mirror of
https://github.com/zitadel/zitadel.git
synced 2025-10-24 07:59:47 +00:00
ci: improve performance (#5953)
* pipeline runs on ubuntu instead of docker * added Makefile to build zitadel core (backend) and console (frontend) * pipeline runs in parallel where possible * pipeline is split into multiple jobs * removed goreleaser * added command to check if zitadel instance is running
This commit is contained in:
92
.github/workflows/build.yml
vendored
Normal file
92
.github/workflows/build.yml
vendored
Normal file
@@ -0,0 +1,92 @@
|
||||
name: ZITADEL CI/CD
|
||||
|
||||
on: [pull_request, merge_group, workflow_dispatch]
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
packages: write
|
||||
|
||||
jobs:
|
||||
|
||||
core:
|
||||
uses: ./.github/workflows/core.yml
|
||||
with:
|
||||
node_version: '18'
|
||||
buf_version: 'latest'
|
||||
go_version: '1.20'
|
||||
|
||||
console:
|
||||
uses: ./.github/workflows/console.yml
|
||||
with:
|
||||
node_version: '18'
|
||||
buf_version: 'latest'
|
||||
|
||||
version:
|
||||
uses: ./.github/workflows/version.yml
|
||||
with:
|
||||
semantic_version: '19.0.2'
|
||||
dry_run: true
|
||||
|
||||
compile:
|
||||
needs: [core, console, version]
|
||||
uses: ./.github/workflows/compile.yml
|
||||
with:
|
||||
go_version: '1.20'
|
||||
core_cache_key: ${{ needs.core.outputs.cache_key }}
|
||||
console_cache_key: ${{ needs.console.outputs.cache_key }}
|
||||
core_cache_path: ${{ needs.core.outputs.cache_path }}
|
||||
console_cache_path: ${{ needs.console.outputs.cache_path }}
|
||||
version: ${{ needs.version.outputs.version }}
|
||||
|
||||
core-unit-test:
|
||||
needs: core
|
||||
uses: ./.github/workflows/core-unit-test.yml
|
||||
with:
|
||||
go_version: '1.20'
|
||||
core_cache_key: ${{ needs.core.outputs.cache_key }}
|
||||
core_cache_path: ${{ needs.core.outputs.cache_path }}
|
||||
|
||||
core-integration-test:
|
||||
needs: core
|
||||
uses: ./.github/workflows/core-integration-test.yml
|
||||
with:
|
||||
go_version: '1.20'
|
||||
core_cache_key: ${{ needs.core.outputs.cache_key }}
|
||||
core_cache_path: ${{ needs.core.outputs.cache_path }}
|
||||
|
||||
lint:
|
||||
needs: [core, console]
|
||||
uses: ./.github/workflows/lint.yml
|
||||
with:
|
||||
go_version: '1.20'
|
||||
node_version: '18'
|
||||
buf_version: 'latest'
|
||||
go_lint_version: 'v1.53.2'
|
||||
core_cache_key: ${{ needs.core.outputs.cache_key }}
|
||||
core_cache_path: ${{ needs.core.outputs.cache_path }}
|
||||
|
||||
container:
|
||||
needs: [compile]
|
||||
uses: ./.github/workflows/container.yml
|
||||
with:
|
||||
image_name: 'ghcr.io/zitadel/zitadel'
|
||||
|
||||
e2e:
|
||||
uses: ./.github/workflows/e2e.yml
|
||||
needs: [container]
|
||||
with:
|
||||
image: ${{ needs.container.outputs.image }}-debug
|
||||
|
||||
release:
|
||||
uses: ./.github/workflows/release.yml
|
||||
needs: [version, core-unit-test, core-integration-test, lint, container, e2e]
|
||||
if: ${{ needs.version.outputs.published == 'true' }}
|
||||
secrets:
|
||||
GCR_JSON_KEY_BASE64: ${{ secrets.GCR_JSON_KEY_BASE64 }}
|
||||
with:
|
||||
node_version: '16'
|
||||
buf_version: 'latest'
|
||||
image: ${{ needs.container.outputs.image }}
|
||||
semantic_version: '19.0.2'
|
||||
image_name: 'ghcr.io/zitadel/zitadel'
|
||||
google_image_name: "europe-docker.pkg.dev/zitadel-common/zitadel-repo/zitadel"
|
@@ -1,4 +1,4 @@
|
||||
name: "Code scanning - action"
|
||||
name: "Code Scanning"
|
||||
|
||||
on:
|
||||
push:
|
99
.github/workflows/compile.yml
vendored
Normal file
99
.github/workflows/compile.yml
vendored
Normal file
@@ -0,0 +1,99 @@
|
||||
name: Compile
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
go_version:
|
||||
required: true
|
||||
type: string
|
||||
core_cache_key:
|
||||
required: true
|
||||
type: string
|
||||
core_cache_path:
|
||||
required: true
|
||||
type: string
|
||||
console_cache_key:
|
||||
required: true
|
||||
type: string
|
||||
console_cache_path:
|
||||
required: true
|
||||
type: string
|
||||
version:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
executable:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
goos: [linux, darwin, windows]
|
||||
goarch: [amd64, arm64]
|
||||
|
||||
steps:
|
||||
-
|
||||
uses: actions/checkout@v3
|
||||
-
|
||||
uses: actions/cache/restore@v3
|
||||
timeout-minutes: 1
|
||||
name: restore console
|
||||
with:
|
||||
path: ${{ inputs.console_cache_path }}
|
||||
key: ${{ inputs.console_cache_key }}
|
||||
fail-on-cache-miss: true
|
||||
-
|
||||
uses: actions/cache/restore@v3
|
||||
timeout-minutes: 1
|
||||
name: restore core
|
||||
with:
|
||||
path: ${{ inputs.core_cache_path }}
|
||||
key: ${{ inputs.core_cache_key }}
|
||||
fail-on-cache-miss: true
|
||||
-
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: ${{ inputs.go_version }}
|
||||
-
|
||||
name: compile
|
||||
timeout-minutes: 5
|
||||
run: |
|
||||
GOOS="${{matrix.goos}}" \
|
||||
GOARCH="${{matrix.goarch}}" \
|
||||
VERSION="${{ inputs.version }}" \
|
||||
COMMIT_SHA="${{ github.sha }}" \
|
||||
make compile_pipeline
|
||||
-
|
||||
name: create folder
|
||||
run: |
|
||||
