ci: update build for multi-machine architecture support
sonarqube / sonarqube (push) Successful in 2m22s

This commit is contained in:
2026-01-26 13:06:28 +07:00
parent bb32f25954
commit 99cb9ac35a
2 changed files with 154 additions and 98 deletions
+138 -90
View File
@@ -1,25 +1,14 @@
name: Docker Build and Push
on:
push:
branches:
- main
- staging
tags:
- 'v*'
paths:
- '**.go'
- 'go.mod'
- 'go.sum'
- 'Dockerfile'
- 'Dockerfile.*'
- '.dockerignore'
- '.gitea/workflows/build.yml'
workflow_run:
workflows: [SonarQube Trigger, sonarqube]
types:
- completed
jobs:
build-and-push-branches:
runs-on: ubuntu-latest
if: github.ref_type == 'branch'
build-amd64:
runs-on: [ubuntu-latest, amd64]
steps:
- name: Checkout repository
@@ -28,7 +17,7 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
- name: Log in to Docker Registry
uses: docker/login-action@v3
with:
registry: git.fossy.my.id
@@ -38,45 +27,46 @@ jobs:
- name: Set version variables
id: vars
run: |
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
echo "VERSION=dev-main" >> $GITHUB_OUTPUT
if [ "${{ github.ref_type }}" == "tag" ]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ "${{ github.ref }}" == "refs/heads/main" ]; then
VERSION=dev-main
else
echo "VERSION=dev-staging" >> $GITHUB_OUTPUT
VERSION=dev-staging
fi
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
echo "COMMIT=${{ github.sha }}" >> $GITHUB_OUTPUT
- name: Build and push Docker image for main
- name: Build and push AMD64 image
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: |
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:latest
platforms: linux/amd64,linux/arm64
tags: git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${{ steps.vars.outputs.VERSION }}-amd64
platforms: linux/amd64
build-args: |
VERSION=${{ steps.vars.outputs.VERSION }}
BUILD_DATE=${{ steps.vars.outputs.BUILD_DATE }}
COMMIT=${{ steps.vars.outputs.COMMIT }}
if: github.ref == 'refs/heads/main'
outputs: type=image,name=git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please,push-by-digest=true,name-canonical=true,push=true
- name: Build and push Docker image for staging
uses: docker/build-push-action@v6
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
context: .
push: true
tags: |
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:staging
platforms: linux/amd64,linux/arm64
build-args: |
VERSION=${{ steps.vars.outputs.VERSION }}
BUILD_DATE=${{ steps.vars.outputs.BUILD_DATE }}
COMMIT=${{ steps.vars.outputs.COMMIT }}
if: github.ref == 'refs/heads/staging'
name: digests-amd64
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
build-and-push-tags:
runs-on: ubuntu-latest
if: github.ref_type == 'tag' && startsWith(github.ref, 'refs/tags/v')
build-arm64:
runs-on: [ubuntu-latest, arm64]
steps:
- name: Checkout repository
@@ -85,68 +75,126 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
- name: Log in to Docker Registry
uses: docker/login-action@v3
with:
registry: git.fossy.my.id
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Extract version and determine release type
id: version
- name: Set version variables
id: vars
run: |
VERSION=${GITHUB_REF#refs/tags/v}
if [ "${{ github.ref_type }}" == "tag" ]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ "${{ github.ref }}" == "refs/heads/main" ]; then
VERSION=dev-main
else
VERSION=dev-staging
fi
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
echo "COMMIT=${{ github.sha }}" >> $GITHUB_OUTPUT
- name: Build and push ARM64 image
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${{ steps.vars.outputs.VERSION }}-arm64
platforms: linux/arm64
build-args: |
VERSION=${{ steps.vars.outputs.VERSION }}
BUILD_DATE=${{ steps.vars.outputs.BUILD_DATE }}
COMMIT=${{ steps.vars.outputs.COMMIT }}
outputs: type=image,name=git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please,push-by-digest=true,name-canonical=true,push=true
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-arm64
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
runs-on: ubuntu-latest
needs:
- build-amd64
- build-arm64
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Registry
uses: docker/login-action@v3
with:
registry: git.fossy.my.id
