ci: update build for multi-machine architecture support
sonarqube / SonarQube Trigger (push) Successful in 2m22s
sonarqube / SonarQube Trigger (push) Successful in 2m22s
This commit is contained in:
+128
-80
@@ -1,25 +1,14 @@
|
||||
name: Docker Build and Push
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- staging
|
||||
tags:
|
||||
- 'v*'
|
||||
paths:
|
||||
- '**.go'
|
||||
- 'go.mod'
|
||||
- 'go.sum'
|
||||
- 'Dockerfile'
|
||||
- 'Dockerfile.*'
|
||||
- '.dockerignore'
|
||||
- '.gitea/workflows/build.yml'
|
||||
workflow_run:
|
||||
workflows: ["sonarqube"]
|
||||
types:
|
||||
- completed
|
||||
|
||||
jobs:
|
||||
build-and-push-branches:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.ref_type == 'branch'
|
||||
build-amd64:
|
||||
runs-on: [ubuntu-latest, amd64]
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
@@ -28,7 +17,7 @@ jobs:
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Log in to Docker Hub
|
||||
- name: Log in to Docker Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: git.fossy.my.id
|
||||
@@ -38,45 +27,46 @@ jobs:
|
||||
- name: Set version variables
|
||||
id: vars
|
||||
run: |
|
||||
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
||||
echo "VERSION=dev-main" >> $GITHUB_OUTPUT
|
||||
if [ "${{ github.ref_type }}" == "tag" ]; then
|
||||
VERSION=${GITHUB_REF#refs/tags/v}
|
||||
elif [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
||||
VERSION=dev-main
|
||||
else
|
||||
echo "VERSION=dev-staging" >> $GITHUB_OUTPUT
|
||||
VERSION=dev-staging
|
||||
fi
|
||||
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
|
||||
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
|
||||
echo "COMMIT=${{ github.sha }}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Build and push Docker image for main
|
||||
- name: Build and push AMD64 image
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: |
|
||||
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:latest
|
||||
platforms: linux/amd64,linux/arm64
|
||||
tags: git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${{ steps.vars.outputs.VERSION }}-amd64
|
||||
platforms: linux/amd64
|
||||
build-args: |
|
||||
VERSION=${{ steps.vars.outputs.VERSION }}
|
||||
BUILD_DATE=${{ steps.vars.outputs.BUILD_DATE }}
|
||||
COMMIT=${{ steps.vars.outputs.COMMIT }}
|
||||
if: github.ref == 'refs/heads/main'
|
||||
outputs: type=image,name=git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please,push-by-digest=true,name-canonical=true,push=true
|
||||
|
||||
- name: Build and push Docker image for staging
|
||||
uses: docker/build-push-action@v6
|
||||
- name: Export digest
|
||||
run: |
|
||||
mkdir -p /tmp/digests
|
||||
digest="${{ steps.build.outputs.digest }}"
|
||||
touch "/tmp/digests/${digest#sha256:}"
|
||||
|
||||
- name: Upload digest
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: |
|
||||
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:staging
|
||||
platforms: linux/amd64,linux/arm64
|
||||
build-args: |
|
||||
VERSION=${{ steps.vars.outputs.VERSION }}
|
||||
BUILD_DATE=${{ steps.vars.outputs.BUILD_DATE }}
|
||||
COMMIT=${{ steps.vars.outputs.COMMIT }}
|
||||
if: github.ref == 'refs/heads/staging'
|
||||
name: digests-amd64
|
||||
path: /tmp/digests/*
|
||||
if-no-files-found: error
|
||||
retention-days: 1
|
||||
|
||||
build-and-push-tags:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.ref_type == 'tag' && startsWith(github.ref, 'refs/tags/v')
