@@ -811,8 +811,7 @@ jobs:
811811 needs : changes
812812 # We always build the dylibs on PRs to verify we're not merging unbuildable code,
813813 # but they need only be signed on main.
814- # TODO: Uncomment
815- # if: needs.changes.outputs.docs-only == 'false' && !github.event.pull_request.head.repo.fork
814+ if : needs.changes.outputs.docs-only == 'false' && !github.event.pull_request.head.repo.fork
816815 runs-on : ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest' }}
817816 steps :
818817 - name : Harden Runner
@@ -836,8 +835,7 @@ jobs:
836835 uses : ./.github/actions/setup-go
837836
838837 - name : Install rcodesign
839- # TODO: Uncomment
840- # if: github.ref == 'refs/heads/main'
838+ if : github.ref == 'refs/heads/main'
841839 run : |
842840 set -euo pipefail
843841 wget -O /tmp/rcodesign.tar.gz https://github.com/indygreg/apple-platform-rs/releases/download/apple-codesign%2F0.22.0/apple-codesign-0.22.0-macos-universal.tar.gz
@@ -848,8 +846,7 @@ jobs:
848846 rm /tmp/rcodesign.tar.gz
849847
850848name : Setup Apple Developer certificate and API key
851- # TODO: Uncomment
852- # if: github.ref == 'refs/heads/main'
849+ if : github.ref == 'refs/heads/main'
853850 run : |
854851 set -euo pipefail
855852 touch /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
@@ -870,9 +867,7 @@ jobs:
870867 make gen/mark-fresh
871868 make build/coder-dylib
872869env :
873- # TODO: Uncomment
874- # CODER_SIGN_DARWIN: ${{ github.ref == 'refs/heads/main' && '1' || '0' }}
875- CODER_SIGN_DARWIN : 1
870+ CODER_SIGN_DARWIN : ${{ github.ref == 'refs/heads/main' && '1' || '0' }}
876871 AC_CERTIFICATE_FILE : /tmp/apple_cert.p12
877872 AC_CERTIFICATE_PASSWORD_FILE : /tmp/apple_cert_password.txt
878873
@@ -886,8 +881,7 @@ jobs:
886881retention-days : 7
887882
888883 - name : Delete Apple Developer certificate and API key
889- # TODO: Uncomment
890- # if: github.ref == 'refs/heads/main'
884+ if : github.ref == 'refs/heads/main'
891885 run : rm -f /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
892886
893887 build :
@@ -896,15 +890,14 @@ jobs:
896890 needs :
897891 - changes
898892 - build-dylib
899- # TODO: Uncomment
900- # if: github.ref == 'refs/heads/main' && needs.changes.outputs.docs-only == 'false' && !github.event.pull_request.head.repo.fork
893+ if : github.ref == 'refs/heads/main' && needs.changes.outputs.docs-only == 'false' && !github.event.pull_request.head.repo.fork
901894 runs-on : ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
902- # permissions:
903- # packages: write # Needed to push images to ghcr.io
904- # env:
905- # DOCKER_CLI_EXPERIMENTAL: "enabled"
906- # outputs:
907- # IMAGE: ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
895+ permissions :
896+ packages : write # Needed to push images to ghcr.io
897+ env :
898+ DOCKER_CLI_EXPERIMENTAL : " enabled"
899+ outputs :
900+ IMAGE : ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
908901 steps :
909902 - name : Harden Runner
910903 uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
@@ -943,9 +936,9 @@ jobs:
943936
944937 - name : Insert dylibs
945938 run : |
946- mv ./build/*amd64.dylib ./site/out/bin/coder-vpn-darwin-amd64.dylib
947- mv ./build/*arm64.dylib ./site/out/bin/coder-vpn-darwin-arm64.dylib
948- mv ./build/*arm64.h ./site/out/bin/coder-vpn-darwin-dylib.h
939+ mv ./build/*amd64.dylib ./site/out/bin/coder-vpn-darwin-amd64.dylib
940+ mv ./build/*arm64.dylib ./site/out/bin/coder-vpn-darwin-arm64.dylib
941+ mv ./build/*arm64.h ./site/out/bin/coder-vpn-darwin-dylib.h
949942
950943name : Build
951944 run : |
@@ -962,65 +955,63 @@ jobs:
962955 build/coder_"$version"_windows_amd64.zip \
963956 build/coder_"$version"_linux_amd64.{tar.gz,deb}
964957
965- # TODO: Uncomment
966- # - name: Build Linux Docker images
967- # id: build-docker
968- # env:
969- # CODER_IMAGE_BASE: ghcr.io/coder/coder-preview
970- # CODER_IMAGE_TAG_PREFIX: main
971- # DOCKER_CLI_EXPERIMENTAL: "enabled"
972- # run: |
