name=@upnd/upend
|
|
|
|
publish-js-wasm:
|
|
FROM +base-npm-publish
|
|
WORKDIR /upend/wasm/pkg-web
|
|
DO +NPM_PUBLISH --pkg_name=@upnd/wasm-web
|
|
WORKDIR /upend/wasm/pkg-node
|
|
DO +NPM_PUBLISH --pkg_name=@upnd/wasm-node
|
|
|
|
base-npm-publish:
|
|
FROM +base-node
|
|
RUN --secret NPM_TOKEN echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > $HOME/.npmrc
|
|
COPY +jslib/jslib sdks/js
|
|
|
|
NPM_PUBLISH:
|
|
FUNCTION
|
|
ARG pkg_name
|
|
IF --no-cache [ "`npm view $pkg_name version`" != "`node -p \"require('./package.json').version\"`" ]
|
|
RUN echo "Publishing $pkg_name to npm..."
|
|
RUN --push npm publish --access public
|
|
ELSE
|
|
RUN echo "Nothing to do for $pkg_name."
|
|
END
|
|
|
|
# Utility targets
|
|
|
|
git-version:
|
|
FROM debian:bookworm
|
|
RUN apt-get update && \
|
|
apt-get -y install git && \
|
|
apt-get clean && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
COPY build/get_version.sh build/get_version.sh
|
|
COPY .git .git
|
|
RUN ./build/get_version.sh > /tmp/upend_version.txt && cat /tmp/upend_version.txt
|
|
SAVE ARTIFACT /tmp/upend_version.txt version.txt
|
|
|
|
changelog:
|
|
FROM orhunp/git-cliff
|
|
COPY .git .git
|
|
RUN git-cliff --bump -o CHANGELOG.md
|
|
SAVE ARTIFACT CHANGELOG.md
|
|
|
|
current-changelog:
|
|
FROM orhunp/git-cliff
|
|
COPY .git .git
|
|
RUN git-cliff --current -o CHANGELOG_CURRENT.md
|
|
SAVE ARTIFACT CHANGELOG_CURRENT.md
|
|
|
|
update-changelog:
|
|
LOCALLY
|
|
COPY +changelog/CHANGELOG.md .
|
|
RUN git add CHANGELOG.md && git commit -m "release: Update CHANGELOG"
|
|
RUN --push git push |