mkdir zitadel-${{ matrix.goos }}-${{ matrix.goarch }}
|
||||
mv zitadel zitadel-${{ matrix.goos }}-${{ matrix.goarch }}/
|
||||
cp LICENSE zitadel-${{ matrix.goos }}-${{ matrix.goarch }}/
|
||||
cp README.md zitadel-${{ matrix.goos }}-${{ matrix.goarch }}/
|
||||
tar -cvf zitadel-${{ matrix.goos }}-${{ matrix.goarch }}.tar zitadel-${{ matrix.goos }}-${{ matrix.goarch }}
|
||||
-
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: zitadel-${{ matrix.goos }}-${{ matrix.goarch }}
|
||||
path: zitadel-${{ matrix.goos }}-${{ matrix.goarch }}.tar
|
||||
|
||||
checksums:
|
||||
runs-on: ubuntu-latest
|
||||
needs: executable
|
||||
steps:
|
||||
-
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
path: executables
|
||||
-
|
||||
name: move files one folder up
|
||||
run: mv */*.tar . && find . -type d -empty -delete
|
||||
working-directory: executables
|
||||
-
|
||||
run: sha256sum * > checksums.txt
|
||||
working-directory: executables
|
||||
-
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: checksums.txt
|
||||
path: executables/checksums.txt
|
61
.github/workflows/console.yml
vendored
Normal file
61
.github/workflows/console.yml
vendored
Normal file
@@ -0,0 +1,61 @@
|
||||
name: Build console
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
node_version:
|
||||
required: true
|
||||
type: string
|
||||
buf_version:
|
||||
required: true
|
||||
type: string
|
||||
outputs:
|
||||
cache_key:
|
||||
value: ${{ jobs.build.outputs.cache_key }}
|
||||
cache_path:
|
||||
value: ${{ jobs.build.outputs.cache_path }}
|
||||
|
||||
env:
|
||||
cache_path: console/dist/console
|
||||
|
||||
jobs:
|
||||
build:
|
||||
outputs:
|
||||
cache_key: ${{ steps.cache.outputs.cache-primary-key }}
|
||||
cache_path: ${{ env.cache_path }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
uses: actions/checkout@v3
|
||||
-
|
||||
uses: actions/cache/restore@v3
|
||||
timeout-minutes: 1
|
||||
id: cache
|
||||
with:
|
||||
key: console-${{ hashFiles('console', 'proto') }}
|
||||
restore-keys: |
|
||||
console-
|
||||
path: ${{ env.cache_path }}
|
||||
-
|
||||
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
uses: bufbuild/buf-setup-action@v1
|
||||
with:
|
||||
github_token: ${{ github.token }}
|
||||
version: ${{ inputs.buf_version }}
|
||||
-
|
||||
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: ${{ inputs.node_version }}
|
||||
cache: 'yarn'
|
||||
cache-dependency-path: console/yarn.lock
|
||||
-
|
||||
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
run: make console_build
|
||||
-
|
||||
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
uses: actions/cache/save@v3
|
||||
with:
|
||||
path: ${{ env.cache_path }}
|
||||
key: ${{ steps.cache.outputs.cache-primary-key }}
|
||||
|
168
.github/workflows/container.yml
vendored
Normal file
168
.github/workflows/container.yml
vendored
Normal file
@@ -0,0 +1,168 @@
|
||||
name: Container
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
image_name:
|
||||
required: true
|
||||
type: string
|
||||
outputs:
|
||||
image:
|
||||
value: '${{ inputs.image_name }}:${{ github.sha }}'
|
||||
|
||||
env:
|
||||
default_labels: |
|
||||
org.opencontainers.image.documentation=https://zitadel.com/docs
|
||||
org.opencontainers.image.vendor=CAOS AG
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: zitadel
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
arch: [amd64,arm64]
|
||||
steps:
|
||||
-
|
||||
uses: actions/checkout@v3
|
||||
-
|
||||
name: Scratch meta
|
||||
id: scratch-meta
|
||||
uses: docker/metadata-action@v4
|
||||
with:
|
||||
images: ${{ inputs.image_name }}
|
||||
labels: ${{ env.default_labels}}
|
||||
tags: |
|
||||
type=sha,prefix=,suffix=,format=long
|
||||
-
|
||||
name: Debug meta
|
||||
id: debug-meta
|
||||
uses: docker/metadata-action@v4
|
||||
with:
|
||||
images: ${{ inputs.image_name }}
|
||||
labels: ${{ env.default_labels}}
|
||||
tags: |
|
||||
type=sha,prefix=,suffix=-debug,format=long
|
||||
-
|
||||
name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v2
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
with:
|
||||
driver-opts: 'image=moby/buildkit:v0.11.6'
|
||||
-
|
||||
name: Login to Docker registry
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
-
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
path: .artifacts
|
||||
name: zitadel-linux-${{ matrix.arch }}
|
||||
-
|
||||
name: Unpack executable
|
||||
run: |
|
||||
tar -xvf .artifacts/zitadel-linux-${{ matrix.arch }}.tar
|
||||
mv zitadel-linux-${{ matrix.arch }}/zitadel ./zitadel
|
||||
-
|
||||
name: Debug
|
||||
id: build-debug
|
||||
uses: docker/build-push-action@v4
|
||||
timeout-minutes: 3
|
||||
with:
|
||||
context: .
|
||||
file: build/Dockerfile
|
||||
target: artifact
|
||||
platforms: linux/${{ matrix.arch }}
|
||||
push: true
|
||||
labels: ${{ steps.debug-meta.outputs.labels }}
|
||||
outputs: type=image,name=${{ inputs.image_name }},push-by-digest=true,name-canonical=true,push=true
|
||||
-
|
||||
name: Scratch
|
||||
id: build-scratch
|
||||
uses: docker/build-push-action@v4
|
||||
timeout-minutes: 3
|
||||
with:
|
||||
context: .
