librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity
bunkerized-nginx/.github/workflows/release.yml

296 lines
9.1 KiB
YAML
Raw Permalink Blame History

name: Automatic push (RELEASE)
permissions: read-all
on:
push:
branches: [master]
jobs:
scorecards-analysis:
uses: ./.github/workflows/scorecards-analysis.yml
codeql:
uses: ./.github/workflows/codeql.yml
permissions:
actions: read
contents: read
security-events: write
# Build amd64 + 386 containers images
build-containers:
strategy:
matrix:
image: [bunkerweb, scheduler, autoconf, ui]
arch: [linux/amd64, linux/386]
include:
- release: latest
cache: false
push: false
- image: bunkerweb
dockerfile: src/bw/Dockerfile
- image: scheduler
dockerfile: src/scheduler/Dockerfile
- image: autoconf
dockerfile: src/autoconf/Dockerfile
- image: ui
dockerfile: src/ui/Dockerfile
- arch: linux/amd64
cache_suffix: amd64
- arch: linux/386
cache_suffix: "386"
uses: ./.github/workflows/container-build.yml
with:
RELEASE: ${{ matrix.release }}
ARCH: ${{ matrix.arch }}
IMAGE: ${{ matrix.image }}
DOCKERFILE: ${{ matrix.dockerfile }}
CACHE: ${{ matrix.cache }}
PUSH: ${{ matrix.push }}
CACHE_SUFFIX: ${{ matrix.cache_suffix }}
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
# Create ARM environment
create-arm:
uses: ./.github/workflows/create-arm.yml
secrets:
SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
# Build arm64 + arm/v7 images
build-containers-arm:
needs: [create-arm]
strategy:
matrix:
image: [bunkerweb, scheduler, autoconf, ui]
arch: ["linux/arm64,linux/arm/v7"]
include:
- release: latest
cache: false
push: false
cache_suffix: arm
- image: bunkerweb
dockerfile: src/bw/Dockerfile
- image: scheduler
dockerfile: src/scheduler/Dockerfile
- image: autoconf
dockerfile: src/autoconf/Dockerfile
- image: ui
dockerfile: src/ui/Dockerfile
uses: ./.github/workflows/container-build.yml
with:
RELEASE: ${{ matrix.release }}
ARCH: ${{ matrix.arch }}
IMAGE: ${{ matrix.image }}
DOCKERFILE: ${{ matrix.dockerfile }}
CACHE: ${{ matrix.cache }}
PUSH: ${{ matrix.push }}
CACHE_SUFFIX: ${{ matrix.cache_suffix }}
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
# Build Linux packages
build-packages:
needs: [create-arm]
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
platforms: [linux/amd64, linux/arm64]
include:
- release: latest
- linux: ubuntu
package: deb
- linux: debian
package: deb
- linux: fedora
package: rpm
- linux: rhel
package: rpm
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: ${{ matrix.release }}
LINUX: ${{ matrix.linux }}
PACKAGE: ${{ matrix.package }}
TEST: false
PLATFORMS: ${{ matrix.platforms }}
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
# Wait for all builds and extract VERSION
wait-builds:
runs-on: ubuntu-latest
needs: [codeql, build-containers, build-containers-arm, build-packages]
outputs:
version: ${{ steps.getversion.outputs.version }}
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
steps:
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Get VERSION
id: getversion
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
- name: Get VERSION (for RPM based)
id: getversionrpm
run: echo "versionrpm=$(cat src/VERSION | tr -d '\n' | sed 's/-/_/g')" >> "$GITHUB_OUTPUT"
# Push Docker images
push-images:
permissions:
contents: read
packages: write
needs: [create-arm, wait-builds]
strategy:
matrix:
image:
[bunkerweb, bunkerweb-scheduler, bunkerweb-autoconf, bunkerweb-ui]
include:
- release: latest
- image: bunkerweb
cache_from: bunkerweb
dockerfile: src/bw/Dockerfile
- image: bunkerweb-scheduler
cache_from: scheduler
dockerfile: src/scheduler/Dockerfile
- image: bunkerweb-autoconf
cache_from: autoconf
dockerfile: src/autoconf/Dockerfile
- image: bunkerweb-ui
cache_from: ui
dockerfile: src/ui/Dockerfile
uses: ./.github/workflows/push-docker.yml
with:
IMAGE: ${{ matrix.image }}
TAGS: bunkerity/${{ matrix.image }}:${{ matrix.release }},bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }},ghcr.io/bunkerity/${{ matrix.image }}:${{ matrix.release }},ghcr.io/bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }}
CACHE_FROM: ${{ matrix.cache_from }}-${{ matrix.release }}
DOCKERFILE: ${{ matrix.dockerfile }}
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
# Push Linux packages
push-packages:
needs: [wait-builds]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el]
arch: [amd64, arm64]
include:
- release: latest
repo: bunkerweb
- linux: ubuntu
separator: _
suffix: ""
version: jammy
package: deb
- linux: debian
separator: _
suffix: ""
version: bullseye
package: deb
- linux: fedora
separator: "-"
suffix: "1."
version: 38
package: rpm
- linux: el
separator: "-"
suffix: "1."
version: 8
package: rpm
- linux: ubuntu
arch: amd64
package_arch: amd64
- linux: debian
arch: amd64
package_arch: amd64
- linux: fedora
arch: amd64
package_arch: x86_64
- linux: el
arch: amd64
package_arch: x86_64
- linux: ubuntu
arch: arm64
package_arch: arm64
- linux: debian
arch: arm64
package_arch: arm64
- linux: fedora
arch: arm64
package_arch: aarch64
- linux: el
arch: arm64
package_arch: aarch64
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}
SUFFIX: ${{ matrix.suffix }}
REPO: ${{ matrix.repo }}
LINUX: ${{ matrix.linux }}
VERSION: ${{ matrix.version }}
PACKAGE: ${{ matrix.package }}
BW_VERSION: ${{ matrix.package == 'rpm' && needs.wait-builds.outputs.versionrpm || needs.wait-builds.outputs.version }}
PACKAGE_ARCH: ${{ matrix.package_arch }}
ARCH: ${{ matrix.arch }}
secrets:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
# Create doc PDF
doc-pdf:
needs: [wait-builds, push-images, push-packages]
uses: ./.github/workflows/doc-to-pdf.yml
with:
VERSION: ${{ needs.wait-builds.outputs.version }}
# Push on GH
push-gh:
needs: [wait-builds, doc-pdf]
permissions:
contents: write
discussions: write
uses: ./.github/workflows/push-github.yml
with:
VERSION: ${{ needs.wait-builds.outputs.version }}
PRERELEASE: false
# Push doc
push-doc:
needs: [wait-builds, push-gh]
permissions:
contents: write
uses: ./.github/workflows/push-doc.yml
with:
VERSION: ${{ needs.wait-builds.outputs.version }}
ALIAS: latest
secrets:
BUNKERBOT_TOKEN: ${{ secrets.BUNKERBOT_TOKEN }}
# Remove ARM VM
rm-arm:
if: ${{ always() }}
needs: [create-arm, push-images, build-packages]
uses: ./.github/workflows/rm-arm.yml
secrets:
ARM_ID: ${{ needs.create-arm.outputs.id }}
SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
Reference in New Issue View Git Blame Copy Permalink