Merge pull request #576 from openziti/release-docker-workflow

docker release workflow
openziti · Jan 4, 2023 · eb93c95 · eb93c95
2 parents fb94f82 + d96e245
commit eb93c95
Show file tree

Hide file tree

Showing 7 changed files with 125 additions and 15 deletions.
diff --git a/.github/workflows/mattermost-ziti-webhook.yml b/.github/workflows/mattermost-ziti-webhook.yml
@@ -16,17 +16,19 @@ jobs:
   ziti-webhook:
     runs-on: ubuntu-latest
     name: Ziti Mattermost Action - Py
+    env:
+      ZHOOK_URL: ${{ secrets.ZHOOK_URL }}
     steps:
     - uses: openziti/ziti-mattermost-action-py@main
-      if: github.event_name != 'pull_request_review'
+      if: env.ZHOOK_URL && github.event_name != 'pull_request_review'
       with:
         zitiId: ${{ secrets.ZITI_MATTERMOST_IDENTITY }}
         webhookUrl: ${{ secrets.ZHOOK_URL }}
         eventJson: ${{ toJson(github.event) }}
         senderUsername: "GitHubZ"
         destChannel: "dev-notifications"
     - uses: openziti/ziti-mattermost-action-py@main
-      if: github.event_name == 'pull_request_review' && github.event.review.state == 'approved'
+      if: env.ZHOOK_URL && github.event_name == 'pull_request_review' && github.event.review.state == 'approved'
       with:
         zitiId: ${{ secrets.ZITI_MATTERMOST_IDENTITY }}
         webhookUrl: ${{ secrets.ZHOOK_URL }}

diff --git a/.github/workflows/publish-containers.yml b/.github/workflows/publish-containers.yml
@@ -0,0 +1,85 @@
+name: CI build
+
+on:
+  workflow_call:
+    inputs:
+      ziti-version:
+        description: 'Ziti Tunneler Release Version'
+        type: string
+        required: true
+  workflow_dispatch:
+    inputs:
+      ziti-version:
+        description: 'Ziti Tunneler Release Version'
+        type: string
+        required: true
+
+jobs:
+  publish-containers:
+    runs-on: ubuntu-latest
+    env:
+      ZITI_VERSION: ${{ inputs.ziti-version || github.event.inputs.ziti-version }}
+    steps:
+      - name: Checkout Workspace
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: amd64,arm64,arm
+
+      - name: Set up Docker BuildKit
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_API_USER }}
+          password: ${{ secrets.DOCKER_HUB_API_TOKEN }}
+
+      - name: Set up Docker image tags for "run" container
+        env:
+          RELEASE_REPO: openziti/ziti-edge-tunnel
+        id: tagprep_run
+        run: |
+          DOCKER_TAGS=""
+          DOCKER_TAGS="${RELEASE_REPO}:${ZITI_VERSION},${RELEASE_REPO}:latest"
+          echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
+          echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT
+
+      - name: Build & Push Multi-Platform Container Image to Hub
+        uses: docker/build-push-action@v3
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ${{ github.workspace }}/docker
+          file: ${{ github.workspace }}/docker/Dockerfile
+          platforms: linux/amd64,linux/arm/v7,linux/arm64
+          tags: ${{ steps.tagprep_run.outputs.DOCKER_TAGS }}
+          build-args: |
+            ZITI_VERSION=${{ env.ZITI_VERSION }}
+            GITHUB_REPO=${{ github.repository }}
+          push: true
+
+      - name: Set up Docker image tags for "run-host" container
+        env:
+          RELEASE_REPO: openziti/ziti-host
+        id: tagprep_run_host
+        run: |
+          DOCKER_TAGS=""
+          DOCKER_TAGS="${RELEASE_REPO}:${ZITI_VERSION},${RELEASE_REPO}:latest"
+          echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
+          echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT
+
+      - name: Build & Push Multi-Platform Container Image to Hub
+        uses: docker/build-push-action@v3
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ${{ github.workspace }}/docker
+          file: ${{ github.workspace }}/docker/Dockerfile.ziti-host
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.tagprep_run_host.outputs.DOCKER_TAGS }}
+          build-args: |
+            ZITI_VERSION=${{ env.ZITI_VERSION }}
+            GITHUB_REPO=${{ github.repository }}
+          push: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,9 +11,11 @@ jobs:
     name: Download Release Artifacts
     runs-on: ubuntu-latest
     needs: [ call-cmake-build ]
+    outputs:
+      ZITI_VERSION: ${{ steps.get_version.outputs.ZITI_VERSION }}
     steps:
       - name: download
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v3
         with:
           path: ${{ runner.workspace }}/downloads/
 
