@@ -112,17 +112,17 @@ jobs:
112112 set -euo pipefail
113113 wget -O /tmp/nfpm.deb https://github.com/goreleaser/nfpm/releases/download/v2.18.1/nfpm_amd64.deb
114114 sudo dpkg -i /tmp/nfpm.deb
115+ rm /tmp/nfpm.deb
115116
116117name : Install rcodesign
117118 run : |
118119 set -euo pipefail
119-
120- # Install a prebuilt binary of rcodesign for linux amd64. Once the
121- # following PR is merged and released upstream, we can download
122- # directly from GitHub releases instead:
123- # https://github.com/indygreg/PyOxidizer/pull/635
124- wget -O /tmp/rcodesign https://cdn.discordapp.com/attachments/283356472258199552/1016767245717872700/rcodesign
125- sudo install --mode 755 /tmp/rcodesign /usr/local/bin/rcodesign
120+ wget -O /tmp/rcodesign.tar.gz https://github.com/indygreg/apple-platform-rs/releases/download/apple-codesign%2F0.22.0/apple-codesign-0.22.0-x86_64-unknown-linux-musl.tar.gz
121+ sudo tar -xzf /tmp/rcodesign.tar.gz \
122+ -C /usr/bin \
123+ --strip-components=1 \
124+ apple-codesign-0.22.0-x86_64-unknown-linux-musl/rcodesign
125+ rm /tmp/rcodesign.tar.gz
126126
127127name : Setup Apple Developer certificate and API key
128128 run : |
@@ -160,6 +160,39 @@ jobs:
160160 - name : Delete Apple Developer certificate and API key
161161 run : rm -f /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
162162
163+ - name : Determine base image tag
164+ id : image-base-tag
165+ run : |
166+ set -euo pipefail
167+ if [[ "${CODER_RELEASE:-}" != *t* ]] || [[ "${CODER_DRY_RUN:-}" == *t* ]]; then
168+ # Empty value means use the default and avoid building a fresh one.
169+ echo "tag=" >> $GITHUB_OUTPUT
170+ else
171+ echo "tag=$(CODER_IMAGE_BASE=ghcr.io/coder/coder-base ./scripts/image_tag.sh)" >> $GITHUB_OUTPUT
172+ fi
173+
174+ name : Create empty base-build-context directory
175+ if : steps.image-base-tag.outputs.tag != ''
176+ run : mkdir base-build-context
177+
178+ - name : Install depot.dev CLI
179+ if : steps.image-base-tag.outputs.tag != ''
180+ uses : depot/setup-action@v1
181+
182+ # This uses OIDC authentication, so no auth variables are required.
183+ - name : Build base Docker image via depot.dev
184+ if : steps.image-base-tag.outputs.tag != ''
185+ uses : depot/build-push-action@v1
186+ with :
187+ project : wl5hnrrkns
188+ context : base-build-context
189+ file : scripts/Dockerfile.base
190+ pull : true
191+ no-cache : true
192+ push : true
193+ tags : |
194+ ${{ steps.image-base-tag.outputs.tag }}
195+
163196name : Build Linux Docker images
164197 run : |
165198 set -euxo pipefail
@@ -188,6 +221,8 @@ jobs:
188221 --target "$(./scripts/image_tag.sh --version latest)" \
189222 $(cat build/coder_"$version"_linux_{amd64,arm64,armv7}.tag)
190223 fi
224+ env :
225+ CODER_BASE_IMAGE_TAG : ${{ steps.image-base-tag.outputs.tag }}
191226
192227 - name : ls build
193228 run : ls -lh build
@@ -252,6 +287,14 @@ jobs:
252287 ./build/*.rpm
253288retention-days : 7
254289
290+ - name : Start Packer builds
291+ uses : peter-evans/repository-dispatch@v2
292+ with :
293+ token : ${{ secrets.CDRCI_GITHUB_TOKEN }}
294+ repository : coder/packages
295+ event-type : coder-release
296+ client-payload : ' {"coder_version": "${{ steps.version.outputs.version }}"}'
297+
255298 publish-winget :
256299 name : Publish to winget-pkgs
257300 runs-on : windows-latest
@@ -333,11 +376,3 @@ jobs:
333376 # For gh CLI. We need a real token since we're commenting on a PR in a
334377 # different repo.
335378 GH_TOKEN : ${{ secrets.CDRCI_GITHUB_TOKEN }}
336-
337- - name : Start Packer builds
338- uses : peter-evans/repository-dispatch@v2
339- with :
340- token : ${{ secrets.CDRCI_GITHUB_TOKEN }}
341- repository : coder/packages
342- event-type : coder-release
343- client-payload : ' {"coder_version": "${{ needs.release.outputs.version }}"}'
0 commit comments