Build docker image in build workflow; Update automatic install to use Docker (#983)

* Test docker prod build in CI

* Need uses

* Set build-args

* Split builds

* Fix build-args format

* wtf

* hmmm

* Jeebus

* build version based on drafted release

* Build multi-platform images

* Only build for supported platforms

* Use newer OTP fingers crossed

* Use OTP 24 for arm64

* Finalize test build of Docker image

* Update comment

* Bump to OTP 25.1

* Use proper ver

* D'oh proper sha

* Use OTP 24 and install python for node build

* Use new Docker base

* Use python3

* Use newly-built base images with other platform support

* Don't build for ppc64le and s390x

* Build only for amd64/arm64

* Don't rebuild on publish; simply copy

* See where the image is being pushed

* Remove echo

* Add docker updates

* Match platforms from base image

* Use docker-compose over docker compose

* Use our own base

* we need python3

* use consistent service name

* trim trailing slash from external_url

* Build for latest tag in staging

.github/workflows/docker_build.yml

@@ -0,0 +1,67 @@
+name: Docker Build
+on:
+  push:
+    branches:
+      - master
+      - 'build/**'
+
+jobs:
+  draft-release:
+    runs-on: ubuntu-latest
+    outputs:
+      tag_name: ${{ steps.release_drafter.outputs.tag_name }}
+    steps:
+      - uses: release-drafter/release-drafter@v5
+        id: release_drafter
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    needs: draft-release
+    env:
+      REGISTRY: ghcr.io
+      IMAGE_NAME: ${{ github.repository }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Log in to the Container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+            type=raw,${{ needs.draft-release.outputs.tag_name }}
+            type=raw,latest
+      # Push to GHCR; our registry for testing / dev builds. Publish will
+      # make these public via Docker Hub in the docker_publish workflow.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            VERSION=${{ needs.draft-release.outputs.tag_name }}
+          file: Dockerfile.prod
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/docker_publish.yml

@@ -0,0 +1,34 @@
+name: Publish image to Docker Hub
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  deploy-app:
+    env:
+      DOCKERHUB_REGISTRY: docker.io
+      GITHUB_REGISTRY: ghcr.io
+      IMAGE_NAME: ${{ github.repository }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.GITHUB_REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Copy image from Github (staging) to Docker (production)
+        uses: akhilerm/tag-push-action@v2.0.0
+        with:
+          src: ${{ env.GITHUB_REGISTRY }}/${{ env.IMAGE_NAME}}:${{ github.ref_name }}
+          dst: |
+            ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}}:latest
+            ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}}:${{ github.ref_name }}

.github/workflows/omnibus_build.yml

@@ -2,7 +2,7 @@
 # time.
 concurrency: build
 
-name: Build
+name: Omnibus Build
 on:
   push:
     branches:
@@ -11,7 +11,7 @@ on:
 
 jobs:
   draft-release:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     outputs:
       tag_name: ${{ steps.release_drafter.outputs.tag_name }}
     steps:

.github/workflows/omnibus_publish.yml

@@ -168,7 +168,7 @@ jobs:
           republish: 'true'
           file: firezone_${{ github.ref_name }}-${{ matrix.platform }}.rpm
 
-      - name: Pubslih DEB
+      - name: Publish DEB
         uses: cloudsmith-io/action@master
         if: steps.check_deb.outputs.files_exists == 'true'
         with:

.github/workflows/publish-image.yml

@@ -1,34 +0,0 @@
-name: Publish image to Docker Hub
-
-on:
-  release:
-    types: [published]
-
-jobs:
-  deploy-app:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Build and push App
-        uses: docker/build-push-action@v3
-        with:
-          push: true
-          file: Dockerfile.prod
-          build-args: |
-            VERSION=${{ github.ref_name }}
-          tags: ${{ secrets.DOCKERHUB_USERNAME }}/firezone:${{ github.ref_name }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max