Skip to content

Commit 238fbaa

Browse files
MoeMahhoukMoeMahhouk
committed
fixing linting issues
1 parent a4348b2 commit 238fbaa

File tree

2 files changed

+83
-62
lines changed

2 files changed

+83
-62
lines changed

.github/workflows/release-reproducible.yml

Lines changed: 40 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,3 @@
1-
# This workflow is for building and pushing reproducible Docker images for releases.
21
name: release-reproducible
32

43
on:
@@ -8,12 +7,14 @@ on:
87
workflow_dispatch:
98
inputs:
109
dry_run:
11-
description: "Enable dry run mode (builds images but skips push to registry)"
10+
description: >-
11+
Enable dry run mode (builds images but skips push to registry)
1212
type: boolean
1313
default: false
1414

1515
env:
16-
DOCKER_REPRODUCIBLE_IMAGE_NAME: ${{ github.repository_owner }}/lighthouse-reproducible
16+
DOCKER_REPRODUCIBLE_IMAGE_NAME: >-
17+
${{ github.repository_owner }}/lighthouse-reproducible
1718
DOCKER_PASSWORD: ${{ secrets.DH_KEY }}
1819
DOCKER_USERNAME: ${{ secrets.DH_ORG }}
1920

@@ -23,7 +24,8 @@ jobs:
2324
runs-on: ubuntu-latest
2425
steps:
2526
- name: Extract version
26-
run: echo "VERSION=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT
27+
run: >-
28+
echo "VERSION=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT
2729
id: extract_version
2830
outputs:
2931
VERSION: ${{ steps.extract_version.outputs.VERSION }}
@@ -38,42 +40,46 @@ jobs:
3840
include:
3941
- arch: amd64
4042
rust_target: x86_64-unknown-linux-gnu
41-
rust_image: rust:1.86-bullseye@sha256:1110399f568f1dbe838e58f15b4162d899cb95f450f5f0ffa739614f3a4c32f1
43+
rust_image: >-
44+
rust:1.86-bullseye@sha256:1110399f568f1dbe838e58f15b4162d899cb95f450f5f0ffa739614f3a4c32f1
4245
platform: linux/amd64
4346
- arch: arm64
4447
rust_target: aarch64-unknown-linux-gnu
45-
rust_image: rust:1.86-bullseye@sha256:36053eabadeb701e3e0406610a2ce72ccfa10b7828963cd08cffdcf660518b27
48+
rust_image: >-
49+
rust:1.86-bullseye@sha256:36053eabadeb701e3e0406610a2ce72ccfa10b7828963cd08cffdcf660518b27
4650
platform: linux/arm64
4751
steps:
4852
- uses: actions/checkout@v4
49-
53+
5054
- name: Set up Docker Buildx
5155
uses: docker/setup-buildx-action@v3
52-
56+
5357
- name: Log in to Docker Hub
5458
if: ${{ github.event.inputs.dry_run != 'true' }}
5559
uses: docker/login-action@v3
5660
with:
5761
username: ${{ env.DOCKER_USERNAME }}
5862
password: ${{ env.DOCKER_PASSWORD }}
59-
63+
6064
- name: Build reproducible image (${{ matrix.arch }})
6165
uses: docker/build-push-action@v6
66+
env:
67+
IMAGE_BASE: ${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}
68+
VERSION: ${{ needs.extract-version.outputs.VERSION }}
69+
ARCH: ${{ matrix.arch }}
70+
DOCKER_BUILD_RECORD_UPLOAD: false
6271
with:
6372
context: .
6473
file: ./Dockerfile.reproducible
6574
platforms: ${{ matrix.platform }}
6675
push: ${{ github.event.inputs.dry_run != 'true' }}
67-
tags: |
68-
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}
76+
tags: ${{ env.IMAGE_BASE }}:${{ env.VERSION }}-${{ env.ARCH }}
6977
build-args: |
7078
RUST_TARGET=${{ matrix.rust_target }}
7179
RUST_IMAGE=${{ matrix.rust_image }}
7280
cache-from: type=gha,scope=${{ matrix.arch }}
7381
cache-to: type=gha,mode=max,scope=${{ matrix.arch }}
7482
provenance: false
75-
env:
76-
DOCKER_BUILD_RECORD_UPLOAD: false
7783

