Skip to content

Commit 82dcfef

Browse files
MoeMahhoukMoeMahhouk
committed
fixing linting issues
1 parent a4348b2 commit 82dcfef

File tree

2 files changed

+87
-62
lines changed

2 files changed

+87
-62
lines changed

.github/workflows/release-reproducible.yml

Lines changed: 43 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
1-
# This workflow is for building and pushing reproducible Docker images for releases.
1+
---
2+
# This workflow is for building and pushing reproducible Docker images
3+
# for releases.
24
name: release-reproducible
35

46
on:
@@ -8,12 +10,14 @@ on:
810
workflow_dispatch:
911
inputs:
1012
dry_run:
11-
description: "Enable dry run mode (builds images but skips push to registry)"
13+
description: >-
14+
Enable dry run mode (builds images but skips push to registry)
1215
type: boolean
1316
default: false
1417

1518
env:
16-
DOCKER_REPRODUCIBLE_IMAGE_NAME: ${{ github.repository_owner }}/lighthouse-reproducible
19+
DOCKER_REPRODUCIBLE_IMAGE_NAME: >-
20+
${{ github.repository_owner }}/lighthouse-reproducible
1721
DOCKER_PASSWORD: ${{ secrets.DH_KEY }}
1822
DOCKER_USERNAME: ${{ secrets.DH_ORG }}
1923

@@ -23,7 +27,8 @@ jobs:
2327
runs-on: ubuntu-latest
2428
steps:
2529
- name: Extract version
26-
run: echo "VERSION=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT
30+
run: >-
31+
echo "VERSION=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT
2732
id: extract_version
2833
outputs:
2934
VERSION: ${{ steps.extract_version.outputs.VERSION }}
@@ -38,42 +43,46 @@ jobs:
3843
include:
3944
- arch: amd64
4045
rust_target: x86_64-unknown-linux-gnu
41-
rust_image: rust:1.86-bullseye@sha256:1110399f568f1dbe838e58f15b4162d899cb95f450f5f0ffa739614f3a4c32f1
46+
rust_image: >-
47+
rust:1.86-bullseye@sha256:1110399f568f1dbe838e58f15b4162d899cb95f450f5f0ffa739614f3a4c32f1
4248
platform: linux/amd64
4349
- arch: arm64
4450
rust_target: aarch64-unknown-linux-gnu
45-
rust_image: rust:1.86-bullseye@sha256:36053eabadeb701e3e0406610a2ce72ccfa10b7828963cd08cffdcf660518b27
51+
rust_image: >-
52+
rust:1.86-bullseye@sha256:36053eabadeb701e3e0406610a2ce72ccfa10b7828963cd08cffdcf660518b27
4653
platform: linux/arm64
4754
steps:
4855
- uses: actions/checkout@v4
49-
56+
5057
- name: Set up Docker Buildx
5158
uses: docker/setup-buildx-action@v3
52-
59+
5360
- name: Log in to Docker Hub
5461
if: ${{ github.event.inputs.dry_run != 'true' }}
5562
uses: docker/login-action@v3
5663
with:
5764
username: ${{ env.DOCKER_USERNAME }}
5865
password: ${{ env.DOCKER_PASSWORD }}
59-
66+
6067
- name: Build reproducible image (${{ matrix.arch }})
6168
uses: docker/build-push-action@v6
69+
env:
70+
IMAGE_BASE: ${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}
71+
VERSION: ${{ needs.extract-version.outputs.VERSION }}
72+
ARCH: ${{ matrix.arch }}
73+
DOCKER_BUILD_RECORD_UPLOAD: false
6274
with:
6375
context: .
6476
file: ./Dockerfile.reproducible
6577
platforms: ${{ matrix.platform }}
6678
push: ${{ github.event.inputs.dry_run != 'true' }}
67-
tags: |
68-
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}
79+
tags: ${{ env.IMAGE_BASE }}:${{ env.VERSION }}-${{ env.ARCH }}
6980
build-args: |
7081
RUST_TARGET=${{ matrix.rust_target }}
7182
RUST_IMAGE=${{ matrix.rust_image }}
7283
cache-from: type=gha,scope=${{ matrix.arch }}
7384
cache-to: type=gha,mode=max,scope=${{ matrix.arch }}
7485
provenance: false
75-
env:
76-
DOCKER_BUILD_RECORD_UPLOAD: false
7786

