mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-30 08:58:06 +00:00
f69a6ed4f3
# Which Problems Are Solved Replaces Turbo by Nx and lays the foundation for the next CI improvements. It enables using Nx Cloud to speed the up the pipelines that affect any node package. It streamlines the dev experience for frontend and backend developers by providing the following commands: | Task | Command | Notes | |------|---------|--------| | **Production** | `nx run PROJECT:prod` | Production server | | **Develop** | `nx run PROJECT:dev` | Hot reloading development server | | **Test** | `nx run PROJECT:test` | Run all tests | | **Lint** | `nx run PROJECT:lint` | Check code style | | **Lint Fix** | `nx run PROJECT:lint-fix` | Auto-fix style issues | The following values can be used for PROJECT: - @zitadel/zitadel (root commands) - @zitadel/api, - @zitadel/login, - @zitadel/console, - @zitadel/docs, - @zitadel/client - @zitadel/proto The project names and folders are streamlined: | Old Folder | New Folder | | --- | --- | | ./e2e | ./tests/functional-ui | | ./load-test | ./benchmark | | ./build/zitadel | ./apps/api | | ./console | ./apps/console (postponed so the PR is reviewable) | Also, all references to the TypeScript repo are removed so we can archive it. # How the Problems Are Solved - Ran `npx nx@latest init` - Replaced all turbo.json by project.json and fixed the target configs - Removed Turbo dependency - All JavaScript related code affected by a PRs changes is quality-checked using the `nx affected` command - We move PR checks that are runnable using Nx into the `check` workflow. For workflows where we don't use Nx, yet, we restore previously built dependency artifacts from Nx. - We only use a single and easy to understand dev container - The CONTRIBUTING.md is streamlined - The setup with a generated client pat is orchestrated with Nx - Everything related to the TypeScript repo is updated or removed. A **Deploy with Vercel** button is added to the docs and the CONTRIBUTING.md. # Additional Changes - NPM package names have a consistent pattern. - Docker bake is removed. The login container is built and released like the core container. - The integration tests build the login container before running, so they don't rely on the login container action anymore. This fixes consistently failing checks on PRs from forks. - The docs build in GitHub actions is removed, as we already build on Vercel. # Additional Context - Internal discussion: https://zitadel.slack.com/archives/C087ADF8LRX/p1756277884928169 - Workflow dispatch test: https://github.com/zitadel/zitadel/actions/runs/17760122959 --------- Co-authored-by: Florian Forster <florian@zitadel.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
178 lines
5.8 KiB
YAML
178 lines
5.8 KiB
YAML
name: Package und Publish Archives and Images
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
node_version:
|
|
required: true
|
|
type: string
|
|
image_name_github_api:
|
|
required: true
|
|
type: string
|
|
image_name_github_login:
|
|
required: true
|
|
type: string
|
|
image_name_google_api:
|
|
required: true
|
|
type: string
|
|
image_name_google_login:
|
|
required: true
|
|
type: string
|
|
semantic_version:
|
|
required: false
|
|
type: string
|
|
secrets:
|
|
GCR_JSON_KEY_BASE64:
|
|
description: 'base64 endcrypted key to connect to Google'
|
|
required: true
|
|
|
|
permissions:
|
|
packages: write
|
|
|
|
env:
|
|
default_labels: |
|
|
org.opencontainers.image.documentation=https://zitadel.com/docs
|
|
org.opencontainers.image.vendor=ZITADEL
|
|
|
|
jobs:
|
|
version:
|
|
uses: ./.github/workflows/version.yml
|
|
with:
|
|
semantic_version: ${{ inputs.semantic_version }}
|
|
dry_run: true
|
|
|
|
pack:
|
|
runs-on:
|
|
group: zitadel-public
|
|
environment: ${{ github.ref_protected == 'true' && 'Protected' || null }}
|
|