973- # set -euxo pipefail
974-
975- # # build Docker images for each architecture
976- # version="$(./scripts/version.sh)"
977- # tag="main-$(echo "$version" | sed 's/+/-/g')"
978- # echo "tag=$tag" >> $GITHUB_OUTPUT
979-
980- # # build images for each architecture
981- # # note: omitting the -j argument to avoid race conditions when pushing
982- # make build/coder_"$version"_linux_{amd64,arm64,armv7}.tag
983-
984- # # only push if we are on main branch
985- # if [ "${{ github.ref }}" == "refs/heads/main" ]; then
986- # # build and push multi-arch manifest, this depends on the other images
987- # # being pushed so will automatically push them
988- # # note: omitting the -j argument to avoid race conditions when pushing
989- # make push/build/coder_"$version"_linux_{amd64,arm64,armv7}.tag
990-
991- # # Define specific tags
992- # tags=("$tag" "main" "latest")
993-
994- # # Create and push a multi-arch manifest for each tag
995- # # we are adding `latest` tag and keeping `main` for backward
996- # # compatibality
997- # for t in "${tags[@]}"; do
998- # ./scripts/build_docker_multiarch.sh \
999- # --push \
1000- # --target "ghcr.io/coder/coder-preview:$t" \
1001- # --version $version \
1002- # $(cat build/coder_"$version"_linux_{amd64,arm64,armv7}.tag)
1003- # done
1004- # fi
1005-
1006- # - name: Prune old images
1007- # if: github.ref == 'refs/heads/main'
1008- # uses: vlaurin/action-ghcr-prune@0cf7d39f88546edd31965acba78cdcb0be14d641 # v0.6.0
1009- # with:
1010- # token: ${{ secrets.GITHUB_TOKEN }}
1011- # organization: coder
1012- # container: coder-preview
1013- # keep-younger-than: 7 # days
1014- # keep-tags: latest
1015- # keep-tags-regexes: ^pr
1016- # prune-tags-regexes: |
1017- # ^main-
1018- # ^v
1019- # prune-untagged: true
958+ name : Build Linux Docker images
959+ id : build-docker
960+ env :
961+ CODER_IMAGE_BASE : ghcr.io/coder/coder-preview
962+ CODER_IMAGE_TAG_PREFIX : main
963+ DOCKER_CLI_EXPERIMENTAL : " enabled"
964+ run : |
965+ set -euxo pipefail
966+
967+ # build Docker images for each architecture
968+ version="$(./scripts/version.sh)"
969+ tag="main-$(echo "$version" | sed 's/+/-/g')"
970+ echo "tag=$tag" >> $GITHUB_OUTPUT
971+
972+ # build images for each architecture
973+ # note: omitting the -j argument to avoid race conditions when pushing
974+ make build/coder_"$version"_linux_{amd64,arm64,armv7}.tag
975+
976+ # only push if we are on main branch
977+ if [ "${{ github.ref }}" == "refs/heads/main" ]; then
978+ # build and push multi-arch manifest, this depends on the other images
979+ # being pushed so will automatically push them
980+ # note: omitting the -j argument to avoid race conditions when pushing
981+ make push/build/coder_"$version"_linux_{amd64,arm64,armv7}.tag
982+
983+ # Define specific tags
984+ tags=("$tag" "main" "latest")
985+
986+ # Create and push a multi-arch manifest for each tag
987+ # we are adding `latest` tag and keeping `main` for backward
988+ # compatibality
989+ for t in "${tags[@]}"; do
990+ ./scripts/build_docker_multiarch.sh \
991+ --push \
992+ --target "ghcr.io/coder/coder-preview:$t" \
993+ --version $version \
994+ $(cat build/coder_"$version"_linux_{amd64,arm64,armv7}.tag)
995+ done
996+ fi
997+
998+ name : Prune old images
999+ if : github.ref == 'refs/heads/main'
1000+ uses : vlaurin/action-ghcr-prune@0cf7d39f88546edd31965acba78cdcb0be14d641 # v0.6.0
1001+ with :
1002+ token : ${{ secrets.GITHUB_TOKEN }}
1003+ organization : coder
1004+ container : coder-preview
1005+ keep-younger-than : 7 # days
1006+ keep-tags : latest
1007+ keep-tags-regexes : ^pr
1008+ prune-tags-regexes : |
1009+ ^main-
1010+ ^v
1011+ prune-untagged : true
10201012
10211013 - name : Upload build artifacts
1022- # TODO: Uncomment
1023- # if: github.ref == 'refs/heads/main'
1014+ if : github.ref == 'refs/heads/main'
10241015 uses : actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
10251016 with :
10261017 name : coder
0 commit comments