ci: adds github action and workflows for automated release

kloudlite · Aug 23, 2024 · d3fe4cf · d3fe4cf
1 parent 04b7dfb
commit d3fe4cf
Show file tree

Hide file tree

Showing 4 changed files with 257 additions and 4 deletions.
diff --git a/.github/actions/release/action.yml b/.github/actions/release/action.yml
@@ -0,0 +1,123 @@
+name: 'builds container images'
+description: 'builds container images for backup scripts'
+
+inputs:
+  github_token:
+    description: 'GitHub Token'
+    required: true
+
+  image_name:
+    description: 'image name'
+    default: ''
+
+  image_tag:
+    description: 'image tag, if empty, will be generated from branch or tag'
+    default: ''
+
+  cachix_enabled:
+    description: "cachix enabled"
+    default: "false"
+
+  cachix_cache_name:
+    description: "cachix cache name"
+    default: "kloudlite"
+
+  cachix_auth_token:
+    description: "cachix auth token"
+
+  docker_enabled:
+    description: "dokcer enabled"
+    default: "false"
+
+  git_directory:
+    description: 'git directory'
+    default: "."
+
+  # Backup Scripts docker builds
+  etcd:
+    description: 'builds etcd backup script image'
+    default: false
+
+  mongodb:
+    description: 'builds mongodb backup script image'
+    default: false
+
+  nats:
+    description: 'builds nats backup script image'
+    default: false
+
+runs:
+  using: 'composite'
+  steps:
+    - name: setup ENV Variables
+      shell: bash
+      id: env-vars
+      working-directory: ${{ inputs.git_directory }}
+      run: |+
+        echo "PUSH_IMAGE=false" >> $GITHUB_ENV
+        echo "IMAGE_NAME=${{inputs.image_name}}" >> $GITHUB_ENV
+
+    - name: setup nix (with cachix)
+      if: ${{ inputs.cachix_enabled == 'true' }}
+      # uses: nxtcoder17/actions/setup-nix-cachix@main
+      uses: nxtcoder17/actions/.github/actions/setup-nix-cachix@main
+      with:
+        flake_lock: ${{ inputs.git_directory }}/flake.lock
+        nix_develop_arguments: "${{ inputs.git_directory }}#default"
+
+        cachix_cache_name: ${{ inputs.cachix_cache_name }}
+        cachix_auth_token: ${{ inputs.cachix_auth_token }}
+
+    - name: setup nix cache (with github cache)
+      if: ${{ inputs.cachix_enabled == 'false' }}
+      # uses: nxtcoder17/actions/setup-nix-github@main
+      uses: nxtcoder17/actions/.github/actions/setup-nix-github@main
+      with:
+        flake_lock: ${{ inputs.git_directory }}/flake.lock
+        nix_develop_arguments: "${{ inputs.git_directory }}#default"
+
+    - name: setup docker
+      if: ${{ inputs.docker_enabled == 'true' }}
+      # uses: nxtcoder17/actions/setup-docker@main
+      uses: nxtcoder17/actions/.github/actions/setup-docker@main
+      with:
+        docker_username: ${{ github.actor }}
+        docker_password: ${{ inputs.github_token }}
+
+    - name: check if image needs to be pushed
+      if: github.event_name != 'pull_request'
+      shell: bash
+      run: |+
+        echo "PUSH_IMAGE=true" >> $GITHUB_ENV
+
+    - name: Create Image Tag
+      if: ${{ inputs.image_tag != '' }}
+      shell: bash
+      run: |+
+        echo "IMAGE_TAG=${{ inputs.image_tag }}" >> $GITHUB_ENV
+
+    - name: Create Image Tag from branch name / tags
+      if: ${{ inputs.image_tag == '' }}
+      # uses: nxtcoder17/actions/generate-image-tag@main
+      uses: nxtcoder17/actions/.github/actions/generate-image-tag@main
+
+    - name: etcd backup script
+      if: ${{ inputs.etcd == 'true' }}
+      working-directory: ${{ inputs.git_directory }}/k3s-etcd
+      shell: bash
+      run: |
+        task k3s-etcd image=$IMAGE_NAME:{{.IMAGE_TAG}}
+
+    - name: mongodb backup script
+      if: ${{ inputs.mongodb == 'true' }}
+      working-directory: ${{ inputs.git_directory }}/mongodb
+      shell: bash
+      run: |
+        task mongodb-backup image=$IMAGE_NAME:$IMAGE_TAG
+
+    - name: nats backup script
+      if: ${{ inputs.nats == 'true' }}
+      working-directory: ${{ inputs.git_directory }}/nats
+      shell: bash
+      run: |
+        task nats-backup image=$IMAGE_NAME:$IMAGE_TAG
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,129 @@
+name: release
+
+on:
+  workflow_dispatch:
+    inputs:
+      image_tag: 
+        type: string
+        description: "image_tag"
+        required: true
+        default: ""
+
+
+  repository_dispatch:
+    types:
+      - webhook
+
+  push:
+    branches:
+      - release-*
+
+    paths:
+      - ".github/*"
+      - "k3s-etcd/*"
+      - "monogdb/*"
+      - "nats/*"
+      - "flake.*"
+      - "Taskfile.yml"
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build-images:
+    strategy:
+      fail-fast: false
+      matrix:
+        image: [etcd, mongodb, nats]
+        arch: [amd64, arm64]
+        include:
+          - arch: amd64
+            runs-on: ubuntu-latest
+            # runs-on: blacksmith-2vcpu-ubuntu-2204
+
+          - arch: arm64
+            # runs-on: warp-ubuntu-2404-arm64-4x
+            runs-on: blacksmith-2vcpu-ubuntu-2204-arm
+
+    runs-on: ${{ matrix.runs-on }}
+    name: ${{ matrix.image }}-${{ matrix.arch }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Create Image Tag
+        if: ${{ inputs.image_tag != '' }}
+        shell: bash
+        run: |+
+          echo "IMAGE_TAG=${{ inputs.image_tag }}" >> $GITHUB_ENV
+
+      - name: Create Image Tag from branch name / tags
+        if: ${{ inputs.image_tag == '' }}
+        # uses: nxtcoder17/actions/generate-image-tag@main
+        uses: nxtcoder17/actions/.github/actions/generate-image-tag@main
+
+      - name: build container images
+        uses: ./.github/actions/release/
+        with:
+          image_name: ghcr.io/${{ github.repository }}/${{ matrix.image }}
+          # image_tag: ${{ inputs.image_tag }}
+          image_tag: ${{ env.IMAGE_TAG }}-${{ matrix.arch }}
+
+          cachix_enabled: true
+          cachix_auth_token: ${{ secrets.CACHIX_AUTH_TOKEN }}
+
+          docker_enabled: true
+
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          git_directory: "."
+
+          etcd: ${{ matrix.image == 'etcd' }}
+          mongodb: ${{ matrix.image == 'mongodb' }}
+          nats: ${{ matrix.image == 'nats' }}
+
+
+  multiarch-images:
+    strategy:
+      fail-fast: false
+      matrix:
+        image: [etcd, mongodb, nats]
+
+    needs: build-images
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    env:
+      image_name: ghcr.io/${{ github.repository }}/${{ matrix.image }}
+
+    steps:
+      - name: setup docker
+        uses: nxtcoder17/actions/.github/actions/setup-docker@main
+        with:
+          docker_username: ${{ github.actor }}
+          docker_password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create Image Tag
+        if: ${{ inputs.image_tag != '' }}
+        shell: bash
+        run: |+
+          echo "IMAGE_TAG=${{ inputs.image_tag }}" >> $GITHUB_ENV
+
+      - name: Create Image Tag from branch name / tags
+        if: ${{ inputs.image_tag == '' }}
+        # uses: nxtcoder17/actions/generate-image-tag@main
+        uses: nxtcoder17/actions/.github/actions/generate-image-tag@main
+
+      - name: multiarch manifest build
+        shell: bash
+        run: |
+          docker manifest create ${image_name}:${IMAGE_TAG} ${image_name}:${IMAGE_TAG}-amd64 ${image_name}:${IMAGE_TAG}-arm64
+
+          docker manifest annotate ${image_name}:${IMAGE_TAG} ${image_name}:${IMAGE_TAG}-amd64 --os linux --arch amd64
+          docker manifest annotate ${image_name}:${IMAGE_TAG} ${image_name}:${IMAGE_TAG}-arm64 --os linux --arch arm64
+
+          docker manifest push ${image_name}:${IMAGE_TAG}
+
diff --git a/Taskfile.yml b/Taskfile.yml
@@ -23,7 +23,7 @@ tasks:
       - |+
         sudo rm -rf ./.result ./.result.d ./.nix-closure
 
