mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
448499b13e
Right now, draft releases for Gateways and headless-clients are created on each merge to main. For all other components, we only create those when we trigger the workflow for a specific commit. To align this functionality, we split the `_build_artifacts.yml` workflow into two: - `_control-plane.yml` - `_data-plane.yml` Apart from the `sha` input, all inputs only concern the data-plane, therefore massively simplifying the control-plane workflow. Additionally, the control-plane also doesn't have a manual trigger because its artifacts never get released on GitHub. Resolves: #10541
100 lines
3.7 KiB
YAML
100 lines
3.7 KiB
YAML
name: Build control plane
|
|
run-name: Triggered from ${{ github.event_name }} by ${{ github.actor }}
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
sha:
|
|
required: false
|
|
type: string
|
|
default: ${{ github.sha }}
|
|
|
|
permissions:
|
|
id-token: write
|
|
packages: write
|
|
|
|
jobs:
|
|
control-plane:
|
|
name: ${{ matrix.image_name }}
|
|
runs-on: ubuntu-24.04
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- image_name: domain
|
|
target: runtime
|
|
build-args: |
|
|
APPLICATION_NAME=domain
|
|
GIT_SHA=${{ inputs.sha }}
|
|
- image_name: api
|
|
target: runtime
|
|
build-args: |
|
|
APPLICATION_NAME=api
|
|
GIT_SHA=${{ inputs.sha }}
|
|
- image_name: web
|
|
target: runtime
|
|
build-args: |
|
|
APPLICATION_NAME=web
|
|
GIT_SHA=${{ inputs.sha }}
|
|
- image_name: elixir
|
|
target: compiler
|
|
build-args: |
|
|
APPLICATION_NAME=api
|
|
GIT_SHA=${{ inputs.sha }}
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
ref: ${{ inputs.sha }}
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
|
|
- uses: ./.github/actions/ghcr-docker-login
|
|
id: login
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: Docker meta
|
|
id: meta
|
|
uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
|
|
with:
|
|
images: ${{ steps.login.outputs.registry }}/firezone/${{matrix.image_name }}
|
|
tags: |
|
|
type=raw,value=${{ inputs.sha }}
|
|
- name: Sanitize github.ref_name
|
|
run: |
|
|
# `ref_name` contains `/`, '_' or '=' which is not a valid docker image tag
|
|
REF="${{ github.ref_name }}"
|
|
CACHE_TAG="${REF//[\/_=]/-}"
|
|
echo "CACHE_TAG=$CACHE_TAG" >> "$GITHUB_ENV"
|
|
# PRs & non-main branches: read-only cache
|
|
- name: Build and push control plane images (read-only cache)
|
|
if: ${{ github.ref != 'refs/heads/main' }}
|
|
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
|
|
with:
|
|
build-args: ${{ matrix.build-args }}
|
|
target: ${{ matrix.target }}
|
|
context: elixir
|
|
cache-from: |
|
|
type=gha,scope=${{ matrix.image_name }}:${{ env.CACHE_TAG }}
|
|
type=gha,scope=${{ matrix.image_name }}:main
|
|
# no cache-to here -> read-only
|
|
push: true
|
|
tags: |
|
|
${{ steps.login.outputs.registry }}/firezone/${{ matrix.image_name }}:${{ inputs.sha }}
|
|
${{ steps.login.outputs.registry }}/firezone/${{ matrix.image_name }}:${{ env.CACHE_TAG }}
|
|
|
|
# main: read/write cache
|
|
- name: Build and push control plane images (read/write cache)
|
|
if: ${{ github.ref == 'refs/heads/main' }}
|
|
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
|
|
with:
|
|
build-args: ${{ matrix.build-args }}
|
|
target: ${{ matrix.target }}
|
|
context: elixir
|
|
cache-from: |
|
|
type=gha,scope=${{ matrix.image_name }}:${{ env.CACHE_TAG }}
|
|
type=gha,scope=${{ matrix.image_name }}:main
|
|
cache-to: |
|
|
type=gha,scope=${{ matrix.image_name }}:${{ env.CACHE_TAG }},mode=max,ignore-error=true
|
|
push: true
|
|
tags: |
|
|
${{ steps.login.outputs.registry }}/firezone/${{ matrix.image_name }}:${{ inputs.sha }}
|
|
${{ steps.login.outputs.registry }}/firezone/${{ matrix.image_name }}:${{ env.CACHE_TAG }}
|