7887
create-manifest:
7988
name: create multi-arch manifest
@@ -86,24 +95,26 @@ jobs:
8695
with:
8796
username: ${{ env.DOCKER_USERNAME }}
8897
password: ${{ env.DOCKER_PASSWORD }}
89-
98+
9099
- name: Create and push multi-arch manifest
91100
run: |
101+
IMAGE_NAME=${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}
102+
VERSION=${{ needs.extract-version.outputs.VERSION }}
92103
# Create manifest for version tag
93104
docker manifest create \
94-
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }} \
95-
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}-amd64 \
96-
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}-arm64
97-
98-
docker manifest push ${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}
99-
105+
${IMAGE_NAME}:${VERSION} \
106+
${IMAGE_NAME}:${VERSION}-amd64 \
107+
${IMAGE_NAME}:${VERSION}-arm64
108+
109+
docker manifest push ${IMAGE_NAME}:${VERSION}
110+
100111
# Create manifest for latest tag
101112
docker manifest create \
102-
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:latest \
103-
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}-amd64 \
104-
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}-arm64
105-
106-
docker manifest push ${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:latest
113+
${IMAGE_NAME}:latest \
114+
${IMAGE_NAME}:${VERSION}-amd64 \
115+
${IMAGE_NAME}:${VERSION}-arm64
116+
117+
docker manifest push ${IMAGE_NAME}:latest
107118
108119
dry-run-summary:
109120
name: dry run summary
@@ -113,19 +124,22 @@ jobs:
113124
steps:
114125
- name: Summarize dry run
115126
run: |
127+
IMAGE_NAME=${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}
128+
VERSION=${{ needs.extract-version.outputs.VERSION }}
116129
echo "## 🧪 Reproducible Build Dry Run Summary"
117130
echo ""
118-
echo "✅ Successfully completed dry run for version ${{ needs.extract-version.outputs.VERSION }}"
131+
echo "✅ Successfully completed dry run for version ${VERSION}"
119132
echo ""
120133
echo "### What would happen in a real release:"
121134
echo "- Multi-arch reproducible Docker images would be built"
122135
echo "- Images would be pushed to Docker Hub as:"
123-
echo " - \`${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}\`"
124-
echo " - \`${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:latest\`"
136+
echo " - \`${IMAGE_NAME}:${VERSION}\`"
137+
echo " - \`${IMAGE_NAME}:latest\`"
125138
echo ""
126139
echo "### Architectures built:"
127140
echo "- linux/amd64 (x86_64-unknown-linux-gnu)"
128141
echo "- linux/arm64 (aarch64-unknown-linux-gnu)"
129142
echo ""
130143
echo "### Next Steps"
131-
echo "To perform a real release, push a git tag (e.g., \`git tag v4.6.0 && git push origin v4.6.0\`)"
144+
echo "To perform a real release, push a git tag"
145+
echo "(e.g., \`git tag v4.6.0 && git push origin v4.6.0\`)"

.github/workflows/reproducible-build.yml

Lines changed: 44 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,11 @@
1+
---
12
name: reproducible-build
23

34
on:
4-
workflow_dispatch: {}
5+
workflow_dispatch: true
56
schedule:
6-
# Run every 2 days at 1 AM UTC
77
- cron: "0 1 */2 * *"
88
pull_request:
9-
# Also run on PRs that might affect reproducible builds
109
paths:
1110
- "Makefile"
1211
- "Dockerfile.reproducible"
@@ -20,42 +19,46 @@ jobs:
2019
runs-on: ubuntu-latest
2120
steps:
2221
- uses: actions/checkout@v4
23-
22+
2423
- uses: dtolnay/rust-toolchain@stable
2524
with:
2625
target: x86_64-unknown-linux-gnu
27-
26+
2827
- name: Install build dependencies
2928
run: |
3029
sudo apt-get update
3130
sudo apt-get install -y libclang-dev cmake
32-
31+
3332
- name: Install cargo-cache
3433
run: cargo install cargo-cache
35-
34+
3635
- uses: Swatinem/rust-cache@v2
3736
with:
3837
cache-on-failure: true
3938
key: reproducible-build-x86_64
4039

