github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(ci): Copy artifacts to prod on publish, not deploy (#5388)

Browse Source 
Fixes hopefully the last remaining issue from #4397 


Fixes #5370
This commit is contained in:
Jamil
2024-06-17 07:30:53 -07:00
committed by GitHub
parent 27e6672a5d
commit 7c20243733
3 changed files with 55 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.github/workflows/_deploy_production.yml vendored
View File

@@ -66,30 +66,6 @@ jobs:
service_account: "github-actions@github-iam-387915.iam.gserviceaccount.com"
export_environment_variables: true
create_credentials_file: true
- name: Copy Google Cloud Storage binaries to "latest" version
if: ${{ contains(fromJSON('["client", "relay", "gateway"]'), matrix.image) }}
run: |
set -xe
ARCHITECTURES=(x86_64 aarch64 armv7)
for arch in "${ARCHITECTURES[@]}"; do
# Copy sha256sum.txt
gcloud storage cp \
gs://firezone-staging-artifacts/firezone-${{ matrix.image }}/${{ inputs.tag }}/${arch}.sha256sum.txt \
gs://firezone-prod-artifacts/firezone-${{ matrix.image }}/latest/${arch}.sha256sum.txt
gcloud storage cp \
gs://firezone-staging-artifacts/firezone-${{ matrix.image }}/${{ inputs.tag }}/${arch}.sha256sum.txt \
gs://firezone-prod-artifacts/firezone-${{ matrix.image }}/${{ inputs.tag }}/${arch}.sha256sum.txt
# Copy binaries
gcloud storage cp \
gs://firezone-staging-artifacts/firezone-${{ matrix.image }}/${{ inputs.tag }}/${arch} \
gs://firezone-prod-artifacts/firezone-${{ matrix.image }}/latest/${arch}
gcloud storage cp \
gs://firezone-staging-artifacts/firezone-${{ matrix.image }}/${{ inputs.tag }}/${arch} \
gs://firezone-prod-artifacts/firezone-${{ matrix.image }}/${{ inputs.tag }}/${arch}
done
deploy-production:
needs: push

75
.github/workflows/publish.yml vendored
View File

@@ -4,20 +4,13 @@ on:
release:
types:
- published
workflow_call:
inputs:
tag:
description: "Image tag to deploy. Defaults to the last commit SHA in the branch."
type: string
default: ${{ github.sha }}
required: false
concurrency:
group: "publish-production-${{ github.event_name }}-${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: false
jobs:
publish-images-to-ghcr:
publish-artifacts:
runs-on: ubuntu-22.04
permissions:
# Needed to upload artifacts to a release
@@ -29,25 +22,28 @@ jobs:
- uses: ./.github/actions/gcp-docker-login
id: login
with:
# Deploy from staging artifacts since it what was built on main
project: firezone-staging
- uses: ./.github/actions/gcp-docker-login
id: login
with:
project: firezone-prod
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{github.actor}}
password: ${{secrets.GITHUB_TOKEN}}
- name: Pull and push
- name: Set variables
id: set-variables
run: |
set -xe
if [[ "${{ github.event.release.name }}" =~ gateway* ]]; then
image=gateway
ARTIFACT=gateway
# mark:next-gateway-version
VERSION="1.0.8"
elif [[ "${{ github.event.release.name }}" =~ headless* ]]; then
image=client
ARTIFACT=client
# mark:next-headless-version
VERSION="1.0.8"
else
@@ -58,14 +54,51 @@ jobs:
MAJOR_VERSION="${VERSION%%.*}"
MAJOR_MINOR_VERSION="${VERSION%.*}"
SOURCE_TAG=${{ steps.login.outputs.registry }}/firezone/${image}:${{ inputs.tag || github.sha }}
echo "artifact=$ARTIFACT" >> "$GITHUB_OUTPUT"
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "major_version=$MAJOR_VERSION" >> "$GITHUB_OUTPUT"
echo "major_minor_version=$MAJOR_MINOR_VERSION" >> "$GITHUB_OUTPUT"
- name: Pull and push
run: |
set -xe
SOURCE_TAG=${{ steps.login.outputs.registry }}/firezone/${{ steps.set-variables.outputs.artifact }}:${{ github.sha }}
docker buildx imagetools create \
-t ghcr.io/firezone/${image}:${{ inputs.tag || github.sha }} \
-t ghcr.io/firezone/${image}:${VERSION} \
-t ghcr.io/firezone/${image}:${VERSION} \
-t ghcr.io/firezone/${image}:${VERSION}-${{ inputs.tag || github.sha }} \
-t ghcr.io/firezone/${image}:latest \
-t ghcr.io/firezone/${image}:${MAJOR_VERSION} \
-t ghcr.io/firezone/${image}:${MAJOR_MINOR_VERSION} \
-t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:${{ github.sha }} \
-t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:${{ steps.set-variables.outputs.version }} \
-t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:${{ steps.set-variables.outputs.version }} \
-t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:${{ steps.set-variables.outputs.version }}-${{ github.sha }} \
-t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:latest \
-t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:${{ steps.set-variables.outputs.major_version }} \
-t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:${{ steps.set-variables.outputs.major_minor-version }} \
$SOURCE_TAG
- name: Copy Google Cloud Storage binaries to "latest" version
run: |
set -xe
ARCHITECTURES=(x86_64 aarch64 armv7)
for arch in "${ARCHITECTURES[@]}"; do
# Copy sha256sum.txt
gcloud storage cp \
gs://firezone-staging-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch}.sha256sum.txt \
gs://firezone-prod-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/latest/${arch}.sha256sum.txt
gcloud storage cp \
gs://firezone-staging-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch}.sha256sum.txt \
gs://firezone-prod-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch}.sha256sum.txt
gcloud storage cp \
gs://firezone-staging-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch}.sha256sum.txt \
gs://firezone-prod-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ steps.set-variables.outputs.version }}/${arch}.sha256sum.txt
# Copy binaries
gcloud storage cp \
gs://firezone-staging-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch} \
gs://firezone-prod-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/latest/${arch}
gcloud storage cp \
gs://firezone-staging-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch} \
gs://firezone-prod-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch}
gcloud storage cp \
gs://firezone-staging-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch} \
gs://firezone-prod-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ steps.set-variables.outputs.version }}/${arch}
done

2
scripts/gateway-systemd-install.sh
View File

@@ -11,7 +11,7 @@ RUST_LOG=${RUST_LOG:-str0m=warn,info}
# Can be used to download a specific version of the gateway from a custom URL
FIREZONE_VERSION=${FIREZONE_VERSION:-latest}
# See https://github.com/firezone/firezone/issues/5370
# TODO: Remove this workaround after 1.0.8 gateway is released. See https://github.com/firezone/firezone/issues/5370
# FIREZONE_ARTIFACT_URL=${FIREZONE_ARTIFACT_URL:-https://www.firezone.dev/dl/firezone-gateway}
FIREZONE_ARTIFACT_URL=https://www.firezone.dev/dl/firezone-gateway