diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index a6f71a0..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,129 +0,0 @@ -version: 2.1 - -orbs: - aws-s3: circleci/aws-s3@3.0 - aws-cli: circleci/aws-cli@2.0 - -executors: - amd64: - machine: - image: ubuntu-2004:202111-02 - resource_class: medium - environment: - ARCH: x86_64 - - arm64: - machine: - image: ubuntu-2004:202111-02 - resource_class: arm.medium - environment: - ARCH: aarch64 - -platforms: &platforms - - amd64 - - arm64 - -alpine-versions: &alpine-versions - - "3.19" - - "3.20" - -php-versions: &php-versions - - "8.1" - - "8.2" - - "8.3" - - "8.4" - -jobs: - build: - parameters: - alpine: - type: string - php: - type: string - executor: - type: string - executor: << parameters.executor >> - steps: - - checkout - - run: make keys - - run: - name: Build - command: | - echo "Building alpine << parameters.alpine >> php << parameters.php >> arch ${ARCH}" - make build ARCH=${ARCH} ALPINE=<< parameters.alpine >> PHP=<< parameters.php >> - - store_artifacts: - path: build/.abuild/skpr.rsa.pub - destination: skpr.rsa.pub - - store_artifacts: - path: _output/<< parameters.alpine >>/php<< parameters.php >> - - release: - parameters: - alpine: - type: string - php: - type: string - executor: - type: string - executor: << parameters.executor >> - steps: - - checkout - - aws-cli/install - - run: - name: Decrypt Keys - command: | - aws kms decrypt \ - --ciphertext-blob fileb://<(cat build/.abuild/skpr.rsa.asc | base64 --decode) \ - --output text \ - --query Plaintext | base64 --decode > build/.abuild/skpr.rsa - - run: - name: Build - command: | - echo "Building alpine << parameters.alpine >> php << parameters.php >> arch ${ARCH}" - make build ARCH=${ARCH} ALPINE=<< parameters.alpine >> PHP=<< parameters.php >> - - run: - name: Sync - command: | - aws s3 sync --acl public-read \ - --cache-control "max-age=86400" \ - --delete \ - _output/<< parameters.alpine >>/php<< parameters.php >>/${ARCH} \ - s3://package-skpr-io/php-alpine/<< parameters.alpine >>/php<< parameters.php >>/${ARCH} - - # Public key for validating repository pakages. - aws s3 cp build/.abuild/skpr.rsa.pub s3://package-skpr-io/php-alpine/skpr.rsa.pub - - run: - name: Invalidate - command: aws cloudfront create-invalidation --distribution-id ${CLOUDFRONT_ID} --paths /php-alpine/<< parameters.alpine >>/php<< parameters.php >>/* - - run: - # This is probably not required. - # But we wouldn't be doing our due diligence as operators if we didn't - # try to clean this up. - name: Delete Private Key - command: | - rm -f build/.abuild/skpr.rsa - -workflows: - build: - jobs: - - build: - filters: - branches: - ignore: main - matrix: - parameters: - executor: *platforms - alpine: *alpine-versions - php: *php-versions - - release: - jobs: - - release: - filters: - branches: - only: main - matrix: - parameters: - executor: *platforms - alpine: *alpine-versions - php: *php-versions diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..b5e14fa --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,31 @@ +name: ๐Ÿ—๏ธ Build +on: + push: + branches-ignore: + - main + - aws-codebuild + +jobs: + build: + strategy: + matrix: + build_image: + - "ubuntu-24.04" + - "ubuntu-24.04-arm" + alpine: + - "3.21" + php: + - "8.4" + runs-on: ${{ matrix.build_image }} + steps: + - name: โ†™๏ธ Checkout + uses: actions/checkout@v4 + with: + show-progress: false + - name: ๐Ÿ”‘ Generate keys + run: make keys + - name: ๐Ÿ—๏ธ Build + run: | + ARCH=$(uname -m) + echo "Building alpine ${{ matrix.alpine }} php ${{ matrix.php }} arch ${ARCH}" + make build ARCH=${ARCH} ALPINE=${{ matrix.alpine }} PHP=${{ matrix.php }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..f3b3c6a --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,61 @@ +name: ๐Ÿš€ Release +on: + workflow_dispatch: ~ + push: + branches: + - main + - aws-codebuild + +jobs: + release: + strategy: + matrix: + build_image: + - "ubuntu-24.04" + - "ubuntu-24.04-arm" + alpine: + - "3.21" + - "3.22" + php: + - "8.4" + runs-on: ${{ matrix.build_image }} + steps: + - name: โ†™๏ธ Checkout + uses: actions/checkout@v4 + with: + show-progress: false + + - name: ๐Ÿ”‘ Generate public keys + run: make keys + + - name: ๐Ÿ—๏ธ Build + run: | + ARCH=$(uname -m) + echo "ARCH=${ARCH}" >> $GITHUB_ENV + echo "Building alpine ${{ matrix.alpine }} php ${{ matrix.php }} arch ${ARCH}" + make build ARCH=${ARCH} ALPINE=${{ matrix.alpine }} PHP=${{ matrix.php }} + + - name: ๐Ÿ” Get AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: ๐Ÿš€ Publish Packages + run: | + echo "Publishing alpine ${{ matrix.alpine }} php ${{ matrix.php }} arch ${ARCH}" +# aws s3 sync --acl public-read \ +# --cache-control "max-age=86400" \ +# --delete \ +# _output/${{ matrix.alpine }}/php${{ matrix.php }}/${ARCH} \ +# s3://package-skpr-io/php-alpine/${{ matrix.alpine }}/php${{ matrix.php }}/${ARCH} +# # Public key for validating repository packages. +# aws s3 cp build/.abuild/skpr.rsa.pub s3://package-skpr-io/php-alpine/skpr.rsa.pub +# - name: โ˜๏ธ Invalidate Cloudfront +# run: | +# aws cloudfront create-invalidation \ +# --distribution-id ${{ secrets.CLOUDFRONT_ID }} \ +# --paths /php-alpine/${{ matrix.alpine }}/php${{ matrix.php }}/* +# - name: ๐Ÿงน Clean up +# run: rm -f build/.abuild/skpr.rsa diff --git a/Makefile b/Makefile index 40699fa..2f19af9 100644 --- a/Makefile +++ b/Makefile @@ -6,9 +6,9 @@ BUILD_IMAGE=skpr-abuild:latest build: image # @todo, Make sure keys exist. - docker container run -it -v $(CURDIR)/packages:/packages \ - -v $(CURDIR)/_output/$(ALPINE)/php$(PHP):/_output/packages \ - $(BUILD_IMAGE) $(PHP) ${ARCH} + docker run -v $(CURDIR)/packages:/packages \ + -v $(CURDIR)/_output/$(ALPINE)/php$(PHP):/_output/packages \ + $(BUILD_IMAGE) $(PHP) ${ARCH} image: docker image build --build-arg ALPINE_VERSION=$(ALPINE) -t $(BUILD_IMAGE) build