chore: build image for digest and release on workflow_dispatch (#6287)

This commit is contained in:
Stefan Benz 2023-08-10 14:21:01 +02:00 committed by GitHub
parent 6e39f85608
commit 3b9dabcf36
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 97 additions and 123 deletions

View File

@ -2,6 +2,10 @@ name: ZITADEL CI/CD
on: on:
pull_request: pull_request:
paths-ignore:
- 'docs/**'
- 'guides/**'
- '**.md'
workflow_dispatch: workflow_dispatch:
permissions: permissions:
@ -72,24 +76,30 @@ jobs:
container: container:
needs: [compile] needs: [compile]
uses: ./.github/workflows/container.yml uses: ./.github/workflows/container.yml
secrets: inherit
permissions:
packages: write
if: ${{ github.event_name == 'workflow_dispatch' }}
with: with:
image_name: 'ghcr.io/zitadel/zitadel' build_image_name: 'ghcr.io/zitadel/zitadel-build'
e2e: e2e:
uses: ./.github/workflows/e2e.yml uses: ./.github/workflows/e2e.yml
needs: [container] needs: [compile]
with:
image: ${{ needs.container.outputs.image }}-debug
release: release:
uses: ./.github/workflows/release.yml uses: ./.github/workflows/release.yml
permissions:
packages: write
contents: write
issues: write
pull-requests: write
needs: [version, core-unit-test, core-integration-test, lint, container, e2e] needs: [version, core-unit-test, core-integration-test, lint, container, e2e]
# TODO: trigger release on workflow_dispatch if: ${{ github.event_name == 'workflow_dispatch' }} if: ${{ needs.version.outputs.published == 'true' && github.event_name == 'workflow_dispatch' }}
if: ${{ needs.version.outputs.published == 'true' }}
secrets: secrets:
GCR_JSON_KEY_BASE64: ${{ secrets.GCR_JSON_KEY_BASE64 }} GCR_JSON_KEY_BASE64: ${{ secrets.GCR_JSON_KEY_BASE64 }}
with: with:
image: ${{ needs.container.outputs.image }} build_image_name: ${{ needs.container.outputs.build_image }}
semantic_version: '19.0.2' semantic_version: '19.0.2'
image_name: 'ghcr.io/zitadel/zitadel' image_name: 'ghcr.io/zitadel/zitadel'
google_image_name: "europe-docker.pkg.dev/zitadel-common/zitadel-repo/zitadel" google_image_name: "europe-docker.pkg.dev/zitadel-common/zitadel-repo/zitadel"

