Merge pull request #73 from cdzombak/dependabot/go_modules/golang.org… #120
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
"on": | |
push: | |
branches: | |
- "main" | |
tags: | |
- "v*.*.*" | |
pull_request: | |
branches: | |
- "main" | |
permissions: | |
contents: read | |
env: | |
DOCKER_PLATFORMS: "linux/amd64,linux/arm64,linux/386,linux/arm/v7,linux/arm/v6" | |
FPM_VERSION: 1.15.1 | |
jobs: | |
meta: | |
name: Derive Build Metadata | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Derive version string | |
id: bin_version | |
run: echo "bin_version=$(./.version.sh)" >> "$GITHUB_OUTPUT" | |
- name: bin_version | |
run: "echo bin_version: ${{ steps.bin_version.outputs.bin_version }}" | |
- name: Check if this is a running version tag update | |
id: running_version_tag | |
run: | | |
if [ -z "${{ github.event.ref }}" ]; then | |
echo "is_running_version_tag_update=false" >> "$GITHUB_OUTPUT" | |
elif [[ "${{ github.event.ref }}" =~ ^refs/tags/v[0-9]+\.[0-9]+$ ]]; then | |
echo "is_running_version_tag_update=true" >> "$GITHUB_OUTPUT" | |
elif [[ "${{ github.event.ref }}" =~ ^refs/tags/v[0-9]+$ ]]; then | |
echo "is_running_version_tag_update=true" >> "$GITHUB_OUTPUT" | |
else | |
echo "is_running_version_tag_update=false" >> "$GITHUB_OUTPUT" | |
fi | |
- name: is_running_version_tag | |
run: "echo is_running_version_tag_update: ${{ steps.running_version_tag.outputs.is_running_version_tag_update }}" | |
outputs: | |
bin_name: ${{ github.event.repository.name }} | |
bin_version: ${{ steps.bin_version.outputs.bin_version }} | |
dockerhub_owner: ${{ github.repository_owner }} | |
ghcr_owner: ${{ github.repository_owner }} | |
aptly_repo_name: oss | |
aptly_dist: any | |
aptly_publish_prefix: s3:dist.cdzombak.net:deb_oss | |
is_prerelease: >- | |
${{ | |
steps.running_version_tag.outputs.is_running_version_tag_update != 'true' && | |
startsWith(github.ref, 'refs/tags/v') && | |
(contains(github.ref, '-alpha.') | |
|| contains(github.ref, '-beta.') | |
|| contains(github.ref, '-rc.')) | |
}} | |
is_release: >- | |
${{ | |
steps.running_version_tag.outputs.is_running_version_tag_update != 'true' && | |
startsWith(github.ref, 'refs/tags/v') && | |
!(contains(github.ref, '-alpha.') | |
|| contains(github.ref, '-beta.') | |
|| contains(github.ref, '-rc.')) | |
}} | |
is_pull_request: ${{ github.event_name == 'pull_request' }} | |
is_running_version_tag_update: ${{ steps.running_version_tag.outputs.is_running_version_tag_update }} | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
checks: write | |
issues: write | |
pull-requests: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Run MegaLinter | |
uses: oxsecurity/megalinter@v7 | |
env: | |
# See https://megalinter.io/configuration and .mega-linter.yml | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Archive MegaLinter artifacts | |
if: ( !env.ACT && ( success() || failure() ) ) | |
uses: actions/upload-artifact@v3 | |
with: | |
name: MegaLinter artifacts | |
path: | | |
megalinter-reports | |
mega-linter.log | |
docker: | |
name: Docker Images | |
needs: [lint, meta] | |
if: needs.meta.outputs.is_running_version_tag_update != 'true' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Login to GHCR | |
if: needs.meta.outputs.is_pull_request != 'true' | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login to Docker Hub | |
if: needs.meta.outputs.is_pull_request != 'true' | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: all | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Available platforms | |
run: echo ${{ steps.buildx.outputs.platforms }} | |
- name: Docker meta | |
id: docker_meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ needs.meta.outputs.dockerhub_owner }}/${{ needs.meta.outputs.bin_name }} | |
ghcr.io/${{ needs.meta.outputs.ghcr_owner }}/${{ needs.meta.outputs.bin_name }} | |
tags: | | |
type=raw,value=latest,enable=${{ needs.meta.outputs.is_release == 'true' }} | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}} | |
- name: Build and push | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./Dockerfile | |
platforms: ${{ env.DOCKER_PLATFORMS }} | |
builder: ${{ steps.buildx.outputs.name }} | |