|
||||
file: build/Dockerfile
|
||||
target: final
|
||||
platforms: linux/${{ matrix.arch }}
|
||||
push: true
|
||||
labels: ${{ steps.scratch-meta.outputs.labels }}
|
||||
outputs: type=image,name=${{ inputs.image_name }},push-by-digest=true,name-canonical=true,push=true
|
||||
-
|
||||
name: Export debug digest
|
||||
run: |
|
||||
mkdir -p /tmp/digests/debug
|
||||
digest="${{ steps.build-debug.outputs.digest }}"
|
||||
touch "/tmp/digests/debug/${digest#sha256:}"
|
||||
-
|
||||
name: Export scratch digest
|
||||
run: |
|
||||
mkdir -p /tmp/digests/scratch
|
||||
digest="${{ steps.build-scratch.outputs.digest }}"
|
||||
touch "/tmp/digests/scratch/${digest#sha256:}"
|
||||
-
|
||||
name: Upload digest
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: digests
|
||||
path: /tmp/digests
|
||||
if-no-files-found: error
|
||||
retention-days: 1
|
||||
|
||||
merge:
|
||||
runs-on: ubuntu-latest
|
||||
needs:
|
||||
- build
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
image: [scratch, debug]
|
||||
include:
|
||||
- image: scratch
|
||||
suffix: ''
|
||||
- image: debug
|
||||
suffix: '-debug'
|
||||
steps:
|
||||
-
|
||||
name: Download digests
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: digests
|
||||
path: /tmp/digests
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
with:
|
||||
driver-opts: 'image=moby/buildkit:v0.11.6'
|
||||
-
|
||||
name: Docker meta
|
||||
id: meta
|
||||
uses: docker/metadata-action@v4
|
||||
with:
|
||||
images: '${{ inputs.image_name }}'
|
||||
tags: |
|
||||
type=sha,prefix=,suffix=${{ matrix.suffix }},format=long
|
||||
-
|
||||
name: Login to Docker registry
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
-
|
||||
name: Create manifest list and push
|
||||
working-directory: /tmp/digests/${{ matrix.image }}
|
||||
run: |
|
||||
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
|
||||
$(printf '${{ inputs.image_name }}@sha256:%s ' *)
|
||||
-
|
||||
name: Inspect image
|
||||
run: |
|
||||
docker buildx imagetools inspect ${{ inputs.image_name }}:${{ github.sha }}${{ matrix.suffix }}
|
153
.github/workflows/core-integration-test.yml
vendored
Normal file
153
.github/workflows/core-integration-test.yml
vendored
Normal file
@@ -0,0 +1,153 @@
|
||||
name: Integration test core
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
go_version:
|
||||
required: true
|
||||
type: string
|
||||
core_cache_key:
|
||||
required: true
|
||||
type: string
|
||||
core_cache_path:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
postgres:
|
||||
runs-on: ubuntu-latest
|
||||
services:
|
||||
postgres:
|
||||
image: postgres
|
||||
ports:
|
||||
- 5432:5432
|
||||
env:
|
||||
POSTGRES_USER: zitadel
|
||||
PGUSER: zitadel
|
||||
POSTGRES_DB: zitadel
|
||||
POSTGRES_HOST_AUTH_METHOD: trust
|
||||
options: >-
|
||||
--health-cmd pg_isready
|
||||
--health-interval 10s
|
||||
--health-timeout 5s
|
||||
--health-retries 5
|
||||
--health-start-period 10s
|
||||
steps:
|
||||
-
|
||||
uses: actions/checkout@v3
|
||||
-
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: ${{ inputs.go_version }}
|
||||
-
|
||||
uses: actions/cache/restore@v3
|
||||
timeout-minutes: 1
|
||||
name: restore core
|
||||
id: restore-core
|
||||
with:
|
||||
path: ${{ inputs.core_cache_path }}
|
||||
key: ${{ inputs.core_cache_key }}
|
||||
fail-on-cache-miss: true
|
||||
-
|
||||
id: go-cache-path
|
||||
name: set cache path
|
||||
run: echo "GO_CACHE_PATH=$(go env GOCACHE)" >> $GITHUB_OUTPUT
|
||||
-
|
||||
uses: actions/cache/restore@v3
|
||||
id: cache
|
||||
timeout-minutes: 1
|
||||
name: restore previous results
|
||||
with:
|
||||
key: integration-test-postgres-${{ inputs.core_cache_key }}
|
||||
restore-keys: |
|
||||
integration-test-postgres-core-
|
||||
path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}
|
||||
-
|
||||
name: test
|
||||
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
env:
|
||||
ZITADEL_MASTERKEY: MasterkeyNeedsToHave32Characters
|
||||
INTEGRATION_DB_FLAVOR: postgres
|
||||
run: make core_integration_test
|
||||
-
|
||||
name: publish coverage
|
||||
uses: codecov/codecov-action@v3.1.4
|
||||
with:
|
||||
file: profile.cov
|
||||
name: core-integration-tests-postgres
|
||||
flags: core-integration-tests-postgres
|
||||
-
|
||||
uses: actions/cache/save@v3
|
||||
name: cache results
|
||||
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
with:
|
||||
key: integration-test-postgres-${{ inputs.core_cache_key }}
|
||||
path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}
|
||||
|
||||
# TODO: enable as soon as cockroach allows `COCKROACH_ARGS`
|
||||
# cockroach:
|
||||
# runs-on: ubuntu-latest
|
||||
# services:
|
||||
# cockroach:
|
||||
# image: cockroachdb/cockroach:latest
|
||||
# ports:
|
||||
# - 26257:26257
|
||||
# - 9090:9090
|
||||
# env:
|
||||
# COCKROACH_ARGS: start-single-node --insecure --http-addr :9090
|
||||
# options: >-
|
||||
# --health-cmd "curl http://localhost:9090/health?ready=1 || exit 1"
|
||||
# --health-interval 10s
|
||||
# --health-timeout 5s
|
||||
# --health-retries 5
|
||||
# --health-start-period 10s
|
||||
# steps:
|
||||
# -
|
||||
# uses: actions/checkout@v3
|
||||
# -
|
||||
# uses: actions/setup-go@v4
|
||||
# with:
|
||||
# go-version: ${{ inputs.go_version }}
|
||||
# -
|
||||
# uses: actions/cache/restore@v3
|
||||
# timeout-minutes: 1
|
||||
# name: restore core
|
||||
# with:
|
||||
# path: ${{ inputs.core_cache_path }}
|
||||
# key: ${{ inputs.core_cache_key }}
|
||||
# fail-on-cache-miss: true
|
||||
# -
|
||||
# id: go-cache-path
|
||||
# name: set cache path
|
||||
# run: echo "GO_CACHE_PATH=$(go env GOCACHE)" >> $GITHUB_OUTPUT
|
||||
# -
|
||||
# uses: actions/cache/restore@v3
|
||||
# timeout-minutes: 1
|
||||
# name: restore previous results
|
