297 lines
9.2 KiB
YAML
297 lines
9.2 KiB
YAML
name: Docker Build and Push
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- staging
|
|
- feat/testing
|
|
tags:
|
|
- 'v*'
|
|
paths:
|
|
- '**.go'
|
|
- 'go.mod'
|
|
- 'go.sum'
|
|
- 'Dockerfile'
|
|
- 'Dockerfile.*'
|
|
- '.dockerignore'
|
|
- '.gitea/workflows/build.yml'
|
|
- '.gitea/workflows/sonarqube.yml'
|
|
|
|
jobs:
|
|
sonarqube:
|
|
name: SonarQube Scan
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checking out
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v6
|
|
with:
|
|
go-version: '1.25.5'
|
|
cache: false
|
|
|
|
- name: Install dependencies
|
|
run: go mod tidy
|
|
|
|
- name: Run go vet
|
|
run: go vet ./... 2>&1 | tee vet-results.txt
|
|
|
|
- name: Run tests with coverage
|
|
run: |
|
|
go test ./... -v -coverprofile=coverage
|
|
|
|
- name: Run GolangCI-Lint Analysis
|
|
uses: golangci/golangci-lint-action@v9
|
|
with:
|
|
skip-cache: true
|
|
version: v2.6
|
|
args: >
|
|
--issues-exit-code=0
|
|
--output.text.path=stdout
|
|
--output.checkstyle.path=golangci-lint-report.xml
|
|
|
|
- name: Set SonarQube project key
|
|
run: |
|
|
if [[ "$GITHUB_REF" == refs/tags/* ]]; then
|
|
TAG_NAME=${GITHUB_REF#refs/tags/}
|
|
BRANCH_KEY=${TAG_NAME//\//-}
|
|
SONAR_PROJECT_KEY="tunnel-please-$BRANCH_KEY"
|
|
elif [[ "$GITHUB_REF" == refs/heads/* ]]; then
|
|
BRANCH_NAME=${GITHUB_REF#refs/heads/}
|
|
if [ "$BRANCH_NAME" = "main" ]; then
|
|
SONAR_PROJECT_KEY="tunnel-please"
|
|
else
|
|
BRANCH_KEY=${BRANCH_NAME//\//-}
|
|
SONAR_PROJECT_KEY="tunnel-please-$BRANCH_KEY"
|
|
fi
|
|
else
|
|
SONAR_PROJECT_KEY="tunnel-please"
|
|
fi
|
|
echo "SONAR_PROJECT_KEY=$SONAR_PROJECT_KEY" >> $GITHUB_ENV
|
|
echo "Using SonarQube Project Key: $SONAR_PROJECT_KEY"
|
|
|
|
- name: SonarQube Scan
|
|
uses: SonarSource/sonarqube-scan-action@v7.0.0
|
|
env:
|
|
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
|
|
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
|
|
with:
|
|
args: >
|
|
-Dsonar.projectKey=${{ env.SONAR_PROJECT_KEY }}
|
|
-Dsonar.go.coverage.reportPaths=coverage
|
|
-Dsonar.test.inclusions=**/*_test.go
|
|
-Dsonar.test.exclusions=**/vendor/**
|
|
-Dsonar.exclusions=**/*_test.go,**/vendor/**,**/golangci-lint-report.xml
|
|
-Dsonar.go.govet.reportPaths=vet-results.txt
|
|
-Dsonar.go.golangci-lint.reportPaths=golangci-lint-report.xml
|
|
|
|
build-amd64:
|
|
runs-on: [ubuntu-latest, amd64]
|
|
needs: sonarqube
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to Docker Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: git.fossy.my.id
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
|
|
- name: Set version variables
|
|
id: vars
|
|
run: |
|
|
if [ "${{ github.ref_type }}" == "tag" ]; then
|
|
VERSION=${GITHUB_REF#refs/tags/v}
|
|
elif [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
|
VERSION=dev-main
|
|
else
|
|
BRANCH_NAME=${GITHUB_REF#refs/heads/}
|
|
VERSION=dev-${BRANCH_NAME//\//-}
|
|
fi
|
|
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
|
|
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
|
|
echo "COMMIT=${{ github.sha }}" >> $GITHUB_OUTPUT
|
|
|
|
- name: Build and push AMD64 image
|
|
id: build
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
push: true
|
|
platforms: linux/amd64
|
|
build-args: |
|
|
VERSION=${{ steps.vars.outputs.VERSION }}
|
|
BUILD_DATE=${{ steps.vars.outputs.BUILD_DATE }}
|
|
COMMIT=${{ steps.vars.outputs.COMMIT }}
|
|
outputs: type=image,name=git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please,push-by-digest=true,name-canonical=true,push=true
|
|
|
|
- name: Export digest
|
|
run: |
|
|
mkdir -p /tmp/digests
|
|
digest="${{ steps.build.outputs.digest }}"
|
|
touch "/tmp/digests/${digest#sha256:}"
|
|
|
|
- name: Upload digest
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: digests-amd64
|
|
path: /tmp/digests/*
|
|
if-no-files-found: error
|
|
