lee/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-12-16 21:17:44 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Compare commits

merge into: lee:main
Branches Tags
lee:main lee:dev lee:crowdin_dev lee:dependabot/npm_and_yarn/prod-minor-updates-8f1c4290b4 lee:dependabot/github_actions/actions/upload-artifact-6.0.0 lee:dependabot/github_actions/aws-actions/configure-aws-credentials-5 lee:dependabot/npm_and_yarn/prod-patch-updates-ad140213d9 lee:dependabot/npm_and_yarn/dev-patch-updates-e3f16606f0 lee:cicd lee:dependabot/npm_and_yarn/recharts-3.5.1 lee:copilot/fix-crowdsec-setup-token lee:clients-user lee:1.12.3 lee:dev-ms lee:policies lee:patch lee:site-targets-auto-login
lee:1.13.1 lee:1.13.1-s.0 lee:1.13.0 lee:1.13.0.s.0 lee:1.13.0-rc.0 lee:1.12.2-s.5 lee:1.12.3 lee:1.12.2-s.4 lee:1.12.2-s.3 lee:1.12.2-s.2 lee:1.12.2-s.1 lee:1.12.2 lee:1.12.2-s.0 lee:1.12.1 lee:1.12.0 lee:1.12.0-s.0 lee:1.12.0-rc.0 lee:1.11.1 lee:1.11.1-s.0 lee:1.11.0-s.5 lee:1.11.0 lee:1.11.0-s.4 lee:1.11.0-s.3 lee:1.11.0-s.2 lee:1.11.0-s.1 lee:1.11.0-s.0 lee:1.10.3 lee:1.10.2 lee:1.10.1 lee:1.10.0 lee:1.9.4 lee:1.9.3 lee:1.9.2 lee:1.9.1 lee:1.9.0 lee:1.8.0 lee:1.7.3 lee:1.7.2 lee:1.7.1 lee:1.7.0 lee:1.6.2 lee:1.6.1 lee:1.6.0 lee:1.5.1 lee:1.5.0 lee:1.4.0 lee:1.3.2 lee:1.3.1 lee:1.3.0 lee:1.2.0 lee:1.1.0 lee:1.0.1 lee:1.0.0 lee:1.0.0-beta.15 lee:1.0.0-beta.14 lee:1.0.0-beta.13 lee:1.0.0-beta.12 lee:1.0.0-beta.11 lee:1.0.0-beta.10 lee:1.0.0-beta.9 lee:1.0.0-beta.8 lee:1.0.0-beta.7 lee:1.0.0-beta.6 lee:1.0.0-beta.5 lee:1.0.0-beta.4 lee:1.0.0-beta.3 lee:1.0.0-beta.2 lee:1.0.0-beta.1
...
pull from: lee:cicd
Branches Tags
lee:dev lee:crowdin_dev lee:main lee:dependabot/npm_and_yarn/prod-minor-updates-8f1c4290b4 lee:dependabot/github_actions/actions/upload-artifact-6.0.0 lee:dependabot/github_actions/aws-actions/configure-aws-credentials-5 lee:dependabot/npm_and_yarn/prod-patch-updates-ad140213d9 lee:dependabot/npm_and_yarn/dev-patch-updates-e3f16606f0 lee:cicd lee:dependabot/npm_and_yarn/recharts-3.5.1 lee:copilot/fix-crowdsec-setup-token lee:clients-user lee:1.12.3 lee:dev-ms lee:policies lee:patch lee:site-targets-auto-login
lee:1.13.1 lee:1.13.1-s.0 lee:1.13.0 lee:1.13.0.s.0 lee:1.13.0-rc.0 lee:1.12.2-s.5 lee:1.12.3 lee:1.12.2-s.4 lee:1.12.2-s.3 lee:1.12.2-s.2 lee:1.12.2-s.1 lee:1.12.2 lee:1.12.2-s.0 lee:1.12.1 lee:1.12.0 lee:1.12.0-s.0 lee:1.12.0-rc.0 lee:1.11.1 lee:1.11.1-s.0 lee:1.11.0-s.5 lee:1.11.0 lee:1.11.0-s.4 lee:1.11.0-s.3 lee:1.11.0-s.2 lee:1.11.0-s.1 lee:1.11.0-s.0 lee:1.10.3 lee:1.10.2 lee:1.10.1 lee:1.10.0 lee:1.9.4 lee:1.9.3 lee:1.9.2 lee:1.9.1 lee:1.9.0 lee:1.8.0 lee:1.7.3 lee:1.7.2 lee:1.7.1 lee:1.7.0 lee:1.6.2 lee:1.6.1 lee:1.6.0 lee:1.5.1 lee:1.5.0 lee:1.4.0 lee:1.3.2 lee:1.3.1 lee:1.3.0 lee:1.2.0 lee:1.1.0 lee:1.0.1 lee:1.0.0 lee:1.0.0-beta.15 lee:1.0.0-beta.14 lee:1.0.0-beta.13 lee:1.0.0-beta.12 lee:1.0.0-beta.11 lee:1.0.0-beta.10 lee:1.0.0-beta.9 lee:1.0.0-beta.8 lee:1.0.0-beta.7 lee:1.0.0-beta.6 lee:1.0.0-beta.5 lee:1.0.0-beta.4 lee:1.0.0-beta.3 lee:1.0.0-beta.2 lee:1.0.0-beta.1

