TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 18:17:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: improve performance (#5953)

Browse Source 
* pipeline runs on ubuntu instead of docker
* added Makefile to build zitadel core (backend) and console (frontend)
* pipeline runs in parallel where possible
* pipeline is split into multiple jobs
* removed goreleaser
* added command to check if zitadel instance is running
This commit is contained in:
Silvan
2023-07-17 10:08:20 +02:00
committed by GitHub
parent bcf4bfc585
commit 1c354ca977
64 changed files with 12290 additions and 21117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
.github/workflows/build.yml vendored Normal file
View File

@@ -0,0 +1,92 @@
name: ZITADEL CI/CD
on: [pull_request, merge_group, workflow_dispatch]
permissions:
contents: write
packages: write
jobs:
core:
uses: ./.github/workflows/core.yml
with:
node_version: '18'
buf_version: 'latest'
go_version: '1.20'
console:
uses: ./.github/workflows/console.yml
with:
node_version: '18'
buf_version: 'latest'
version:
uses: ./.github/workflows/version.yml
with:
semantic_version: '19.0.2'
dry_run: true
compile:
needs: [core, console, version]
uses: ./.github/workflows/compile.yml
with:
go_version: '1.20'
core_cache_key: ${{ needs.core.outputs.cache_key }}
console_cache_key: ${{ needs.console.outputs.cache_key }}
core_cache_path: ${{ needs.core.outputs.cache_path }}
console_cache_path: ${{ needs.console.outputs.cache_path }}
version: ${{ needs.version.outputs.version }}
core-unit-test:
needs: core
uses: ./.github/workflows/core-unit-test.yml
with:
go_version: '1.20'
core_cache_key: ${{ needs.core.outputs.cache_key }}
core_cache_path: ${{ needs.core.outputs.cache_path }}
core-integration-test:
needs: core
uses: ./.github/workflows/core-integration-test.yml
with:
go_version: '1.20'
core_cache_key: ${{ needs.core.outputs.cache_key }}
core_cache_path: ${{ needs.core.outputs.cache_path }}
lint:
needs: [core, console]
uses: ./.github/workflows/lint.yml
with:
go_version: '1.20'
node_version: '18'
buf_version: 'latest'
go_lint_version: 'v1.53.2'
core_cache_key: ${{ needs.core.outputs.cache_key }}
core_cache_path: ${{ needs.core.outputs.cache_path }}
container:
needs: [compile]
uses: ./.github/workflows/container.yml
with:
image_name: 'ghcr.io/zitadel/zitadel'
e2e:
uses: ./.github/workflows/e2e.yml
needs: [container]
with:
image: ${{ needs.container.outputs.image }}-debug
release:
uses: ./.github/workflows/release.yml
needs: [version, core-unit-test, core-integration-test, lint, container, e2e]
if: ${{ needs.version.outputs.published == 'true' }}
secrets:
GCR_JSON_KEY_BASE64: ${{ secrets.GCR_JSON_KEY_BASE64 }}
with:
node_version: '16'
buf_version: 'latest'
image: ${{ needs.container.outputs.image }}
semantic_version: '19.0.2'
image_name: 'ghcr.io/zitadel/zitadel'
google_image_name: "europe-docker.pkg.dev/zitadel-common/zitadel-repo/zitadel"

2
.github/workflows/codeql-analysis.yml → .github/workflows/codeql.yml vendored
View File

@@ -1,4 +1,4 @@
name: "Code scanning - action"
name: "Code Scanning"
on:
push:

99
.github/workflows/compile.yml vendored Normal file
View File

@@ -0,0 +1,99 @@
name: Compile
on:
workflow_call:
inputs:
go_version:
required: true
type: string
core_cache_key:
required: true
type: string
core_cache_path:
required: true
type: string
console_cache_key:
required: true
type: string
console_cache_path:
required: true
type: string
version:
required: true
type: string
jobs:
executable:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
goos: [linux, darwin, windows]
goarch: [amd64, arm64]
steps:
-
uses: actions/checkout@v3
-
uses: actions/cache/restore@v3
timeout-minutes: 1
name: restore console
with:
path: ${{ inputs.console_cache_path }}
key: ${{ inputs.console_cache_key }}
fail-on-cache-miss: true
-
uses: actions/cache/restore@v3
timeout-minutes: 1
name: restore core
with:
path: ${{ inputs.core_cache_path }}
key: ${{ inputs.core_cache_key }}
fail-on-cache-miss: true
-
uses: actions/setup-go@v4
with:
go-version: ${{ inputs.go_version }}
-
name: compile
timeout-minutes: 5
run: |
GOOS="${{matrix.goos}}" \
GOARCH="${{matrix.goarch}}" \
VERSION="${{ inputs.version }}" \
COMMIT_SHA="${{ github.sha }}" \
make compile_pipeline
-
name: create folder
run: |
mkdir zitadel-${{ matrix.goos }}-${{ matrix.goarch }}
mv zitadel zitadel-${{ matrix.goos }}-${{ matrix.goarch }}/
cp LICENSE zitadel-${{ matrix.goos }}-${{ matrix.goarch }}/
cp README.md zitadel-${{ matrix.goos }}-${{ matrix.goarch }}/
tar -cvf zitadel-${{ matrix.goos }}-${{ matrix.goarch }}.tar zitadel-${{ matrix.goos }}-${{ matrix.goarch }}
-
uses: actions/upload-artifact@v3
with:
name: zitadel-${{ matrix.goos }}-${{ matrix.goarch }}
path: zitadel-${{ matrix.goos }}-${{ matrix.goarch }}.tar
checksums:
runs-on: ubuntu-latest
needs: executable
steps:
-
uses: actions/download-artifact@v3
with:
path: executables
-
name: move files one folder up
run: mv */*.tar . && find . -type d -empty -delete
working-directory: executables
-
run: sha256sum * > checksums.txt
working-directory: executables
-
uses: actions/upload-artifact@v3
with:
name: checksums.txt
path: executables/checksums.txt