-        # nix build .#k3s-etcd -o .result
+        nix build .#k3s-etcd -o .result
 
         mkdir -p .nix-closure
         sudo cp -r $(nix-store -qR .result) .nix-closure
@@ -32,7 +32,7 @@ tasks:
         [ -d .result/bin ] && cp -r .result/bin .result.d/
         [ -d .result/lib ] && cp -r .result/lib .result.d/
 
-        docker buildx build --output=type=image,compression=zstd,force-compression=true,compression-level=12,push=true -t {{.image}} .
+        docker build --output=type=image,compression=zstd,force-compression=true,compression-level=12,push=true -t {{.image}} .
 
   mongodb-backup:
     dir: ./mongodb
@@ -53,7 +53,7 @@ tasks:
         [ -d .result/bin ] && cp -R .result/bin .result.d/
         [ -d .result/lib ] && cp -R .result/lib .result.d/
 
-        docker buildx build --output=type=image,compression=zstd,force-compression=true,compression-level=12,push=true -t {{.image}} .
+        docker build --output=type=image,compression=zstd,force-compression=true,compression-level=12,push=true -t {{.image}} .
 
   nats-backup:
     dir: ./nats
@@ -73,4 +73,4 @@ tasks:
         [ -d .result/bin ] && cp -R .result/bin .result.d/
         [ -d .result/lib ] && cp -R .result/lib .result.d/
 
-        docker buildx build --output=type=image,compression=zstd,force-compression=true,compression-level=12,push=true -t {{.image}} .
+        docker build --output=type=image,compression=zstd,force-compression=true,compression-level=12,push=true -t {{.image}} .
diff --git a/flake.nix b/flake.nix
@@ -45,6 +45,7 @@
           # hardeningDisable = [ "all" ];
 
           buildInputs = k3s_etcd_inputs ++ (with pkgs; [
+            go-task
             pre-commit
             (python312.withPackages (ps: with ps; [
               ggshield