2 Commits
main ... cicd

Author SHA1 Message Date
miloschwartz
9cb95576d0 Merge branch 'dev' into cicd 2025-12-12 23:08:06 -05:00
miloschwartz
b3ec9dfda2 split builds based on arch 2025-12-12 15:56:42 -05:00
2 changed files with 260 additions and 18 deletions
Expand all files Collapse all files

184
.github/workflows/cicd.yml vendored
View File

@@ -24,9 +24,35 @@ concurrency:
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
release: pre-run:
name: Build and Release runs-on: ubuntu-latest
runs-on: [self-hosted, linux, x64] permissions: write-all
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }}
role-duration-seconds: 3600
aws-region: ${{ secrets.AWS_REGION }}
- name: Verify AWS identity
run: aws sts get-caller-identity
- name: Start EC2 instances
run: |
aws ec2 start-instances --instance-ids ${{ secrets.EC2_INSTANCE_ID_ARM_RUNNER }}
aws ec2 start-instances --instance-ids ${{ secrets.EC2_INSTANCE_ID_AMD_RUNNER }}
echo "EC2 instances started"
release-arm:
name: Build and Release (ARM64)
runs-on: [self-hosted, linux, arm64, us-east-1]
needs: [pre-run]
if: >-
${{
needs.pre-run.result == 'success'
}}
# Job-level timeout to avoid runaway or stuck runs # Job-level timeout to avoid runaway or stuck runs
timeout-minutes: 120 timeout-minutes: 120
env: env:
@@ -38,11 +64,17 @@ jobs:
- name: Checkout code - name: Checkout code
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Set up QEMU - name: Monitor storage space
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 run: |
THRESHOLD=75
- name: Set up Docker Buildx USED_SPACE=$(df / | grep / | awk '{ print $5 }' | sed 's/%//g')
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 echo "Used space: $USED_SPACE%"
if [ "$USED_SPACE" -ge "$THRESHOLD" ]; then
echo "Used space is below the threshold of 75% free. Running Docker system prune."
echo y | docker system prune -a
else
echo "Storage space is above the threshold. No action needed."
fi
- name: Log in to Docker Hub - name: Log in to Docker Hub
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
@@ -50,6 +82,103 @@ jobs:
registry: docker.io registry: docker.io
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Extract tag name
id: get-tag
run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
shell: bash
- name: Update version in package.json
run: |
TAG=${{ env.TAG }}
sed -i "s/export const APP_VERSION = \".*\";/export const APP_VERSION = \"$TAG\";/" server/lib/consts.ts
cat server/lib/consts.ts
shell: bash
- name: Build and push Docker images (Docker Hub - ARM64)
run: |
TAG=${{ env.TAG }}
make build-release-arm tag=$TAG
echo "Built & pushed ARM64 images to: ${{ env.DOCKERHUB_IMAGE }}:${TAG}"
shell: bash
release-amd:
name: Build and Release (AMD64)
runs-on: [self-hosted, linux, x64, us-east-1]
needs: [pre-run]
if: >-
${{
needs.pre-run.result == 'success'
}}
# Job-level timeout to avoid runaway or stuck runs
timeout-minutes: 120
env:
# Target images
DOCKERHUB_IMAGE: docker.io/fosrl/${{ github.event.repository.name }}
GHCR_IMAGE: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
steps:
- name: Checkout code
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Monitor storage space
run: |
THRESHOLD=75
USED_SPACE=$(df / | grep / | awk '{ print $5 }' | sed 's/%//g')
echo "Used space: $USED_SPACE%"
if [ "$USED_SPACE" -ge "$THRESHOLD" ]; then
echo "Used space is below the threshold of 75% free. Running Docker system prune."
echo y | docker system prune -a
else
echo "Storage space is above the threshold. No action needed."
fi
- name: Log in to Docker Hub
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
registry: docker.io