||||
# cache: id
|
||||
# with:
|
||||
# key: integration-test-crdb-${{ inputs.core_cache_key }}
|
||||
# restore-keys: |
|
||||
# integration-test-crdb-core-
|
||||
# path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}
|
||||
# -
|
||||
# name: test
|
||||
# if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
# env:
|
||||
# ZITADEL_MASTERKEY: MasterkeyNeedsToHave32Characters
|
||||
# INTEGRATION_DB_FLAVOR: cockroach
|
||||
# run: make core_integration_test
|
||||
# -
|
||||
# name: publish coverage
|
||||
# uses: codecov/codecov-action@v3.1.4
|
||||
# with:
|
||||
# file: profile.cov
|
||||
# name: core-integration-tests-cockroach
|
||||
# flags: core-integration-tests-cockroach
|
||||
# -
|
||||
# uses: actions/cache/save@v3
|
||||
# name: cache results
|
||||
# if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
# with:
|
||||
# key: integration-test-crdb-${{ inputs.core_cache_key }}
|
||||
# path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}
|
67
.github/workflows/core-unit-test.yml
vendored
Normal file
67
.github/workflows/core-unit-test.yml
vendored
Normal file
@@ -0,0 +1,67 @@
|
||||
name: Unit test core
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
go_version:
|
||||
required: true
|
||||
type: string
|
||||
core_cache_key:
|
||||
required: true
|
||||
type: string
|
||||
core_cache_path:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
uses: actions/checkout@v3
|
||||
-
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: ${{ inputs.go_version }}
|
||||
-
|
||||
uses: actions/cache/restore@v3
|
||||
timeout-minutes: 1
|
||||
name: restore core
|
||||
id: restore-core
|
||||
with:
|
||||
path: ${{ inputs.core_cache_path }}
|
||||
key: ${{ inputs.core_cache_key }}
|
||||
fail-on-cache-miss: true
|
||||
-
|
||||
id: go-cache-path
|
||||
name: set cache path
|
||||
run: echo "GO_CACHE_PATH=$(go env GOCACHE)" >> $GITHUB_OUTPUT
|
||||
-
|
||||
uses: actions/cache/restore@v3
|
||||
id: cache
|
||||
timeout-minutes: 1
|
||||
name: restore previous results
|
||||
with:
|
||||
key: unit-test-${{ inputs.core_cache_key }}
|
||||
restore-keys: |
|
||||
unit-test-core-
|
||||
path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}
|
||||
-
|
||||
name: test
|
||||
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
run: make core_unit_test
|
||||
-
|
||||
name: publish coverage
|
||||
uses: codecov/codecov-action@v3.1.4
|
||||
with:
|
||||
file: profile.cov
|
||||
name: core-unit-tests
|
||||
flags: core-unit-tests
|
||||
-
|
||||
uses: actions/cache/save@v3
|
||||
name: cache results
|
||||
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
with:
|
||||
key: unit-test-${{ inputs.core_cache_key }}
|
||||
path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}
|
||||
|
81
.github/workflows/core.yml
vendored
Normal file
81
.github/workflows/core.yml
vendored
Normal file
@@ -0,0 +1,81 @@
|
||||
name: Build core
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
go_version:
|
||||
required: true
|
||||
type: string
|
||||
buf_version:
|
||||
required: true
|
||||
type: string
|
||||
node_version:
|
||||
required: true
|
||||
type: string
|
||||
outputs:
|
||||
cache_key:
|
||||
value: ${{ jobs.build.outputs.cache_key }}
|
||||
cache_path:
|
||||
value: ${{ jobs.build.outputs.cache_path }}
|
||||
|
||||
env:
|
||||
cache_path: |
|
||||
internal/statik/statik.go
|
||||
internal/notification/statik/statik.go
|
||||
internal/api/ui/login/static/resources/themes/zitadel/css/zitadel.css*
|
||||
internal/api/ui/login/statik/statik.go
|
||||
internal/api/assets/authz.go
|
||||
internal/api/assets/router.go
|
||||
openapi/v2
|
||||
pkg/grpc/**/*.pb.*
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
cache_key: ${{ steps.cache.outputs.cache-primary-key }}
|
||||
cache_path: ${{ env.cache_path }}
|
||||
steps:
|
||||
-
|
||||
uses: actions/checkout@v3
|
||||
-
|
||||
uses: actions/cache/restore@v3
|
||||
timeout-minutes: 1
|
||||
id: cache
|
||||
with:
|
||||
key: core-${{ hashFiles( 'go.*', 'openapi', 'cmd', 'pkg/grpc/**/*.go', 'proto', 'internal') }}
|
||||
restore-keys: |
|
||||
core-
|
||||
path: ${{ env.cache_path }}
|
||||
-
|
||||
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
uses: bufbuild/buf-setup-action@v1
|
||||
with:
|
||||
github_token: ${{ github.token }}
|
||||
version: ${{ inputs.buf_version }}
|
||||
|
||||
-
|
||||
# node to install sass
|
||||
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: ${{ inputs.node_version }}
|
||||
-
|
||||
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
run: npm install -g sass
|
||||
|
||||
-
|
||||
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: ${{ inputs.go_version }}
|
||||
-
|
||||
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
run: make core_build
|
||||
-
|
||||
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
|
||||
uses: actions/cache/save@v3
|
||||
with:
|
||||
key: ${{ steps.cache.outputs.cache-primary-key }}
|
||||
path: ${{ env.cache_path }}
|
||||
|
128
.github/workflows/e2e.yml
vendored
128
.github/workflows/e2e.yml
vendored
@@ -1,66 +1,104 @@
|
||||
name: "ZITADEL e2e Tests"
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
workflows: [ZITADEL Release]
|
||||
types:
|
||||
- completed
|
||||
workflow_dispatch:
|
||||
workflow_call:
|
||||
inputs:
|
||||
releaseversion:
|
||||
description: 'Release version to test'
|
||||
image:
|
||||
required: true
|
||||
default: 'latest'
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
test:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
browser: [firefox, chrome]
|
||||
runs-on: ubuntu-20.04
|
||||
services:
|
||||
# we currently use postgres because cockroach doesn't work
|
||||
postgres:
|
||||
image: postgres
|
||||
ports:
|
||||
- 5432:5432
|
||||
env:
|
||||
POSTGRES_USER: zitadel
