Skip to content

Merge pull request #68 from cdzombak/dependabot/go_modules/github.com… #115

Merge pull request #68 from cdzombak/dependabot/go_modules/github.com…

Merge pull request #68 from cdzombak/dependabot/go_modules/github.com… #115

Workflow file for this run

---
name: CI
"on":
push:
branches:
- "main"
tags:
- "v*.*.*"
pull_request:
branches:
- "main"
permissions:
contents: read
env:
DOCKER_PLATFORMS: "linux/amd64,linux/arm64,linux/386,linux/arm/v7,linux/arm/v6"
FPM_VERSION: 1.15.1
jobs:
meta:
name: Derive Build Metadata
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Derive version string
id: bin_version
run: echo "bin_version=$(./.version.sh)" >> "$GITHUB_OUTPUT"
- name: bin_version
run: "echo bin_version: ${{ steps.bin_version.outputs.bin_version }}"
- name: Check if this is a running version tag update
id: running_version_tag
run: |
if [ -z "${{ github.event.ref }}" ]; then
echo "is_running_version_tag_update=false" >> "$GITHUB_OUTPUT"
elif [[ "${{ github.event.ref }}" =~ ^refs/tags/v[0-9]+\.[0-9]+$ ]]; then
echo "is_running_version_tag_update=true" >> "$GITHUB_OUTPUT"
elif [[ "${{ github.event.ref }}" =~ ^refs/tags/v[0-9]+$ ]]; then
echo "is_running_version_tag_update=true" >> "$GITHUB_OUTPUT"
else
echo "is_running_version_tag_update=false" >> "$GITHUB_OUTPUT"
fi
- name: is_running_version_tag
run: "echo is_running_version_tag_update: ${{ steps.running_version_tag.outputs.is_running_version_tag_update }}"
outputs:
bin_name: ${{ github.event.repository.name }}
bin_version: ${{ steps.bin_version.outputs.bin_version }}
dockerhub_owner: ${{ github.repository_owner }}
ghcr_owner: ${{ github.repository_owner }}
aptly_repo_name: oss
aptly_dist: any
aptly_publish_prefix: s3:dist.cdzombak.net:deb_oss
is_prerelease: >-
${{
steps.running_version_tag.outputs.is_running_version_tag_update != 'true' &&
startsWith(github.ref, 'refs/tags/v') &&
(contains(github.ref, '-alpha.')
|| contains(github.ref, '-beta.')
|| contains(github.ref, '-rc.'))
}}
is_release: >-
${{
steps.running_version_tag.outputs.is_running_version_tag_update != 'true' &&
startsWith(github.ref, 'refs/tags/v') &&
!(contains(github.ref, '-alpha.')
|| contains(github.ref, '-beta.')
|| contains(github.ref, '-rc.'))
}}
is_pull_request: ${{ github.event_name == 'pull_request' }}
is_running_version_tag_update: ${{ steps.running_version_tag.outputs.is_running_version_tag_update }}
lint:
name: Lint
runs-on: ubuntu-latest
permissions:
contents: write
checks: write
issues: write
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run MegaLinter
uses: oxsecurity/megalinter@v7
env:
# See https://megalinter.io/configuration and .mega-linter.yml
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Archive MegaLinter artifacts
if: ( !env.ACT && ( success() || failure() ) )
uses: actions/upload-artifact@v3
with:
name: MegaLinter artifacts
path: |
megalinter-reports
mega-linter.log
docker:
name: Docker Images
needs: [lint, meta]
if: needs.meta.outputs.is_running_version_tag_update != 'true'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to GHCR
if: needs.meta.outputs.is_pull_request != 'true'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
if: needs.meta.outputs.is_pull_request != 'true'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Available platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Docker meta
id: docker_meta
uses: docker/metadata-action@v5
with:
images: |
${{ needs.meta.outputs.dockerhub_owner }}/${{ needs.meta.outputs.bin_name }}
ghcr.io/${{ needs.meta.outputs.ghcr_owner }}/${{ needs.meta.outputs.bin_name }}
tags: |
type=raw,value=latest,enable=${{ needs.meta.outputs.is_release == 'true' }}
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
builder: ${{ steps.buildx.outputs.name }}
