mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 18:37:31 +00:00
b10455b51f
# Which Problems Are Solved - The previous monorepo in monorepo structure for the login app and its related packages was fragmented, complicated and buggy. - The process for building and testing the login container was inconsistent between local development and CI. - Lack of clear documentation as well as easy and reliable ways for non-frontend developers to reproduce and fix failing PR checks locally. # How the Problems Are Solved - Consolidated the login app and its related npm packages by moving the main package to `apps/login/apps/login` and merging `apps/login/packages/integration` and `apps/login/packages/acceptance` into the main `apps/login` package. - Migrated from Docker Compose-based test setups to dev container-based setups, adding support for multiple dev container configurations: - `.devcontainer/base` - `.devcontainer/turbo-lint-unit` - `.devcontainer/turbo-lint-unit-debug` - `.devcontainer/login-integration` - `.devcontainer/login-integration-debug` - Added npm scripts to run the new dev container setups, enabling exact reproduction of GitHub PR checks locally, and updated the pipeline to use these containers. - Cleaned up Dockerfiles and docker-bake.hcl files to only build the production image for the login app. - Cleaned up compose files to focus on dev environments in dev containers. - Updated `CONTRIBUTING.md` with guidance on running and debugging PR checks locally using the new dev container approach. - Introduced separate Dockerfiles for the login app to distinguish between using published client packages and building clients from local protos. - Ensured the login container is always built in the pipeline for use in integration and acceptance tests. - Updated Makefile and GitHub Actions workflows to use `--frozen-lockfile` for installing pnpm packages, ensuring reproducible installs. - Disabled GitHub release creation by the changeset action. - Refactored the `/build` directory structure for clarity and maintainability. - Added a `clean` command to `docks/package.json`. - Experimentally added `knip` to the `zitadel-client` package for improved linting of dependencies and exports. # Additional Changes - Fixed Makefile commands for consistency and reliability. - Improved the structure and clarity of the `/build` directory to support seamless integration of the login build. - Enhanced documentation and developer experience for running and debugging CI checks locally. # Additional Context - See updated `CONTRIBUTING.md` for new local development and debugging instructions. - These changes are a prerequisite for further improvements to the CI pipeline and local development workflow. - Closes #10276
220 lines
6.8 KiB
YAML
220 lines
6.8 KiB
YAML
name: Release
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
semantic_version:
|
|
required: true
|
|
type: string
|
|
build_image_name:
|
|
required: true
|
|
type: string
|
|
image_name:
|
|
required: true
|
|
type: string
|
|
google_image_name:
|
|
required: true
|
|
type: string
|
|
build_image_name_login:
|
|
required: true
|
|
type: string
|
|
image_name_login:
|
|
required: true
|
|
type: string
|
|
google_image_name_login:
|
|
required: true
|
|
type: string
|
|
secrets:
|
|
GCR_JSON_KEY_BASE64:
|
|
description: 'base64 endcrypted key to connect to Google'
|
|
required: true
|
|
APP_ID:
|
|
description: 'GH App ID to request token for homebrew update'
|
|
required: true
|
|
APP_PRIVATE_KEY:
|
|
description: 'GH App Private Key to request token for homebrew update'
|
|
required: true
|
|
|
|
jobs:
|
|
version:
|
|
uses: ./.github/workflows/version.yml
|
|
with:
|
|
semantic_version: ${{ inputs.semantic_version }}
|
|
dry_run: false
|
|
|
|
# TODO: remove the publish job and publish releases directly with the @semantic-release/github plugin (remove draftRelease: true)
|
|
# as soon as it supports configuring the create release payload property make_latest to "legacy"
|
|
# https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#create-a-release--parameters
|
|
publish:
|
|
runs-on: ubuntu-22.04
|
|
needs: [ version ]
|
|
steps:
|
|
- id: get_release
|
|
uses: cardinalby/git-get-release-action@v1
|
|
with:
|
|
commitSha: ${{ github.sha }}
|
|
draft: true
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: Publish Release
|
|
uses: actions/github-script@v7
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
script: |