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Determine tags
id: tags
run: |
TAGS=""
if echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?$'; then
MAJOR=$(echo "$VERSION" | cut -d. -f1)
MINOR=$(echo "$VERSION" | cut -d. -f2)
echo "MAJOR=$MAJOR" >> $GITHUB_OUTPUT
echo "MINOR=$MINOR" >> $GITHUB_OUTPUT
if echo "$VERSION" | grep -q '-'; then
echo "IS_PRERELEASE=true" >> $GITHUB_OUTPUT
echo "ADDITIONAL_TAG=staging" >> $GITHUB_OUTPUT
if [ "${{ github.ref_type }}" == "tag" ]; then
VERSION=${GITHUB_REF#refs/tags/v}
if echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?$'; then
MAJOR=$(echo "$VERSION" | cut -d. -f1)
MINOR=$(echo "$VERSION" | cut -d. -f2)
TAGS="v${VERSION}"
if echo "$VERSION" | grep -q '-'; then
TAGS="${TAGS},staging"
else
TAGS="${TAGS},v${MAJOR}.${MINOR},v${MAJOR},latest"
fi
else
echo "IS_PRERELEASE=false" >> $GITHUB_OUTPUT
echo "ADDITIONAL_TAG=latest" >> $GITHUB_OUTPUT
echo "Invalid version format: $VERSION"
exit 1
fi
else
echo "Invalid version format: $VERSION"
exit 1
elif [ "${{ github.ref }}" == "refs/heads/main" ]; then
TAGS="latest"
elif [ "${{ github.ref }}" == "refs/heads/staging" ]; then
TAGS="staging"
fi
echo "TAGS=$TAGS" >> $GITHUB_OUTPUT
- name: Build and push Docker image for release
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: |
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:v${{ steps.version.outputs.VERSION }}
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:v${{ steps.version.outputs.MAJOR }}.${{ steps.version.outputs.MINOR }}
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:v${{ steps.version.outputs.MAJOR }}
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${{ steps.version.outputs.ADDITIONAL_TAG }}
platforms: linux/amd64,linux/arm64
build-args: |
VERSION=${{ steps.version.outputs.VERSION }}
BUILD_DATE=${{ steps.version.outputs.BUILD_DATE }}
COMMIT=${{ steps.version.outputs.COMMIT }}
if: steps.version.outputs.IS_PRERELEASE == 'false'
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
IFS=',' read -ra TAG_ARRAY <<< "${{ steps.tags.outputs.TAGS }}"
CMD="docker buildx imagetools create"
for tag in "${TAG_ARRAY[@]}"; do
CMD="$CMD -t git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${tag}"
done
CMD="$CMD $(printf 'git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please@sha256:%s ' *)"
eval $CMD
- name: Build and push Docker image for pre-release
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: |
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:v${{ steps.version.outputs.VERSION }}
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${{ steps.version.outputs.ADDITIONAL_TAG }}
platforms: linux/amd64,linux/arm64
build-args: |
VERSION=${{ steps.version.outputs.VERSION }}
BUILD_DATE=${{ steps.version.outputs.BUILD_DATE }}
COMMIT=${{ steps.version.outputs.COMMIT }}
if: steps.version.outputs.IS_PRERELEASE == 'true'
- name: Inspect image
run: |
IFS=',' read -ra TAG_ARRAY <<< "${{ steps.tags.outputs.TAGS }}"
FIRST_TAG="${TAG_ARRAY[0]}"
docker buildx imagetools inspect git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${FIRST_TAG}
+16 -8
View File
@@ -1,12 +1,12 @@
name: sonarqube
on:
push:
pull_request:
types: [opened, synchronize, reopened]
name: SonarQube Scan
jobs:
sonarqube:
name: SonarQube Trigger
runs-on: ubuntu-latest
steps:
- name: Checking out
@@ -42,14 +42,22 @@ jobs:
- name: Set SonarQube project key
run: |
BRANCH_NAME=${GITHUB_REF#refs/heads/}
if [ "$BRANCH_NAME" = "main" ]; then
SONAR_PROJECT_KEY="tunnel-please"
else
BRANCH_KEY=${BRANCH_NAME//\//-}
if [[ "$GITHUB_REF" == refs/tags/* ]]; then
TAG_NAME=${GITHUB_REF#refs/tags/}
BRANCH_KEY=${TAG_NAME//\//-}
SONAR_PROJECT_KEY="tunnel-please-$BRANCH_KEY"
elif [[ "$GITHUB_REF" == refs/heads/* ]]; then
BRANCH_NAME=${GITHUB_REF#refs/heads/}
if [ "$BRANCH_NAME" = "main" ]; then
SONAR_PROJECT_KEY="tunnel-please"
else
BRANCH_KEY=${BRANCH_NAME//\//-}
SONAR_PROJECT_KEY="tunnel-please-$BRANCH_KEY"
fi
else
SONAR_PROJECT_KEY="tunnel-please"
fi
echo "SONAR_PROJECT_KEY=tunnel-please-$BRANCH_KEY" >> $GITHUB_ENV
echo "SONAR_PROJECT_KEY=$SONAR_PROJECT_KEY" >> $GITHUB_ENV
echo "Using SonarQube Project Key: $SONAR_PROJECT_KEY"
- name: SonarQube Scan