diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml new file mode 100644 index 000000000..a1171ed04 --- /dev/null +++ b/.github/workflows/build-docker.yml @@ -0,0 +1,80 @@ +name: Build Docker image + +on: + workflow_call: + inputs: + tags: + description: "List of tags as key-value pair attributes" + required: false + type: string + +env: + GHCR_REPO: ghcr.io/defguard/defguard + +jobs: + build-docker: + runs-on: + - self-hosted + - Linux + - ${{ matrix.runner }} + strategy: + matrix: + cpu: [arm64, amd64] + include: + - cpu: arm64 + runner: ARM64 + - cpu: amd64 + runner: X64 + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive + - name: Login to GitHub container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["dockerhub-proxy.teonite.net"] + - name: Build container + uses: docker/build-push-action@v5 + with: + context: . + platforms: linux/${{ matrix.cpu }} + provenance: false + push: true + tags: ${{ env.GHCR_REPO }}:${{ github.sha }}-${{ matrix.cpu }} + cache-from: type=gha + cache-to: type=gha,mode=max + + docker-manifest: + runs-on: [self-hosted, Linux] + needs: [build-docker] + steps: + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.GHCR_REPO }} + tags: ${{ inputs.tags }} + - name: Login to GitHub container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Create manifest + run: | + docker manifest create ${{ env.GHCR_REPO }}:${{ github.sha }} \ + ${{ env.GHCR_REPO }}:${{ github.sha }}-amd64 \ + ${{ env.GHCR_REPO }}:${{ github.sha }}-arm64 + - name: Push manifest + run: | + docker manifest push ${{ env.GHCR_REPO }}:${{ github.sha }} diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml index c926a9ef7..adb1b552b 100644 --- a/.github/workflows/current.yml +++ b/.github/workflows/current.yml @@ -4,51 +4,28 @@ on: branches: - main - dev + - build_multiarch paths-ignore: - "*.md" - "LICENSE" +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +env: + GHCR_REPO: ghcr.io/defguard/defguard + jobs: - build-docker: - runs-on: [self-hosted, Linux, X64] - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: recursive - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: | - ghcr.io/defguard/defguard - tags: | - type=raw,value=current - type=ref,event=branch - type=sha - - name: Login to GitHub container registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - buildkitd-config-inline: | - [registry."docker.io"] - mirrors = ["dockerhub-proxy.teonite.net"] - - name: Build container - uses: docker/build-push-action@v5 - with: - context: . - platforms: linux/amd64 - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max - trigger-e2e: - needs: build-docker - uses: ./.github/workflows/e2e.yml - secrets: inherit + build-current: + uses: ./.github/workflows/build-docker.yml + with: + tags: | + type=raw,value=current + type=ref,event=branch + type=sha + + # trigger-e2e: + # needs: docker-manifest + # uses: ./.github/workflows/e2e.yml + # secrets: inherit diff --git a/.github/workflows/dev-deployment.yml b/.github/workflows/dev-deployment.yml index 8e903ebbc..3e0f72cc1 100644 --- a/.github/workflows/dev-deployment.yml +++ b/.github/workflows/dev-deployment.yml @@ -15,6 +15,6 @@ jobs: - name: Add SHORT_SHA env variable run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-7`" >> $GITHUB_ENV - name: Deploy new image version - uses: actions-hub/kubectl@v1.30.0 + uses: actions-hub/kubectl@v1.30.3 with: args: --namespace defguard-dev set image deployment/defguard defguard=ghcr.io/defguard/defguard:sha-${{ env.SHORT_SHA }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 8c9be3cd7..5c968f41d 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -16,44 +16,23 @@ env: jobs: rustdoc: runs-on: [self-hosted, Linux, X64] - container: rust:1.77 - services: - postgres: - image: postgres:15-alpine - env: - POSTGRES_DB: defguard - POSTGRES_USER: defguard - POSTGRES_PASSWORD: defguard - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 5s - --health-retries 5 - + container: rust:1-slim steps: - name: Checkout uses: actions/checkout@v4 with: submodules: recursive - - name: Set database URL - run: sed -i -e 's,localhost,postgres,' .env - - name: Install protoc run: apt-get update && apt-get -y install protobuf-compiler - name: Build Docs env: - DEFGUARD_DB_HOST: postgres - DEFGUARD_DB_PORT: 5432 - DEFGUARD_DB_NAME: defguard - DEFGUARD_DB_USER: defguard - DEFGUARD_DB_PASSWORD: defguard SQLX_OFFLINE: true - run: cargo doc --all --no-deps + run: cargo doc --no-deps --workspace - name: Deploy Docs - uses: peaceiris/actions-gh-pages@v3 + uses: peaceiris/actions-gh-pages@v4 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_branch: gh-pages diff --git a/.github/workflows/lint-e2e.yml b/.github/workflows/lint-e2e.yml index ac4257c7f..0ad127e09 100644 --- a/.github/workflows/lint-e2e.yml +++ b/.github/workflows/lint-e2e.yml @@ -19,7 +19,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: - node-version: 19 + node-version: 20 - name: install deps working-directory: ./e2e run: | diff --git a/.github/workflows/lint-web.yml b/.github/workflows/lint-web.yml index 6ed96e291..487825f26 100644 --- a/.github/workflows/lint-web.yml +++ b/.github/workflows/lint-web.yml @@ -21,7 +21,7 @@ jobs: submodules: "recursive" - uses: actions/setup-node@v4 with: - node-version: 19 + node-version: 20 - name: install deps working-directory: ./web run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index afd13f02e..14072bb93 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,49 +9,14 @@ concurrency: cancel-in-progress: true jobs: - publish-docker: - runs-on: [self-hosted, Linux, X64] - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: recursive - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: | - ghcr.io/DefGuard/defguard - tags: | - type=raw,value=latest - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=sha - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker BuildX - uses: docker/setup-buildx-action@v3 - with: - buildkitd-config-inline: | - [registry."docker.io"] - mirrors = ["dockerhub-proxy.teonite.net"] - - name: Login to GitHub container registry - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build container - uses: docker/build-push-action@v5 - with: - context: . - platforms: linux/amd64, linux/arm64 - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max + build-latest: + uses: ./.github/workflows/build-docker.yml + with: + tags: | + type=raw,value=latest + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=sha create-release: name: create-release @@ -61,14 +26,14 @@ jobs: steps: - name: Create GitHub release id: release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v2 if: startsWith(github.ref, 'refs/tags/') with: draft: true generate_release_notes: true build-binaries: - needs: ["create-release"] + needs: [create-release] runs-on: - self-hosted - ${{ matrix.os }}