4140
- name: Build Lighthouse (first build)
4241
run: |
43-
make build-reproducible RUST_TARGET=x86_64-unknown-linux-gnu
44-
cp target/x86_64-unknown-linux-gnu/release/lighthouse lighthouse-build-1
42+
make build-reproducible \
43+
RUST_TARGET=x86_64-unknown-linux-gnu
44+
cp target/x86_64-unknown-linux-gnu/release/lighthouse \
45+
lighthouse-build-1
4546
sha256sum lighthouse-build-1 > lighthouse-build-1.sha256
46-
47+
4748
- name: Clean build artifacts and cache
4849
run: |
4950
make clean
5051
cargo cache -a
5152
rm -rf target/
52-
53+
5354
- name: Build Lighthouse (second build)
5455
run: |
55-
make build-reproducible RUST_TARGET=x86_64-unknown-linux-gnu
56-
cp target/x86_64-unknown-linux-gnu/release/lighthouse lighthouse-build-2
56+
make build-reproducible \
57+
RUST_TARGET=x86_64-unknown-linux-gnu
58+
cp target/x86_64-unknown-linux-gnu/release/lighthouse \
59+
lighthouse-build-2
5760
sha256sum lighthouse-build-2 > lighthouse-build-2.sha256
58-
61+
5962
- name: Compare binaries
6063
run: |
6164
echo "=== Build 1 SHA256 ==="
@@ -69,7 +72,7 @@ jobs:
6972
echo "❌ Binaries differ - reproducible build FAILED"
7073
exit 1
7174
fi
72-
75+
7376
- name: Upload build artifacts (on failure)
7477
if: failure()
7578
uses: actions/upload-artifact@v4
@@ -86,42 +89,48 @@ jobs:
8689
runs-on: ubuntu-latest
8790
steps:
8891
- uses: actions/checkout@v4
89-
92+
9093
- uses: dtolnay/rust-toolchain@stable
9194
with:
9295
target: aarch64-unknown-linux-gnu
93-
96+
9497
- name: Install build dependencies and cross-compilation tools
9598
run: |
9699
sudo apt-get update
97100
sudo apt-get install -y libclang-dev cmake gcc-aarch64-linux-gnu
98-
101+
99102
- name: Install cargo-cache
100103
run: cargo install cargo-cache
101-
104+
102105
- uses: Swatinem/rust-cache@v2
103106
with:
104107
cache-on-failure: true
105108
key: reproducible-build-aarch64
106109

107110
- name: Build Lighthouse (first build)
108111
run: |
109-
make build-reproducible RUST_TARGET=aarch64-unknown-linux-gnu
110-
cp target/aarch64-unknown-linux-gnu/release/lighthouse lighthouse-build-1-arm64
111-
sha256sum lighthouse-build-1-arm64 > lighthouse-build-1-arm64.sha256
112-
112+
make build-reproducible \
113+
RUST_TARGET=aarch64-unknown-linux-gnu
114+
cp target/aarch64-unknown-linux-gnu/release/lighthouse \
115+
lighthouse-build-1-arm64
116+
sha256sum lighthouse-build-1-arm64 > \
117+
lighthouse-build-1-arm64.sha256
118+
113119
- name: Clean build artifacts and cache
114120
run: |
115121
make clean
116122
cargo cache -a
117123
rm -rf target/
118-
124+
119125
- name: Build Lighthouse (second build)
120126
run: |
121-
make build-reproducible RUST_TARGET=aarch64-unknown-linux-gnu
122-
cp target/aarch64-unknown-linux-gnu/release/lighthouse lighthouse-build-2-arm64
123-
sha256sum lighthouse-build-2-arm64 > lighthouse-build-2-arm64.sha256
124-
127+
make build-reproducible \
128+
RUST_TARGET=aarch64-unknown-linux-gnu
129+
cp target/aarch64-unknown-linux-gnu/release/lighthouse \
130+
lighthouse-build-2-arm64
131+
sha256sum lighthouse-build-2-arm64 > \
132+
lighthouse-build-2-arm64.sha256
133+
125134
- name: Compare binaries
126135
run: |
127136
echo "=== Build 1 SHA256 (ARM64) ==="
@@ -135,7 +144,7 @@ jobs:
135144
echo "❌ ARM64 binaries differ - reproducible build FAILED"
136145
exit 1
137146
fi
138-
147+
139148
- name: Upload build artifacts (on failure)
140149
if: failure()
141150
uses: actions/upload-artifact@v4
@@ -162,17 +171,19 @@ jobs:
162171
else
163172
echo "❌ **x86_64**: Reproducible builds FAILED"
164173
fi
165-
174+
166175
if [[ "${{ needs.build-aarch64.result }}" == "success" ]]; then
167176
echo "✅ **aarch64**: Reproducible builds PASSED"
168177
else
169178
echo "❌ **aarch64**: Reproducible builds FAILED"
170179
fi
171-
180+
172181
echo ""
173-
if [[ "${{ needs.build-x86_64.result }}" == "success" ]] && [[ "${{ needs.build-aarch64.result }}" == "success" ]]; then
182+
if [[ "${{ needs.build-x86_64.result }}" == "success" ]] \
183+
&& [[ "${{ needs.build-aarch64.result }}" == "success" ]]; then
174184
echo "🎉 **Overall**: All reproducible builds are working correctly!"
175185
else
176-
echo "⚠️ **Overall**: Some reproducible builds failed - check the logs above"
186+
echo "⚠️ **Overall**: Some reproducible builds failed"
187+
echo "Check the logs above"
177188
exit 1
178189
fi

0 commit comments

Comments
 (0)