7884
create-manifest:
7985
name: create multi-arch manifest
@@ -86,24 +92,26 @@ jobs:
8692
with:
8793
username: ${{ env.DOCKER_USERNAME }}
8894
password: ${{ env.DOCKER_PASSWORD }}
89-
95+
9096
- name: Create and push multi-arch manifest
9197
run: |
98+
IMAGE_NAME=${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}
99+
VERSION=${{ needs.extract-version.outputs.VERSION }}
92100
# Create manifest for version tag
93101
docker manifest create \
94-
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }} \
95-
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}-amd64 \
96-
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}-arm64
97-
98-
docker manifest push ${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}
99-
102+
${IMAGE_NAME}:${VERSION} \
103+
${IMAGE_NAME}:${VERSION}-amd64 \
104+
${IMAGE_NAME}:${VERSION}-arm64
105+
106+
docker manifest push ${IMAGE_NAME}:${VERSION}
107+
100108
# Create manifest for latest tag
101109
docker manifest create \
102-
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:latest \
103-
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}-amd64 \
104-
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}-arm64
105-
106-
docker manifest push ${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:latest
110+
${IMAGE_NAME}:latest \
111+
${IMAGE_NAME}:${VERSION}-amd64 \
112+
${IMAGE_NAME}:${VERSION}-arm64
113+
114+
docker manifest push ${IMAGE_NAME}:latest
107115
108116
dry-run-summary:
109117
name: dry run summary
@@ -113,19 +121,22 @@ jobs:
113121
steps:
114122
- name: Summarize dry run
115123
run: |
124+
IMAGE_NAME=${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}
125+
VERSION=${{ needs.extract-version.outputs.VERSION }}
116126
echo "## 🧪 Reproducible Build Dry Run Summary"
117127
echo ""
118-
echo "✅ Successfully completed dry run for version ${{ needs.extract-version.outputs.VERSION }}"
128+
echo "✅ Successfully completed dry run for version ${VERSION}"
119129
echo ""
120130
echo "### What would happen in a real release:"
121131
echo "- Multi-arch reproducible Docker images would be built"
122132
echo "- Images would be pushed to Docker Hub as:"
123-
echo " - \`${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}\`"
124-
echo " - \`${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:latest\`"
133+
echo " - \`${IMAGE_NAME}:${VERSION}\`"
134+
echo " - \`${IMAGE_NAME}:latest\`"
125135
echo ""
126136
echo "### Architectures built:"
127137
echo "- linux/amd64 (x86_64-unknown-linux-gnu)"
128138
echo "- linux/arm64 (aarch64-unknown-linux-gnu)"
129139
echo ""
130140
echo "### Next Steps"
131-
echo "To perform a real release, push a git tag (e.g., \`git tag v4.6.0 && git push origin v4.6.0\`)"
141+
echo "To perform a real release, push a git tag"
142+
echo "(e.g., \`git tag v4.6.0 && git push origin v4.6.0\`)"

.github/workflows/reproducible-build.yml

Lines changed: 43 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,10 @@
11
name: reproducible-build
22

33
on:
4-
workflow_dispatch: {}
4+
workflow_dispatch: true
55
schedule:
6-
# Run every 2 days at 1 AM UTC
76
- cron: "0 1 */2 * *"
87
pull_request:
9-
# Also run on PRs that might affect reproducible builds
108
paths:
119
- "Makefile"
1210
- "Dockerfile.reproducible"
@@ -20,42 +18,46 @@ jobs:
2018
runs-on: ubuntu-latest
2119
steps:
2220
- uses: actions/checkout@v4
23-
21+
2422
- uses: dtolnay/rust-toolchain@stable
2523
with:
2624
target: x86_64-unknown-linux-gnu
27-
25+
2826
- name: Install build dependencies
2927
run: |
3028
sudo apt-get update
3129
sudo apt-get install -y libclang-dev cmake
32-
30+
3331
- name: Install cargo-cache
3432
run: cargo install cargo-cache
35-
33+
3634
- uses: Swatinem/rust-cache@v2
3735
with:
3836
cache-on-failure: true
3937
key: reproducible-build-x86_64
4038

