mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-21 17:41:52 +00:00
298 lines
8.7 KiB
YAML
298 lines
8.7 KiB
YAML
# We're running on a self-hosted runner, so only allow one workflow to run at a
|
|
# time.
|
|
# XXX: Remove this when self-hosted ephemeral runners are implemented.
|
|
concurrency: ci
|
|
|
|
name: CI
|
|
on:
|
|
- push
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
jobs:
|
|
lint-docs:
|
|
runs-on: macos-11
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- uses: actions/setup-node@v2
|
|
with:
|
|
node-version: '14.18.3'
|
|
- name: Lint Docs
|
|
run: |
|
|
npm install -g markdownlint-cli
|
|
cd docs
|
|
markdownlint .
|
|
|
|
static-analysis:
|
|
runs-on: ubuntu-18.04
|
|
env:
|
|
MIX_ENV: dev
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- uses: actions/setup-python@v2
|
|
- uses: erlef/setup-beam@v1
|
|
with:
|
|
otp-version: '24.2.1'
|
|
elixir-version: '1.13.2'
|
|
- uses: actions/cache@v2
|
|
with:
|
|
path: |
|
|
deps
|
|
_build
|
|
key: ${{ runner.os }}-mix-${{ hashFiles('**/mix.lock') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-mix-
|
|
- name: Install Dependencies
|
|
run: mix deps.get --only dev
|
|
# Don't cache PLTs based on mix.lock hash, as Dialyzer can incrementally update even old ones
|
|
# Cache key based on Elixir & Erlang version (also usefull when running in matrix)
|
|
- name: Restore PLT cache
|
|
uses: actions/cache@v2
|
|
id: plt_cache
|
|
with:
|
|
key: |
|
|
${{ runner.os }}-${{ steps.beam.outputs.elixir-version }}-${{ steps.beam.outputs.otp-version }}-plt
|
|
restore-keys: |
|
|
${{ runner.os }}-${{ steps.beam.outputs.elixir-version }}-${{ steps.beam.outputs.otp-version }}-plt
|
|
path: |
|
|
priv/plts
|
|
# Create PLTs if no cache was found
|
|
- name: Create PLTs
|
|
if: steps.plt_cache.outputs.cache-hit != 'true'
|
|
run: mix dialyzer --plt
|
|
- run: |
|
|
pip install pre-commit
|
|
pre-commit install
|
|
SKIP=no-commit-to-branch pre-commit run --all-files
|
|
|
|
|
|
unit-test:
|
|
runs-on: ubuntu-18.04
|
|
env:
|
|
MIX_ENV: test
|
|
POSTGRES_HOST: localhost
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
services:
|
|
postgres:
|
|
image: postgres:13.5
|
|
ports:
|
|
- 5432:5432
|
|
env:
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
options: >-
|
|
--health-cmd pg_isready
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
steps:
|
|
- name: Install package dependencies
|
|
run: |
|
|
sudo apt-get install -q -y \
|
|
net-tools \
|
|
wireguard
|
|
- uses: actions/checkout@v2
|
|
- uses: actions/setup-node@v2
|
|
with:
|
|
node-version: '14.18.3'
|
|
- uses: erlef/setup-beam@v1
|
|
with:
|
|
otp-version: '24.2.1'
|
|
elixir-version: '1.13.2'
|
|
- uses: actions/cache@v2
|
|
with:
|
|
path: |
|
|
deps
|
|
_build
|
|
key: ${{ runner.os }}-mix-${{ hashFiles('**/mix.lock') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-mix-
|
|
- name: Install Dependencies
|
|
run: mix deps.get --only test
|
|
- name: Setup Database
|
|
run: |
|
|
mix ecto.create
|
|
mix ecto.migrate
|
|
- name: Run Tests and Upload Coverage Report
|
|
run: |
|
|
# Sometimes coveralls goes down for maintenance, so just run tests if
|
|
# coveralls fails
|
|
mix coveralls.github --umbrella || mix test
|
|
|
|
build-package-test:
|
|
# Doesn't really need, but don't run this stage when iterating over docs
|
|
needs: lint-docs
|
|
env:
|
|
TELEMETRY_ENABLED: "false"
|
|
runs-on: ${{ matrix.platform }}
|
|
strategy:
|
|
# Failing fast breaks the Omnibus build cache because the job is
|
|
# interrupted abruptly, leaving behind index.lock files.
|
|
fail-fast: false
|
|
matrix:
|
|
platform:
|
|
# ARM-based
|
|
- amazonlinux2-arm64
|
|
- centos8-arm64
|
|
- centos9-arm64
|
|
- debian10-arm64
|
|
- debian11-arm64
|
|
- fedora33-arm64
|
|
- fedora34-arm64
|
|
- fedora35-arm64
|
|
- ubuntu1804-arm64
|
|
- ubuntu2004-arm64
|
|
|
|
# x64-based
|
|
- amazonlinux2-x64
|
|
- centos7-x64
|
|
- centos8-x64
|
|
- centos9-x64
|
|
- debian10-x64
|
|
- debian11-x64
|
|
- fedora33-x64
|
|
- fedora34-x64
|
|
- fedora35-x64
|
|
- ubuntu1804-x64
|
|
- ubuntu2004-x64
|
|
- opensuse15-x64
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Build
|
|
env:
|
|
GIT_SHA: ${{ github.sha }}
|
|
run: |
|
|
. $HOME/.asdf/asdf.sh
|
|
# CentOS 7 has path issues when this runs and doesn't have the
|
|
# devtools loaded
|
|
if test -f /opt/rh/devtoolset-9/enable; then
|
|
. /opt/rh/devtoolset-9/enable
|
|
fi
|
|
gem install bundler
|
|
cd omnibus
|
|
bundle install --binstubs
|
|
sudo mkdir -p /opt/firezone
|
|
sudo chown -R $USER /opt/firezone
|
|
bin/omnibus build firezone
|
|
- name: Functional Test
|
|
run: |
|
|
.ci/functional_test.sh
|
|
- uses: actions/upload-artifact@v2
|
|
with:
|
|
name: firezone-${{ matrix.platform }}
|
|
path: |
|
|
omnibus/pkg/firezone*.deb
|
|
omnibus/pkg/firezone*.rpm
|
|
- name: Cleanup
|
|
if: always()
|
|
run: |
|
|
sudo scripts/uninstall.sh
|
|
rm -rf omnibus/pkg/*
|
|
|
|
publish:
|
|
needs:
|
|
- static-analysis
|
|
- unit-test
|
|
- lint-docs
|
|
- build-package-test
|
|
runs-on: ubuntu-20.04
|
|
strategy:
|
|
matrix:
|
|
platform:
|
|
# ARM-based
|
|
- amazonlinux2-arm64
|
|
- centos8-arm64
|
|
- centos9-arm64
|
|
- debian10-arm64
|
|
- debian11-arm64
|
|
- fedora33-arm64
|
|
- fedora34-arm64
|
|
- fedora35-arm64
|
|
- ubuntu1804-arm64
|
|
- ubuntu2004-arm64
|
|
|
|
# x64-based
|
|
- amazonlinux2-x64
|
|
- centos7-x64
|
|
- centos8-x64
|
|
- centos9-x64
|
|
- debian10-x64
|
|
- debian11-x64
|
|
- fedora33-x64
|
|
- fedora34-x64
|
|
- fedora35-x64
|
|
- ubuntu1804-x64
|
|
- ubuntu2004-x64
|
|
- opensuse15-x64
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
steps:
|
|
- uses: actions/download-artifact@v2
|
|
with:
|
|
name: firezone-${{ matrix.platform }}
|
|
path: ./
|
|
- name: Get the version
|
|
id: get_version
|
|
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
|
|
- name: Rename artifact file
|
|
run: |
|
|
mv ./firezone*.rpm firezone_${{ steps.get_version.outputs.VERSION }}-${{ matrix.platform }}.rpm || true
|
|
mv ./firezone*.deb firezone_${{ steps.get_version.outputs.VERSION }}-${{ matrix.platform }}.deb || true
|
|
- name: Release
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
files: |
|
|
./firezone*.rpm
|
|
./firezone*.deb
|
|
|
|
publish-docs:
|
|
needs: publish
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
runs-on: macos-11
|
|
steps:
|
|
- name: Get the version
|
|
id: get_version
|
|
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
- uses: ruby/setup-ruby@v1
|
|
with:
|
|
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
|
- name: Write tags manifest
|
|
run: |
|
|
echo ${{ steps.get_version.outputs.VERSION }} > docs/assets/versions.txt
|
|
tags=`git ls-tree --name-only origin/gh-pages | egrep "^((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)$"`
|
|
echo $tags | tr " " "\n" | sort -Vr >> docs/assets/versions.txt
|
|
- name: Build jekyll site
|
|
run: |
|
|
cd docs/
|
|
gem install bundler
|
|
bundle install
|
|
|
|
# Generate top-level docs
|
|
bundle exec jekyll build \
|
|
--destination _latest
|
|
|
|
# Generate versioned docs
|
|
bundle exec jekyll build \
|
|
--baseurl ${{ steps.get_version.outputs.VERSION }} \
|
|
--destination ${{ steps.get_version.outputs.VERSION }}
|
|
- name: Publish Latest Docs
|
|
uses: JamesIves/github-pages-deploy-action@v4.2.2
|
|
with:
|
|
branch: gh-pages
|
|
folder: docs/_latest
|
|
target-folder: .
|
|
clean: true
|
|
clean-exclude: |
|
|
*.*.*/
|
|
- name: Publish Versioned Docs
|
|
uses: JamesIves/github-pages-deploy-action@v4.2.2
|
|
with:
|
|
branch: gh-pages
|
|
folder: docs/${{ steps.get_version.outputs.VERSION }}
|
|
target-folder: ${{ steps.get_version.outputs.VERSION }}
|
|
clean: true
|