View File

@ -3,12 +3,15 @@ name: Container
on: on:
workflow_call: workflow_call:
inputs: inputs:
image_name: build_image_name:
required: true required: true
type: string type: string
outputs: outputs:
image: build_image:
value: '${{ inputs.image_name }}:${{ github.sha }}' value: '${{ inputs.build_image_name }}:${{ github.sha }}'
permissions:
packages: write
env: env:
default_labels: | default_labels: |
@ -31,7 +34,7 @@ jobs:
id: scratch-meta id: scratch-meta
uses: docker/metadata-action@v4 uses: docker/metadata-action@v4
with: with:
images: ${{ inputs.image_name }} images: ${{ inputs.build_image_name }}
labels: ${{ env.default_labels}} labels: ${{ env.default_labels}}
tags: | tags: |
type=sha,prefix=,suffix=,format=long type=sha,prefix=,suffix=,format=long
@ -40,7 +43,7 @@ jobs:
id: debug-meta id: debug-meta
uses: docker/metadata-action@v4 uses: docker/metadata-action@v4
with: with:
images: ${{ inputs.image_name }} images: ${{ inputs.build_image_name }}
labels: ${{ env.default_labels}} labels: ${{ env.default_labels}}
tags: | tags: |
type=sha,prefix=,suffix=-debug,format=long type=sha,prefix=,suffix=-debug,format=long
@ -52,7 +55,7 @@ jobs:
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v2
with: with:
driver-opts: 'image=moby/buildkit:v0.11.6' driver-opts: 'image=moby/buildkit:v0.11.6'
- -
name: Login to Docker registry name: Login to Docker registry
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
@ -76,12 +79,14 @@ jobs:
timeout-minutes: 3 timeout-minutes: 3
with: with:
context: . context: .
cache-from: type=gha
cache-to: type=gha,mode=max
file: build/Dockerfile file: build/Dockerfile
target: artifact target: artifact
platforms: linux/${{ matrix.arch }} platforms: linux/${{ matrix.arch }}
push: true push: true
labels: ${{ steps.debug-meta.outputs.labels }} labels: ${{ steps.debug-meta.outputs.labels }}
outputs: type=image,name=${{ inputs.image_name }},push-by-digest=true,name-canonical=true,push=true outputs: type=image,name=${{ inputs.build_image_name }},push-by-digest=true,name-canonical=true,push=true
- -
name: Scratch name: Scratch
id: build-scratch id: build-scratch
@ -89,12 +94,14 @@ jobs:
timeout-minutes: 3 timeout-minutes: 3
with: with:
context: . context: .
cache-from: type=gha
cache-to: type=gha,mode=max
file: build/Dockerfile file: build/Dockerfile
target: final target: final
platforms: linux/${{ matrix.arch }} platforms: linux/${{ matrix.arch }}
push: true push: true
labels: ${{ steps.scratch-meta.outputs.labels }} labels: ${{ steps.scratch-meta.outputs.labels }}
outputs: type=image,name=${{ inputs.image_name }},push-by-digest=true,name-canonical=true,push=true outputs: type=image,name=${{ inputs.build_image_name }},push-by-digest=true,name-canonical=true,push=true
- -
name: Export debug digest name: Export debug digest
run: | run: |
@ -142,27 +149,28 @@ jobs:
with: with:
driver-opts: 'image=moby/buildkit:v0.11.6' driver-opts: 'image=moby/buildkit:v0.11.6'
- -
name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: '${{ inputs.image_name }}'
tags: |
type=sha,prefix=,suffix=${{ matrix.suffix }},format=long
-
name: Login to Docker registry name: Login to Docker registry
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- -
name: Create manifest list and push name: Docker meta
id: build-meta
uses: docker/metadata-action@v4
with:
images: '${{ inputs.build_image_name }}'
tags: |
type=sha,prefix=,suffix=${{ matrix.suffix }},format=long
-
name: Create build manifest list and push
working-directory: /tmp/digests/${{ matrix.image }} working-directory: /tmp/digests/${{ matrix.image }}
run: | run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< '${{ steps.build-meta.outputs.json }}') \
$(printf '${{ inputs.image_name }}@sha256:%s ' *) $(printf '${{ inputs.build_image_name }}@sha256:%s ' *)
- -
name: Inspect image name: Inspect build image
run: | run: |
docker buildx imagetools inspect ${{ inputs.image_name }}:${{ github.sha }}${{ matrix.suffix }} docker buildx imagetools inspect ${{ inputs.build_image_name }}:${{ github.sha }}${{ matrix.suffix }}