|
||||
PGUSER: zitadel
|
||||
POSTGRES_DB: zitadel
|
||||
POSTGRES_HOST_AUTH_METHOD: trust
|
||||
options: >-
|
||||
--health-cmd pg_isready
|
||||
--health-interval 10s
|
||||
--health-timeout 5s
|
||||
--health-retries 5
|
||||
--health-start-period 10s
|
||||
zitadel:
|
||||
image: ${{ inputs.image }}
|
||||
credentials:
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
options: >-
|
||||
--health-cmd "zitadel ready"
|
||||
--health-interval 10s
|
||||
--health-timeout 5s
|
||||
--health-retries 5
|
||||
--health-start-period 10s
|
||||
--add-host host.docker.internal:host-gateway
|
||||
ports:
|
||||
- 8080:8080
|
||||
env:
|
||||
ZITADEL_ARGS: "start-from-init --masterkeyFromEnv"
|
||||
ZITADEL_MASTERKEY: MasterkeyNeedsToHave32Characters
|
||||
ZITADEL_LOG_LEVEL: debug
|
||||
ZITADEL_EXTERNALDOMAIN: localhost
|
||||
ZITADEL_EXTERNALSECURE: "false"
|
||||
ZITADEL_TLS_ENABLED: "false"
|
||||
ZITADEL_DATABASE_POSTGRES_HOST: postgres
|
||||
ZITADEL_DATABASE_POSTGRES_PORT: "5432"
|
||||
ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
|
||||
ZITADEL_DATABASE_POSTGRES_MAXOPENCONNS: "20"
|
||||
ZITADEL_DATABASE_POSTGRES_MAXIDLECONNS: "10"
|
||||
ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel
|
||||
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
|
||||
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: zitadel
|
||||
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
|
||||
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORDCHANGEREQUIRED: "false"
|
||||
ZITADEL_LOGSTORE_ACCESS_DATABASE_ENABLED: "true"
|
||||
ZITADEL_LOGSTORE_ACCESS_DATABASE_DEBOUNCE_MINFREQUENCY: 0s
|
||||
ZITADEL_LOGSTORE_ACCESS_DATABASE_DEBOUNCE_MAXBULKSIZE: "0"
|
||||
ZITADEL_LOGSTORE_EXECUTION_DATABASE_ENABLED: "true"
|
||||
ZITADEL_LOGSTORE_EXECUTION_STDOUT_ENABLED: "false"
|
||||
ZITADEL_QUOTAS_ACCESS_EXHAUSTEDCOOKIEKEY: "zitadel.quota.limiting"
|
||||
ZITADEL_QUOTAS_ACCESS_EXHAUSTEDCOOKIEMAXAGE: 60s
|
||||
ZITADEL_PROJECTIONS_CUSTOMIZATIONS_NOTIFICATIONSQUOTAS_REQUEUEEVERY: 1s
|
||||
ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_MFAINITSKIPLIFETIME: "0"
|
||||
ZITADEL_SYSTEMAPIUSERS: "{\"cypress\": {\"keyData\": \"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF6aStGRlNKTDdmNXl3NEtUd3pnTQpQMzRlUEd5Y20vTStrVDBNN1Y0Q2d4NVYzRWFESXZUUUtUTGZCYUVCNDV6YjlMdGpJWHpEdzByWFJvUzJoTzZ0CmgrQ1lRQ3ozS0N2aDA5QzBJenhaaUIySVMzSC9hVCs1Qng5RUZZK3ZuQWtaamNjYnlHNVlOUnZtdE9sbnZJZUkKSDdxWjB0RXdrUGZGNUdFWk5QSlB0bXkzVUdWN2lvZmRWUVMxeFJqNzMrYU13NXJ2SDREOElkeWlBQzNWZWtJYgpwdDBWajBTVVgzRHdLdG9nMzM3QnpUaVBrM2FYUkYwc2JGaFFvcWRKUkk4TnFnWmpDd2pxOXlmSTV0eXhZc3duCitKR3pIR2RIdlczaWRPRGxtd0V0NUsycGFzaVJJV0syT0dmcSt3MEVjbHRRSGFidXFFUGdabG1oQ2tSZE5maXgKQndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==\"}}"
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
ZITADEL_IMAGE_REGISTRY: 'ghcr.io/zitadel/zitadel'
|
||||
ZITADEL_IMAGE: ${{ inputs.image }}
|
||||
steps:
|
||||
- name: Checkout Repository
|
||||
-
|
||||
name: Checkout Repository
|
||||
uses: actions/checkout@v3
|
||||
- name: Set TAG env manual trigger
|
||||
if: github.event_name == 'workflow_dispatch'
|
||||
run: echo "ZITADEL_IMAGE=${ZITADEL_IMAGE_REGISTRY}:${{ github.event.inputs.releaseversion }}" >> $GITHUB_ENV
|
||||
- name: get latest tag
|
||||
uses: actions-ecosystem/action-get-latest-tag@v1
|
||||
id: get-latest-tag
|
||||
with:
|
||||
semver_only: true
|
||||
- name: Set TAG env on ZITADEL release
|
||||
if: github.event_name == 'workflow_run'
|
||||
run: echo "ZITADEL_IMAGE=${ZITADEL_IMAGE_REGISTRY}:${{ steps.get-latest-tag.outputs.tag }}" >> $GITHUB_ENV
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
-
|
||||
name: Cypress run
|
||||
uses: cypress-io/github-action@v5
|
||||
env:
|
||||
CYPRESS_BASE_URL: http://localhost:8080/ui/console
|
||||
CYPRESS_WEBHOOK_HANDLER_HOST: host.docker.internal
|
||||
CYPRESS_DATABASE_CONNECTION_URL: 'postgresql://zitadel@localhost:5432/zitadel'
|
||||
CYPRESS_BACKEND_URL: http://localhost:8080
|
||||
with:
|
||||
driver: docker
|
||||
install: true
|
||||
- name: Test ${{ matrix.browser }}
|
||||
run: docker compose run --service-ports e2e --browser ${{ matrix.browser }}
|
||||
working-directory: e2e/config/host.docker.internal
|
||||
- name: Ensure Artifacts Directory Exists
|
||||
run: mkdir -p ./.artifacts
|
||||
- name: Save ZITADEL Logs
|
||||
if: always()
|
||||
run: docker compose logs zitadel > ../../../.artifacts/e2e-compose-zitadel.log
|
||||
working-directory: e2e/config/host.docker.internal
|
||||
- name: Save Prepare Logs
|
||||
if: always()
|
||||
run: docker compose logs prepare > ../../../.artifacts/e2e-compose-prepare.log
|
||||
working-directory: e2e/config/host.docker.internal
|
||||
- name: Archive production tests ${{ matrix.browser }}
|
||||
if: always()
|
||||
working-directory: e2e
|
||||
browser: ${{ matrix.browser }}
|
||||
command: npm run e2e
|
||||
config-file: cypress.config.ts
|
||||
-
|
||||
uses: actions/upload-artifact@v3
|
||||
if: always()
|
||||
with:
|
||||
name: production-tests-${{ matrix.browser }}
|
||||
path: |
|
||||
e2e/cypress/results
|
||||
e2e/cypress/videos
|
||||
e2e/cypress/screenshots
|
||||
.artifacts/e2e-compose-zitadel.log
|
||||
.artifacts/e2e-compose-prepare.log
|
||||
e2e/cypress/videos
|
||||
e2e/cypress/results
|
||||
retention-days: 30
|
||||
|
74
.github/workflows/homebrew.yml
vendored
Normal file
74
.github/workflows/homebrew.yml
vendored
Normal file
@@ -0,0 +1,74 @@
|
||||
name: ZITADEL Update Homebrew Formula
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [published]
|
||||
|
||||
jobs:
|
||||
homebrew-releaser:
|
||||
runs-on: ubuntu-latest
|
||||
name: homebrew-releaser
|
||||
steps:
|
||||
- name: Release my project to my Homebrew tap
|
||||
uses: Justintime50/homebrew-releaser@v1
|
||||
with:
|
||||
# The name of the homebrew tap to publish your formula to as it appears on GitHub.
|
||||
# Required - strings
|
||||
homebrew_owner: zitadel
|
||||
homebrew_tap: homebrew-tap
|
||||
|
||||
# The name of the folder in your homebrew tap where formula will be committed to.
|
||||
# Default is shown - string
|
||||
formula_folder: Formula
|
||||
|
||||
# The Personal Access Token (saved as a repo secret) that has `repo` permissions for the repo running the action AND Homebrew tap you want to release to.
|
||||
# Required - string
|
||||
github_token: ${{ secrets.CR_PAT }}
|
||||
|
||||
# Git author info used to commit to the homebrew tap.
|
||||
# Defaults are shown - strings
|
||||
commit_owner: homebrew-releaser
|
||||
commit_email: homebrew-releaser@zitadel.com
|
||||
|
||||
# Custom dependencies in case other formulas are needed to build the current one.
|
||||
# Optional - multiline string
|
||||
depends_on: |
|
||||
"go" => :optional
|
||||
"git"
|
||||
|
||||
# Custom install command for your formula.
|
||||
# Required - string
|
||||
install: 'bin.install "zitadel"'
|
||||
|
||||
# Custom test command for your formula so you can run `brew test`.
|
||||
# Optional - string
|
||||
test: 'ystem "#{bin}/zitadel -v"'
|
||||
|
||||
# Allows you to set a custom download strategy. Note that you'll need
|
||||
# to implement the strategy and add it to your tap repository.
|
||||
# Example: https://docs.brew.sh/Formula-Cookbook#specifying-the-download-strategy-explicitly
|
||||
# Optional - string
|
||||
# download_strategy: CurlDownloadStrategy
|
||||
|
||||
# Allows you to add a custom require_relative at the top of the formula template.
|
||||
# Optional - string
|
||||
# custom_require: custom_download_strategy
|
||||
|
||||
# Adds URL and checksum targets for different OS and architecture pairs. Using this option assumes
|
||||
# a tar archive exists on your GitHub repo with the following URL pattern (this cannot be customized):
|
||||
# https://github.com/{GITHUB_OWNER}/{REPO_NAME}/releases/download/{TAG}/{REPO_NAME}-{VERSION}-{OPERATING_SYSTEM}-{ARCHITECTURE}.tar.gz'
|
||||
# Darwin AMD pre-existing path example: https://github.com/justintime50/myrepo/releases/download/v1.2.0/myrepo-1.2.0-darwin-amd64.tar.gz
|
||||
# Linux ARM pre-existing path example: https://github.com/justintime50/myrepo/releases/download/v1.2.0/myrepo-1.2.0-linux-arm64.tar.gz
|
||||
# Optional - booleans
|
||||
target_darwin_amd64: true
|
||||
target_darwin_arm64: true
|
||||
target_linux_amd64: true
|
||||
target_linux_arm64: true
|
||||
|
||||
# Skips committing the generated formula to a homebrew tap (useful for local testing).
|
||||
# Default is shown - boolean
|
||||
skip_commit: true
|
||||
|
||||
# Logs debugging info to console.
|
||||
# Default is shown - boolean
|
||||
debug: true
|
51
.github/workflows/integration.yml
vendored
51
.github/workflows/integration.yml
vendored
@@ -1,51 +0,0 @@
|
||||
name: Integration tests
|
||||
|
||||
on:
|
||||
push:
|
||||
tags-ignore:
|
||||
- '**'
|
||||
pull_request:
|
||||
branches:
|
||||
- '**'
|
||||
|
||||
jobs:
|
||||
run:
|
||||
strategy:
|
||||
matrix:
|
||||
db: [cockroach, postgres]
|
||||
runs-on: ubuntu-20.04
|
||||
env:
|
||||
DOCKER_BUILDKIT: 1
|
||||
INTEGRATION_DB_FLAVOR: ${{ matrix.db }}
|
||||
ZITADEL_MASTERKEY: MasterkeyNeedsToHave32Characters
|
||||
steps:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: '1.20'
|
||||
- name: Source checkout
|
||||
uses: actions/checkout@v3
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
with:
|
||||
driver: docker
|
||||
install: true
|
||||
- name: Generate gRPC definitions
|
||||
run: docker build -f build/grpc/Dockerfile -t zitadel-base:local .
|
||||
- name: Copy gRPC definitions
|
||||
run: docker build -f build/zitadel/Dockerfile . -t zitadel-go-base --target go-copy -o .