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Extract tag name
id: get-tag
run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
shell: bash
- name: Update version in package.json
run: |
TAG=${{ env.TAG }}
sed -i "s/export const APP_VERSION = \".*\";/export const APP_VERSION = \"$TAG\";/" server/lib/consts.ts
cat server/lib/consts.ts
shell: bash
- name: Build and push Docker images (Docker Hub - AMD64)
run: |
TAG=${{ env.TAG }}
make build-release-amd tag=$TAG
echo "Built & pushed AMD64 images to: ${{ env.DOCKERHUB_IMAGE }}:${TAG}"
shell: bash
sign-and-package:
name: Sign and Package
runs-on: [self-hosted, linux, x64, us-east-1]
needs: [release-arm, release-amd]
if: >-
${{
needs.release-arm.result == 'success' &&
needs.release-amd.result == 'success'
}}
# Job-level timeout to avoid runaway or stuck runs
timeout-minutes: 120
env:
# Target images
DOCKERHUB_IMAGE: docker.io/fosrl/${{ github.event.repository.name }}
GHCR_IMAGE: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
steps:
- name: Checkout code
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Extract tag name - name: Extract tag name
id: get-tag id: get-tag
run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
@@ -104,13 +233,6 @@ jobs:
name: install-bin name: install-bin
path: install/bin/ path: install/bin/
- name: Build and push Docker images (Docker Hub)
run: |
TAG=${{ env.TAG }}
make build-release tag=$TAG
echo "Built & pushed to: ${{ env.DOCKERHUB_IMAGE }}:${TAG}"
shell: bash
- name: Install skopeo + jq - name: Install skopeo + jq
# skopeo: copy/inspect images between registries # skopeo: copy/inspect images between registries
# jq: JSON parsing tool used to extract digest values # jq: JSON parsing tool used to extract digest values
@@ -127,9 +249,12 @@ jobs:
- name: Copy tag from Docker Hub to GHCR - name: Copy tag from Docker Hub to GHCR
# Mirror the already-built image (all architectures) to GHCR so we can sign it # Mirror the already-built image (all architectures) to GHCR so we can sign it
# Wait a bit for both architectures to be available in Docker Hub manifest
run: | run: |
set -euo pipefail set -euo pipefail
TAG=${{ env.TAG }} TAG=${{ env.TAG }}
echo "Waiting for multi-arch manifest to be ready..."
sleep 30
echo "Copying ${{ env.DOCKERHUB_IMAGE }}:${TAG} -> ${{ env.GHCR_IMAGE }}:${TAG}" echo "Copying ${{ env.DOCKERHUB_IMAGE }}:${TAG} -> ${{ env.GHCR_IMAGE }}:${TAG}"
skopeo copy --all --retry-times 3 \ skopeo copy --all --retry-times 3 \
docker://$DOCKERHUB_IMAGE:$TAG \ docker://$DOCKERHUB_IMAGE:$TAG \
@@ -185,3 +310,32 @@ jobs:
"${REF}" -o text "${REF}" -o text
done done
shell: bash shell: bash
post-run:
needs: [pre-run, release-arm, release-amd, sign-and-package]
if: >-
${{
always() &&
needs.pre-run.result == 'success' &&
(needs.release-arm.result == 'success' || needs.release-arm.result == 'skipped' || needs.release-arm.result == 'failure') &&
(needs.release-amd.result == 'success' || needs.release-amd.result == 'skipped' || needs.release-amd.result == 'failure') &&
(needs.sign-and-package.result == 'success' || needs.sign-and-package.result == 'skipped' || needs.sign-and-package.result == 'failure')
}}
runs-on: ubuntu-latest
permissions: write-all
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }}
role-duration-seconds: 3600
aws-region: ${{ secrets.AWS_REGION }}
- name: Verify AWS identity
run: aws sts get-caller-identity
- name: Stop EC2 instances
run: |
aws ec2 stop-instances --instance-ids ${{ secrets.EC2_INSTANCE_ID_ARM_RUNNER }}
aws ec2 stop-instances --instance-ids ${{ secrets.EC2_INSTANCE_ID_AMD_RUNNER }}
echo "EC2 instances stopped"