|
||||
build-arm64:
|
||||
runs-on: [ubuntu-latest, arm64]
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
@@ -85,68 +75,126 @@ jobs:
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Log in to Docker Hub
|
||||
- name: Log in to Docker Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: git.fossy.my.id
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
|
||||
- name: Extract version and determine release type
|
||||
id: version
|
||||
- name: Set version variables
|
||||
id: vars
|
||||
run: |
|
||||
if [ "${{ github.ref_type }}" == "tag" ]; then
|
||||
VERSION=${GITHUB_REF#refs/tags/v}
|
||||
elif [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
||||
VERSION=dev-main
|
||||
else
|
||||
VERSION=dev-staging
|
||||
fi
|
||||
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
|
||||
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
|
||||
echo "COMMIT=${{ github.sha }}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Build and push ARM64 image
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${{ steps.vars.outputs.VERSION }}-arm64
|
||||
platforms: linux/arm64
|
||||
build-args: |
|
||||
VERSION=${{ steps.vars.outputs.VERSION }}
|
||||
BUILD_DATE=${{ steps.vars.outputs.BUILD_DATE }}
|
||||
COMMIT=${{ steps.vars.outputs.COMMIT }}
|
||||
outputs: type=image,name=git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please,push-by-digest=true,name-canonical=true,push=true
|
||||
|
||||
- name: Export digest
|
||||
run: |
|
||||
mkdir -p /tmp/digests
|
||||
digest="${{ steps.build.outputs.digest }}"
|
||||
touch "/tmp/digests/${digest#sha256:}"
|
||||
|
||||
- name: Upload digest
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: digests-arm64
|
||||
path: /tmp/digests/*
|
||||
if-no-files-found: error
|
||||
retention-days: 1
|
||||
|
||||
merge:
|
||||
runs-on: ubuntu-latest
|
||||
needs:
|
||||
- build-amd64
|
||||
- build-arm64
|
||||
|
||||
steps:
|
||||
- name: Download digests
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
path: /tmp/digests
|
||||
pattern: digests-*
|
||||
merge-multiple: true
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Log in to Docker Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: git.fossy.my.id
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
|
||||
- name: Determine tags
|
||||
id: tags
|
||||
run: |
|
||||
TAGS=""
|
||||
|
||||
if [ "${{ github.ref_type }}" == "tag" ]; then
|
||||
VERSION=${GITHUB_REF#refs/tags/v}
|
||||
|
||||
if echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?$'; then
|
||||
MAJOR=$(echo "$VERSION" | cut -d. -f1)
|
||||
MINOR=$(echo "$VERSION" | cut -d. -f2)
|
||||
|
||||
echo "MAJOR=$MAJOR" >> $GITHUB_OUTPUT
|
||||
echo "MINOR=$MINOR" >> $GITHUB_OUTPUT
|
||||
TAGS="v${VERSION}"
|
||||
|
||||
if echo "$VERSION" | grep -q '-'; then
|
||||
echo "IS_PRERELEASE=true" >> $GITHUB_OUTPUT
|
||||
echo "ADDITIONAL_TAG=staging" >> $GITHUB_OUTPUT
|
||||
TAGS="${TAGS},staging"
|
||||
else
|
||||
echo "IS_PRERELEASE=false" >> $GITHUB_OUTPUT
|
||||
echo "ADDITIONAL_TAG=latest" >> $GITHUB_OUTPUT
|
||||
TAGS="${TAGS},v${MAJOR}.${MINOR},v${MAJOR},latest"
|
||||
fi
|
||||
else
|
||||
echo "Invalid version format: $VERSION"
|
||||
exit 1
|
||||
fi
|
||||
elif [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
||||
TAGS="latest"
|
||||
elif [ "${{ github.ref }}" == "refs/heads/staging" ]; then
|
||||
TAGS="staging"
|
||||
fi
|
||||
|
||||