4139
- name: Build Lighthouse (first build)
4240
run: |
43-
make build-reproducible RUST_TARGET=x86_64-unknown-linux-gnu
44-
cp target/x86_64-unknown-linux-gnu/release/lighthouse lighthouse-build-1
41+
make build-reproducible \
42+
RUST_TARGET=x86_64-unknown-linux-gnu
43+
cp target/x86_64-unknown-linux-gnu/release/lighthouse \
44+
lighthouse-build-1
4545
sha256sum lighthouse-build-1 > lighthouse-build-1.sha256
46-
46+
4747
- name: Clean build artifacts and cache
4848
run: |
4949
make clean
5050
cargo cache -a
5151
rm -rf target/
52-
52+
5353
- name: Build Lighthouse (second build)
5454
run: |
55-
make build-reproducible RUST_TARGET=x86_64-unknown-linux-gnu
56-
cp target/x86_64-unknown-linux-gnu/release/lighthouse lighthouse-build-2
55+
make build-reproducible \
56+
RUST_TARGET=x86_64-unknown-linux-gnu
57+
cp target/x86_64-unknown-linux-gnu/release/lighthouse \
58+
lighthouse-build-2
5759
sha256sum lighthouse-build-2 > lighthouse-build-2.sha256
58-
60+
5961
- name: Compare binaries
6062
run: |
6163
echo "=== Build 1 SHA256 ==="
@@ -69,7 +71,7 @@ jobs:
6971
echo "❌ Binaries differ - reproducible build FAILED"
7072
exit 1
7173
fi
72-
74+
7375
- name: Upload build artifacts (on failure)
7476
if: failure()
7577
uses: actions/upload-artifact@v4
@@ -86,42 +88,48 @@ jobs:
8688
runs-on: ubuntu-latest
8789
steps:
8890
- uses: actions/checkout@v4
89-
91+
9092
- uses: dtolnay/rust-toolchain@stable
9193
with:
9294
target: aarch64-unknown-linux-gnu
93-
95+
9496
- name: Install build dependencies and cross-compilation tools
9597
run: |
9698
sudo apt-get update
9799
sudo apt-get install -y libclang-dev cmake gcc-aarch64-linux-gnu
98-
100+
99101
- name: Install cargo-cache
100102
run: cargo install cargo-cache
101-
103+
102104
- uses: Swatinem/rust-cache@v2
103105
with:
104106
cache-on-failure: true
105107
key: reproducible-build-aarch64
106108

107109
- name: Build Lighthouse (first build)
108110
run: |
109-
make build-reproducible RUST_TARGET=aarch64-unknown-linux-gnu
110-
cp target/aarch64-unknown-linux-gnu/release/lighthouse lighthouse-build-1-arm64
111-
sha256sum lighthouse-build-1-arm64 > lighthouse-build-1-arm64.sha256
112-
111+
make build-reproducible \
112+
RUST_TARGET=aarch64-unknown-linux-gnu
113+
cp target/aarch64-unknown-linux-gnu/release/lighthouse \
114+
lighthouse-build-1-arm64
115+
sha256sum lighthouse-build-1-arm64 > \
116+
lighthouse-build-1-arm64.sha256
117+
113118
- name: Clean build artifacts and cache
114119
run: |
115120
make clean
116121
cargo cache -a
117122
rm -rf target/
118-
123+
119124
- name: Build Lighthouse (second build)
120125
run: |
121-
make build-reproducible RUST_TARGET=aarch64-unknown-linux-gnu
122-
cp target/aarch64-unknown-linux-gnu/release/lighthouse lighthouse-build-2-arm64
123-
sha256sum lighthouse-build-2-arm64 > lighthouse-build-2-arm64.sha256
124-
126+
make build-reproducible \
127+
RUST_TARGET=aarch64-unknown-linux-gnu
128+
cp target/aarch64-unknown-linux-gnu/release/lighthouse \
129+
lighthouse-build-2-arm64
130+
sha256sum lighthouse-build-2-arm64 > \
131+
lighthouse-build-2-arm64.sha256
132+
125133
- name: Compare binaries
126134
run: |
127135
echo "=== Build 1 SHA256 (ARM64) ==="
@@ -135,7 +143,7 @@ jobs:
135143
echo "❌ ARM64 binaries differ - reproducible build FAILED"
136144
exit 1
137145
fi
138-
146+
139147
- name: Upload build artifacts (on failure)
140148
if: failure()
141149
uses: actions/upload-artifact@v4
@@ -162,17 +170,19 @@ jobs:
162170
else
163171
echo "❌ **x86_64**: Reproducible builds FAILED"
164172
fi
165-
173+
166174
if [[ "${{ needs.build-aarch64.result }}" == "success" ]]; then
167175
echo "✅ **aarch64**: Reproducible builds PASSED"
168176
else
169177
echo "❌ **aarch64**: Reproducible builds FAILED"
170178
fi
171-
179+
172180
echo ""
173-
if [[ "${{ needs.build-x86_64.result }}" == "success" ]] && [[ "${{ needs.build-aarch64.result }}" == "success" ]]; then
181+
if [[ "${{ needs.build-x86_64.result }}" == "success" ]] \
182+
&& [[ "${{ needs.build-aarch64.result }}" == "success" ]]; then
174183
echo "🎉 **Overall**: All reproducible builds are working correctly!"
175184
else
176-
echo "⚠️ **Overall**: Some reproducible builds failed - check the logs above"
185+
echo "⚠️ **Overall**: Some reproducible builds failed"
186+
echo "Check the logs above"
177187
exit 1
178188
fi

0 commit comments

Comments
 (0)