github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
da66264c84591c305f4533416f9306515ac26404
firezone/.github/workflows/ci.yml
Jamil da66264c84 Use larger builders for CPU-bound workflows (#2256) 
- `ubuntu-22.04-firezone` is a 16-core builder for ~~kotlin~~ and docker
- ~~`macos-13-xlarge` is an M1 builder for Apple and docker arm64~~
- Configure the Gradle build cache
- Upgrade kotlin plugins, Android minSDK to 30, and gradle to 8.4


Edit: It appears that even using the largest runners for kotin and swift
don't speed the builds up that much (~30%), but will substantially
increase our cost, so I've reverted them to free.

Fixes #2210
2023-10-07 08:07:24 -07:00

183 lines
6.3 KiB
YAML
Raw Blame History

name: Continuous Integration
on:
pull_request:
merge_group:
types: [checks_requested]
workflow_call:
jobs:
elixir:
uses: ./.github/workflows/elixir.yml
rust:
uses: ./.github/workflows/rust.yml
kotlin:
uses: ./.github/workflows/kotlin.yml
swift:
uses: ./.github/workflows/swift.yml
static-analysis:
uses: ./.github/workflows/static-analysis.yml
terraform:
uses: ./.github/workflows/terraform.yml
secrets: inherit
# We could build these in GCP with Cloud Build, but for now it's
# less overhead to keep things in GH actions. See work on building these
# in GCP with Cloud Build: https://github.com/firezone/firezone/pull/2234
build-images:
runs-on: ubuntu-22.04-firezone-16c
strategy:
matrix:
include:
- image_name: api
target: runtime
context: elixir
build-args: |
APPLICATION_NAME=api
- image_name: web
target: runtime
context: elixir
build-args: |
APPLICATION_NAME=web
- image_name: gateway
push: ${{ github.ref == 'refs/heads/main' }}
target: runtime
context: rust
build-args: |
PACKAGE=firezone-gateway
- image_name: relay
target: runtime
context: rust
build-args: |
PACKAGE=relay
- image_name: client
target: runtime
context: rust
build-args: |
PACKAGE=firezone-headless-client
- image_name: elixir
target: compiler
context: elixir
build-args: |
APPLICATION_NAME=api
permissions:
contents: read
id-token: write
env:
# mark:automatic-version
VERSION: "1.20231001.0"
APPLICATION_NAME: ${{ matrix.image_name }}
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
# We are overriding the default buildkit version being used by Buildx. We need buildkit >= 12.0 and currently BuildX
# supports v0.11.6 https://github.com/docker/buildx/blob/b8739d74417f86aa8fc9aafb830a8ba656bdef0e/Dockerfile#L9.
# We should for any updates on buildx and on the setup-buildx-action itself.
driver-opts: |
image=moby/buildkit:v0.12.0
- uses: actions/checkout@v4
- name: Sanitize github.ref_name
run: |
REF="${{ github.ref_name }}" # `ref_name` contains `/` which is not a valid docker image tag.
CACHE_TAG="${REF//\//-}"
echo "CACHE_TAG=$CACHE_TAG" >> "$GITHUB_ENV"
- uses: ./.github/actions/gcp-docker-login
id: login
with:
project: firezone-staging
- name: Build Docker images
uses: docker/build-push-action@v5
with:
platforms: linux/amd64
build-args: ${{ matrix.build-args }}
context: ${{ matrix.context }}/
cache-from: |
type=registry,ref=${{ steps.login.outputs.registry }}/firezone/cache/${{ matrix.image_name }}:${{ env.CACHE_TAG }}
type=registry,ref=${{ steps.login.outputs.registry }}/firezone/cache/${{ matrix.image_name }}:main
# This will write the cache on main even if integration tests fail,
# but it'll just be corrected on the next successful build.
cache-to: >-
type=registry,ref=${{ steps.login.outputs.registry}}/firezone/cache/${{ matrix.image_name }}:${{ env.CACHE_TAG }}
file: ${{ matrix.context }}/Dockerfile
push: true
target: ${{ matrix.target }}
tags: |
${{ steps.login.outputs.registry }}/firezone/${{ matrix.image_name }}:${{ env.VERSION }}-${{ github.sha }}
${{ steps.login.outputs.registry }}/firezone/${{ matrix.image_name }}:latest
integration-tests:
needs: build-images
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
strategy:
matrix:
include:
# TODO: Add more NAT type tests here
- test_name: Relayed flow
setup: |
# Disallow traffic between gateway and client container
sudo iptables -I FORWARD 1 -s 172.28.0.100 -d 172.28.0.105 -j DROP
sudo iptables -I FORWARD 1 -s 172.28.0.105 -d 172.28.0.100 -j DROP
execute: |
docker compose exec -it client timeout 60 \
bash -c 'until ping -W 1 -c 1 172.20.0.100 &>/dev/null; do true; done'
- test_name: Basic flow
setup: echo 'Noop'
execute: |
docker compose exec -it client timeout 60 \
bash -c 'until ping -W 1 -c 1 172.20.0.100 &>/dev/null; do true; done'
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/gcp-docker-login
id: login
with:
project: firezone-staging
- name: Seed database
run:
# FIXME: This doesn't use the Elixir cache, and so compiles every time
docker compose run elixir /bin/sh -c 'cd apps/domain && mix ecto.seed'
- name: Start docker compose in the background
run: |
docker compose up -d \
api \
web \
client \
relay \
gateway
- name: Setup ${{ matrix.test_name }} test
run: ${{ matrix.setup }}
- name: Execute ${{ matrix.test_name }} test
run: ${{ matrix.execute }}
- name: Show Client logs
if: "!cancelled()"
run: docker compose logs client
- name: Show Relay logs
if: "!cancelled()"
run: docker compose logs relay
- name: Show Gateway logs
if: "!cancelled()"
run: docker compose logs gateway
- name: Show API logs
if: "!cancelled()"
run: docker compose logs api
- name: Show httpbin logs
if: "!cancelled()"
run: docker compose logs httpbin
# Makes managing the required status checks easier, and moves that source of truth to code
# TODO: Use https://registry.terraform.io/providers/integrations/github/latest/docs instead
required-status-checks:
runs-on: ubuntu-latest
needs:
- integration-tests
- elixir
- kotlin
- swift
- rust
- static-analysis
- terraform
steps:
- run: echo "No-op"
Reference in New Issue View Git Blame Copy Permalink