From 7c20243733e97025a451eb63aa56dc624102869b Mon Sep 17 00:00:00 2001 From: Jamil Date: Mon, 17 Jun 2024 07:30:53 -0700 Subject: [PATCH] fix(ci): Copy artifacts to prod on publish, not deploy (#5388) Fixes hopefully the last remaining issue from #4397 Fixes #5370 --- .github/workflows/_deploy_production.yml | 24 -------- .github/workflows/publish.yml | 75 +++++++++++++++++------- scripts/gateway-systemd-install.sh | 2 +- 3 files changed, 55 insertions(+), 46 deletions(-) diff --git a/.github/workflows/_deploy_production.yml b/.github/workflows/_deploy_production.yml index 8e0c35ba0..3231a7e42 100644 --- a/.github/workflows/_deploy_production.yml +++ b/.github/workflows/_deploy_production.yml @@ -66,30 +66,6 @@ jobs: service_account: "github-actions@github-iam-387915.iam.gserviceaccount.com" export_environment_variables: true create_credentials_file: true - - name: Copy Google Cloud Storage binaries to "latest" version - if: ${{ contains(fromJSON('["client", "relay", "gateway"]'), matrix.image) }} - run: | - set -xe - - ARCHITECTURES=(x86_64 aarch64 armv7) - - for arch in "${ARCHITECTURES[@]}"; do - # Copy sha256sum.txt - gcloud storage cp \ - gs://firezone-staging-artifacts/firezone-${{ matrix.image }}/${{ inputs.tag }}/${arch}.sha256sum.txt \ - gs://firezone-prod-artifacts/firezone-${{ matrix.image }}/latest/${arch}.sha256sum.txt - gcloud storage cp \ - gs://firezone-staging-artifacts/firezone-${{ matrix.image }}/${{ inputs.tag }}/${arch}.sha256sum.txt \ - gs://firezone-prod-artifacts/firezone-${{ matrix.image }}/${{ inputs.tag }}/${arch}.sha256sum.txt - - # Copy binaries - gcloud storage cp \ - gs://firezone-staging-artifacts/firezone-${{ matrix.image }}/${{ inputs.tag }}/${arch} \ - gs://firezone-prod-artifacts/firezone-${{ matrix.image }}/latest/${arch} - gcloud storage cp \ - gs://firezone-staging-artifacts/firezone-${{ matrix.image }}/${{ inputs.tag }}/${arch} \ - gs://firezone-prod-artifacts/firezone-${{ matrix.image }}/${{ inputs.tag }}/${arch} - done deploy-production: needs: push diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index cf45fe37a..efa62e477 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -4,20 +4,13 @@ on: release: types: - published - workflow_call: - inputs: - tag: - description: "Image tag to deploy. Defaults to the last commit SHA in the branch." - type: string - default: ${{ github.sha }} - required: false concurrency: group: "publish-production-${{ github.event_name }}-${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: false jobs: - publish-images-to-ghcr: + publish-artifacts: runs-on: ubuntu-22.04 permissions: # Needed to upload artifacts to a release @@ -29,25 +22,28 @@ jobs: - uses: ./.github/actions/gcp-docker-login id: login with: - # Deploy from staging artifacts since it what was built on main project: firezone-staging + - uses: ./.github/actions/gcp-docker-login + id: login + with: + project: firezone-prod - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{github.actor}} password: ${{secrets.GITHUB_TOKEN}} - - name: Pull and push + - name: Set variables + id: set-variables run: | set -xe - if [[ "${{ github.event.release.name }}" =~ gateway* ]]; then - image=gateway + ARTIFACT=gateway # mark:next-gateway-version VERSION="1.0.8" elif [[ "${{ github.event.release.name }}" =~ headless* ]]; then - image=client + ARTIFACT=client # mark:next-headless-version VERSION="1.0.8" else @@ -58,14 +54,51 @@ jobs: MAJOR_VERSION="${VERSION%%.*}" MAJOR_MINOR_VERSION="${VERSION%.