diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index aa929b8..e5caafc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,39 +9,30 @@ on: jobs: build: - strategy: - fail-fast: false - matrix: - include: - - runner: ubuntu-latest - platform: linux/amd64 - arch: amd64 - - runner: ubuntu-22.04-arm64 - platform: linux/arm64 - arch: arm64 - runs-on: ${{ matrix.runner }} + runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Ensure build script is executable run: chmod +x bin/buildAnyPlatform.sh - - name: Clean dist - run: rm -rf dist && mkdir dist - - - name: Build ${{ matrix.platform }} binary - run: bin/buildAnyPlatform.sh ${{ matrix.platform }} + - name: Build linux/amd64 and linux/arm64 binaries + run: bin/buildAnyPlatform.sh linux/amd64 linux/arm64 - - name: Upload binary + - name: Upload binaries uses: actions/upload-artifact@v4 with: - name: frp-simple-auth-${{ matrix.arch }} - path: dist/frp-simple-auth.${{ replace(matrix.platform, '/', '-') }} + name: frp-simple-auth-binaries + path: | + dist/frp-simple-auth.linux-amd64 + dist/frp-simple-auth.linux-arm64 if-no-files-found: error - - name: Docker build smoke test - if: ${{ matrix.arch == 'amd64' }} + - name: Docker build smoke test (amd64) run: docker build -f .build/Dockerfile -t frp-simple-auth:test . diff --git a/.github/workflows/publish-dockerhub.yml b/.github/workflows/publish-dockerhub.yml index fcfd55e..f57628e 100644 --- a/.github/workflows/publish-dockerhub.yml +++ b/.github/workflows/publish-dockerhub.yml @@ -5,13 +5,13 @@ on: branches: - main - dev - - feature/initial-commit + - 'dev-*' tags: - '*' workflow_dispatch: jobs: - meta: + publish: runs-on: ubuntu-latest permissions: contents: read @@ -19,65 +19,46 @@ jobs: DOCKERHUB_USER: ${{ vars.DOCKERHUB_USER }} DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} DOCKERHUB_IMAGE: ${{ vars.DOCKERHUB_IMAGE }} - outputs: - tag: ${{ steps.compute.outputs.tag }} steps: - - name: Validate Docker Hub secrets + - name: Checkout + uses: actions/checkout@v4 + + - name: Validate configuration run: | set -euo pipefail for var in DOCKERHUB_USER DOCKERHUB_PASSWORD DOCKERHUB_IMAGE; do if [ -z "${!var}" ]; then - echo "Missing secret: $var" >&2 + echo "Missing value for $var" >&2 exit 1 fi done - - name: Compute image tag - id: compute - env: - IMAGE: ${{ env.DOCKERHUB_IMAGE }} + - name: Determine tags + id: tags run: | set -euo pipefail ref="${GITHUB_REF}" + ref_name="${GITHUB_REF_NAME}" sha_short="$(printf '%s' "${GITHUB_SHA}" | cut -c1-7)" if [[ "${ref}" == refs/tags/* ]]; then - ref_name="${ref#refs/tags/}" - else - ref_name="${GITHUB_REF_NAME}" - fi - slug="$(printf '%s' "${ref_name}" | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9]+/-/g' | sed -E 's/^-+|-+$//g')" - if [[ "${ref}" == refs/tags/* ]]; then - suffix=":${ref_name}" + suffix="${ref#refs/tags/}" elif [[ "${ref_name}" == "main" ]]; then - suffix=":latest" + suffix="latest" else + slug="$(printf '%s' "${ref_name}" | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9]+/-/g' | sed -E 's/^-+|-+$//g')" [[ -z "${slug}" ]] && slug="sha-${sha_short}" - suffix=":${slug}" + suffix="${slug}" fi - echo "tag=docker.io/${IMAGE}${suffix}" >> "${GITHUB_OUTPUT}" + base_tag="docker.io/${DOCKERHUB_IMAGE}:${suffix}" + echo "BASE_TAG=${base_tag}" >> "${GITHUB_ENV}" + echo "AMD64_TAG=${base_tag}-amd64" >> "${GITHUB_ENV}" + echo "ARM64_TAG=${base_tag}-arm64" >> "${GITHUB_ENV}" - build: - needs: meta - strategy: - fail-fast: false - matrix: - include: - - runner: ubuntu-latest - platform: linux/amd64 - arch: amd64 - - runner: ubuntu-22.04-arm64 - platform: linux/arm64 - arch: arm64 - runs-on: ${{ matrix.runner }} - permissions: - contents: read - env: - DOCKERHUB_USER: ${{ vars.DOCKERHUB_USER }} - DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} - BASE_TAG: ${{ needs.meta.outputs.tag }} - steps: - - name: Checkout - uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Log in to Docker Hub uses: docker/login-action@v3 @@ -85,19 +66,28 @@ jobs: username: ${{ env.DOCKERHUB_USER }} password: ${{ env.DOCKERHUB_PASSWORD }} - - name: Build and push ${{ matrix.arch }} + - name: Build and push linux/amd64 image env: BASE_TAG: ${{ env.BASE_TAG }} + AMD64_TAG: ${{ env.AMD64_TAG }} run: | set -euo pipefail - if [ -z "${BASE_TAG:-}" ]; then - echo "BASE_TAG missing" >&2 - exit 1 - fi - ARCH_TAG="${BASE_TAG}-${{ matrix.arch }}" - docker build -f .build/Dockerfile -t "${ARCH_TAG}" . - docker push "${ARCH_TAG}" - if [ "${{ matrix.arch }}" = "amd64" ]; then - docker tag "${ARCH_TAG}" "${BASE_TAG}" - docker push "${BASE_TAG}" - fi + docker buildx build \ + --platform linux/amd64 \ + --file .build/Dockerfile \ + --push \ + --tag "${AMD64_TAG}" \ + --tag "${BASE_TAG}" \ + . + + - name: Build and push linux/arm64 image + env: + ARM64_TAG: ${{ env.ARM64_TAG }} + run: | + set -euo pipefail + docker buildx build \ + --platform linux/arm64 \ + --file .build/Dockerfile \ + --push \ + --tag "${ARM64_TAG}" \ + . diff --git a/.github/workflows/publish-quay.yml b/.github/workflows/publish-quay.yml index 3b9fb7a..19bbe67 100644 --- a/.github/workflows/publish-quay.yml +++ b/.github/workflows/publish-quay.yml @@ -5,12 +5,13 @@ on: branches: - main - dev + - 'dev-*' tags: - '*' workflow_dispatch: jobs: - meta: + publish: runs-on: ubuntu-latest permissions: contents: read @@ -18,65 +19,45 @@ jobs: QUAY_USER: ${{ vars.QUAY_USER }} QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} QUAY_IMAGE: ${{ vars.QUAY_IMAGE }} - outputs: - tag: ${{ steps.compute.outputs.tag }} steps: - - name: Validate Quay secrets + - name: Checkout + uses: actions/checkout@v4 + + - name: Validate configuration run: | set -euo pipefail for var in QUAY_USER QUAY_PASSWORD QUAY_IMAGE; do if [ -z "${!var}" ]; then - echo "Missing secret: $var" >&2 + echo "Missing value for $var" >&2 exit 1 fi done - - name: Compute image tag - id: compute - env: - IMAGE: ${{ env.QUAY_IMAGE }} + - name: Determine tags run: | set -euo pipefail ref="${GITHUB_REF}" + ref_name="${GITHUB_REF_NAME}" sha_short="$(printf '%s' "${GITHUB_SHA}" | cut -c1-7)" if [[ "${ref}" == refs/tags/* ]]; then - ref_name="${ref#refs/tags/}" - else - ref_name="${GITHUB_REF_NAME}" - fi - slug="$(printf '%s' "${ref_name}" | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9]+/-/g' | sed -E 's/^-+|-+$//g')" - if [[ "${ref}" == refs/tags/* ]]; then - suffix=":${ref_name}" + suffix="${ref#refs/tags/}" elif [[ "${ref_name}" == "main" ]]; then - suffix=":latest" + suffix="latest" else + slug="$(printf '%s' "${ref_name}" | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9]+/-/g' | sed -E 's/^-+|-+$//g')" [[ -z "${slug}" ]] && slug="sha-${sha_short}" - suffix=":${slug}" + suffix="${slug}" fi - echo "tag=quay.io/${IMAGE}${suffix}" >> "${GITHUB_OUTPUT}" + base_tag="quay.io/${QUAY_IMAGE}:${suffix}" + echo "BASE_TAG=${base_tag}" >> "${GITHUB_ENV}" + echo "AMD64_TAG=${base_tag}-amd64" >> "${GITHUB_ENV}" + echo "ARM64_TAG=${base_tag}-arm64" >> "${GITHUB_ENV}" - build: - needs: meta - strategy: - fail-fast: false - matrix: - include: - - runner: ubuntu-latest - platform: linux/amd64 - arch: amd64 - - runner: ubuntu-22.04-arm64 - platform: linux/arm64 - arch: arm64 - runs-on: ${{ matrix.runner }} - permissions: - contents: read - env: - QUAY_USER: ${{ vars.QUAY_USER }} - QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} - BASE_TAG: ${{ needs.meta.outputs.tag }} - steps: - - name: Checkout - uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Log in to Quay.io uses: docker/login-action@v3 @@ -85,19 +66,28 @@ jobs: username: ${{ env.QUAY_USER }} password: ${{ env.QUAY_PASSWORD }} - - name: Build and push ${{ matrix.arch }} + - name: Build and push linux/amd64 image env: BASE_TAG: ${{ env.BASE_TAG }} + AMD64_TAG: ${{ env.AMD64_TAG }} run: | set -euo pipefail - if [ -z "${BASE_TAG:-}" ]; then - echo "BASE_TAG missing" >&2 - exit 1 - fi - ARCH_TAG="${BASE_TAG}-${{ matrix.arch }}" - docker build -f .build/Dockerfile -t "${ARCH_TAG}" . - docker push "${ARCH_TAG}" - if [ "${{ matrix.arch }}" = "amd64" ]; then - docker tag "${ARCH_TAG}" "${BASE_TAG}" - docker push "${BASE_TAG}" - fi + docker buildx build \ + --platform linux/amd64 \ + --file .build/Dockerfile \ + --push \ + --tag "${AMD64_TAG}" \ + --tag "${BASE_TAG}" \ + . + + - name: Build and push linux/arm64 image + env: + ARM64_TAG: ${{ env.ARM64_TAG }} + run: | + set -euo pipefail + docker buildx build \ + --platform linux/arm64 \ + --file .build/Dockerfile \ + --push \ + --tag "${ARM64_TAG}" \ + . diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml index 2efdc5f..41a67f1 100644 --- a/.github/workflows/release-binaries.yml +++ b/.github/workflows/release-binaries.yml @@ -8,37 +8,29 @@ on: jobs: build: - strategy: - fail-fast: false - matrix: - include: - - runner: ubuntu-latest - platform: linux/amd64 - arch: amd64 - - runner: ubuntu-22.04-arm64 - platform: linux/arm64 - arch: arm64 - runs-on: ${{ matrix.runner }} + runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Ensure build script is executable run: chmod +x bin/buildAnyPlatform.sh - - name: Clean dist - run: rm -rf dist && mkdir dist - - - name: Build ${{ matrix.platform }} binary - run: bin/buildAnyPlatform.sh ${{ matrix.platform }} + - name: Build linux/amd64 and linux/arm64 binaries + run: bin/buildAnyPlatform.sh linux/amd64 linux/arm64 - - name: Upload artifact + - name: Upload artifacts uses: actions/upload-artifact@v4 with: - name: frp-simple-auth-${{ matrix.arch }} - path: dist/frp-simple-auth.${{ replace(matrix.platform, '/', '-') }} + name: frp-simple-auth-binaries + path: | + dist/frp-simple-auth.linux-amd64 + dist/frp-simple-auth.linux-arm64 if-no-files-found: error release: @@ -50,8 +42,7 @@ jobs: - name: Download artifacts uses: actions/download-artifact@v4 with: - pattern: frp-simple-auth-* - merge-multiple: true + name: frp-simple-auth-binaries path: release - name: Prepare files diff --git a/DOCKER.md b/DOCKER.md index efd4582..7bbe086 100644 --- a/DOCKER.md +++ b/DOCKER.md @@ -114,5 +114,5 @@ The image bundles the PyInstaller-built binary at `/usr/local/bin/frp-simple-aut ## Source & License -- Source: [github.com/spaleks/frp-simple-auth](https://github.com/spaleks/frp-simple-auth) +- Source: [github.com/spaaleks/frp-simple-auth](https://github.com/spaaleks/frp-simple-auth) - License: MIT