View File

@ -2,10 +2,6 @@ name: "ZITADEL e2e Tests"
on: on:
workflow_call: workflow_call:
inputs:
image:
required: true
type: string
jobs: jobs:
test: test:
@ -13,79 +9,41 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
browser: [firefox, chrome] browser: [firefox, chrome]
services:
# we currently use postgres because cockroach doesn't work
postgres:
image: postgres
ports:
- 5432:5432
env:
POSTGRES_USER: zitadel
PGUSER: zitadel
POSTGRES_DB: zitadel
POSTGRES_HOST_AUTH_METHOD: trust
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
--health-start-period 10s
zitadel:
image: ${{ inputs.image }}
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
options: >-
--health-cmd "zitadel ready"
--health-interval 10s
--health-timeout 5s
--health-retries 5
--health-start-period 10s
--add-host host.docker.internal:host-gateway
ports:
- 8080:8080
env:
ZITADEL_ARGS: "start-from-init --masterkeyFromEnv"
ZITADEL_MASTERKEY: MasterkeyNeedsToHave32Characters
ZITADEL_LOG_LEVEL: debug
ZITADEL_EXTERNALDOMAIN: localhost
ZITADEL_EXTERNALSECURE: "false"
ZITADEL_TLS_ENABLED: "false"
ZITADEL_DATABASE_POSTGRES_HOST: postgres
ZITADEL_DATABASE_POSTGRES_PORT: "5432"
ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
ZITADEL_DATABASE_POSTGRES_MAXOPENCONNS: "20"
ZITADEL_DATABASE_POSTGRES_MAXIDLECONNS: "10"
ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: zitadel
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORDCHANGEREQUIRED: "false"
ZITADEL_LOGSTORE_ACCESS_DATABASE_ENABLED: "true"
ZITADEL_LOGSTORE_ACCESS_DATABASE_DEBOUNCE_MINFREQUENCY: 0s
ZITADEL_LOGSTORE_ACCESS_DATABASE_DEBOUNCE_MAXBULKSIZE: "0"
ZITADEL_LOGSTORE_EXECUTION_DATABASE_ENABLED: "true"
ZITADEL_LOGSTORE_EXECUTION_STDOUT_ENABLED: "false"
ZITADEL_QUOTAS_ACCESS_EXHAUSTEDCOOKIEKEY: "zitadel.quota.limiting"
ZITADEL_QUOTAS_ACCESS_EXHAUSTEDCOOKIEMAXAGE: 60s
ZITADEL_PROJECTIONS_CUSTOMIZATIONS_NOTIFICATIONSQUOTAS_REQUEUEEVERY: 1s
ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_MFAINITSKIPLIFETIME: "0"
ZITADEL_SYSTEMAPIUSERS: "{\"cypress\": {\"keyData\": \"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF6aStGRlNKTDdmNXl3NEtUd3pnTQpQMzRlUEd5Y20vTStrVDBNN1Y0Q2d4NVYzRWFESXZUUUtUTGZCYUVCNDV6YjlMdGpJWHpEdzByWFJvUzJoTzZ0CmgrQ1lRQ3ozS0N2aDA5QzBJenhaaUIySVMzSC9hVCs1Qng5RUZZK3ZuQWtaamNjYnlHNVlOUnZtdE9sbnZJZUkKSDdxWjB0RXdrUGZGNUdFWk5QSlB0bXkzVUdWN2lvZmRWUVMxeFJqNzMrYU13NXJ2SDREOElkeWlBQzNWZWtJYgpwdDBWajBTVVgzRHdLdG9nMzM3QnpUaVBrM2FYUkYwc2JGaFFvcWRKUkk4TnFnWmpDd2pxOXlmSTV0eXhZc3duCitKR3pIR2RIdlczaWRPRGxtd0V0NUsycGFzaVJJV0syT0dmcSt3MEVjbHRRSGFidXFFUGdabG1oQ2tSZE5maXgKQndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==\"}}"
runs-on: ubuntu-latest runs-on: ubuntu-latest
env:
ZITADEL_IMAGE: ${{ inputs.image }}
steps: steps:
- -
name: Checkout Repository name: Checkout Repository
uses: actions/checkout@v3 uses: actions/checkout@v3
-
uses: actions/download-artifact@v3
with:
path: .artifacts
name: zitadel-linux-amd64
-
name: Unpack executable
run: |
tar -xvf .artifacts/zitadel-linux-amd64.tar
mv zitadel-linux-amd64/zitadel ./zitadel
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
driver-opts: 'image=moby/buildkit:v0.11.6'
-
name: Start DB and ZITADEL
run: |
cd ./e2e
ZITADEL_IMAGE=zitadel:local docker compose up --detach --wait
- -
name: Cypress run name: Cypress run
uses: cypress-io/github-action@v5 uses: cypress-io/github-action@v5
env: env:
CYPRESS_BASE_URL: http://localhost:8080/ui/console CYPRESS_BASE_URL: http://localhost:8080/ui/console
CYPRESS_WEBHOOK_HANDLER_HOST: host.docker.internal CYPRESS_WEBHOOK_HANDLER_HOST: host.docker.internal
CYPRESS_DATABASE_CONNECTION_URL: 'postgresql://zitadel@localhost:5432/zitadel' CYPRESS_DATABASE_CONNECTION_URL: 'postgresql://root@localhost:26257/zitadel'
CYPRESS_BACKEND_URL: http://localhost:8080 CYPRESS_BACKEND_URL: http://localhost:8080
with: with:
working-directory: e2e working-directory: e2e

View File

@ -35,11 +35,6 @@ jobs:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- uses: tibdex/github-app-token@v1
id: generate-token
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Google Artifact Registry Login - name: Google Artifact Registry Login
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:

View File

@ -6,7 +6,7 @@ on:
semantic_version: semantic_version:
required: true required: true
type: string type: string
image: build_image_name:
required: true required: true
type: string type: string
image_name: image_name:
@ -56,20 +56,20 @@ jobs:
run: | run: |
docker buildx imagetools create \ docker buildx imagetools create \
--tag ${{ inputs.image_name }}:${{ needs.version.outputs.version }} \ --tag ${{ inputs.image_name }}:${{ needs.version.outputs.version }} \
${{ inputs.image }} ${{ inputs.build_image_name }}
docker buildx imagetools create \ docker buildx imagetools create \
--tag ${{ inputs.image_name }}:${{ needs.version.outputs.version }}-debug \ --tag ${{ inputs.image_name }}:${{ needs.version.outputs.version }}-debug \
${{ inputs.image }}-debug ${{ inputs.build_image_name }}-debug
docker buildx imagetools create \ docker buildx imagetools create \
--tag ${{ inputs.google_image_name }}:${{ needs.version.outputs.version }} \ --tag ${{ inputs.google_image_name }}:${{ needs.version.outputs.version }} \
${{ inputs.image }} ${{ inputs.build_image_name }}
- -
name: Publish latest name: Publish latest
if: ${{ github.ref_name == 'next' }} if: ${{ github.ref_name == 'next' }}
run: | run: |
docker buildx imagetools create \ docker buildx imagetools create \
--tag ${{ inputs.image_name }}:latest \ --tag ${{ inputs.image_name }}:latest \
${{ inputs.image }} ${{ inputs.build_image_name }}
docker buildx imagetools create \ docker buildx imagetools create \
--tag ${{ inputs.image_name }}:latest-debug \ --tag ${{ inputs.image_name }}:latest-debug \
${{ inputs.image }}-debug ${{ inputs.build_image_name }}-debug

View File

@ -10,9 +10,9 @@ on:
required: true required: true
type: boolean type: boolean
outputs: outputs:
version: version:
value: ${{ jobs.generate.outputs.version }} value: ${{ jobs.generate.outputs.version }}
published: published:
value: ${{jobs.generate.outputs.published }} value: ${{jobs.generate.outputs.published }}
jobs: jobs:
@ -24,10 +24,10 @@ jobs:
version: ${{ steps.output.outputs.VERSION }} version: ${{ steps.output.outputs.VERSION }}
published: ${{ steps.semantic.outputs.new_release_published }} published: ${{ steps.semantic.outputs.new_release_published }}
steps: steps:
- -
name: Source checkout name: Source checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
- -
name: Semantic Release name: Semantic Release
uses: cycjimmy/semantic-release-action@v3 uses: cycjimmy/semantic-release-action@v3
id: semantic id: semantic

View File

@ -7,5 +7,5 @@ module.exports = {
"@semantic-release/commit-analyzer", "@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator", "@semantic-release/release-notes-generator",
"@semantic-release/github" "@semantic-release/github"
], ]
}; };

View File

@ -16,24 +16,13 @@ services:
service: 'zitadel' service: 'zitadel'
volumes: volumes:
- ./zitadel.yaml:/zitadel.yaml - ./zitadel.yaml:/zitadel.yaml
prepare:
image: node:18-alpine3.15
working_dir: /e2e
user: '$UID'
volumes:
- ../../:/e2e
command: 'sh -c "npm ci --omit=dev && npm run lint && npx wait-on http://zitadel:8080/debug/ready"'
e2e: e2e:
image: cypress/included:12.2.0 image: cypress/included:12.2.0
depends_on: depends_on:
zitadel: zitadel:
condition: 'service_started' condition: 'service_healthy'
db: db:
condition: 'service_healthy' condition: 'service_healthy'
prepare:
condition: 'service_completed_successfully'
working_dir: /e2e working_dir: /e2e
user: '$UID' user: '$UID'
volumes: volumes:

View File

@ -5,6 +5,14 @@ services:
user: '$UID' user: '$UID'
restart: 'always' restart: 'always'
image: '${ZITADEL_IMAGE:-ghcr.io/zitadel/zitadel:latest}' image: '${ZITADEL_IMAGE:-ghcr.io/zitadel/zitadel:latest}'
build:
context: ../../..
dockerfile: ./build/Dockerfile
target: artifact
cache_from:
- type=gha
cache_to:
- type=gha,mode=max
command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled --config /zitadel.yaml --steps /zitadel.yaml' command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled --config /zitadel.yaml --steps /zitadel.yaml'
depends_on: depends_on:
db: db:
@ -13,6 +21,12 @@ services:
- ./zitadel.yaml:/zitadel.yaml - ./zitadel.yaml:/zitadel.yaml
ports: ports:
- "8080:8080" - "8080:8080"
healthcheck:
test: ["CMD", "zitadel", "ready"]
interval: '10s'
timeout: '5s'
retries: 5
start_period: '10s'
extra_hosts: extra_hosts:
- "host.docker.internal:host-gateway" - "host.docker.internal:host-gateway"