*}" - SOURCE_TAG=${{ steps.login.outputs.registry }}/firezone/${image}:${{ inputs.tag || github.sha }} + echo "artifact=$ARTIFACT" >> "$GITHUB_OUTPUT" + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + echo "major_version=$MAJOR_VERSION" >> "$GITHUB_OUTPUT" + echo "major_minor_version=$MAJOR_MINOR_VERSION" >> "$GITHUB_OUTPUT" + - name: Pull and push + run: | + set -xe + + SOURCE_TAG=${{ steps.login.outputs.registry }}/firezone/${{ steps.set-variables.outputs.artifact }}:${{ github.sha }} docker buildx imagetools create \ - -t ghcr.io/firezone/${image}:${{ inputs.tag || github.sha }} \ - -t ghcr.io/firezone/${image}:${VERSION} \ - -t ghcr.io/firezone/${image}:${VERSION} \ - -t ghcr.io/firezone/${image}:${VERSION}-${{ inputs.tag || github.sha }} \ - -t ghcr.io/firezone/${image}:latest \ - -t ghcr.io/firezone/${image}:${MAJOR_VERSION} \ - -t ghcr.io/firezone/${image}:${MAJOR_MINOR_VERSION} \ + -t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:${{ github.sha }} \ + -t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:${{ steps.set-variables.outputs.version }} \ + -t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:${{ steps.set-variables.outputs.version }} \ + -t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:${{ steps.set-variables.outputs.version }}-${{ github.sha }} \ + -t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:latest \ + -t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:${{ steps.set-variables.outputs.major_version }} \ + -t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:${{ steps.set-variables.outputs.major_minor-version }} \ $SOURCE_TAG + - name: Copy Google Cloud Storage binaries to "latest" version + run: | + set -xe + + ARCHITECTURES=(x86_64 aarch64 armv7) + + for arch in "${ARCHITECTURES[@]}"; do + # Copy sha256sum.txt + gcloud storage cp \ + gs://firezone-staging-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch}.sha256sum.txt \ + gs://firezone-prod-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/latest/${arch}.sha256sum.txt + gcloud storage cp \ + gs://firezone-staging-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch}.sha256sum.txt \ + gs://firezone-prod-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch}.sha256sum.txt + gcloud storage cp \ + gs://firezone-staging-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch}.sha256sum.txt \ + gs://firezone-prod-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ steps.set-variables.outputs.version }}/${arch}.sha256sum.txt + + # Copy binaries + gcloud storage cp \ + gs://firezone-staging-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch} \ + gs://firezone-prod-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/latest/${arch} + gcloud storage cp \ + gs://firezone-staging-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch} \ + gs://firezone-prod-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch} + gcloud storage cp \ + gs://firezone-staging-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ github.sha }}/${arch} \ + gs://firezone-prod-artifacts/firezone-${{ steps.set-variables.outputs.artifact }}/${{ steps.set-variables.outputs.version }}/${arch} + done diff --git a/scripts/gateway-systemd-install.sh b/scripts/gateway-systemd-install.sh index 60fe3213b..1f7dc2362 100755 --- a/scripts/gateway-systemd-install.sh +++ b/scripts/gateway-systemd-install.sh @@ -11,7 +11,7 @@ RUST_LOG=${RUST_LOG:-str0m=warn,info} # Can be used to download a specific version of the gateway from a custom URL FIREZONE_VERSION=${FIREZONE_VERSION:-latest} -# See https://github.com/firezone/firezone/issues/5370 +# TODO: Remove this workaround after 1.0.8 gateway is released. See https://github.com/firezone/firezone/issues/5370 # FIREZONE_ARTIFACT_URL=${FIREZONE_ARTIFACT_URL:-https://www.firezone.dev/dl/firezone-gateway} FIREZONE_ARTIFACT_URL=https://www.firezone.dev/dl/firezone-gateway