61
.github/workflows/console.yml vendored Normal file
View File

@@ -0,0 +1,61 @@
name: Build console
on:
workflow_call:
inputs:
node_version:
required: true
type: string
buf_version:
required: true
type: string
outputs:
cache_key:
value: ${{ jobs.build.outputs.cache_key }}
cache_path:
value: ${{ jobs.build.outputs.cache_path }}
env:
cache_path: console/dist/console
jobs:
build:
outputs:
cache_key: ${{ steps.cache.outputs.cache-primary-key }}
cache_path: ${{ env.cache_path }}
runs-on: ubuntu-latest
steps:
-
uses: actions/checkout@v3
-
uses: actions/cache/restore@v3
timeout-minutes: 1
id: cache
with:
key: console-${{ hashFiles('console', 'proto') }}
restore-keys: |
console-
path: ${{ env.cache_path }}
-
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
uses: bufbuild/buf-setup-action@v1
with:
github_token: ${{ github.token }}
version: ${{ inputs.buf_version }}
-
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
uses: actions/setup-node@v3
with:
node-version: ${{ inputs.node_version }}
cache: 'yarn'
cache-dependency-path: console/yarn.lock
-
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
run: make console_build
-
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
uses: actions/cache/save@v3
with:
path: ${{ env.cache_path }}
key: ${{ steps.cache.outputs.cache-primary-key }}

168
.github/workflows/container.yml vendored Normal file
View File

@@ -0,0 +1,168 @@
name: Container
on:
workflow_call:
inputs:
image_name:
required: true
type: string
outputs:
image:
value: '${{ inputs.image_name }}:${{ github.sha }}'
env:
default_labels: |
org.opencontainers.image.documentation=https://zitadel.com/docs
org.opencontainers.image.vendor=CAOS AG
jobs:
build:
name: zitadel
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
arch: [amd64,arm64]
steps:
-
uses: actions/checkout@v3
-
name: Scratch meta
id: scratch-meta
uses: docker/metadata-action@v4
with:
images: ${{ inputs.image_name }}
labels: ${{ env.default_labels}}
tags: |
type=sha,prefix=,suffix=,format=long
-
name: Debug meta
id: debug-meta
uses: docker/metadata-action@v4
with:
images: ${{ inputs.image_name }}
labels: ${{ env.default_labels}}
tags: |
type=sha,prefix=,suffix=-debug,format=long
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
driver-opts: 'image=moby/buildkit:v0.11.6'
-
name: Login to Docker registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
uses: actions/download-artifact@v3
with:
path: .artifacts
name: zitadel-linux-${{ matrix.arch }}
-
name: Unpack executable
run: |
tar -xvf .artifacts/zitadel-linux-${{ matrix.arch }}.tar
mv zitadel-linux-${{ matrix.arch }}/zitadel ./zitadel
-
name: Debug
id: build-debug
uses: docker/build-push-action@v4
timeout-minutes: 3
with:
context: .
file: build/Dockerfile
target: artifact
platforms: linux/${{ matrix.arch }}
push: true
labels: ${{ steps.debug-meta.outputs.labels }}
outputs: type=image,name=${{ inputs.image_name }},push-by-digest=true,name-canonical=true,push=true
-
name: Scratch
id: build-scratch
uses: docker/build-push-action@v4
timeout-minutes: 3
with:
context: .
file: build/Dockerfile
target: final
platforms: linux/${{ matrix.arch }}
push: true
labels: ${{ steps.scratch-meta.outputs.labels }}
outputs: type=image,name=${{ inputs.image_name }},push-by-digest=true,name-canonical=true,push=true
-
name: Export debug digest
run: |
mkdir -p /tmp/digests/debug
digest="${{ steps.build-debug.outputs.digest }}"
touch "/tmp/digests/debug/${digest#sha256:}"
-
name: Export scratch digest
run: |
mkdir -p /tmp/digests/scratch
digest="${{ steps.build-scratch.outputs.digest }}"
touch "/tmp/digests/scratch/${digest#sha256:}"
-
name: Upload digest
uses: actions/upload-artifact@v3
with:
name: digests
path: /tmp/digests
if-no-files-found: error
retention-days: 1
merge:
runs-on: ubuntu-latest
needs:
- build
strategy:
fail-fast: false
matrix:
image: [scratch, debug]
include:
- image: scratch
suffix: ''
- image: debug
suffix: '-debug'
steps:
-
name: Download digests
uses: actions/download-artifact@v3
with:
name: digests
path: /tmp/digests
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
driver-opts: 'image=moby/buildkit:v0.11.6'
-
name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: '${{ inputs.image_name }}'
tags: |
type=sha,prefix=,suffix=${{ matrix.suffix }},format=long
-
name: Login to Docker registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Create manifest list and push
working-directory: /tmp/digests/${{ matrix.image }}
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ inputs.image_name }}@sha256:%s ' *)
-
name: Inspect image
run: |
docker buildx imagetools inspect ${{ inputs.image_name }}:${{ github.sha }}${{ matrix.suffix }}

