ci(container-build-push): set RUST_VERSION from rust-toolchain.toml

Signed-off-by: Siddhesh Mhadnak <[email protected]>
vipyrsec · Aug 31, 2024 · f894d21 · f894d21
1 parent 08290bc
commit f894d21
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 8 deletions.
diff --git a/.github/workflows/container-build-push.yaml b/.github/workflows/container-build-push.yaml
@@ -9,6 +9,10 @@ on:
       - v*
   pull_request:
 
+defaults:
+  run:
+    shell: bash
+
 permissions:
   contents: read
   packages: write
@@ -35,10 +39,9 @@ jobs:
         platform:
           - linux/amd64
 
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
 
       - name: Install cosign
         uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20  # v3.5.0
@@ -90,11 +93,24 @@ jobs:
           restore-keys: |
             rust-buildkit-cache-${{ matrix.platform }}-
 
+      - name: Read Rust channel
+        id: rust-channel
+        run: |
+          python3 <<'EOF' >"${GITHUB_ENV}"
+          from tomllib import loads
+          from pathlib import Path
+
+          rust_toolchain = loads(Path("./rust-toolchain.toml").read_text())
+          print(f"RUST_VERSION={rust_toolchain["toolchain"]["channel"]}")
+          EOF
+
       - name: Build and push Docker image
         id: docker_build_push
         uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445  # v6.5.0
         with:
           builder: ${{ steps.buildx.outputs.name }}
+          build-args: |
+            RUST_VERSION=${{ env.RUST_VERSION }}
           cache-from: type=gha,scope=${{ matrix.platform }}
           cache-to: type=gha,mode=max,scope=${{ matrix.platform }}
           file: Containerfile
@@ -118,7 +134,6 @@ jobs:
       # https://github.com/sigstore/cosign
       - name: Sign the published Docker image
         if: ${{ github.ref == 'refs/heads/main' || startswith(github.event.ref, 'refs/tags/v') }}
-        shell: bash
         # This step uses the identity token to provision an ephemeral certificate against the sigstore community Fulcio
         # instance.
         run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.docker_build_push.outputs.digest }}
@@ -144,7 +159,7 @@ jobs:
     needs:
       - build-push
 
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Download digests
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16  # v4.1.8
@@ -175,15 +190,13 @@ jobs:
             type=sha,format=long
 
       - name: Create manifest list and push
-        shell: bash
         working-directory: /tmp/digests
         run: >
           docker buildx imagetools create \
             $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "${DOCKER_METADATA_OUTPUT_JSON}") \
             $(printf ' ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
 
       - name: Inspect image
-        shell: bash
         run: >-
           docker buildx imagetools inspect \
             '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.docker_meta.outputs.version }}'
diff --git a/Containerfile b/Containerfile
@@ -3,7 +3,7 @@
 ARG DEBIAN_VERSION=bookworm
 ARG DEBIAN_VERSION_NUMBER=12
 ARG PROJECT=dragonfly-client-rs
-ARG RUST_VERSION=1.80
+ARG RUST_VERSION=1
 ARG RUSTFLAGS="-L/usr/local/lib"
 
 ARG YARA_VERSION=4.5.1