Build multi platform images and reorganize Makefiles #739
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Custom Build | |
on: | |
push: | |
branches: | |
- '*' | |
- '!gh-pages' | |
tags: | |
- '*' | |
# We need to set id-token to write. | |
# But we cannot simply write | |
# permissions: | |
# id-token: write | |
# because those unspecified permissions are 'none', instead of taking their default values, as documented in | |
# https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#permissions | |
# So we repeat the defaults here. | |
permissions: | |
# The following are the default values we have to repeat here. | |
actions: "write" | |
attestations: "write" | |
checks: "write" | |
contents: "write" | |
deployments: "write" | |
discussions: "write" | |
issues: "write" | |
packages: "write" | |
pages: "write" | |
pull-requests: "write" | |
repository-projects: "write" | |
security-events: "write" | |
statuses: "write" | |
# The above are the default values we have to repeat here. | |
# We need to set id-token: write so that we can fetch the ID token. | |
# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings | |
# The ID token is used in Workload Identity Federation. | |
id-token: "write" | |
jobs: | |
authgear-image-custom: | |
runs-on: ubuntu-24.04 | |
if: ${{ github.repository == 'authgear/authgear-server' }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install qemu for multi arch build | |
run: docker run --privileged --rm tonistiigi/binfmt --install all | |
- uses: ./.github/actions/docker-buildx-create | |
# https://aran.dev/posts/github-actions-go-private-modules/ | |
- name: Set up SSH key | |
env: | |
SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
AUTHGEAR_PRIVATE_DEPLOY_KEY: ${{ secrets.AUTHGEAR_PRIVATE_DEPLOY_KEY }} | |
run: | | |
mkdir -p ~/.ssh | |
eval $(ssh-agent -a $SSH_AUTH_SOCK) | |
printf "$AUTHGEAR_PRIVATE_DEPLOY_KEY" | base64 --decode | ssh-add - | |
echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> "$GITHUB_ENV" | |
echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> "$GITHUB_ENV" | |
- name: Build and push to HK | |
uses: ./.github/actions/build-custom-image | |
with: | |
target: authgearx | |
image_name: "${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_PREFIX_HK }}/authgear-server" | |
gcp_project_id: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_PROJECT_ID_HK }} | |
gcp_workload_identity_provider: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_WORKLOAD_IDENTITY_PROVIDER_HK }} | |
docker_repo: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_HK }} | |
- name: Build and push to US | |
uses: ./.github/actions/build-custom-image | |
with: | |
target: authgearx | |
image_name: "${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_PREFIX_US }}/authgear-server" | |
gcp_project_id: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_PROJECT_ID_US }} | |
gcp_workload_identity_provider: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_WORKLOAD_IDENTITY_PROVIDER_US }} | |
docker_repo: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_US }} | |
- name: Clean up SSH key | |
if: ${{ always() }} | |
run: | | |
ssh-add -D | |
ssh-agent -k | |
echo "SSH_AUTH_SOCK=" >> "$GITHUB_ENV" | |
echo "SSH_AGENT_PID=" >> "$GITHUB_ENV" | |
portal-image-custom: | |
runs-on: ubuntu-24.04 | |
if: ${{ github.repository == 'authgear/authgear-server' }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install qemu for multi arch build | |
run: docker run --privileged --rm tonistiigi/binfmt --install all | |
- uses: ./.github/actions/docker-buildx-create | |
# https://aran.dev/posts/github-actions-go-private-modules/ | |
- name: Set up SSH key | |
env: | |
SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
AUTHGEAR_PRIVATE_DEPLOY_KEY: ${{ secrets.AUTHGEAR_PRIVATE_DEPLOY_KEY }} | |
run: | | |
mkdir -p ~/.ssh | |
eval $(ssh-agent -a $SSH_AUTH_SOCK) | |
printf "$AUTHGEAR_PRIVATE_DEPLOY_KEY" | base64 --decode | ssh-add - | |
echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> "$GITHUB_ENV" | |
echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> "$GITHUB_ENV" | |
- name: Build and push to HK | |
uses: ./.github/actions/build-custom-image | |
with: | |
target: portalx | |
image_name: "${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_PREFIX_HK }}/authgear-portal" | |
gcp_project_id: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_PROJECT_ID_HK }} | |
gcp_workload_identity_provider: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_WORKLOAD_IDENTITY_PROVIDER_HK }} | |
docker_repo: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_HK }} | |
- name: Build and push to US | |
uses: ./.github/actions/build-custom-image | |
with: | |
target: portalx | |
image_name: "${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_PREFIX_US }}/authgear-portal" | |
gcp_project_id: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_PROJECT_ID_US }} | |
gcp_workload_identity_provider: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_WORKLOAD_IDENTITY_PROVIDER_US }} | |
docker_repo: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_US }} | |
- name: Clean up SSH key | |
if: ${{ always() }} | |
run: | | |
ssh-add -D | |
ssh-agent -k | |
echo "SSH_AUTH_SOCK=" >> "$GITHUB_ENV" | |
echo "SSH_AGENT_PID=" >> "$GITHUB_ENV" |