153
.github/workflows/core-integration-test.yml vendored Normal file
View File

@@ -0,0 +1,153 @@
name: Integration test core
on:
workflow_call:
inputs:
go_version:
required: true
type: string
core_cache_key:
required: true
type: string
core_cache_path:
required: true
type: string
jobs:
postgres:
runs-on: ubuntu-latest
services:
postgres:
image: postgres
ports:
- 5432:5432
env:
POSTGRES_USER: zitadel
PGUSER: zitadel
POSTGRES_DB: zitadel
POSTGRES_HOST_AUTH_METHOD: trust
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
--health-start-period 10s
steps:
-
uses: actions/checkout@v3
-
uses: actions/setup-go@v4
with:
go-version: ${{ inputs.go_version }}
-
uses: actions/cache/restore@v3
timeout-minutes: 1
name: restore core
id: restore-core
with:
path: ${{ inputs.core_cache_path }}
key: ${{ inputs.core_cache_key }}
fail-on-cache-miss: true
-
id: go-cache-path
name: set cache path
run: echo "GO_CACHE_PATH=$(go env GOCACHE)" >> $GITHUB_OUTPUT
-
uses: actions/cache/restore@v3
id: cache
timeout-minutes: 1
name: restore previous results
with:
key: integration-test-postgres-${{ inputs.core_cache_key }}
restore-keys: |
integration-test-postgres-core-
path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}
-
name: test
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
env:
ZITADEL_MASTERKEY: MasterkeyNeedsToHave32Characters
INTEGRATION_DB_FLAVOR: postgres
run: make core_integration_test
-
name: publish coverage
uses: codecov/codecov-action@v3.1.4
with:
file: profile.cov
name: core-integration-tests-postgres
flags: core-integration-tests-postgres
-
uses: actions/cache/save@v3
name: cache results
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
with:
key: integration-test-postgres-${{ inputs.core_cache_key }}
path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}
# TODO: enable as soon as cockroach allows `COCKROACH_ARGS`
# cockroach:
# runs-on: ubuntu-latest
# services:
# cockroach:
# image: cockroachdb/cockroach:latest
# ports:
# - 26257:26257
# - 9090:9090
# env:
# COCKROACH_ARGS: start-single-node --insecure --http-addr :9090
# options: >-
# --health-cmd "curl http://localhost:9090/health?ready=1 || exit 1"
# --health-interval 10s
# --health-timeout 5s
# --health-retries 5
# --health-start-period 10s
# steps:
# -
# uses: actions/checkout@v3
# -
# uses: actions/setup-go@v4
# with:
# go-version: ${{ inputs.go_version }}
# -
# uses: actions/cache/restore@v3
# timeout-minutes: 1
# name: restore core
# with:
# path: ${{ inputs.core_cache_path }}
# key: ${{ inputs.core_cache_key }}
# fail-on-cache-miss: true
# -
# id: go-cache-path
# name: set cache path
# run: echo "GO_CACHE_PATH=$(go env GOCACHE)" >> $GITHUB_OUTPUT
# -
# uses: actions/cache/restore@v3
# timeout-minutes: 1
# name: restore previous results
# cache: id
# with:
# key: integration-test-crdb-${{ inputs.core_cache_key }}
# restore-keys: |
# integration-test-crdb-core-
# path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}
# -
# name: test
# if: ${{ steps.cache.outputs.cache-hit != 'true' }}
# env:
# ZITADEL_MASTERKEY: MasterkeyNeedsToHave32Characters
# INTEGRATION_DB_FLAVOR: cockroach
# run: make core_integration_test
# -
# name: publish coverage
# uses: codecov/codecov-action@v3.1.4
# with:
# file: profile.cov
# name: core-integration-tests-cockroach
# flags: core-integration-tests-cockroach
# -
# uses: actions/cache/save@v3
# name: cache results
# if: ${{ steps.cache.outputs.cache-hit != 'true' }}
# with:
# key: integration-test-crdb-${{ inputs.core_cache_key }}
# path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}

