diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a88b8ba4..5cbb2346 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -44,12 +44,6 @@ jobs: id-token: write # Needed to mint the OIDC token necessary to request a Sigstore signing certificate runs-on: ${{ contains(matrix.arch, 'arm') && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }} timeout-minutes: 120 - # Start a local docker registry to extract the compiled binaries to upload as artifacts and attest them - services: - registry: - image: registry@sha256:1fc7de654f2ac1247f0b67e8a459e273b0993be7d2beda1f3f56fbf1001ed3e7 # v3.0.0 - ports: - - 5000:5000 env: SOURCE_COMMIT: ${{ github.sha }} SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}" @@ -57,8 +51,6 @@ jobs: matrix: arch: ["amd64", "arm64", "arm/v7", "arm/v6"] base_image: ["debian","alpine"] - outputs: - base-tags: ${{ steps.determine-version.outputs.BASE_TAGS }} steps: - name: Initialize QEMU binfmt support @@ -96,19 +88,9 @@ jobs: NORMALIZED_ARCH="${MATRIX_ARCH//\/}" echo "NORMALIZED_ARCH=${NORMALIZED_ARCH}" | tee -a "${GITHUB_ENV}" - # Determine Base Tags and Source Version - - name: Determine Base Tags and Source Version - id: determine-version - env: - REF_TYPE: ${{ github.ref_type }} + # Determine Source Version + - name: Determine Source Version run: | - # Check which main tag we are going to build determined by ref_type - if [[ "${REF_TYPE}" == "tag" ]]; then - echo "BASE_TAGS=latest,${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_OUTPUT}" - elif [[ "${REF_TYPE}" == "branch" ]]; then - echo "BASE_TAGS=testing" | tee -a "${GITHUB_OUTPUT}" - fi - # Get the Source Version for this release GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null || true)" if [[ -n "${GIT_EXACT_TAG}" ]]; then @@ -117,7 +99,6 @@ jobs: GIT_LAST_TAG="$(git describe --tags --abbrev=0)" echo "SOURCE_VERSION=${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}" fi - # End Determine Base Tags # Login to Docker Hub - name: Login to Docker Hub @@ -183,10 +164,6 @@ jobs: fi # - - name: Add localhost registry - run: | - echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}localhost:5000/vaultwarden/server" | tee -a "${GITHUB_ENV}" - - name: Generate tags id: tags env: @@ -220,6 +197,7 @@ jobs: *.cache-to=${{ env.BAKE_CACHE_TO }} *.platform=linux/${{ matrix.arch }} ${{ env.TAGS }} + *.output=type=local,dest=./output *.output=type=image,push-by-digest=true,name-canonical=true,push=true - name: Extract digest SHA @@ -247,33 +225,11 @@ jobs: if-no-files-found: error retention-days: 1 - # Extract the Alpine binaries from the containers - - name: Extract binaries + - name: Rename binaries to match target platform env: - REF_TYPE: ${{ github.ref_type }} - BASE_IMAGE: ${{ matrix.base_image }} - DIGEST_SHA: ${{ env.DIGEST_SHA }} NORMALIZED_ARCH: ${{ env.NORMALIZED_ARCH }} run: | - # Check which main tag we are going to build determined by ref_type - if [[ "${REF_TYPE}" == "tag" ]]; then - EXTRACT_TAG="latest" - elif [[ "${REF_TYPE}" == "branch" ]]; then - EXTRACT_TAG="testing" - fi - - # Check which base_image was used and append -alpine if needed - if [[ "${BASE_IMAGE}" == "alpine" ]]; then - EXTRACT_TAG="${EXTRACT_TAG}-alpine" - fi - - CONTAINER_ID="$(docker create "localhost:5000/vaultwarden/server:${EXTRACT_TAG}@${DIGEST_SHA}")" - - # Copy the binary - docker cp "$CONTAINER_ID":/vaultwarden vaultwarden-"${NORMALIZED_ARCH}" - - # Clean up - docker rm "$CONTAINER_ID" + mv ./output/vaultwarden vaultwarden-"${NORMALIZED_ARCH}" # Upload artifacts to Github Actions and Attest the binaries - name: Attest binaries @@ -291,15 +247,10 @@ jobs: name: Merge manifests runs-on: ubuntu-latest needs: docker-build - - env: - BASE_TAGS: ${{ needs.docker-build.outputs.base-tags }} - permissions: packages: write # Needed to upload packages and artifacts attestations: write # Needed to generate an artifact attestation for a build id-token: write # Needed to mint the OIDC token necessary to request a Sigstore signing certificate - strategy: matrix: base_image: ["debian","alpine"] @@ -359,6 +310,18 @@ jobs: run: | echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${QUAY_REPO}" | tee -a "${GITHUB_ENV}" + # Determine Base Tags + - name: Determine Base Tags + env: + REF_TYPE: ${{ github.ref_type }} + run: | + # Check which main tag we are going to build determined by ref_type + if [[ "${REF_TYPE}" == "tag" ]]; then + echo "BASE_TAGS=latest,${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_ENV}" + elif [[ "${REF_TYPE}" == "branch" ]]; then + echo "BASE_TAGS=testing" | tee -a "${GITHUB_ENV}" + fi + - name: Create manifest list, push it and extract digest SHA working-directory: ${{ runner.temp }}/digests env: diff --git a/Cargo.lock b/Cargo.lock index 2c5f1697..6e41c4b8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -221,9 +221,9 @@ dependencies = [ [[package]] name = "async-lock" -version = "3.4.1" +version = "3.