-
Notifications
You must be signed in to change notification settings - Fork 46
132 lines (115 loc) · 3.96 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Build Images
on:
push:
branches: [main]
tags: [v*]
pull_request:
branches: [main]
env:
PLATFORMS: linux/amd64,linux/arm64
ARCHS: amd64,arm64
IMAGE_PREFIX: ghcr.io/webmeshproj/vdi
VERSION: ${{ startswith(github.ref, 'refs/tags/v') && github.ref || 'latest' }}
GO_VERSION: 1.21
NODE_VERSION: 16
BUILD_IDS: --id app --id manager --id proxy
CACHE_DEP_PATH: go.sum
BUILD_PARALLELISM: 4
COSIGN_EXPERIMENTAL: 1
jobs:
build:
name: Build Images
runs-on: self-hosted
permissions:
contents: "write"
id-token: "write"
packages: "write"
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: false
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: ${{ env.NODE_VERSION }}
# - name: Setup Build Cache
# uses: actions/cache@v3
# with:
# key: ${{ runner.os }}-build-${{ hashFiles(env.CACHE_DEP_PATH) }}
# restore-keys: ${{ runner.os }}-build-${{ env.GO_VERSION }}-
# path: |
# ~/go/pkg
# ~/.cache/go-build
# ui/app/node_modules
- name: Login to GHCR
uses: docker/login-action@v3
if: ${{ github.event_name != 'pull_request' }}
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: ${{ env.ARCHS }}
- name: Setup Buildx
uses: docker/setup-buildx-action@v3
- name: Setup Cosign
uses: sigstore/cosign-installer@main
- name: Run Snapshot Container Release
uses: goreleaser/goreleaser-action@v5
if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
with:
version: latest
args: build --snapshot --clean ${{ env.BUILD_IDS }}
- name: Run Container Release
uses: goreleaser/goreleaser-action@v5
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
with:
version: latest
args: build --clean --fail-fast --parallelism=${{ env.BUILD_PARALLELISM }} ${{ env.BUILD_IDS }}
- name: Build UI Assets
shell: bash
run: |
yarn global add @quasar/cli
cd ui/app && yarn install && $(yarn global bin)/quasar build
- name: Build and Push Manager Image
uses: docker/build-push-action@v5
id: manager-build
with:
context: .
file: build/Dockerfile.manager
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ env.IMAGE_PREFIX }}-manager:${{ env.VERSION }}
platforms: ${{ env.PLATFORMS }}
- name: Build and Push App Image
uses: docker/build-push-action@v5
id: app-build
with:
context: .
file: build/Dockerfile.app
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ env.IMAGE_PREFIX }}-app:${{ env.VERSION }}
platforms: ${{ env.PLATFORMS }}
- name: Build and Push Proxy Image
uses: docker/build-push-action@v5
id: proxy-build
with:
context: .
file: build/Dockerfile.proxy
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ env.IMAGE_PREFIX }}-proxy:${{ env.VERSION }}
platforms: ${{ env.PLATFORMS }}
- name: Sign Container Images
if: ${{ github.event_name != 'pull_request' }}
run: |
cosign sign --yes --recursive ${{ env.IMAGE_PREFIX }}-manager@${{ steps.manager-build.outputs.digest }}
cosign sign --yes --recursive ${{ env.IMAGE_PREFIX }}-app@${{ steps.app-build.outputs.digest }}
cosign sign --yes --recursive ${{ env.IMAGE_PREFIX }}-proxy@${{ steps.proxy-build.outputs.digest }}