67
.github/workflows/core-unit-test.yml vendored Normal file
View File

@@ -0,0 +1,67 @@
name: Unit test core
on:
workflow_call:
inputs:
go_version:
required: true
type: string
core_cache_key:
required: true
type: string
core_cache_path:
required: true
type: string
jobs:
test:
runs-on: ubuntu-latest
steps:
-
uses: actions/checkout@v3
-
uses: actions/setup-go@v4
with:
go-version: ${{ inputs.go_version }}
-
uses: actions/cache/restore@v3
timeout-minutes: 1
name: restore core
id: restore-core
with:
path: ${{ inputs.core_cache_path }}
key: ${{ inputs.core_cache_key }}
fail-on-cache-miss: true
-
id: go-cache-path
name: set cache path
run: echo "GO_CACHE_PATH=$(go env GOCACHE)" >> $GITHUB_OUTPUT
-
uses: actions/cache/restore@v3
id: cache
timeout-minutes: 1
name: restore previous results
with:
key: unit-test-${{ inputs.core_cache_key }}
restore-keys: |
unit-test-core-
path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}
-
name: test
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
run: make core_unit_test
-
name: publish coverage
uses: codecov/codecov-action@v3.1.4
with:
file: profile.cov
name: core-unit-tests
flags: core-unit-tests
-
uses: actions/cache/save@v3
name: cache results
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
with:
key: unit-test-${{ inputs.core_cache_key }}
path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}

81
.github/workflows/core.yml vendored Normal file
View File

@@ -0,0 +1,81 @@
name: Build core
on:
workflow_call:
inputs:
go_version:
required: true
type: string
buf_version:
required: true
type: string
node_version:
required: true
type: string
outputs:
cache_key:
value: ${{ jobs.build.outputs.cache_key }}
cache_path:
value: ${{ jobs.build.outputs.cache_path }}
env:
cache_path: |
internal/statik/statik.go
internal/notification/statik/statik.go
internal/api/ui/login/static/resources/themes/zitadel/css/zitadel.css*
internal/api/ui/login/statik/statik.go
internal/api/assets/authz.go
internal/api/assets/router.go
openapi/v2
pkg/grpc/**/*.pb.*
jobs:
build:
runs-on: ubuntu-latest
outputs:
cache_key: ${{ steps.cache.outputs.cache-primary-key }}
cache_path: ${{ env.cache_path }}
steps:
-
uses: actions/checkout@v3
-
uses: actions/cache/restore@v3
timeout-minutes: 1
id: cache
with:
key: core-${{ hashFiles( 'go.*', 'openapi', 'cmd', 'pkg/grpc/**/*.go', 'proto', 'internal') }}
restore-keys: |
core-
path: ${{ env.cache_path }}
-
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
uses: bufbuild/buf-setup-action@v1
with:
github_token: ${{ github.token }}
version: ${{ inputs.buf_version }}
-
# node to install sass
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
uses: actions/setup-node@v3
with:
node-version: ${{ inputs.node_version }}
-
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
run: npm install -g sass
-
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
uses: actions/setup-go@v4
with:
go-version: ${{ inputs.go_version }}
-
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
run: make core_build
-
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
uses: actions/cache/save@v3
with:
key: ${{ steps.cache.outputs.cache-primary-key }}
path: ${{ env.cache_path }}