- name: Build and push Docker image for release
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: |
|
||||
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:v${{ steps.version.outputs.VERSION }}
|
||||
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:v${{ steps.version.outputs.MAJOR }}.${{ steps.version.outputs.MINOR }}
|
||||
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:v${{ steps.version.outputs.MAJOR }}
|
||||
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${{ steps.version.outputs.ADDITIONAL_TAG }}
|
||||
platforms: linux/amd64,linux/arm64
|
||||
build-args: |
|
||||
VERSION=${{ steps.version.outputs.VERSION }}
|
||||
BUILD_DATE=${{ steps.version.outputs.BUILD_DATE }}
|
||||
COMMIT=${{ steps.version.outputs.COMMIT }}
|
||||
if: steps.version.outputs.IS_PRERELEASE == 'false'
|
||||
echo "TAGS=$TAGS" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Build and push Docker image for pre-release
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: |
|
||||
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:v${{ steps.version.outputs.VERSION }}
|
||||
git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${{ steps.version.outputs.ADDITIONAL_TAG }}
|
||||
platforms: linux/amd64,linux/arm64
|
||||
build-args: |
|
||||
VERSION=${{ steps.version.outputs.VERSION }}
|
||||
BUILD_DATE=${{ steps.version.outputs.BUILD_DATE }}
|
||||
COMMIT=${{ steps.version.outputs.COMMIT }}
|
||||
if: steps.version.outputs.IS_PRERELEASE == 'true'
|
||||
- name: Create manifest list and push
|
||||
working-directory: /tmp/digests
|
||||
run: |
|
||||
IFS=',' read -ra TAG_ARRAY <<< "${{ steps.tags.outputs.TAGS }}"
|
||||
|
||||
CMD="docker buildx imagetools create"
|
||||
|
||||
for tag in "${TAG_ARRAY[@]}"; do
|
||||
CMD="$CMD -t git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${tag}"
|
||||
done
|
||||
|
||||
CMD="$CMD $(printf 'git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please@sha256:%s ' *)"
|
||||
|
||||
eval $CMD
|
||||
|
||||
- name: Inspect image
|
||||
run: |
|
||||
IFS=',' read -ra TAG_ARRAY <<< "${{ steps.tags.outputs.TAGS }}"
|
||||
FIRST_TAG="${TAG_ARRAY[0]}"
|
||||
docker buildx imagetools inspect git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${FIRST_TAG}
|
||||
@@ -1,9 +1,10 @@
|
||||
|
||||
on:
|
||||
push:
|
||||
pull_request:
|
||||
types: [opened, synchronize, reopened]
|
||||
|
||||
name: SonarQube Scan
|
||||
name: sonarqube
|
||||
jobs:
|
||||
sonarqube:
|
||||
name: SonarQube Trigger
|
||||
@@ -42,6 +43,11 @@ jobs:
|
||||
|
||||
- name: Set SonarQube project key
|
||||
run: |
|
||||
if [[ "$GITHUB_REF" == refs/tags/* ]]; then
|
||||
TAG_NAME=${GITHUB_REF#refs/tags/}
|
||||
BRANCH_KEY=${TAG_NAME//\//-}
|
||||
SONAR_PROJECT_KEY="tunnel-please-$BRANCH_KEY"
|
||||
elif [[ "$GITHUB_REF" == refs/heads/* ]]; then
|
||||
BRANCH_NAME=${GITHUB_REF#refs/heads/}
|
||||
if [ "$BRANCH_NAME" = "main" ]; then
|
||||
SONAR_PROJECT_KEY="tunnel-please"
|
||||
@@ -49,7 +55,10 @@ jobs:
|
||||
BRANCH_KEY=${BRANCH_NAME//\//-}
|
||||
SONAR_PROJECT_KEY="tunnel-please-$BRANCH_KEY"
|
||||
fi
|
||||
echo "SONAR_PROJECT_KEY=tunnel-please-$BRANCH_KEY" >> $GITHUB_ENV
|
||||
else
|
||||
SONAR_PROJECT_KEY="tunnel-please"
|
||||
fi
|
||||
echo "SONAR_PROJECT_KEY=$SONAR_PROJECT_KEY" >> $GITHUB_ENV
|
||||
echo "Using SonarQube Project Key: $SONAR_PROJECT_KEY"
|
||||
|
||||
- name: SonarQube Scan
|
||||
|
||||
Reference in New Issue
Block a user