needs: version
|
|
steps:
|
|
- name: Checkout Repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
filter: tree:0
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
- name: Set up pnpm
|
|
uses: pnpm/action-setup@v4
|
|
with:
|
|
run_install: false
|
|
- name: Set up Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: ${{ inputs.node_version }}
|
|
cache: "pnpm"
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
with:
|
|
version: v0.28.0
|
|
- name: Install dependencies
|
|
run: pnpm install --frozen-lockfile
|
|
- name: Pack API and Login
|
|
env:
|
|
ZITADEL_VERSION: ${{ needs.version.outputs.version }}
|
|
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN || secrets.NX_CLOUD_ACCESS_TOKEN_READONLY }}
|
|
run: pnpm nx run --nxBail pack
|
|
- name: Suggest Pipeline Fix By Nx Cloud AI
|
|
if: always()
|
|
env:
|
|
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN || secrets.NX_CLOUD_ACCESS_TOKEN_READONLY }}
|
|
run: pnpm nx fix-ci
|
|
- name: Upload all platform archives
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: zitadel-archives
|
|
path: .artifacts/pack
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
- name: Login to Docker registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: Login to Google Artifact Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: europe-docker.pkg.dev
|
|
username: _json_key_base64
|
|
password: ${{ secrets.GCR_JSON_KEY_BASE64 }}
|
|
- name: Generate Standard Tags and Labels from the GitHub Context for the API Scratch Container Image
|
|
id: scratch-meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: |
|
|
${{ inputs.image_name_github_api }}
|
|
${{ inputs.image_name_google_api }}
|
|
labels: ${{ env.default_labels}}
|
|
tags: |
|
|
type=sha,prefix=,suffix=,format=long
|
|
- name: Build and Push the SHA-tagged API Scratch Container Image
|
|
id: build-scratch
|
|
uses: docker/build-push-action@v6
|
|
timeout-minutes: 3
|
|
with:
|
|
context: .
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
file: apps/api/Dockerfile
|
|
target: final
|
|
platforms: linux/amd64,linux/arm64
|
|
push: true
|
|
labels: ${{ steps.scratch-meta.outputs.labels }}
|
|
tags: ${{ steps.scratch-meta.outputs.tags }}
|
|
- name: Generate Standard Tags and Labels from the GitHub Context for the API Debug Container Image
|
|
id: debug-meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: |
|
|
${{ inputs.image_name_github_api }}
|
|
${{ inputs.image_name_google_api }}
|
|
labels: ${{ env.default_labels}}
|
|
tags: |
|
|
type=sha,prefix=,suffix=-debug,format=long
|
|
- name: Build and Push the SHA-tagged API Debug Container Image
|
|
id: build-debug
|
|
uses: docker/build-push-action@v6
|
|
timeout-minutes: 5
|
|
with:
|
|
context: .
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
file: apps/api/Dockerfile
|
|
target: builder
|
|
platforms: linux/amd64,linux/arm64
|
|
push: true
|
|
labels: ${{ steps.debug-meta.outputs.labels }}
|
|
tags: ${{ steps.debug-meta.outputs.tags }}
|
|
outputs: type=image,name=${{ inputs.image_name_github_api }},name-canonical=true
|
|
- name: Generate Standard Tags and Labels from the GitHub Context for the Login Container Image
|
|
id: login-meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: |
|
|
${{ inputs.image_name_github_login }}
|
|
${{ inputs.image_name_google_login }}
|
|
labels: |
|
|
org.opencontainers.image.licenses=MIT
|
|
${{ env.default_labels}}
|
|
tags: |
|
|
type=sha,prefix=,suffix=,format=long
|
|
- name: Build and Push the SHA-tagged Login Container Image
|
|
id: build-login
|
|
uses: docker/build-push-action@v6
|
|
timeout-minutes: 3
|
|
with:
|
|
context: apps/login
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
platforms: linux/amd64,linux/arm64
|
|
push: true
|
|
labels: ${{ steps.login-meta.outputs.labels }}
|
|
tags: ${{ steps.login-meta.outputs.tags }}
|