|
|
github.rest.repos.updateRelease({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
release_id: ${{ steps.get_release.outputs.id }},
|
|
draft: false,
|
|
make_latest: "legacy"
|
|
});
|
|
|
|
docker:
|
|
runs-on: ubuntu-22.04
|
|
needs: [ version ]
|
|
steps:
|
|
-
|
|
name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
-
|
|
name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
-
|
|
name: Login to Docker registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
-
|
|
name: Login to Google Artifact Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: europe-docker.pkg.dev
|
|
username: _json_key_base64
|
|
password: ${{ secrets.GCR_JSON_KEY_BASE64 }}
|
|
-
|
|
name: Publish ${{ needs.version.outputs.version }}
|
|
run: |
|
|
docker buildx imagetools create \
|
|
--tag ${{ inputs.image_name }}:${{ needs.version.outputs.version }} \
|
|
${{ inputs.build_image_name }}
|
|
docker buildx imagetools create \
|
|
--tag ${{ inputs.image_name }}:${{ needs.version.outputs.version }}-debug \
|
|
${{ inputs.build_image_name }}-debug
|
|
docker buildx imagetools create \
|
|
--tag ${{ inputs.google_image_name }}:${{ needs.version.outputs.version }} \
|
|
${{ inputs.build_image_name }}
|
|
docker buildx imagetools create \
|
|
--tag ${{ inputs.image_name_login }}:${{ needs.version.outputs.version }} \
|
|
${{ inputs.build_image_name_login }}
|
|
docker buildx imagetools create \
|
|
--tag ${{ inputs.google_image_name_login }}:${{ needs.version.outputs.version }} \
|
|
${{ inputs.build_image_name_login }}
|
|
-
|
|
name: Publish latest
|
|
if: ${{ github.ref_name == 'next' }}
|
|
run: |
|
|
docker buildx imagetools create \
|
|
--tag ${{ inputs.image_name }}:latest \
|
|
${{ inputs.build_image_name }}
|
|
docker buildx imagetools create \
|
|
--tag ${{ inputs.image_name }}:latest-debug \
|
|
${{ inputs.build_image_name }}-debug
|
|
docker buildx imagetools create \
|
|
--tag ${{ inputs.image_name_login }}:latest \
|
|
${{ inputs.build_image_name_login }}
|
|
|
|
homebrew-tap:
|
|
runs-on: ubuntu-22.04
|
|
needs: version
|
|
if: ${{ github.ref_name == 'next' }}
|
|
continue-on-error: true
|
|
steps:
|
|
- name: generate token
|
|
uses: tibdex/github-app-token@v2
|
|
id: generate-token
|
|
with:
|
|
app_id: ${{ secrets.APP_ID }}
|
|
private_key: ${{ secrets.APP_PRIVATE_KEY }}
|
|
- name: Trigger Homebrew
|
|
env:
|
|
VERSION: ${{ needs.version.outputs.version }}
|
|
RUN_ID: ${{ github.run_id }}
|
|
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
|
|
run: |
|
|
gh workflow -R zitadel/homebrew-tap run update.yml -f runId=${RUN_ID} -f version=${VERSION}
|
|
|
|
helm-chart:
|
|
runs-on: ubuntu-22.04
|
|
needs: version
|
|
if: ${{ github.ref_name == 'next' }}
|
|
continue-on-error: true
|
|
steps:
|
|
- name: generate token
|
|
uses: tibdex/github-app-token@v2
|
|
id: generate-token
|
|
with:
|
|
app_id: ${{ secrets.APP_ID }}
|
|
private_key: ${{ secrets.APP_PRIVATE_KEY }}
|
|
- name: Trigger Chart Bump
|
|
env:
|
|
VERSION: ${{ needs.version.outputs.version }}
|
|
RUN_ID: ${{ github.run_id }}
|
|
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
|
|
run: |
|
|
gh workflow -R zitadel/zitadel-charts run bump.yml
|
|
|
|
npm-packages:
|
|
runs-on: ubuntu-latest
|
|
needs: version
|
|
if: ${{ github.ref_name == 'next' }}
|
|
continue-on-error: true
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
|
|
- name: Install pnpm
|
|
uses: pnpm/action-setup@v4
|
|
|
|
- name: Install dependencies
|
|
working-directory: login
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: Create Release Pull Request
|
|
uses: changesets/action@v1
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
version: ${{ needs.version.outputs.version }}
|
|
cwd: packages
|
|
createGithubReleases: false
|
|
|
|
login-repo:
|
|
runs-on: ubuntu-latest
|
|
needs: version
|
|
if: ${{ github.ref_name == 'next' }}
|
|
continue-on-error: true
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
- name: Push Subtree
|
|
run: make login_push LOGIN_REMOTE_BRANCH=mirror-zitadel-repo
|
|
- name: Create Pull Request
|
|
uses: peter-evans/create-pull-request@v7
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
commit-message: 'chore: mirror zitadel repo'
|
|
branch: mirror-zitadel-repo
|
|
title: 'chore: mirror zitadel repo'
|
|
body: 'This PR updates the login repository with the latest changes from the zitadel repository.'
|
|
base: main
|
|
reviewers: |
|
|
@peintnermax
|
|
@eliobischof
|