@@ -22,24 +22,6 @@ permissions:
2222 contents : read # to fetch code (actions/checkout)
2323
2424jobs :
25- prepare :
26- runs-on : ubuntu-latest
27- outputs :
28- matrix : ${{ steps.platforms.outputs.matrix }}
29- steps :
30- -
31- name : Checkout
32- uses : actions/checkout@v4
33- -
34- name : Create matrix
35- id : platforms
36- run : |
37- echo matrix=$(docker buildx bake binary-cross --print | jq -cr '.target."binary-cross".platforms') >> $GITHUB_OUTPUT
38-
39- name : Show matrix
40- run : |
41- echo ${{ steps.platforms.outputs.matrix }}
42-
4325 validate :
4426 runs-on : ubuntu-latest
4527 strategy :
@@ -63,61 +45,68 @@ jobs:
6345 make ${{ matrix.target }}
6446
6547binary :
48+ uses : docker/github-builder/.github/workflows/bake.yml@v1
49+ permissions :
50+ contents : read # same as global permission
51+ id-token : write # for signing attestation(s) with GitHub OIDC Token
52+ with :
53+ runner : amd64
54+ artifact-name : compose
55+ artifact-upload : true
56+ cache : true
57+ cache-scope : binary
58+ target : release
59+ output : local
60+ sbom : true
61+ sign : ${{ github.event_name != 'pull_request' }}
62+
63+ binary-finalize :
6664 runs-on : ubuntu-latest
6765 needs :
68- - prepare
69- strategy :
70- fail-fast : false
71- matrix :
72- platform : ${{ fromJson(needs.prepare.outputs.matrix) }}
66+ - binary
7367 steps :
7468 -
75- name : Checkout
76- uses : actions/checkout@v4
77- -
78- name : Prepare
79- run : |
80- platform=${MATRIX_PLATFORM}
81- echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
82- env :
83- MATRIX_PLATFORM : ${{ matrix.platform }}
84- -
85- name : Set up QEMU
86- uses : docker/setup-qemu-action@v3
87- -
88- name : Set up Docker Buildx
89- uses : docker/setup-buildx-action@v3
90- -
91- name : Build
92- uses : docker/bake-action@v6
69+ name : Download artifacts
70+ uses : actions/download-artifact@v7
9371 with :
94- source : .
95- targets : release
96- provenance : mode=max
97- sbom : true
98- set : |
99- *.platform=${{ matrix.platform }}
100- *.cache-from=type=gha,scope=binary-${{ env.PLATFORM_PAIR }}
101- *.cache-to=type=gha,scope=binary-${{ env.PLATFORM_PAIR }},mode=max
72+ path : /tmp/compose-output
73+ name : ${{ needs.binary.outputs.artifact-name }}
10274 -
10375 name : Rename provenance and sbom
104- working-directory : ./bin/release
10576 run : |
106- binname=$(find . -name 'docker-compose-*')
107- filename=$(basename "$binname" | sed -E 's/\.exe$//')
108- mv "provenance.json" "${filename}.provenance.json"
109- mv "sbom-binary.spdx.json" "${filename}.sbom.json"
110- find . -name 'sbom*.json' -exec rm {} \;
77+ for pdir in /tmp/compose-output/*/; do
78+ (
79+ cd "$pdir"
80+ binname=$(find . -name 'docker-compose-*')
81+ filename=$(basename "${binname%.exe}")
82+ mv "provenance.json" "${filename}.provenance.json"
83+ mv "sbom-binary.spdx.json" "${filename}.sbom.json"
84+ find . -name 'sbom*.json' -exec rm {} \;
85+ if [ -f "provenance.sigstore.json" ]; then
86+ mv "provenance.sigstore.json" "${filename}.sigstore.json"
87+ fi
88+ )
89+ done
90+ mkdir -p "./bin/release"
91+ mv /tmp/compose-output/**/* "./bin/release/"
11192
112- name : List artifacts
93+ name : Create checksum file
94+ working-directory : ./bin/release
11395 run : |
114- tree -nh ./bin/release
96+ find . -type f -print0 | sort -z | xargs -r0 shasum -a 256 -b | sed 's# \*\./# *#' > $RUNNER_TEMP/checksums.txt
97+ shasum -a 256 -U -c $RUNNER_TEMP/checksums.txt
98+ mv $RUNNER_TEMP/checksums.txt .
99+ cat checksums.txt | while read sum file; do
100+ if [[ "${file#\*}" == docker-compose-* && "${file#\*}" != *.provenance.json && "${file#\*}" != *.sbom.json && "${file#\*}" != *.sigstore.json ]]; then
101+ echo "$sum $file" > ${file#\*}.sha256
102+ fi
103+ done
115104
116105 name : Upload artifacts
117- uses : actions/upload-artifact@v4
106+ uses : actions/upload-artifact@v6
118107 with :
119- name : compose-${{ env.PLATFORM_PAIR }}
120- path : ./bin/release
108+ name : release
109+ path : ./bin/release/*
121110 if-no-files-found : error
122111
123112 test :
@@ -147,6 +136,7 @@ jobs:
147136 with :
148137 paths : bin/coverage/unit/report.xml
149138 if : always()
139+
150140 e2e :
151141 runs-on : ubuntu-latest
152142 name : e2e (${{ matrix.mode }}, ${{ matrix.channel }})
@@ -254,6 +244,7 @@ jobs:
254244 with :
255245 paths : /tmp/report/report.xml
256246 if : always()
247+
257248 coverage :
258249 runs-on : ubuntu-latest
259250 needs :
@@ -297,33 +288,19 @@ jobs:
297288 release :
298289 permissions :
299290 contents : write # to create a release (ncipollo/release-action)
300-
301291 runs-on : ubuntu-latest
302292 needs :
303- - binary
293+ - binary-finalize
304294 steps :
305295 -
306296 name : Checkout
307297 uses : actions/checkout@v4
308298 -
309299 name : Download artifacts
310- uses : actions/download-artifact@v4
300+ uses : actions/download-artifact@v7
311301 with :
312- pattern : compose-*
313302 path : ./bin/release
314- merge-multiple : true
315- -
316- name : Create checksums
317- working-directory : ./bin/release
318- run : |
319- find . -type f -print0 | sort -z | xargs -r0 shasum -a 256 -b | sed 's# \*\./# *#' > $RUNNER_TEMP/checksums.txt
320- shasum -a 256 -U -c $RUNNER_TEMP/checksums.txt
321- mv $RUNNER_TEMP/checksums.txt .
322- cat checksums.txt | while read sum file; do
323- if [[ "${file#\*}" == docker-compose-* && "${file#\*}" != *.provenance.json && "${file#\*}" != *.sbom.json ]]; then
324- echo "$sum $file" > ${file#\*}.sha256
325- fi
326- done
303+ name : release
327304 -
328305 name : List artifacts
329306 run : |
0 commit comments