@@ -57,4 +59,27 @@ jobs:
           upload_url: ${{ steps.get_release.outputs.upload_url }}
           asset_path: ${{ runner.workspace }}/downloads/Windows-x86_64/ziti-edge-tunnel-Windows_AMD64.zip
           asset_name: ziti-edge-tunnel-Windows_x86_64.zip
-          asset_content_type: application/octet-stream
+          asset_content_type: application/octet-stream
+
+      - name: Get the Version String from Git Tag
+        id: get_version
+        env:
+          GITHUB_REF: ${{ github.ref }}
+        run: |
+          ZITI_VERSION="${GITHUB_REF#refs/*/v}"
+          if [[ "${ZITI_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "DEBUG: ZITI_VERSION=${ZITI_VERSION}"
+            echo ZITI_VERSION="${ZITI_VERSION}" >> $GITHUB_OUTPUT
+          else
+            # fail the job because we could not obtain a valid version string from the Git ref
+            echo "ERROR: ZITI_VERSION=${ZITI_VERSION} is not a semver"
+            exit 1
+          fi
+
+  call-publish-containers:
+    name: Publish Container Images
+    needs: [ release ]
+    uses: ./.github/workflows/publish-containers.yml
+    secrets: inherit
+    with:
+      ziti-version: ${{ needs.release.outputs.ZITI_VERSION }}
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -4,9 +4,8 @@ FROM debian:buster-slim as fetch-ziti-artifacts
 
 ARG ZITI_VERSION
 
-ARG GITHUB_BASE_URL="https://github.com/openziti"
-# to fetch snapshots from the "feature-0.5" branch, set ZITI_REPO="ziti-snapshot/feature-0.5"
-ARG GITHUB_REPO="ziti-tunnel-sdk-c"
+ARG GITHUB_BASE_URL
+ARG GITHUB_REPO
 
 WORKDIR /tmp
 
@@ -15,7 +14,7 @@ RUN apt-get -q update && apt-get -q install -y --no-install-recommends curl ca-c
 RUN /bin/bash -c "if ! compgen -G '/etc/ssl/certs/*.[0-9]' > /dev/null; then c_rehash /etc/ssl/certs; fi"
 
 COPY fetch-github-releases.sh .
-RUN bash ./fetch-github-releases.sh ziti-edge-tunnel
+RUN bash -x ./fetch-github-releases.sh ziti-edge-tunnel
 
 ################
 #

diff --git a/docker/Dockerfile.copy b/docker/Dockerfile.copy
@@ -1,4 +1,4 @@
-FROM debian:bullseye-slim as fetch-ziti-artifacts
+FROM debian:buster-slim as fetch-ziti-artifacts
 
 # This build stage grabs artifacts that are copied into the final image.
 # It uses the same base as the final image to maximize docker cache hits.
@@ -26,7 +26,7 @@ COPY ${ARTIFACTS_DIR}/ziti-edge-tunnel .
 #
 ################
 
-FROM debian:bullseye-slim
+FROM debian:buster-slim
 
 ARG DOCKER_BUILD_DIR=./docker
 ARG ZITI_TUNNELER_BIN=ziti-edge-tunnel

diff --git a/docker/Dockerfile.ziti-host b/docker/Dockerfile.ziti-host
@@ -5,9 +5,8 @@ FROM registry.access.redhat.com/ubi8/ubi as fetch-ziti-artifacts
 
 ARG ZITI_VERSION
 
-ARG GITHUB_BASE_URL="https://github.com/openziti"
-# to fetch snapshots from the "feature-0.5" branch, set GITHUB_REPO="ziti-snapshot/feature-0.5"
-ARG GITHUB_REPO="ziti-tunnel-sdk-c"
+ARG GITHUB_BASE_URL
+ARG GITHUB_REPO
 
 WORKDIR /tmp
 

diff --git a/docker/fetch-github-releases.sh b/docker/fetch-github-releases.sh
@@ -25,8 +25,8 @@ set -euo pipefail
 
 echo "Fetching from GitHub."
 # defaults
-: "${GITHUB_BASE_URL:=https://github.com/openziti}"
-: "${GITHUB_REPO:="ziti-tunnel-sdk-c"}"
+: "${GITHUB_BASE_URL:=https://github.com}"
+: "${GITHUB_REPO:="openziti/ziti-tunnel-sdk-c"}"
 : "${ZITI_VERSION:="latest"}"
 
 if [[ "$ZITI_VERSION" == "latest" ]];then