mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-26 12:36:34 +00:00
b080ed8884
# Which Problems Are Solved This PR makes sure that the tarballs containing the API binary and the standalone login are separately downloadable from the release pages again. # How the Problems Are Solved Because the `Pack` workflow uploads a single GitHub artifact containing all tarballs since #10571, we download this artifact so that it correctly unpacks into the correct folder structure configured in `.releaserc.js` The changes are tested [with this action run](https://github.com/eliobischof/zitadel/actions/runs/18745783976), which [created this release](https://github.com/eliobischof/zitadel/releases/tag/v1.0.0-release-archives.5). # Additional Changes - The term `standalone` is removed from the login tarball, as it should be clear that it is a standalone build. - The go builds and the login archiving are less verbose - The pipelines go versions are pinned to *v1.25*, a minor above the minimally required go version *v1.24.0* described in the go.mod file. This makes sure that we build using newer patches for security and performance. # Additional Context - The archives weren't published anymore since #10571 - Closes #10896 --------- Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
183 lines
5.9 KiB
YAML
183 lines
5.9 KiB
YAML
name: Package und Publish Archives and Images
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
go_version:
|
|
required: true
|
|
type: string
|
|
node_version:
|
|
required: true
|
|
type: string
|
|
image_name_github_api:
|
|
required: true
|
|
type: string
|
|
image_name_github_login:
|
|
required: true
|
|
type: string
|
|
image_name_google_api:
|
|
required: true
|
|
type: string
|
|
image_name_google_login:
|
|
required: true
|
|
type: string
|
|
semantic_version:
|
|
required: false
|
|
type: string
|
|
secrets:
|
|
GCR_JSON_KEY_BASE64:
|
|
description: 'base64 endcrypted key to connect to Google'
|
|
required: true
|
|
|
|
env:
|
|
default_labels: |
|
|
org.opencontainers.image.documentation=https://zitadel.com/docs
|
|
org.opencontainers.image.vendor=ZITADEL
|
|
|
|
jobs:
|
|
version:
|
|
uses: ./.github/workflows/version.yml
|
|
permissions:
|
|
contents: write
|
|
with:
|
|
semantic_version: ${{ inputs.semantic_version }}
|
|
dry_run: true
|
|
|
|
pack:
|
|
runs-on:
|
|
group: zitadel-public
|
|
environment: ${{ github.ref_protected == 'true' && 'Protected' || null }}
|
|
needs: version
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Checkout Repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
filter: tree:0
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: ${{ inputs.go_version }}
|
|
- name: Set up pnpm
|
|
uses: pnpm/action-setup@v4
|
|
with:
|
|
run_install: false
|
|
- name: Set up Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: ${{ inputs.node_version }}
|
|
cache: "pnpm"
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
with:
|
|
version: v0.28.0
|
|
- name: Install dependencies
|
|
run: pnpm install --frozen-lockfile
|
|
- name: Pack API and Login
|
|
env:
|
|
ZITADEL_VERSION: ${{ needs.version.outputs.version }}
|
|
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN || secrets.NX_CLOUD_ACCESS_TOKEN_READONLY }}
|
|
run: pnpm nx run --nxBail pack
|
|
- name: Suggest Pipeline Fix By Nx Cloud AI
|
|
if: always()
|
|
env:
|
|
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN || secrets.NX_CLOUD_ACCESS_TOKEN_READONLY }}
|
|
run: pnpm nx fix-ci
|
|
- name: Upload all platform archives
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: zitadel-archives
|
|
path: .artifacts/pack
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
- name: Login to Docker registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: Login to Google Artifact Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: europe-docker.pkg.dev
|
|
username: _json_key_base64
|
|
password: ${{ secrets.GCR_JSON_KEY_BASE64 }}
|
|
- name: Generate Standard Tags and Labels from the GitHub Context for the API Scratch Container Image
|
|
id: scratch-meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: |
|
|
${{ inputs.image_name_github_api }}
|
|
${{ inputs.image_name_google_api }}
|
|
labels: ${{ env.default_labels}}
|
|
tags: |
|
|
type=sha,prefix=,suffix=,format=long
|
|
- name: Build and Push the SHA-tagged API Scratch Container Image
|
|
id: build-scratch
|
|
uses: docker/build-push-action@v6
|
|
timeout-minutes: 3
|
|
with:
|
|
context: .
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
file: apps/api/Dockerfile
|
|
target: final
|
|
platforms: linux/amd64,linux/arm64
|
|
push: true
|
|
labels: ${{ steps.scratch-meta.outputs.labels }}
|
|
tags: ${{ steps.scratch-meta.outputs.tags }}
|
|
- name: Generate Standard Tags and Labels from the GitHub Context for the API Debug Container Image
|
|
id: debug-meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: |
|
|
${{ inputs.image_name_github_api }}
|
|
${{ inputs.image_name_google_api }}
|
|
labels: ${{ env.default_labels}}
|
|
tags: |
|
|
type=sha,prefix=,suffix=-debug,format=long
|
|
- name: Build and Push the SHA-tagged API Debug Container Image
|
|
id: build-debug
|
|
uses: docker/build-push-action@v6
|
|
timeout-minutes: 5
|
|
with:
|
|
context: .
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
file: apps/api/Dockerfile
|
|
target: builder
|
|
platforms: linux/amd64,linux/arm64
|
|
push: true
|
|
labels: ${{ steps.debug-meta.outputs.labels }}
|
|
tags: ${{ steps.debug-meta.outputs.tags }}
|
|
outputs: type=image,name=${{ inputs.image_name_github_api }},name-canonical=true
|
|
- name: Generate Standard Tags and Labels from the GitHub Context for the Login Container Image
|
|
id: login-meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: |
|
|
${{ inputs.image_name_github_login }}
|
|
${{ inputs.image_name_google_login }}
|
|
labels: |
|
|
org.opencontainers.image.licenses=MIT
|
|
${{ env.default_labels}}
|
|
tags: |
|
|
type=sha,prefix=,suffix=,format=long
|
|
- name: Build and Push the SHA-tagged Login Container Image
|
|
id: build-login
|
|
uses: docker/build-push-action@v6
|
|
timeout-minutes: 3
|
|
with:
|
|
context: apps/login
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
platforms: linux/amd64,linux/arm64
|
|
push: true
|
|
labels: ${{ steps.login-meta.outputs.labels }}
|
|
tags: ${{ steps.login-meta.outputs.tags }}
|