name: Automatic push (RELEASE) permissions: read-all on: push: branches: [master] jobs: scorecards-analysis: uses: ./.github/workflows/scorecards-analysis.yml codeql: uses: ./.github/workflows/codeql.yml permissions: actions: read contents: read security-events: write # Build amd64 + 386 containers images build-containers: strategy: matrix: image: [bunkerweb, scheduler, autoconf, ui] arch: [linux/amd64, linux/386] include: - release: latest cache: false push: false - image: bunkerweb dockerfile: src/bw/Dockerfile - image: scheduler dockerfile: src/scheduler/Dockerfile - image: autoconf dockerfile: src/autoconf/Dockerfile - image: ui dockerfile: src/ui/Dockerfile - arch: linux/amd64 cache_suffix: amd64 - arch: linux/386 cache_suffix: "386" uses: ./.github/workflows/container-build.yml with: RELEASE: ${{ matrix.release }} ARCH: ${{ matrix.arch }} IMAGE: ${{ matrix.image }} DOCKERFILE: ${{ matrix.dockerfile }} CACHE: ${{ matrix.cache }} PUSH: ${{ matrix.push }} CACHE_SUFFIX: ${{ matrix.cache_suffix }} secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} # Create ARM environment create-arm: uses: ./.github/workflows/create-arm.yml secrets: SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }} SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }} SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }} SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }} ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }} ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }} # Build arm64 + arm/v7 images build-containers-arm: needs: [create-arm] strategy: matrix: image: [bunkerweb, scheduler, autoconf, ui] arch: ["linux/arm64,linux/arm/v7"] include: - release: latest cache: false push: false cache_suffix: arm - image: bunkerweb dockerfile: src/bw/Dockerfile - image: scheduler dockerfile: src/scheduler/Dockerfile - image: autoconf dockerfile: src/autoconf/Dockerfile - image: ui dockerfile: src/ui/Dockerfile uses: ./.github/workflows/container-build.yml with: RELEASE: ${{ matrix.release }} ARCH: ${{ matrix.arch }} IMAGE: ${{ matrix.image }} DOCKERFILE: ${{ matrix.dockerfile }} CACHE: ${{ matrix.cache }} PUSH: ${{ matrix.push }} CACHE_SUFFIX: ${{ matrix.cache_suffix }} secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }} ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }} ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }} # Build Linux packages build-packages: needs: [create-arm] strategy: matrix: linux: [ubuntu, debian, fedora, rhel] platforms: [linux/amd64, linux/arm64] include: - release: latest - linux: ubuntu package: deb - linux: debian package: deb - linux: fedora package: rpm - linux: rhel package: rpm uses: ./.github/workflows/linux-build.yml with: RELEASE: ${{ matrix.release }} LINUX: ${{ matrix.linux }} PACKAGE: ${{ matrix.package }} TEST: false PLATFORMS: ${{ matrix.platforms }} secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }} ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }} ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }} # Wait for all builds and extract VERSION wait-builds: runs-on: ubuntu-latest needs: [codeql, build-containers, build-containers-arm, build-packages] outputs: version: ${{ steps.getversion.outputs.version }} versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }} steps: - name: Checkout source code uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Get VERSION id: getversion run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT" - name: Get VERSION (for RPM based) id: getversionrpm run: echo "versionrpm=$(cat src/VERSION | tr -d '\n' | sed 's/-/_/g')" >> "$GITHUB_OUTPUT" # Push Docker images push-images: permissions: contents: read packages: write needs: [create-arm, wait-builds] strategy: matrix: image: [bunkerweb, bunkerweb-scheduler, bunkerweb-autoconf, bunkerweb-ui] include: - release: latest - image: bunkerweb cache_from: bunkerweb dockerfile: src/bw/Dockerfile - image: bunkerweb-scheduler cache_from: scheduler dockerfile: src/scheduler/Dockerfile - image: bunkerweb-autoconf cache_from: autoconf dockerfile: src/autoconf/Dockerfile - image: bunkerweb-ui cache_from: ui dockerfile: src/ui/Dockerfile uses: ./.github/workflows/push-docker.yml with: IMAGE: ${{ matrix.image }} TAGS: bunkerity/${{ matrix.image }}:${{ matrix.release }},bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }},ghcr.io/bunkerity/${{ matrix.image }}:${{ matrix.release }},ghcr.io/bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }} CACHE_FROM: ${{ matrix.cache_from }}-${{ matrix.release }} DOCKERFILE: ${{ matrix.dockerfile }} secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }} ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }} ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }} # Push Linux packages push-packages: needs: [wait-builds] strategy: matrix: linux: [ubuntu, debian, fedora, el] arch: [amd64, arm64] include: - release: latest repo: bunkerweb - linux: ubuntu separator: _ suffix: "" version: jammy package: deb - linux: debian separator: _ suffix: "" version: bullseye package: deb - linux: fedora separator: "-" suffix: "1." version: 38 package: rpm - linux: el separator: "-" suffix: "1." version: 8 package: rpm - linux: ubuntu arch: amd64 package_arch: amd64 - linux: debian arch: amd64 package_arch: amd64 - linux: fedora arch: amd64 package_arch: x86_64 - linux: el arch: amd64 package_arch: x86_64 - linux: ubuntu arch: arm64 package_arch: arm64 - linux: debian arch: arm64 package_arch: arm64 - linux: fedora arch: arm64 package_arch: aarch64 - linux: el arch: arm64 package_arch: aarch64 uses: ./.github/workflows/push-packagecloud.yml with: SEPARATOR: ${{ matrix.separator }} SUFFIX: ${{ matrix.suffix }} REPO: ${{ matrix.repo }} LINUX: ${{ matrix.linux }} VERSION: ${{ matrix.version }} PACKAGE: ${{ matrix.package }} BW_VERSION: ${{ matrix.package == 'rpm' && needs.wait-builds.outputs.versionrpm || needs.wait-builds.outputs.version }} PACKAGE_ARCH: ${{ matrix.package_arch }} ARCH: ${{ matrix.arch }} secrets: PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} # Create doc PDF doc-pdf: needs: [wait-builds, push-images, push-packages] uses: ./.github/workflows/doc-to-pdf.yml with: VERSION: ${{ needs.wait-builds.outputs.version }} # Push on GH push-gh: needs: [wait-builds, doc-pdf] permissions: contents: write discussions: write uses: ./.github/workflows/push-github.yml with: VERSION: ${{ needs.wait-builds.outputs.version }} PRERELEASE: false # Push doc push-doc: needs: [wait-builds, push-gh] permissions: contents: write uses: ./.github/workflows/push-doc.yml with: VERSION: ${{ needs.wait-builds.outputs.version }} ALIAS: latest secrets: BUNKERBOT_TOKEN: ${{ secrets.BUNKERBOT_TOKEN }} # Remove ARM VM rm-arm: if: ${{ always() }} needs: [create-arm, push-images, build-packages] uses: ./.github/workflows/rm-arm.yml secrets: ARM_ID: ${{ needs.create-arm.outputs.id }} SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }} SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }} SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }} SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}