128
.github/workflows/e2e.yml vendored
View File

@@ -1,66 +1,104 @@
name: "ZITADEL e2e Tests"
on:
workflow_run:
workflows: [ZITADEL Release]
types:
- completed
workflow_dispatch:
workflow_call:
inputs:
releaseversion:
description: 'Release version to test'
image:
required: true
default: 'latest'
type: string
jobs:
test:
strategy:
fail-fast: false
matrix:
browser: [firefox, chrome]
runs-on: ubuntu-20.04
services:
# we currently use postgres because cockroach doesn't work
postgres:
image: postgres
ports:
- 5432:5432
env:
POSTGRES_USER: zitadel
PGUSER: zitadel
POSTGRES_DB: zitadel
POSTGRES_HOST_AUTH_METHOD: trust
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
--health-start-period 10s
zitadel:
image: ${{ inputs.image }}
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
options: >-
--health-cmd "zitadel ready"
--health-interval 10s
--health-timeout 5s
--health-retries 5
--health-start-period 10s
--add-host host.docker.internal:host-gateway
ports:
- 8080:8080
env:
ZITADEL_ARGS: "start-from-init --masterkeyFromEnv"
ZITADEL_MASTERKEY: MasterkeyNeedsToHave32Characters
ZITADEL_LOG_LEVEL: debug
ZITADEL_EXTERNALDOMAIN: localhost
ZITADEL_EXTERNALSECURE: "false"
ZITADEL_TLS_ENABLED: "false"
ZITADEL_DATABASE_POSTGRES_HOST: postgres
ZITADEL_DATABASE_POSTGRES_PORT: "5432"
ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
ZITADEL_DATABASE_POSTGRES_MAXOPENCONNS: "20"
ZITADEL_DATABASE_POSTGRES_MAXIDLECONNS: "10"
ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: zitadel
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORDCHANGEREQUIRED: "false"
ZITADEL_LOGSTORE_ACCESS_DATABASE_ENABLED: "true"
ZITADEL_LOGSTORE_ACCESS_DATABASE_DEBOUNCE_MINFREQUENCY: 0s
ZITADEL_LOGSTORE_ACCESS_DATABASE_DEBOUNCE_MAXBULKSIZE: "0"
ZITADEL_LOGSTORE_EXECUTION_DATABASE_ENABLED: "true"
ZITADEL_LOGSTORE_EXECUTION_STDOUT_ENABLED: "false"
ZITADEL_QUOTAS_ACCESS_EXHAUSTEDCOOKIEKEY: "zitadel.quota.limiting"
ZITADEL_QUOTAS_ACCESS_EXHAUSTEDCOOKIEMAXAGE: 60s
ZITADEL_PROJECTIONS_CUSTOMIZATIONS_NOTIFICATIONSQUOTAS_REQUEUEEVERY: 1s
ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_MFAINITSKIPLIFETIME: "0"
ZITADEL_SYSTEMAPIUSERS: "{\"cypress\": {\"keyData\": \"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF6aStGRlNKTDdmNXl3NEtUd3pnTQpQMzRlUEd5Y20vTStrVDBNN1Y0Q2d4NVYzRWFESXZUUUtUTGZCYUVCNDV6YjlMdGpJWHpEdzByWFJvUzJoTzZ0CmgrQ1lRQ3ozS0N2aDA5QzBJenhaaUIySVMzSC9hVCs1Qng5RUZZK3ZuQWtaamNjYnlHNVlOUnZtdE9sbnZJZUkKSDdxWjB0RXdrUGZGNUdFWk5QSlB0bXkzVUdWN2lvZmRWUVMxeFJqNzMrYU13NXJ2SDREOElkeWlBQzNWZWtJYgpwdDBWajBTVVgzRHdLdG9nMzM3QnpUaVBrM2FYUkYwc2JGaFFvcWRKUkk4TnFnWmpDd2pxOXlmSTV0eXhZc3duCitKR3pIR2RIdlczaWRPRGxtd0V0NUsycGFzaVJJV0syT0dmcSt3MEVjbHRRSGFidXFFUGdabG1oQ2tSZE5maXgKQndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==\"}}"
runs-on: ubuntu-latest
env:
ZITADEL_IMAGE_REGISTRY: 'ghcr.io/zitadel/zitadel'
ZITADEL_IMAGE: ${{ inputs.image }}
steps:
- name: Checkout Repository
-
name: Checkout Repository
uses: actions/checkout@v3
- name: Set TAG env manual trigger
if: github.event_name == 'workflow_dispatch'
run: echo "ZITADEL_IMAGE=${ZITADEL_IMAGE_REGISTRY}:${{ github.event.inputs.releaseversion }}" >> $GITHUB_ENV
- name: get latest tag
uses: actions-ecosystem/action-get-latest-tag@v1
id: get-latest-tag
with:
semver_only: true
- name: Set TAG env on ZITADEL release
if: github.event_name == 'workflow_run'
run: echo "ZITADEL_IMAGE=${ZITADEL_IMAGE_REGISTRY}:${{ steps.get-latest-tag.outputs.tag }}" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: Cypress run
uses: cypress-io/github-action@v5
env:
CYPRESS_BASE_URL: http://localhost:8080/ui/console
CYPRESS_WEBHOOK_HANDLER_HOST: host.docker.internal
CYPRESS_DATABASE_CONNECTION_URL: 'postgresql://zitadel@localhost:5432/zitadel'
CYPRESS_BACKEND_URL: http://localhost:8080
with:
driver: docker
install: true
- name: Test ${{ matrix.browser }}
run: docker compose run --service-ports e2e --browser ${{ matrix.browser }}
working-directory: e2e/config/host.docker.internal
- name: Ensure Artifacts Directory Exists
run: mkdir -p ./.artifacts
- name: Save ZITADEL Logs
if: always()
run: docker compose logs zitadel > ../../../.artifacts/e2e-compose-zitadel.log
working-directory: e2e/config/host.docker.internal
- name: Save Prepare Logs
if: always()
run: docker compose logs prepare > ../../../.artifacts/e2e-compose-prepare.log
working-directory: e2e/config/host.docker.internal
- name: Archive production tests ${{ matrix.browser }}
if: always()
working-directory: e2e
browser: ${{ matrix.browser }}
command: npm run e2e
config-file: cypress.config.ts
-
uses: actions/upload-artifact@v3
if: always()
with:
name: production-tests-${{ matrix.browser }}
path: |
e2e/cypress/results
e2e/cypress/videos
e2e/cypress/screenshots
.artifacts/e2e-compose-zitadel.log
.artifacts/e2e-compose-prepare.log
e2e/cypress/videos
e2e/cypress/results
retention-days: 30

