feat: cloud-run compatibility (#3438)

* ci: don't run on tags anymore

* ci: also test docker builds

* .releaserc.js entry and wf dispatch for prerel

* .releaserc.js entry and wf dispatch for prerel

* create prerelease

* create prereleases

* fix syntax

* fix: release

* test before tag

* temporarily disable tests

* fix: prerelease

* fix: add --rm-dist flag

* fix: push to zitadel-common

* fix: gcr login

* fix: release

* fix: ignore generated assets.md

* fix: don't use go-releaser before hooks

* build grpc client before testing

* fix: use docker buildkit

* debug

* debug

* fix: debug

* fix: debug

* fix: run action steps in $GOPATH

* fix: run action steps in $GOPATH

* fix: run action steps in $GOPATH

* fix: run action steps in $GOPATH

* fix: run action steps in $GOPATH

* fix: run action steps in $GOPATH

* fix: run action steps in $GOPATH

* fix: run action steps in $GOPATH

* fix: run action steps in $GOPATH

* fix: run action steps in $GOPATH

* unignore

* fix: unignore

* fix: unignore

* build base

* fix: ignore

* no mod proxy

* fix: test using goreleaser before hook

* fix: build without having a git tag

* fix: build without having a git tag

* fix: push to ghcr

* fix: login to ghcr

* fix: login to ghcr if releasing

* fix: permit to write packages

* fix: aesthetics

* fix: login using base64 encoded key

* fix: publish images with short sha and tag

* fix: read masterkey from file for start-from-init

* fix: release if workflow_dispatch or main

* ci: only test before tag

* fix: no workdir, login action for gcr

* fix: review

* fix: run on PR

* push amd64 images to gcr

.github/workflows/zitadel.yml

@@ -1,30 +1,28 @@
 name: ZITADEL Release
 
 on:
-  #pull_request:
+  pull_request:
   push:
+    tags-ignore:
+      - "*"
+  workflow_dispatch:
 
 permissions:
   contents: write
+  packages: write
 
 jobs:
   Build:
     runs-on: ubuntu-20.04
-    steps:
-      - name: Source checkout
-        uses: actions/checkout@v2
-      - name: Semantic Release
-        id: semantic
-        uses: cycjimmy/semantic-release-action@v2
-        with:
-          dry_run: true
-          semantic_version: 19.0.2
     env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      DOCKER_BUILDKIT: 1
+    steps:
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
           go-version: 1.17
+      - name: Source checkout
+        uses: actions/checkout@v2
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
       - name: Set up Docker Buildx
@@ -32,41 +30,54 @@ jobs:
         with:
           driver: docker
           install: true
-      - name: Run GoReleaser Snapshot
+      - name: Test
-        if: ${{ !startsWith(github.ref, 'refs/tags/') }}
+        run: docker build -f build/grpc/Dockerfile -t zitadel-base:local . && docker build -f build/zitadel/Dockerfile . -t zitadel-go-test --target go-codecov -o .artifacts/codecov
-        uses: goreleaser/goreleaser-action@v2
+      - name: Tag
+        id: semantic
+        uses: cycjimmy/semantic-release-action@v2
         with:
-          distribution: goreleaser
+          dry_run: false
-          version: v1.5.0
+          semantic_version: 19.0.2
-          args: release --snapshot
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run GoReleaser Release on tag
+      - name: GitHub Container Registry Login
-        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
-        uses: goreleaser/goreleaser-action@v2
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Google Artifact Registry Login
+        if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
+        uses: docker/login-action@v1
+        with:
+          registry: europe-docker.pkg.dev
+          username: _json_key_base64
+          password: ${{ secrets.GCR_JSON_KEY_BASE64 }}
+      - uses: goreleaser/goreleaser-action@v2
+        name: Publish ZITADEL
+        if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
         with:
           distribution: goreleaser
           version: v1.5.0
           args: release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - uses: actions/upload-artifact@v2
+          RELEASE_VERSION: ${{ steps.semantic.outputs.release-version }} # I think this line is not needed. Nevertheless, it's explicit
-        name: Upload goreleaser dist
+      - name: Publish gRPC clients
-        with:
+        uses: actions/upload-artifact@v2
-          name: goreleaser-dist
+        if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
-          path: .artifacts/goreleaser
-      - uses: actions/upload-artifact@v2
-        name: Upload gRPC clients
         with:
           name: grpc-clients
           path: .artifacts/grpc
-      - uses: actions/upload-artifact@v2
+      - name: Publish console
-        name: Upload compiled console
+        uses: actions/upload-artifact@v2
+        if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
         with:
           name: console
           path: .artifacts/console
-      - uses: codecov/codecov-action@v1
+      - name: Publish go coverage
-        name: Upload go coverage
+        uses: codecov/codecov-action@v1
         with:
           files: .artifacts/codecov/profile.cov
           name: go-codecov