|
||||
- name: Download Go modules
|
||||
run: go mod download
|
||||
- name: Start ${{ matrix.db }} database
|
||||
run: docker compose -f internal/integration/config/docker-compose.yaml up --wait ${INTEGRATION_DB_FLAVOR}
|
||||
- name: Run zitadel init and setup
|
||||
run: |
|
||||
go run main.go init --config internal/integration/config/zitadel.yaml --config internal/integration/config/${INTEGRATION_DB_FLAVOR}.yaml
|
||||
go run main.go setup --masterkeyFromEnv --config internal/integration/config/zitadel.yaml --config internal/integration/config/${INTEGRATION_DB_FLAVOR}.yaml
|
||||
- name: Run integration tests
|
||||
run: go test -tags=integration -race -p 1 -v -coverprofile=profile.cov -coverpkg=./internal/...,./cmd/... ./internal/integration ./internal/api/grpc/... ./internal/notification/handlers/... ./internal/api/oidc
|
||||
- name: Publish go coverage
|
||||
uses: codecov/codecov-action@v3.1.0
|
||||
with:
|
||||
file: profile.cov
|
||||
name: integration-tests
|
104
.github/workflows/lint.yml
vendored
Normal file
104
.github/workflows/lint.yml
vendored
Normal file
@@ -0,0 +1,104 @@
|
||||
name: Lint
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
node_version:
|
||||
required: true
|
||||
type: string
|
||||
go_version:
|
||||
required: true
|
||||
type: string
|
||||
buf_version:
|
||||
required: true
|
||||
type: string
|
||||
go_lint_version:
|
||||
required: true
|
||||
type: string
|
||||
core_cache_key:
|
||||
required: true
|
||||
type: string
|
||||
core_cache_path:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
|
||||
lint-skip:
|
||||
name: lint skip
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ github.event_name != 'pull_request' }}
|
||||
steps:
|
||||
- name: Lint skip
|
||||
run: |
|
||||
echo "Linting outside of pull requests is skipped"
|
||||
|
||||
api:
|
||||
name: api
|
||||
runs-on: ubuntu-latest
|
||||
continue-on-error: true
|
||||
if: ${{ github.event_name == 'pull_request' }}
|
||||
steps:
|
||||
-
|
||||
uses: actions/checkout@v3
|
||||
-
|
||||
uses: bufbuild/buf-setup-action@v1
|
||||
with:
|
||||
version: ${{ inputs.buf_version }}
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
-
|
||||
name: lint
|
||||
uses: bufbuild/buf-lint-action@v1
|
||||
-
|
||||
uses: bufbuild/buf-breaking-action@v1
|
||||
with:
|
||||
against: "https://github.com/${{ github.repository }}.git#branch=main"
|
||||
|
||||
console:
|
||||
if: ${{ github.event_name == 'pull_request' }}
|
||||
name: console
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
-
|
||||
uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: ${{ inputs.node_version }}
|
||||
cache: 'yarn'
|
||||
cache-dependency-path: console/yarn.lock
|
||||
-
|
||||
run: cd console && yarn install
|
||||
-
|
||||
name: lint
|
||||
run: make console_lint
|
||||
|
||||
core:
|
||||
name: core
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ github.event_name == 'pull_request' }}
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
-
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: ${{ github.event.inputs.go_version }}
|
||||
-
|
||||
uses: actions/cache/restore@v3
|
||||
timeout-minutes: 1
|
||||
name: restore core
|
||||
with:
|
||||
path: ${{ inputs.core_cache_path }}
|
||||
key: ${{ inputs.core_cache_key }}
|
||||
fail-on-cache-miss: true
|
||||
-
|
||||
uses: golangci/golangci-lint-action@v3
|
||||
with:
|
||||
version: ${{ inputs.go_lint_version }}
|
||||
github-token: ${{ github.token }}
|
||||
only-new-issues: true
|
||||
skip-pkg-cache: true
|
||||
skip-build-cache: true
|
81
.github/workflows/release.yml
vendored
Normal file
81
.github/workflows/release.yml
vendored
Normal file
@@ -0,0 +1,81 @@
|
||||
name: Release
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
node_version:
|
||||
required: true
|
||||
type: string
|
||||
buf_version:
|
||||
required: true
|
||||
type: string
|
||||
semantic_version:
|
||||
required: true
|
||||
type: string
|
||||
image:
|
||||
required: true
|
||||
type: string
|
||||
image_name:
|
||||
required: true
|
||||
type: string
|
||||
google_image_name:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
GCR_JSON_KEY_BASE64:
|
||||
description: 'base64 endcrypted key to connect to Google'
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
version:
|
||||
uses: ./.github/workflows/version.yml
|
||||
with:
|
||||
semantic_version: ${{ inputs.semantic_version }}
|
||||
dry_run: true
|
||||
|
||||
docker:
|
||||
runs-on: ubuntu-22.04
|
||||
needs: [ version ]
|
||||
steps:
|
||||
-
|
||||
name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v2
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
-
|
||||
name: Login to Docker registry
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
-
|
||||
name: Login to Google Artifact Registry
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: europe-docker.pkg.dev
|
||||
username: _json_key_base64
|
||||
password: ${{ secrets.GCR_JSON_KEY_BASE64 }}
|
||||
-
|
||||
name: Publish ${{ needs.version.outputs.version }}
|
||||
run: |
|
||||
docker buildx imagetools create \
|
||||
--tag ${{ inputs.image_name }}:${{ needs.version.outputs.version }} \
|
||||
${{ inputs.image }}
|
||||
docker buildx imagetools create \
|
||||
--tag ${{ inputs.image_name }}:${{ needs.version.outputs.version }}-debug \
|
||||
${{ inputs.image }}-debug
|
||||
docker buildx imagetools create \
|
||||
--tag ${{ inputs.google_image_name }}:${{ needs.version.outputs.version }} \
|
||||
${{ inputs.image }}
|
||||
-
|
||||
name: Publish latest
|
||||
if: ${{ github.ref_name == 'main' }}
|
||||
run: |
|
||||
docker buildx imagetools create \
|
||||
--tag ${{ inputs.image_name }}:latest \
|
||||
${{ inputs.image }}
|
||||
docker buildx imagetools create \
|
||||
--tag ${{ inputs.image_name }}:latest-debug \
|
||||
${{ inputs.image }}-debug
|
75
.github/workflows/test-code.yml
vendored
75
.github/workflows/test-code.yml
vendored
@@ -1,75 +0,0 @@
|
||||
name: ZITADEL PR
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths-ignore:
|
||||
- 'docs/**'
|
||||
- 'guides/**'
|
||||
- '**.md'
|
||||
- 'release-channels.yaml'
|
||||
|
||||
jobs:
|
||||
Build-ZITADEL:
|
||||
runs-on: ubuntu-20.04
|
||||
env:
|
||||
DOCKER_BUILDKIT: 1
|
||||
steps:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: '1.20'
|
||||
- name: Source checkout
|
||||
uses: actions/checkout@v3
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v2
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
with:
|
||||
driver: docker
|
||||
install: true
|
||||
- name: Install GoReleaser
|
||||
uses: goreleaser/goreleaser-action@v3
|
||||
with:
|
||||
install-only: true
|
||||
version: v1.10.3
|
||||
- name: Build and Unit Test
|
||||
run: GOOS="linux" GOARCH="amd64" goreleaser build --id prod --snapshot --single-target --rm-dist --output .artifacts/zitadel/zitadel
|
||||
- name: linting
|
||||
uses: golangci/golangci-lint-action@v3
|
||||
with:
|
||||
version: v1.52
|
||||
only-new-issues: true
|
||||
skip-pkg-cache: true
|
||||
- name: Publish go coverage
|
||||
uses: codecov/codecov-action@v3.1.0
|
||||
with:
|
||||
file: .artifacts/codecov/profile.cov
|
||||
name: unit-tests
|
||||
# As goreleaser doesn't build a dockerfile in snapshot mode, we have to build it here
|
||||
- name: Build Docker Image
|
||||
run: docker build -t zitadel:pr --file build/Dockerfile .artifacts/zitadel
|
||||
- name: Run E2E Tests
|
||||
run: docker compose run --service-ports e2e --browser chrome
|
||||
working-directory: e2e/config/host.docker.internal
|
||||
env:
|
||||
ZITADEL_IMAGE: zitadel:pr
|
||||
- name: Save ZITADEL Logs
|
||||
if: always()
|
||||
run: docker compose logs zitadel > ../../../.artifacts/e2e-compose-zitadel.log
|
||||
working-directory: e2e/config/host.docker.internal
|
||||
- name: Save Prepare Logs
|
||||
if: always()
|
||||
run: docker compose logs prepare > ../../../.artifacts/e2e-compose-prepare.log
|
||||
working-directory: e2e/config/host.docker.internal
|
||||
- name: Archive Test Results
|
||||
if: always()
