From bcd49dc37c167e5b50f63b109bedcc06b7960812 Mon Sep 17 00:00:00 2001 From: Marcus Herz Date: Thu, 6 Feb 2025 14:15:35 +0100 Subject: [PATCH] rework github workflows --- .github/workflows/build.yaml | 110 ++-------------- .github/workflows/{main.yaml => pr.yaml} | 26 +--- .github/workflows/release.yaml | 157 +++++++++++++++++++++++ .github/workflows/release_service.yaml | 125 ++++++++++++++++++ Dockerfile | 2 +- v3/Dockerfile | 2 +- 6 files changed, 299 insertions(+), 123 deletions(-) rename .github/workflows/{main.yaml => pr.yaml} (81%) create mode 100644 .github/workflows/release.yaml create mode 100644 .github/workflows/release_service.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 00e65798..21918ec2 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,109 +1,25 @@ -name: Build -on: +name: Build Service +on: workflow_call: inputs: - image: - required: true - type: string path: + description: 'Path of the service' required: true type: string jobs: build: - name: Build + name: Build ${{ inputs.path }} runs-on: ubuntu-latest steps: - - - name: Checkout - uses: actions/checkout@master - - - uses: actions/setup-go@v5 - name: go-cache - with: - # caching is enabled by default since setup-go@v4 - go-version: '1.23.2' - - - name: Build - env: - GOOS: linux - CGO_ENABLED: 0 - run: go build -ldflags="-s -w" -v -o app "${{ inputs.path }}" - - name: Build Release - if: | - github.event_name == 'push' && ( - startsWith(github.event.ref, 'refs/tags/') - || endsWith(github.event.ref, '/master') - ) - run: docker build -t hobbyfarm/"${{ inputs.image }}":${GIT_COMMIT_SHORT_HASH:-dev} -f cicd/Dockerfile . + - name: Checkout + uses: actions/checkout@v4 - - name: Compute Docker Tag - if: | - github.event_name == 'push' && ( - startsWith(github.event.ref, 'refs/tags/') - || endsWith(github.event.ref, '/master') - ) - id: compute_docker_tag - run: | - tag=${GITHUB_REF#refs/tags/} - branch=${GITHUB_REF#refs/heads/} - if [ "$tag" != "$GITHUB_REF" ]; then - tag=$(echo "$tag" | sed -e 's/[^a-zA-Z0-9\-\.]/-/g') - echo ::set-output name=DOCKER_TAG::${tag} - elif [ "$branch" != "$GITHUB_REF" ]; then - branch=$(echo "$branch" | sed -e 's/[^a-zA-Z0-9\-\.]/-/g') - echo ::set-output name=DOCKER_TAG::${branch} - else - echo "unable to determine docker tag" >&2 - exit 1 - fi - - - name: Docker Login - if: | - github.event_name == 'push' && ( - startsWith(github.event.ref, 'refs/tags/') - || endsWith(github.event.ref, '/master') - ) - run: | - echo "${{ secrets.DOCKER_HUB_PASSWORD }}" \ - | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin - - - name: Docker Tag - if: | - github.event_name == 'push' && ( - startsWith(github.event.ref, 'refs/tags/') - || endsWith(github.event.ref, '/master') - ) - run: | - docker tag \ - hobbyfarm/"${{ inputs.image }}":${GIT_COMMIT_SHORT_HASH:-dev} \ - hobbyfarm/"${{ inputs.image }}":"${{ steps.compute_docker_tag.outputs.DOCKER_TAG }}" - - - name: Docker Push - if: | - github.event_name == 'push' && ( - startsWith(github.event.ref, 'refs/tags/') - || endsWith(github.event.ref, '/master') - ) - run: | - docker push \ - hobbyfarm/"${{ inputs.image }}":"${{ steps.compute_docker_tag.outputs.DOCKER_TAG }}" - - - name: Docker Tag Latest - if: | - github.event_name == 'push' && ( - startsWith(github.event.ref, 'refs/tags/') - ) - run: | - docker tag \ - hobbyfarm/"${{ inputs.image }}":${GIT_COMMIT_SHORT_HASH:-dev} \ - hobbyfarm/"${{ inputs.image }}":latest + - name: Setup go + # caching is enabled by default since setup-go@v4 + uses: actions/setup-go@v5 + with: + go-version: '1.23.2' - - name: Docker Push Latest - if: | - github.event_name == 'push' && ( - startsWith(github.event.ref, 'refs/tags/') - ) - run: | - docker push \ - hobbyfarm/"${{ inputs.image }}":latest + - name: Build + run: go build -ldflags="-s -w" -v -o app "${{ inputs.path }}" diff --git a/.github/workflows/main.yaml b/.github/workflows/pr.yaml similarity index 81% rename from .github/workflows/main.yaml rename to .github/workflows/pr.yaml index 4d6084b9..c1d11b1a 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/pr.yaml @@ -1,135 +1,113 @@ -name: Main -on: [push, pull_request] +name: Pull Request +on: [pull_request] jobs: build-gargantua: uses: ./.github/workflows/build.yaml with: path: ./ - image: gargantua secrets: inherit build-accesscode-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/accesscodesvc - image: accesscode-service secrets: inherit build-authn-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/authnsvc - image: authn-service secrets: inherit build-authr-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/authrsvc - image: authr-service secrets: inherit build-conversion-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/conversionsvc - image: conversion-service secrets: inherit build-cost-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/costsvc - image: cost-service secrets: inherit build-course-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/coursesvc - image: course-service secrets: inherit build-dbconfig-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/dbconfigsvc - image: dbconfig-service secrets: inherit