.gitignore

@@ -4,13 +4,13 @@
 *.dll
 *.so
 *.dylib
-zitadelctl
 
 # Test binary, build with `go test -c`
 *.test
 
 # Coverage
 coverage.txt
+profile.cov
 
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
@@ -40,7 +40,8 @@ cockroach-data/*
 #binaries
 cmd/zitadel/zitadel
 **/statik/statik.go
-zitadelctl
+/zitadelctl
+/zitadel
 
 # buildfolders and generated js
 tmp/
@@ -62,3 +63,4 @@ migrations/cockroach/migrate_cloud.go
 .notifications
 .artifacts
 /zitadel
+

.goreleaser.yaml

@@ -27,13 +27,17 @@ builds:
 dist: .artifacts/goreleaser
 dockers:
 - image_templates:
-  - "caos/zitadel:{{ .Version }}-amd64"
+  - ghcr.io/caos/zitadel:{{ .Tag }}-amd64
+  - ghcr.io/caos/zitadel:{{ .ShortCommit }}-amd64
+  - europe-docker.pkg.dev/zitadel-common/zitadel-repo/zitadel:{{ .Tag }}-amd64
+  - europe-docker.pkg.dev/zitadel-common/zitadel-repo/zitadel:{{ .ShortCommit }}-amd64
   use: buildx
   dockerfile: build/Dockerfile
   build_flag_templates:
   - "--platform=linux/amd64"
 - image_templates:
-  - "caos/zitadel:{{ .Version }}-arm64"
+    - ghcr.io/caos/zitadel:{{ .Tag }}-arm64
+    - ghcr.io/caos/zitadel:{{ .ShortCommit }}-arm64
   use: buildx
   dockerfile: build/Dockerfile
   build_flag_templates:
@@ -41,14 +45,9 @@ dockers:
 archives:
 - format: binary
 gomod:
-  proxy: true
+  proxy: false
-  env:
-    - GOPROXY=https://proxy.golang.org,direct
-    - GOSUMDB=sum.golang.org
 checksum:
   name_template: 'checksums.txt'
-snapshot:
-  name_template: "{{ incpatch .Version }}-next"
 changelog:
   sort: asc
   filters:

.releaserc.js

@@ -2,6 +2,7 @@ module.exports = {
     branches: [
         {name: 'main'},
         {name: '1.x.x', range: '1.x.x', channel: '1.x.x'},
+        {name: 'workflow-dispatch', prerelease: true},
     ],
     plugins: [
         "@semantic-release/commit-analyzer"