74
.github/workflows/homebrew.yml vendored Normal file
View File

@@ -0,0 +1,74 @@
name: ZITADEL Update Homebrew Formula
on:
release:
types: [published]
jobs:
homebrew-releaser:
runs-on: ubuntu-latest
name: homebrew-releaser
steps:
- name: Release my project to my Homebrew tap
uses: Justintime50/homebrew-releaser@v1
with:
# The name of the homebrew tap to publish your formula to as it appears on GitHub.
# Required - strings
homebrew_owner: zitadel
homebrew_tap: homebrew-tap
# The name of the folder in your homebrew tap where formula will be committed to.
# Default is shown - string
formula_folder: Formula
# The Personal Access Token (saved as a repo secret) that has `repo` permissions for the repo running the action AND Homebrew tap you want to release to.
# Required - string
github_token: ${{ secrets.CR_PAT }}
# Git author info used to commit to the homebrew tap.
# Defaults are shown - strings
commit_owner: homebrew-releaser
commit_email: homebrew-releaser@zitadel.com
# Custom dependencies in case other formulas are needed to build the current one.
# Optional - multiline string
depends_on: |
"go" => :optional
"git"
# Custom install command for your formula.
# Required - string
install: 'bin.install "zitadel"'
# Custom test command for your formula so you can run `brew test`.
# Optional - string
test: 'ystem "#{bin}/zitadel -v"'
# Allows you to set a custom download strategy. Note that you'll need
# to implement the strategy and add it to your tap repository.
# Example: https://docs.brew.sh/Formula-Cookbook#specifying-the-download-strategy-explicitly
# Optional - string
# download_strategy: CurlDownloadStrategy
# Allows you to add a custom require_relative at the top of the formula template.
# Optional - string
# custom_require: custom_download_strategy
# Adds URL and checksum targets for different OS and architecture pairs. Using this option assumes
# a tar archive exists on your GitHub repo with the following URL pattern (this cannot be customized):
# https://github.com/{GITHUB_OWNER}/{REPO_NAME}/releases/download/{TAG}/{REPO_NAME}-{VERSION}-{OPERATING_SYSTEM}-{ARCHITECTURE}.tar.gz'
# Darwin AMD pre-existing path example: https://github.com/justintime50/myrepo/releases/download/v1.2.0/myrepo-1.2.0-darwin-amd64.tar.gz
# Linux ARM pre-existing path example: https://github.com/justintime50/myrepo/releases/download/v1.2.0/myrepo-1.2.0-linux-arm64.tar.gz
# Optional - booleans
target_darwin_amd64: true
target_darwin_arm64: true
target_linux_amd64: true
target_linux_arm64: true
# Skips committing the generated formula to a homebrew tap (useful for local testing).
# Default is shown - boolean
skip_commit: true
# Logs debugging info to console.
# Default is shown - boolean
debug: true

51
.github/workflows/integration.yml vendored
View File

@@ -1,51 +0,0 @@
name: Integration tests
on:
push:
tags-ignore:
- '**'
pull_request:
branches:
- '**'
jobs:
run:
strategy:
matrix:
db: [cockroach, postgres]
runs-on: ubuntu-20.04
env:
DOCKER_BUILDKIT: 1
INTEGRATION_DB_FLAVOR: ${{ matrix.db }}
ZITADEL_MASTERKEY: MasterkeyNeedsToHave32Characters
steps:
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: '1.20'
- name: Source checkout
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
driver: docker
install: true
- name: Generate gRPC definitions
run: docker build -f build/grpc/Dockerfile -t zitadel-base:local .
- name: Copy gRPC definitions
run: docker build -f build/zitadel/Dockerfile . -t zitadel-go-base --target go-copy -o .
- name: Download Go modules
run: go mod download
- name: Start ${{ matrix.db }} database
run: docker compose -f internal/integration/config/docker-compose.yaml up --wait ${INTEGRATION_DB_FLAVOR}
- name: Run zitadel init and setup
run: |
go run main.go init --config internal/integration/config/zitadel.yaml --config internal/integration/config/${INTEGRATION_DB_FLAVOR}.yaml
go run main.go setup --masterkeyFromEnv --config internal/integration/config/zitadel.yaml --config internal/integration/config/${INTEGRATION_DB_FLAVOR}.yaml
- name: Run integration tests
run: go test -tags=integration -race -p 1 -v -coverprofile=profile.cov -coverpkg=./internal/...,./cmd/... ./internal/integration ./internal/api/grpc/... ./internal/notification/handlers/... ./internal/api/oidc
- name: Publish go coverage
uses: codecov/codecov-action@v3.1.0
with:
file: profile.cov
name: integration-tests