build-environment-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/environmentsvc - image: environment-service secrets: inherit build-progress-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/progresssvc - image: progress-service secrets: inherit build-rbac-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/rbacsvc - image: rbac-service secrets: inherit build-scenario-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/scenariosvc - image: scenario-service secrets: inherit build-scheduledevent-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/scheduledeventsvc - image: scheduledevent-service secrets: inherit build-session-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/sessionsvc - image: session-service secrets: inherit build-setting-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/settingsvc - image: setting-service secrets: inherit build-terraform-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/terraformsvc - image: terraform-service secrets: inherit build-user-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/usersvc - image: user-service secrets: inherit build-vmclaim-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/vmclaimsvc - image: vmclaim-service secrets: inherit build-vmset-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/vmsetsvc - image: vmset-service secrets: inherit build-vm-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/vmsvc - image: vm-service secrets: inherit build-vmtemplate-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/vmtemplatesvc - image: vmtemplate-service secrets: inherit build-score-service: uses: ./.github/workflows/build.yaml with: path: ./v3/services/scoresvc - image: score-service secrets: inherit \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 00000000..50a44065 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,157 @@ +name: Release +on: [push] +jobs: + release-gargantua: + uses: ./.github/workflows/release_service.yaml + with: + service: gargantua + image: gargantua + dockerfile: ./Dockerfile + secrets: inherit + release-accesscode-service: + uses: ./.github/workflows/release_service.yaml + with: + service: accesscodesvc + image: accesscode-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-authn-service: + uses: ./.github/workflows/release_service.yaml + with: + service: authnsvc + image: authn-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-authr-service: + uses: ./.github/workflows/release_service.yaml + with: + service: authrsvc + image: authr-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-conversion-service: + uses: ./.github/workflows/release_service.yaml + with: + service: conversionsvc + image: conversion-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-cost-service: + uses: ./.github/workflows/release_service.yaml + with: + service: costsvc + image: cost-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-course-service: + uses: ./.github/workflows/release_service.yaml + with: + service: coursesvc + image: course-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-dbconfig-service: + uses: ./.github/workflows/release_service.yaml + with: + service: dbconfigsvc + image: dbconfig-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-environment-service: + uses: ./.github/workflows/release_service.yaml + with: + service: environmentsvc + image: environment-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-progress-service: + uses: ./.github/workflows/release_service.yaml + with: + service: progresssvc + image: progress-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-rbac-service: + uses: ./.github/workflows/release_service.yaml + with: + service: rbacsvc + image: rbac-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-scenario-service: + uses: ./.github/workflows/release_service.yaml + with: + service: scenariosvc + image: scenario-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-scheduledevent-service: + uses: ./.github/workflows/release_service.yaml + with: + service: scheduledeventsvc + image: scheduledevent-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-session-service: + uses: ./.github/workflows/release_service.yaml + with: + service: sessionsvc + image: session-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-setting-service: + uses: ./.github/workflows/release_service.yaml + with: + service: settingsvc + image: setting-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-terraform-service: + uses: ./.github/workflows/release_service.yaml + with: + service: terraformsvc + image: terraform-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-user-service: + uses: ./.github/workflows/release_service.yaml + with: + service: usersvc + image: user-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-vmclaim-service: + uses: ./.github/workflows/release_service.yaml + with: + service: vmclaimsvc + image: vmclaim-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-vmset-service: + uses: ./.github/workflows/release_service.yaml + with: + service: vmsetsvc + image: vmset-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-vm-service: + uses: ./.github/workflows/release_service.yaml + with: + service: vmsvc + image: vm-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-vmtemplate-service: + uses: ./.github/workflows/release_service.yaml + with: + service: vmtemplatesvc + image: vmtemplate-service + dockerfile: ./v3/Dockerfile + secrets: inherit + release-score-service: + uses: ./.github/workflows/release_service.yaml + with: + service: scoresvc + image: score-service + dockerfile: ./v3/Dockerfile + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/release_service.yaml b/.github/workflows/release_service.yaml new file mode 100644 index 00000000..1a3dbf9a --- /dev/null +++ b/.github/workflows/release_service.yaml @@ -0,0 +1,125 @@ +name: Release Service +on: + workflow_call: + inputs: + service: + description: 'Service to build like costsvc, vmsetsvc' + required: true + type: string + image: + description: 'Base image name like cost-service, vmset-service' + required: true + type: string + dockerfile: + description: 'Dockerfile for the service' + required: true + type: string +jobs: + release: + name: Release ${{ inputs.image }} + runs-on: ubuntu-latest + # run if commit has new tag or push to master branch + if: | + github.event_name == 'push' && ( + startsWith(github.event.ref, 'refs/tags/') + || endsWith(github.event.ref, '/master') + ) + steps: + + - name: Checkout + uses: actions/checkout@v4 + + - name: Generate Docker Metadata + id: compute_docker_tag + uses: docker/metadata-action@v5 + with: + images: ${{ vars.DOCKER_REGISTRY }}/${{ inputs.image }} + tags: | + type=ref,event=tag + type=ref,event=branch + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Cache Docker layers + uses: actions/cache@v4 + with: + path: | + ${{ runner.temp }}/buildx-cache-${{ inputs.image }}-amd64 + ${{ runner.temp }}/buildx-cache-${{ inputs.image }}-arm64 + # caching key includes service + key: ${{ runner.os }}-buildx-${{ inputs.image }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build linux/amd64 + uses: docker/build-push-action@v6 + with: + platforms: linux/amd64 + build-args: SERVICE_NAME=${{ inputs.service }} + context: . + file: ${{ inputs.dockerfile }} + cache-from: type=local,src=${{ runner.temp }}/buildx-cache-${{ inputs.image }}-amd64 + cache-to: type=local,dest=${{ runner.temp }}/buildx-cache-${{ inputs.image }}-amd64-new,mode=max + + - name: Build linux/arm64 + uses: docker/build-push-action@v6 + with: + platforms: linux/arm64 + build-args: SERVICE_NAME=${{ inputs.service }} + context: . + file: ${{ inputs.dockerfile }} + cache-from: type=local,src=${{ runner.temp }}/buildx-cache-${{ inputs.image }}-arm64 + cache-to: type=local,dest=${{ runner.temp }}/buildx-cache-${{ inputs.image }}-arm64-new,mode=max + + - name: Push multi-platform image + uses: docker/build-push-action@v6 + if: | + github.event_name == 'push' && ( + startsWith(github.event.ref, 'refs/tags/') + ) + with: + tags: | + ${{ steps.compute_docker_tag.outputs.tags }} + ${{ vars.DOCKER_REGISTRY }}/${{ inputs.image }}:latest + platforms: linux/amd64,linux/arm64 + build-args: SERVICE_NAME=${{ inputs.service }} + context: . + file: ${{ inputs.dockerfile }} + push: true + cache-from: | + type=local,src=${{ runner.temp }}/buildx-cache-${{ inputs.image }}-amd64-new + type=local,src=${{ runner.temp }}/buildx-cache-${{ inputs.image }}-arm64-new + + - name: Login to Docker Registry + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} + + - name: Push multi-platform image + uses: docker/build-push-action@v6 + if: | + github.event_name == 'push' && ( + endsWith(github.event.ref, '/master') + ) + with: + tags: ${{ steps.compute_docker_tag.outputs.tags }} + platforms: linux/amd64,linux/arm64 + build-args: SERVICE_NAME=${{ inputs.service }} + context: . + file: ${{ inputs.dockerfile }} + push: true + cache-from: | + type=local,src=${{ runner.temp }}/buildx-cache-${{ inputs.image }}-amd64-new + type=local,src=${{ runner.temp }}/buildx-cache-${{ inputs.image }}-arm64-new + + - # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + name: Move cache + run: | + rm -rf ${{ runner.temp }}/buildx-cache-${{ inputs.image }}-amd64 + mv ${{ runner.temp }}/buildx-cache-${{ inputs.image }}-amd64-new ${{ runner.temp }}/buildx-cache-${{ inputs.image }}-amd64 + rm -rf ${{ runner.temp }}/buildx-cache-${{ inputs.image }}-arm64 + mv ${{ runner.temp }}/buildx-cache-${{ inputs.image }}-arm64-new ${{ runner.temp }}/buildx-cache-${{ inputs.image }}-arm64 diff --git a/Dockerfile b/Dockerfile index 89e6da12..68bca479 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,7 @@ RUN go mod download COPY . . # build the service and output the binary to /tmp/app -RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /tmp/app +RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -ldflags="-s -w" -o /tmp/app ##### RUNTIME STAGE ##### FROM alpine:3.21.2 diff --git a/v3/Dockerfile b/v3/Dockerfile index 4ebb2407..8ced73de 100644 --- a/v3/Dockerfile +++ b/v3/Dockerfile @@ -19,7 +19,7 @@ RUN go mod download COPY . /app # build the service and output the binary to /tmp/app -RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /tmp/app +RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -ldflags="-s -w" -o /tmp/app ##### RUNTIME STAGE ##### FROM alpine:3.21.2