docs/docs/apis/assets/.gitignore

@@ -0,0 +1 @@
+assets.md

docs/docs/apis/assets/assets.md

@@ -1,259 +0,0 @@
----
-title: zitadel/assets
----
-
-## AssetsService
-
-	
-	
-	
-
-### UploadDefaultLabelPolicyFont()
-
-> UploadDefaultLabelPolicyFont()
-
-POST: /iam/policy/label/font
-
- 	
-
-### GetDefaultLabelPolicyFont()
-
-> GetDefaultLabelPolicyFont()
-
-GET: /iam/policy/label/font
-
- 	
-
-### GetPreviewDefaultLabelPolicyFont()
-
-> GetPreviewDefaultLabelPolicyFont()
-
-GET: /iam/policy/label/font/_preview
-
- 	
-	
-	
-
-### UploadDefaultLabelPolicyIcon()
-
-> UploadDefaultLabelPolicyIcon()
-
-POST: /iam/policy/label/icon
-
-### UploadDefaultLabelPolicyIcon()
-
-> UploadDefaultLabelPolicyIconDark()
-
-POST: /iam/policy/label/icon/dark
- 	
- 	
-
-### GetDefaultLabelPolicyIcon()
-
-> GetDefaultLabelPolicyIcon()
-
-GET: /iam/policy/label/icon
-
-### GetDefaultLabelPolicyIcon()
-
-> GetDefaultLabelPolicyIconDark()
-
-GET: /iam/policy/label/icon/dark
- 	
- 	
-
-### GetPreviewDefaultLabelPolicyIcon()
-
-> GetPreviewDefaultLabelPolicyIcon()
-
-GET: /iam/policy/label/icon/_preview
-
-### GetPreviewDefaultLabelPolicyIcon()
-
-> GetPreviewDefaultLabelPolicyIconDark()
-
-GET: /iam/policy/label/icon/dark/_preview
- 	
- 	
-	
-	
-
-### UploadDefaultLabelPolicyLogo()
-
-> UploadDefaultLabelPolicyLogo()
-
-POST: /iam/policy/label/logo
-
-### UploadDefaultLabelPolicyLogo()
-
-> UploadDefaultLabelPolicyLogoDark()
-
-POST: /iam/policy/label/logo/dark
- 	
- 	
-
-### GetDefaultLabelPolicyLogo()
-
-> GetDefaultLabelPolicyLogo()
-
-GET: /iam/policy/label/logo
-
-### GetDefaultLabelPolicyLogo()
-
-> GetDefaultLabelPolicyLogoDark()
-
-GET: /iam/policy/label/logo/dark
- 	
- 	
-
-### GetPreviewDefaultLabelPolicyLogo()
-
-> GetPreviewDefaultLabelPolicyLogo()
-
-GET: /iam/policy/label/logo/_preview
-
-### GetPreviewDefaultLabelPolicyLogo()
-
-> GetPreviewDefaultLabelPolicyLogoDark()
-
-GET: /iam/policy/label/logo/dark/_preview
- 	
- 	
-	
-	
-	
-	
-
-### UploadOrgLabelPolicyFont()
-
-> UploadOrgLabelPolicyFont()
-
-POST: /org/policy/label/font
-
- 	
-
-### GetOrgLabelPolicyFont()
-
-> GetOrgLabelPolicyFont()
-
-GET: /org/policy/label/font
-
- 	
-
-### GetPreviewOrgLabelPolicyFont()
-
-> GetPreviewOrgLabelPolicyFont()
-
-GET: /org/policy/label/font/_preview
-
- 	
-	
-	
-
-### UploadOrgLabelPolicyIcon()
-
-> UploadOrgLabelPolicyIcon()
-
-POST: /org/policy/label/icon
-
-### UploadOrgLabelPolicyIcon()
-
-> UploadOrgLabelPolicyIconDark()
-
-POST: /org/policy/label/icon/dark
- 	
- 	
-
-### GetOrgLabelPolicyIcon()
-
-> GetOrgLabelPolicyIcon()
-
-GET: /org/policy/label/icon
-
-### GetOrgLabelPolicyIcon()
-
-> GetOrgLabelPolicyIconDark()
-
-GET: /org/policy/label/icon/dark
- 	
- 	
-
-### GetPreviewOrgLabelPolicyIcon()
-
-> GetPreviewOrgLabelPolicyIcon()
-
-GET: /org/policy/label/icon/_preview
-
-### GetPreviewOrgLabelPolicyIcon()
-
-> GetPreviewOrgLabelPolicyIconDark()
-
-GET: /org/policy/label/icon/dark/_preview
- 	
- 	
-	
-	
-
-### UploadOrgLabelPolicyLogo()
-
-> UploadOrgLabelPolicyLogo()
-
-POST: /org/policy/label/logo
-
-### UploadOrgLabelPolicyLogo()
-
-> UploadOrgLabelPolicyLogoDark()
-
-POST: /org/policy/label/logo/dark
- 	
- 	
-
-### GetOrgLabelPolicyLogo()
-
-> GetOrgLabelPolicyLogo()
-
-GET: /org/policy/label/logo
-
-### GetOrgLabelPolicyLogo()
-
-> GetOrgLabelPolicyLogoDark()
-
-GET: /org/policy/label/logo/dark
- 	
- 	
-
-### GetPreviewOrgLabelPolicyLogo()
-
-> GetPreviewOrgLabelPolicyLogo()
-
-GET: /org/policy/label/logo/_preview
-
-### GetPreviewOrgLabelPolicyLogo()
-
-> GetPreviewOrgLabelPolicyLogoDark()
-
-GET: /org/policy/label/logo/dark/_preview
- 	
- 	
-	
-	
-	
-	
-
-### UploadMyUserAvatar()
-
-> UploadMyUserAvatar()
-
-POST: /users/me/avatar
-
- 	
-
-### GetMyUserAvatar()
-
-> GetMyUserAvatar()
-
-GET: /users/me/avatar
-
- 	
-	
-