retention-days: 1
|
|
|
|
build-arm64:
|
|
runs-on: [ubuntu-latest, arm64]
|
|
needs: sonarqube
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to Docker Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: git.fossy.my.id
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
|
|
- name: Set version variables
|
|
id: vars
|
|
run: |
|
|
if [ "${{ github.ref_type }}" == "tag" ]; then
|
|
VERSION=${GITHUB_REF#refs/tags/v}
|
|
elif [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
|
VERSION=dev-main
|
|
else
|
|
BRANCH_NAME=${GITHUB_REF#refs/heads/}
|
|
VERSION=dev-${BRANCH_NAME//\//-}
|
|
fi
|
|
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
|
|
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
|
|
echo "COMMIT=${{ github.sha }}" >> $GITHUB_OUTPUT
|
|
|
|
- name: Build and push ARM64 image
|
|
id: build
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
push: true
|
|
platforms: linux/arm64
|
|
build-args: |
|
|
VERSION=${{ steps.vars.outputs.VERSION }}
|
|
BUILD_DATE=${{ steps.vars.outputs.BUILD_DATE }}
|
|
COMMIT=${{ steps.vars.outputs.COMMIT }}
|
|
outputs: type=image,name=git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please,push-by-digest=true,name-canonical=true,push=true
|
|
|
|
- name: Export digest
|
|
run: |
|
|
mkdir -p /tmp/digests
|
|
digest="${{ steps.build.outputs.digest }}"
|
|
touch "/tmp/digests/${digest#sha256:}"
|
|
|
|
- name: Upload digest
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: digests-arm64
|
|
path: /tmp/digests/*
|
|
if-no-files-found: error
|
|
retention-days: 1
|
|
|
|
merge:
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- sonarqube
|
|
- build-amd64
|
|
- build-arm64
|
|
if: |
|
|
always() &&
|
|
needs.sonarqube.result == 'success' &&
|
|
needs.build-amd64.result == 'success' &&
|
|
needs.build-arm64.result == 'success'
|
|
|
|
steps:
|
|
- name: Download digests
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
path: /tmp/digests
|
|
|
|
- name: Merge digests
|
|
run: |
|
|
mkdir -p /tmp/digests-merged
|
|
find /tmp/digests -type f -exec cp {} /tmp/digests-merged/ \;
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to Docker Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: git.fossy.my.id
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
|
|
- name: Determine tags
|
|
id: tags
|
|
run: |
|
|
TAGS=""
|
|
|
|
if [ "${{ github.ref_type }}" == "tag" ]; then
|
|
VERSION=${GITHUB_REF#refs/tags/v}
|
|
|
|
if echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?$'; then
|
|
MAJOR=$(echo "$VERSION" | cut -d. -f1)
|
|
MINOR=$(echo "$VERSION" | cut -d. -f2)
|
|
|
|
TAGS="v${VERSION}"
|
|
|
|
if echo "$VERSION" | grep -q '-'; then
|
|
TAGS="${TAGS},staging"
|
|
else
|
|
TAGS="${TAGS},v${MAJOR}.${MINOR},v${MAJOR},latest"
|
|
fi
|
|
else
|
|
echo "Invalid version format: $VERSION"
|
|
exit 1
|
|
fi
|
|
elif [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
|
TAGS="latest"
|
|
elif [ "${{ github.ref }}" == "refs/heads/staging" ]; then
|
|
TAGS="staging"
|
|
else
|
|
BRANCH_NAME=${GITHUB_REF#refs/heads/}
|
|
BRANCH_TAG=${BRANCH_NAME//\//-}
|
|
TAGS="dev-${BRANCH_TAG}"
|
|
fi
|
|
|
|
echo "TAGS=$TAGS" >> $GITHUB_OUTPUT
|
|
|
|
- name: Create manifest list and push
|
|
working-directory: /tmp/digests-merged
|
|
run: |
|
|
IFS=',' read -ra TAG_ARRAY <<< "${{ steps.tags.outputs.TAGS }}"
|
|
|
|
CMD="docker buildx imagetools create"
|
|
|
|
for tag in "${TAG_ARRAY[@]}"; do
|
|
CMD="$CMD -t git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${tag}"
|
|
done
|
|
|
|
CMD="$CMD $(printf 'git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please@sha256:%s ' *)"
|
|
|
|
eval $CMD
|
|
|
|
- name: Inspect image
|
|
run: |
|
|
IFS=',' read -ra TAG_ARRAY <<< "${{ steps.tags.outputs.TAGS }}"
|
|
FIRST_TAG="${TAG_ARRAY[0]}"
|
|
docker buildx imagetools inspect git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${FIRST_TAG} |