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5fd03604047cee9b6ce9de9f70c6cd540a0520c813cbd49bae61f33ab80ed1dc" +checksum = "290f7f2596bd5b78a9fec8088ccd89180d7f9f55b94b0576823bbbdc72ee8311" dependencies = [ "event-listener 5.4.1", "event-listener-strategy", @@ -1411,18 +1411,18 @@ dependencies = [ [[package]] name = "derive_more" -version = "2.1.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10b768e943bed7bf2cab53df09f4bc34bfd217cdb57d971e769874c9a6710618" +checksum = "d751e9e49156b02b44f9c1815bcb94b984cdcc4396ecc32521c739452808b134" dependencies = [ "derive_more-impl", ] [[package]] name = "derive_more-impl" -version = "2.1.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d286bfdaf75e988b4a78e013ecd79c581e06399ab53fbacd2d916c2f904f30b" +checksum = "799a97264921d8623a957f6c3b9011f3b5492f557bbb7a5a19b7fa6d06ba8dcb" dependencies = [ "convert_case", "proc-macro2", @@ -2690,9 +2690,9 @@ dependencies = [ [[package]] name = "itoa" -version = "1.0.15" +version = "1.0.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c" +checksum = "7ee5b5339afb4c41626dde77b7a611bd4f2c202b897852b4bcf5d03eddc61010" [[package]] name = "jetscii" @@ -3072,9 +3072,9 @@ dependencies = [ [[package]] name = "moka" -version = "0.12.11" +version = "0.12.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8261cd88c312e0004c1d51baad2980c66528dfdb2bee62003e643a4d8f86b077" +checksum = "a3dec6bd31b08944e08b58fd99373893a6c17054d6f3ea5006cc894f4f4eee2a" dependencies = [ "crossbeam-channel", "crossbeam-epoch", @@ -3082,7 +3082,6 @@ dependencies = [ "equivalent", "parking_lot", "portable-atomic", - "rustc_version", "smallvec", "tagptr", "uuid", @@ -4217,9 +4216,9 @@ dependencies = [ [[package]] name = "reqwest" -version = "0.12.26" +version = "0.12.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b4c14b2d9afca6a60277086b0cc6a6ae0b568f6f7916c943a8cdc79f8be240f" +checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147" dependencies = [ "base64 0.22.1", "bytes", @@ -4490,9 +4489,9 @@ dependencies = [ [[package]] name = "rustix" -version = "1.1.2" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd15f8a2c5551a84d56efdc1cd049089e409ac19a3072d5037a17fd70719ff3e" +checksum = "146c9e247ccc180c1f61615433868c99f3de3ae256a30a43b49f67c2d9171f34" dependencies = [ "bitflags", "errno", @@ -4588,9 +4587,9 @@ checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" [[package]] name = "ryu" -version = "1.0.20" +version = "1.0.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f" +checksum = "62049b2877bf12821e8f9ad256ee38fdc31db7387ec2d3b3f403024de2034aea" [[package]] name = "salsa20" @@ -4797,9 +4796,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.145" +version = "1.0.146" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c" +checksum = "217ca874ae0207aac254aa02c957ded05585a90892cc8d87f9e5fa49669dadd8" dependencies = [ "itoa", "memchr", diff --git a/Cargo.toml b/Cargo.toml index 2ee9d9a8..277301ef 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -91,7 +91,7 @@ serde_json = "1.0.145" diesel = { version = "2.3.5", features = ["chrono", "r2d2", "numeric"] } diesel_migrations = "2.3.1" -derive_more = { version = "2.1.0", features = ["from", "into", "as_ref", "deref", "display"] } +derive_more = { version = "2.1.1", features = ["from", "into", "as_ref", "deref", "display"] } diesel-derive-newtype = "2.1.2" # Bundled/Static SQLite @@ -144,7 +144,7 @@ email_address = "0.2.9" handlebars = { version = "6.3.2", features = ["dir_source"] } # HTTP client (Used for favicons, version check, DUO and HIBP API) -reqwest = { version = "0.12.26", features = ["rustls-tls", "rustls-tls-native-roots", "stream", "json", "deflate", "gzip", "brotli", "zstd", "socks", "cookies", "charset", "http2", "system-proxy"], default-features = false} +reqwest = { version = "0.12.28", features = ["rustls-tls", "rustls-tls-native-roots", "stream", "json", "deflate", "gzip", "brotli", "zstd", "socks", "cookies", "charset", "http2", "system-proxy"], default-features = false} hickory-resolver = "0.25.2" # Favicon extraction libraries