name: Cross build packages concurrency: group: build-packages-${{ github.event_name }}-${{ github.ref }} cancel-in-progress: true on: workflow_call: inputs: profile: required: true type: string publish: required: true type: boolean otp_vsn: required: true type: string elixir_vsn: required: true type: string builder_vsn: required: true type: string secrets: AWS_ACCESS_KEY_ID: required: true AWS_SECRET_ACCESS_KEY: required: true AWS_DEFAULT_REGION: required: true AWS_S3_BUCKET: required: true AWS_CLOUDFRONT_ID: required: true APPLE_ID_PASSWORD: required: true APPLE_DEVELOPER_IDENTITY: required: true APPLE_DEVELOPER_ID_BUNDLE: required: true APPLE_DEVELOPER_ID_BUNDLE_PASSWORD: required: true workflow_dispatch: inputs: ref: required: false profile: required: true default: 'emqx' publish: required: false type: boolean default: false otp_vsn: required: false type: string default: '26.2.5-2' elixir_vsn: required: false type: string default: '1.15.7' builder_vsn: required: false type: string default: '5.3-8' permissions: contents: read jobs: mac: strategy: fail-fast: false matrix: profile: - ${{ inputs.profile }} os: - macos-13 - macos-14 otp: - ${{ inputs.otp_vsn }} runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ github.event.inputs.ref }} fetch-depth: 0 - uses: ./.github/actions/package-macos with: profile: ${{ matrix.profile }} otp: ${{ matrix.otp }} os: ${{ matrix.os }} apple_id_password: ${{ secrets.APPLE_ID_PASSWORD }} apple_developer_identity: ${{ secrets.APPLE_DEVELOPER_IDENTITY }} apple_developer_id_bundle: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE }} apple_developer_id_bundle_password: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE_PASSWORD }} - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 if: success() with: name: ${{ matrix.profile }}-${{ matrix.os }}-${{ matrix.otp }} path: _packages/${{ matrix.profile }}/ retention-days: 7 linux: runs-on: [self-hosted, ephemeral, linux, "${{ matrix.arch == 'arm64' && 'arm64' || 'x64' }}"] strategy: fail-fast: false matrix: profile: - ${{ inputs.profile }} os: - ubuntu24.04 - ubuntu22.04 - ubuntu20.04 - debian12 - debian11 - debian10 - el9 - el8 - amzn2 - amzn2023 arch: - amd64 - arm64 with_elixir: - 'no' otp: - ${{ inputs.otp_vsn }} builder: - ${{ inputs.builder_vsn }} elixir: - ${{ inputs.elixir_vsn }} include: - profile: ${{ inputs.profile }} os: ubuntu22.04 arch: amd64 with_elixir: 'yes' otp: ${{ inputs.otp_vsn }} builder: ${{ inputs.builder_vsn }} elixir: ${{ inputs.elixir_vsn }} defaults: run: shell: bash steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ github.event.inputs.ref }} fetch-depth: 0 - name: build tgz env: PROFILE: ${{ matrix.profile }} ARCH: ${{ matrix.arch }} OS: ${{ matrix.os }} IS_ELIXIR: ${{ matrix.with_elixir }} BUILDER: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}" BUILDER_SYSTEM: force_docker run: | ./scripts/buildx.sh \ --profile $PROFILE \ --arch $ARCH \ --builder $BUILDER \ --elixir $IS_ELIXIR \ --pkgtype tgz - name: build pkg if: matrix.with_elixir == 'no' env: PROFILE: ${{ matrix.profile }} ARCH: ${{ matrix.arch }} OS: ${{ matrix.os }} IS_ELIXIR: ${{ matrix.with_elixir }} BUILDER: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}" BUILDER_SYSTEM: force_docker run: | ./scripts/buildx.sh \ --profile $PROFILE \ --arch $ARCH \ --builder $BUILDER \ --elixir $IS_ELIXIR \ --pkgtype pkg - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: ${{ matrix.profile }}-${{ matrix.os }}-${{ matrix.arch }}${{ matrix.with_elixir == 'yes' && '-elixir' || '' }}-${{ matrix.builder }}-${{ matrix.otp }}-${{ matrix.elixir }} path: _packages/${{ matrix.profile }}/ retention-days: 7 publish_artifacts: runs-on: ubuntu-latest needs: - mac - linux if: inputs.publish strategy: fail-fast: false matrix: profile: - ${{ inputs.profile }} steps: - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: pattern: "${{ matrix.profile }}-*" path: packages/${{ matrix.profile }} merge-multiple: true - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ secrets.AWS_DEFAULT_REGION }} - name: upload to aws s3 env: PROFILE: ${{ matrix.profile }} REF_NAME: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.ref || github.ref_name }} AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} AWS_CLOUDFRONT_ID: ${{ secrets.AWS_CLOUDFRONT_ID }} run: | set -eu if [ $PROFILE = 'emqx' ]; then s3dir='emqx-ce' elif [ $PROFILE = 'emqx-enterprise' ]; then s3dir='emqx-ee' else echo "unknown profile $PROFILE" exit 1 fi aws s3 cp --recursive packages/$PROFILE s3://$AWS_S3_BUCKET/$s3dir/$REF_NAME aws cloudfront create-invalidation --distribution-id "$AWS_CLOUDFRONT_ID" --paths "/$s3dir/$REF_NAME/*"