104
.github/workflows/lint.yml vendored Normal file
View File

@@ -0,0 +1,104 @@
name: Lint
on:
workflow_call:
inputs:
node_version:
required: true
type: string
go_version:
required: true
type: string
buf_version:
required: true
type: string
go_lint_version:
required: true
type: string
core_cache_key:
required: true
type: string
core_cache_path:
required: true
type: string
jobs:
lint-skip:
name: lint skip
runs-on: ubuntu-latest
if: ${{ github.event_name != 'pull_request' }}
steps:
- name: Lint skip
run: |
echo "Linting outside of pull requests is skipped"
api:
name: api
runs-on: ubuntu-latest
continue-on-error: true
if: ${{ github.event_name == 'pull_request' }}
steps:
-
uses: actions/checkout@v3
-
uses: bufbuild/buf-setup-action@v1
with:
version: ${{ inputs.buf_version }}
github_token: ${{ secrets.GITHUB_TOKEN }}
-
name: lint
uses: bufbuild/buf-lint-action@v1
-
uses: bufbuild/buf-breaking-action@v1
with:
against: "https://github.com/${{ github.repository }}.git#branch=main"
console:
if: ${{ github.event_name == 'pull_request' }}
name: console
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
uses: actions/setup-node@v3
with:
node-version: ${{ inputs.node_version }}
cache: 'yarn'
cache-dependency-path: console/yarn.lock
-
run: cd console && yarn install
-
name: lint
run: make console_lint
core:
name: core
runs-on: ubuntu-latest
if: ${{ github.event_name == 'pull_request' }}
steps:
-
name: Checkout
uses: actions/checkout@v3
-
uses: actions/setup-go@v4
with:
go-version: ${{ github.event.inputs.go_version }}
-
uses: actions/cache/restore@v3
timeout-minutes: 1
name: restore core
with:
path: ${{ inputs.core_cache_path }}
key: ${{ inputs.core_cache_key }}
fail-on-cache-miss: true
-
uses: golangci/golangci-lint-action@v3
with:
version: ${{ inputs.go_lint_version }}
github-token: ${{ github.token }}
only-new-issues: true
skip-pkg-cache: true
skip-build-cache: true

81
.github/workflows/release.yml vendored Normal file
View File

@@ -0,0 +1,81 @@
name: Release
on:
workflow_call:
inputs:
node_version:
required: true
type: string
buf_version:
required: true
type: string
semantic_version:
required: true
type: string
image:
required: true
type: string
image_name:
required: true
type: string
google_image_name:
required: true
type: string
secrets:
GCR_JSON_KEY_BASE64:
description: 'base64 endcrypted key to connect to Google'
required: true
jobs:
version:
uses: ./.github/workflows/version.yml
with:
semantic_version: ${{ inputs.semantic_version }}
dry_run: true
docker:
runs-on: ubuntu-22.04
needs: [ version ]
steps:
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: Login to Docker registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Login to Google Artifact Registry
uses: docker/login-action@v2
with:
registry: europe-docker.pkg.dev
username: _json_key_base64
password: ${{ secrets.GCR_JSON_KEY_BASE64 }}
-
name: Publish ${{ needs.version.outputs.version }}
run: |
docker buildx imagetools create \
--tag ${{ inputs.image_name }}:${{ needs.version.outputs.version }} \
${{ inputs.image }}
docker buildx imagetools create \
--tag ${{ inputs.image_name }}:${{ needs.version.outputs.version }}-debug \
${{ inputs.image }}-debug
docker buildx imagetools create \
--tag ${{ inputs.google_image_name }}:${{ needs.version.outputs.version }} \
${{ inputs.image }}
-
name: Publish latest
if: ${{ github.ref_name == 'main' }}
run: |
docker buildx imagetools create \
--tag ${{ inputs.image_name }}:latest \
${{ inputs.image }}
docker buildx imagetools create \
--tag ${{ inputs.image_name }}:latest-debug \
${{ inputs.image }}-debug