push: ${{ needs.meta.outputs.is_pull_request != 'true' }} | |
tags: ${{ steps.docker_meta.outputs.tags }} | |
labels: ${{ steps.docker_meta.outputs.labels }} | |
build-args: | | |
BIN_VERSION=${{ needs.meta.outputs.bin_version }} | |
- name: Update Docker Hub description | |
if: needs.meta.outputs.is_release == 'true' | |
uses: peter-evans/dockerhub-description@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
repository: ${{ needs.meta.outputs.dockerhub_owner }}/${{ needs.meta.outputs.bin_name }} | |
readme-filepath: ./README.md | |
short-description: ${{ github.event.repository.description }} | |
binaries: | |
name: Binaries & Debian Packages | |
needs: [lint, meta] | |
if: needs.meta.outputs.is_running_version_tag_update != 'true' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: stable | |
- name: Go version | |
run: go version | |
- name: Setup Ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: "3.2" | |
bundler-cache: true | |
- name: Ruby version | |
run: ruby --version | |
- name: Install fpm | |
run: | | |
gem install --no-document fpm -v "$FPM_VERSION" | |
- name: Build binaries & packages | |
run: make package | |
- name: Prepare release artifacts | |
working-directory: out/ | |
run: | | |
mkdir ./gh-release | |
cp ./*.deb ./gh-release/ | |
find . -name '${{ needs.meta.outputs.bin_name }}-*' -executable -type f -maxdepth 1 -print0 | xargs -0 -I {} tar --transform='flags=r;s|.*|${{ needs.meta.outputs.bin_name }}|' -czvf ./gh-release/{}.tar.gz {} | |
- name: Upload binaries & packages | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ needs.meta.outputs.bin_name }} Binary Artifacts | |
path: out/gh-release/* | |
release: | |
name: GitHub (Pre)Release | |
needs: [meta, binaries] | |
if: >- | |
needs.meta.outputs.is_release == 'true' || | |
needs.meta.outputs.is_prerelease == 'true' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- name: Download binaries & packages | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ needs.meta.outputs.bin_name }} Binary Artifacts | |
path: out | |
- name: List artifacts | |
working-directory: out | |
run: ls -R | |
- name: Create GitHub release | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: out/${{ needs.meta.outputs.bin_name }}-* | |
prerelease: ${{ needs.meta.outputs.is_prerelease == 'true' }} | |
fail_on_unmatched_files: true | |
generate_release_notes: true | |
tags: | |
name: Update Release Tags | |
needs: [meta, release] | |
if: needs.meta.outputs.is_release == 'true' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Update running major/minor version tags | |
uses: sersoft-gmbh/running-release-tags-action@v3 | |
with: | |
fail-on-non-semver-tag: true | |
create-release: false | |
update-full-release: false | |
aptly: | |
name: Aptly | |
needs: [meta, binaries] | |
if: needs.meta.outputs.is_release == 'true' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download binaries & packages | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ needs.meta.outputs.bin_name }} Binary Artifacts | |
path: out | |
- name: List artifacts | |
run: ls -R | |
working-directory: out | |
- name: Login to Tailscale | |
uses: tailscale/github-action@v2 | |
with: | |
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }} | |
oauth-secret: ${{ secrets.TS_OAUTH_SECRET }} | |
tags: tag:github-actions | |
- name: Push to Aptly Repo | |
shell: bash | |
run: | | |
set -x | |
for DEB in out/*.deb; do | |
curl -u "${{ secrets.APTLY_CRED }}" \ | |
-fsS -X POST \ | |
-F file=@"${DEB}" \ | |
"${{ secrets.APTLY_API }}/files/${{ needs.meta.outputs.bin_name }}-${{ needs.meta.outputs.bin_version }}" | |
done | |
curl -u "${{ secrets.APTLY_CRED }}" \ | |
-fsS -X POST \ | |
"${{ secrets.APTLY_API }}/repos/${{ needs.meta.outputs.aptly_repo_name }}/file/${{ needs.meta.outputs.bin_name }}-${{ needs.meta.outputs.bin_version }}?forceReplace=1" | |
- name: Update Published Aptly Repo | |
run: | | |
set -x | |
curl -u "${{ secrets.APTLY_CRED }}" \ | |
-fsS -X PUT \ | |
-H 'Content-Type: application/json' \ | |
--data '{"ForceOverwrite": true}' \ | |
"${{ secrets.APTLY_API }}/publish/${{ needs.meta.outputs.aptly_publish_prefix }}/${{ needs.meta.outputs.aptly_dist }}?_async=true" |