90
Makefile
View File

@@ -1,4 +1,4 @@
.PHONY: build build-pg build-release build-arm build-x86 test clean .PHONY: build build-pg build-release build-release-arm build-release-amd build-arm build-x86 test clean
major_tag := $(shell echo $(tag) | cut -d. -f1) major_tag := $(shell echo $(tag) | cut -d. -f1)
minor_tag := $(shell echo $(tag) | cut -d. -f1,2) minor_tag := $(shell echo $(tag) | cut -d. -f1,2)
@@ -44,6 +44,94 @@ build-release:
--tag fosrl/pangolin:ee-postgresql-$(tag) \ --tag fosrl/pangolin:ee-postgresql-$(tag) \
--push . --push .
build-release-arm:
@if [ -z "$(tag)" ]; then \
echo "Error: tag is required. Usage: make build-release-arm tag=<tag>"; \
exit 1; \
fi
@MAJOR_TAG=$$(echo $(tag) | cut -d. -f1); \
MINOR_TAG=$$(echo $(tag) | cut -d. -f1,2); \
docker buildx build \
--build-arg BUILD=oss \
--build-arg DATABASE=sqlite \
--platform linux/arm64 \
--tag fosrl/pangolin:latest \
--tag fosrl/pangolin:$$MAJOR_TAG \
--tag fosrl/pangolin:$$MINOR_TAG \
--tag fosrl/pangolin:$(tag) \
--push . && \
docker buildx build \
--build-arg BUILD=oss \
--build-arg DATABASE=pg \
--platform linux/arm64 \
--tag fosrl/pangolin:postgresql-latest \
--tag fosrl/pangolin:postgresql-$$MAJOR_TAG \
--tag fosrl/pangolin:postgresql-$$MINOR_TAG \
--tag fosrl/pangolin:postgresql-$(tag) \
--push . && \
docker buildx build \
--build-arg BUILD=enterprise \
--build-arg DATABASE=sqlite \
--platform linux/arm64 \
--tag fosrl/pangolin:ee-latest \
--tag fosrl/pangolin:ee-$$MAJOR_TAG \
--tag fosrl/pangolin:ee-$$MINOR_TAG \
--tag fosrl/pangolin:ee-$(tag) \
--push . && \
docker buildx build \
--build-arg BUILD=enterprise \
--build-arg DATABASE=pg \
--platform linux/arm64 \
--tag fosrl/pangolin:ee-postgresql-latest \
--tag fosrl/pangolin:ee-postgresql-$$MAJOR_TAG \
--tag fosrl/pangolin:ee-postgresql-$$MINOR_TAG \
--tag fosrl/pangolin:ee-postgresql-$(tag) \
--push .
build-release-amd:
@if [ -z "$(tag)" ]; then \
echo "Error: tag is required. Usage: make build-release-amd tag=<tag>"; \
exit 1; \
fi
@MAJOR_TAG=$$(echo $(tag) | cut -d. -f1); \
MINOR_TAG=$$(echo $(tag) | cut -d. -f1,2); \
docker buildx build \
--build-arg BUILD=oss \
--build-arg DATABASE=sqlite \
--platform linux/amd64 \
--tag fosrl/pangolin:latest \
--tag fosrl/pangolin:$$MAJOR_TAG \
--tag fosrl/pangolin:$$MINOR_TAG \
--tag fosrl/pangolin:$(tag) \
--push . && \
docker buildx build \
--build-arg BUILD=oss \
--build-arg DATABASE=pg \
--platform linux/amd64 \
--tag fosrl/pangolin:postgresql-latest \
--tag fosrl/pangolin:postgresql-$$MAJOR_TAG \
--tag fosrl/pangolin:postgresql-$$MINOR_TAG \
--tag fosrl/pangolin:postgresql-$(tag) \
--push . && \
docker buildx build \
--build-arg BUILD=enterprise \
--build-arg DATABASE=sqlite \
--platform linux/amd64 \
--tag fosrl/pangolin:ee-latest \
--tag fosrl/pangolin:ee-$$MAJOR_TAG \
--tag fosrl/pangolin:ee-$$MINOR_TAG \
--tag fosrl/pangolin:ee-$(tag) \
--push . && \
docker buildx build \
--build-arg BUILD=enterprise \
--build-arg DATABASE=pg \
--platform linux/amd64 \
--tag fosrl/pangolin:ee-postgresql-latest \
--tag fosrl/pangolin:ee-postgresql-$$MAJOR_TAG \
--tag fosrl/pangolin:ee-postgresql-$$MINOR_TAG \
--tag fosrl/pangolin:ee-postgresql-$(tag) \
--push .
build-rc: build-rc:
@if [ -z "$(tag)" ]; then \ @if [ -z "$(tag)" ]; then \
echo "Error: tag is required. Usage: make build-release tag=<tag>"; \ echo "Error: tag is required. Usage: make build-release tag=<tag>"; \