75
.github/workflows/test-code.yml vendored
View File

@@ -1,75 +0,0 @@
name: ZITADEL PR
on:
pull_request:
paths-ignore:
- 'docs/**'
- 'guides/**'
- '**.md'
- 'release-channels.yaml'
jobs:
Build-ZITADEL:
runs-on: ubuntu-20.04
env:
DOCKER_BUILDKIT: 1
steps:
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: '1.20'
- name: Source checkout
uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
driver: docker
install: true
- name: Install GoReleaser
uses: goreleaser/goreleaser-action@v3
with:
install-only: true
version: v1.10.3
- name: Build and Unit Test
run: GOOS="linux" GOARCH="amd64" goreleaser build --id prod --snapshot --single-target --rm-dist --output .artifacts/zitadel/zitadel
- name: linting
uses: golangci/golangci-lint-action@v3
with:
version: v1.52
only-new-issues: true
skip-pkg-cache: true
- name: Publish go coverage
uses: codecov/codecov-action@v3.1.0
with:
file: .artifacts/codecov/profile.cov
name: unit-tests
# As goreleaser doesn't build a dockerfile in snapshot mode, we have to build it here
- name: Build Docker Image
run: docker build -t zitadel:pr --file build/Dockerfile .artifacts/zitadel
- name: Run E2E Tests
run: docker compose run --service-ports e2e --browser chrome
working-directory: e2e/config/host.docker.internal
env:
ZITADEL_IMAGE: zitadel:pr
- name: Save ZITADEL Logs
if: always()
run: docker compose logs zitadel > ../../../.artifacts/e2e-compose-zitadel.log
working-directory: e2e/config/host.docker.internal
- name: Save Prepare Logs
if: always()
run: docker compose logs prepare > ../../../.artifacts/e2e-compose-prepare.log
working-directory: e2e/config/host.docker.internal
- name: Archive Test Results
if: always()
uses: actions/upload-artifact@v3
with:
name: pull-request-tests
path: |
e2e/cypress/results
e2e/cypress/videos
e2e/cypress/screenshots
.artifacts/e2e-compose-zitadel.log
.artifacts/e2e-compose-prepare.log
retention-days: 30

21
.github/workflows/test-docs.yml vendored
View File

@@ -1,21 +0,0 @@
# ATTENTION: Although this workflow doesn't do much, it is still important.
# It is complementary to the workflow in the file test-code.yml.
# It enables to exclude files for the workflow and still mark the Test job as required without having pending PRs.
# GitHub recommends this solution here:
# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks
name: ZITADEL PR
on:
pull_request:
paths:
- 'docs/**'
- 'guides/**'
- '**.md'
- 'release-channels.yaml'
jobs:
Build-ZITADEL:
runs-on: ubuntu-20.04
steps:
- run: 'echo "No tests for docs are implemented, yet"'

45
.github/workflows/version.yml vendored Normal file
View File

@@ -0,0 +1,45 @@
name: Version
on:
workflow_call:
inputs:
semantic_version:
required: true
type: string
dry_run:
required: true
type: boolean
outputs:
version:
value: ${{ jobs.generate.outputs.version }}
published:
value: ${{jobs.generate.outputs.published }}
jobs:
generate:
runs-on: ubuntu-22.04
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
outputs:
version: ${{ steps.output.outputs.VERSION }}
published: ${{ steps.semantic.outputs.new_release_published }}
steps:
-
name: Source checkout
uses: actions/checkout@v3
-
name: Semantic Release
uses: cycjimmy/semantic-release-action@v3
id: semantic
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
dry_run: ${{ inputs.dry_run }}
semantic_version: ${{ inputs.semantic_version }}
extra_plugins: |
@semantic-release/exec@6.0.3
-
name: output
id: output
run:
if [[ ! -z "${{ steps.semantic.outputs.new_release_version }}" ]]; then echo "VERSION=v${{ steps.semantic.outputs.new_release_version }}" >> "$GITHUB_OUTPUT"; else echo "VERSION=" >> "$GITHUB_OUTPUT";fi

88
.github/workflows/zitadel.yml vendored
View File

@@ -1,88 +0,0 @@
name: ZITADEL Release
on:
push:
tags-ignore:
- "*"
workflow_dispatch:
permissions:
contents: write
packages: write
jobs:
Build:
runs-on: ubuntu-20.04
env:
DOCKER_BUILDKIT: 1
steps:
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: '1.20'
- name: Source checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Fetch all tags
run: git fetch --force --tags
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
driver: docker
install: true
- name: Tag
id: semantic
uses: cycjimmy/semantic-release-action@v2
with:
dry_run: false
semantic_version: 19.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: GitHub Container Registry Login
if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: tibdex/github-app-token@v1
id: generate-token
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Google Artifact Registry Login
if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
uses: docker/login-action@v2
with:
registry: europe-docker.pkg.dev
username: _json_key_base64
password: ${{ secrets.GCR_JSON_KEY_BASE64 }}
- uses: goreleaser/goreleaser-action@v3
name: Publish ZITADEL
if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
with:
distribution: goreleaser
version: v1.11.0
args: release --timeout 50m
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_TOKEN_TAP: ${{ steps.generate-token.outputs.token }}
RELEASE_VERSION: ${{ steps.semantic.outputs.release-version }} # I think this line is not needed. Nevertheless, it's explicit
DISCORD_WEBHOOK_ID: "976058224484687932"
DISCORD_WEBHOOK_TOKEN: "${{ secrets.DISCORD_WEBHOOK_TOKEN }}"
- name: Publish go coverage
uses: codecov/codecov-action@v3.1.0
with:
file: .artifacts/codecov/profile.cov
name: go-codecov
- name: Bump Chart Version
uses: peter-evans/repository-dispatch@v2
if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/next'
with:
token: ${{ steps.generate-token.outputs.token }}
repository: zitadel/zitadel-charts
event-type: zitadel-released
client-payload: '{"semanticoutputs": "${{ steps.semantic.outputs }}"}'