push: ${{ needs.meta.outputs.is_pull_request != 'true' }}
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
build-args: |
BIN_VERSION=${{ needs.meta.outputs.bin_version }}
- name: Update Docker Hub description
if: needs.meta.outputs.is_release == 'true'
uses: peter-evans/dockerhub-description@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
repository: ${{ needs.meta.outputs.dockerhub_owner }}/${{ needs.meta.outputs.bin_name }}
readme-filepath: ./README.md
short-description: ${{ github.event.repository.description }}
binaries:
name: Binaries & Debian Packages
needs: [lint, meta]
if: needs.meta.outputs.is_running_version_tag_update != 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v4
with:
go-version: stable
- name: Go version
run: go version
- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: "3.2"
bundler-cache: true
- name: Ruby version
run: ruby --version
- name: Install fpm
run: |
gem install --no-document fpm -v "$FPM_VERSION"
- name: Build binaries & packages
run: make package
- name: Prepare release artifacts
working-directory: out/
run: |
mkdir ./gh-release
cp ./*.deb ./gh-release/
find . -name '${{ needs.meta.outputs.bin_name }}-*' -executable -type f -maxdepth 1 -print0 | xargs -0 -I {} tar --transform='flags=r;s|.*|${{ needs.meta.outputs.bin_name }}|' -czvf ./gh-release/{}.tar.gz {}
- name: Upload binaries & packages
uses: actions/upload-artifact@v3
with:
name: ${{ needs.meta.outputs.bin_name }} Binary Artifacts
path: out/gh-release/*
release:
name: GitHub (Pre)Release
needs: [meta, binaries]
if: >-
needs.meta.outputs.is_release == 'true' ||
needs.meta.outputs.is_prerelease == 'true'
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Download binaries & packages
uses: actions/download-artifact@v3
with:
name: ${{ needs.meta.outputs.bin_name }} Binary Artifacts
path: out
- name: List artifacts
working-directory: out
run: ls -R
- name: Create GitHub release
uses: softprops/action-gh-release@v1
with:
files: out/${{ needs.meta.outputs.bin_name }}-*
prerelease: ${{ needs.meta.outputs.is_prerelease == 'true' }}
fail_on_unmatched_files: true
generate_release_notes: true
tags:
name: Update Release Tags
needs: [meta, release]
if: needs.meta.outputs.is_release == 'true'
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Update running major/minor version tags
uses: sersoft-gmbh/running-release-tags-action@v3
with:
fail-on-non-semver-tag: true
create-release: false
update-full-release: false
aptly:
name: Aptly
needs: [meta, binaries]
if: needs.meta.outputs.is_release == 'true'
runs-on: ubuntu-latest
steps:
- name: Download binaries & packages
uses: actions/download-artifact@v3
with:
name: ${{ needs.meta.outputs.bin_name }} Binary Artifacts
path: out
- name: List artifacts
run: ls -R
working-directory: out
- name: Login to Tailscale
uses: tailscale/github-action@v2
with:
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
tags: tag:github-actions
- name: Push to Aptly Repo
shell: bash
run: |
set -x
for DEB in out/*.deb; do
curl -u "${{ secrets.APTLY_CRED }}" \
-fsS -X POST \
-F file=@"${DEB}" \
"${{ secrets.APTLY_API }}/files/${{ needs.meta.outputs.bin_name }}-${{ needs.meta.outputs.bin_version }}"
done
curl -u "${{ secrets.APTLY_CRED }}" \
-fsS -X POST \
"${{ secrets.APTLY_API }}/repos/${{ needs.meta.outputs.aptly_repo_name }}/file/${{ needs.meta.outputs.bin_name }}-${{ needs.meta.outputs.bin_version }}?forceReplace=1"
- name: Update Published Aptly Repo
run: |
set -x
curl -u "${{ secrets.APTLY_CRED }}" \
-fsS -X PUT \
-H 'Content-Type: application/json' \
--data '{"ForceOverwrite": true}' \
"${{ secrets.APTLY_API }}/publish/${{ needs.meta.outputs.aptly_publish_prefix }}/${{ needs.meta.outputs.aptly_dist }}?_async=true"