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: pull-request-tests
|
||||
path: |
|
||||
e2e/cypress/results
|
||||
e2e/cypress/videos
|
||||
e2e/cypress/screenshots
|
||||
.artifacts/e2e-compose-zitadel.log
|
||||
.artifacts/e2e-compose-prepare.log
|
||||
retention-days: 30
|
21
.github/workflows/test-docs.yml
vendored
21
.github/workflows/test-docs.yml
vendored
@@ -1,21 +0,0 @@
|
||||
# ATTENTION: Although this workflow doesn't do much, it is still important.
|
||||
# It is complementary to the workflow in the file test-code.yml.
|
||||
# It enables to exclude files for the workflow and still mark the Test job as required without having pending PRs.
|
||||
# GitHub recommends this solution here:
|
||||
# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks
|
||||
|
||||
name: ZITADEL PR
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- 'docs/**'
|
||||
- 'guides/**'
|
||||
- '**.md'
|
||||
- 'release-channels.yaml'
|
||||
|
||||
jobs:
|
||||
Build-ZITADEL:
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
- run: 'echo "No tests for docs are implemented, yet"'
|
45
.github/workflows/version.yml
vendored
Normal file
45
.github/workflows/version.yml
vendored
Normal file
@@ -0,0 +1,45 @@
|
||||
name: Version
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
semantic_version:
|
||||
required: true
|
||||
type: string
|
||||
dry_run:
|
||||
required: true
|
||||
type: boolean
|
||||
outputs:
|
||||
version:
|
||||
value: ${{ jobs.generate.outputs.version }}
|
||||
published:
|
||||
value: ${{jobs.generate.outputs.published }}
|
||||
|
||||
jobs:
|
||||
generate:
|
||||
runs-on: ubuntu-22.04
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
outputs:
|
||||
version: ${{ steps.output.outputs.VERSION }}
|
||||
published: ${{ steps.semantic.outputs.new_release_published }}
|
||||
steps:
|
||||
-
|
||||
name: Source checkout
|
||||
uses: actions/checkout@v3
|
||||
-
|
||||
name: Semantic Release
|
||||
uses: cycjimmy/semantic-release-action@v3
|
||||
id: semantic
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
dry_run: ${{ inputs.dry_run }}
|
||||
semantic_version: ${{ inputs.semantic_version }}
|
||||
extra_plugins: |
|
||||
@semantic-release/exec@6.0.3
|
||||
-
|
||||
name: output
|
||||
id: output
|
||||
run:
|
||||
if [[ ! -z "${{ steps.semantic.outputs.new_release_version }}" ]]; then echo "VERSION=v${{ steps.semantic.outputs.new_release_version }}" >> "$GITHUB_OUTPUT"; else echo "VERSION=" >> "$GITHUB_OUTPUT";fi
|
88
.github/workflows/zitadel.yml
vendored
88
.github/workflows/zitadel.yml
vendored
@@ -1,88 +0,0 @@
|
||||
name: ZITADEL Release
|
||||
|
||||
on:
|
||||
push:
|
||||
tags-ignore:
|
||||
- "*"
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
packages: write
|
||||
|
||||
jobs:
|
||||
Build:
|
||||
runs-on: ubuntu-20.04
|
||||
env:
|
||||
DOCKER_BUILDKIT: 1
|
||||
steps:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: '1.20'
|
||||
- name: Source checkout
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Fetch all tags
|
||||
run: git fetch --force --tags
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v2
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
with:
|
||||
driver: docker
|
||||
install: true
|
||||
- name: Tag
|
||||
id: semantic
|
||||
uses: cycjimmy/semantic-release-action@v2
|
||||
with:
|
||||
dry_run: false
|
||||
semantic_version: 19.0.2
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: GitHub Container Registry Login
|
||||
if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- uses: tibdex/github-app-token@v1
|
||||
id: generate-token
|
||||
with:
|
||||
app_id: ${{ secrets.APP_ID }}
|
||||
private_key: ${{ secrets.APP_PRIVATE_KEY }}
|
||||
- name: Google Artifact Registry Login
|
||||
if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: europe-docker.pkg.dev
|
||||
username: _json_key_base64
|
||||
password: ${{ secrets.GCR_JSON_KEY_BASE64 }}
|
||||
- uses: goreleaser/goreleaser-action@v3
|
||||
name: Publish ZITADEL
|
||||
if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
|
||||
with:
|
||||
distribution: goreleaser
|
||||
version: v1.11.0
|
||||
args: release --timeout 50m
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
GORELEASER_TOKEN_TAP: ${{ steps.generate-token.outputs.token }}
|
||||
RELEASE_VERSION: ${{ steps.semantic.outputs.release-version }} # I think this line is not needed. Nevertheless, it's explicit
|
||||
DISCORD_WEBHOOK_ID: "976058224484687932"
|
||||
DISCORD_WEBHOOK_TOKEN: "${{ secrets.DISCORD_WEBHOOK_TOKEN }}"
|
||||
- name: Publish go coverage
|
||||
uses: codecov/codecov-action@v3.1.0
|
||||
with:
|
||||
file: .artifacts/codecov/profile.cov
|
||||
name: go-codecov
|
||||
- name: Bump Chart Version
|
||||
uses: peter-evans/repository-dispatch@v2
|
||||
if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/next'
|
||||
with:
|
||||
token: ${{ steps.generate-token.outputs.token }}
|
||||
repository: zitadel/zitadel-charts
|
||||
event-type: zitadel-released
|
||||
client-payload: '{"semanticoutputs": "${{ steps.semantic.outputs }}"}'
|
Reference in New Issue
Block a user