| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252 |
- name: Release
- on:
- push:
- branches:
- - main
- tags:
- - '*'
- jobs:
- # https://github.com/marketplace/actions/skip-duplicate-actions
- # Some checks to determine if we need to continue with building a new docker.
- # We will skip this check if we are creating a tag, because that has the same hash as a previous run already.
- skip_check:
- runs-on: ubuntu-24.04
- if: ${{ github.repository == 'dani-garcia/vaultwarden' }}
- outputs:
- should_skip: ${{ steps.skip_check.outputs.should_skip }}
- steps:
- - name: Skip Duplicates Actions
- id: skip_check
- uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
- with:
- cancel_others: 'true'
- # Only run this when not creating a tag
- if: ${{ github.ref_type == 'branch' }}
- docker-build:
- runs-on: ubuntu-24.04
- timeout-minutes: 120
- needs: skip_check
- if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }}
- # Start a local docker registry to extract the final Alpine static build binaries
- services:
- registry:
- image: registry:2
- ports:
- - 5000:5000
- env:
- SOURCE_COMMIT: ${{ github.sha }}
- SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}"
- # The *_REPO variables need to be configured as repository variables
- # Append `/settings/variables/actions` to your repo url
- # DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>'
- # Check for Docker hub credentials in secrets
- HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
- # GHCR_REPO needs to be 'ghcr.io/<user>/<repo>'
- # Check for Github credentials in secrets
- HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }}
- # QUAY_REPO needs to be 'quay.io/<user>/<repo>'
- # Check for Quay.io credentials in secrets
- HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }}
- strategy:
- matrix:
- base_image: ["debian","alpine"]
- steps:
- # Checkout the repo
- - name: Checkout
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
- with:
- fetch-depth: 0
- - name: Initialize QEMU binfmt support
- uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- with:
- platforms: "arm64,arm"
- # Start Docker Buildx
- - name: Setup Docker Buildx
- uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- # https://github.com/moby/buildkit/issues/3969
- # Also set max parallelism to 2, the default of 4 breaks GitHub Actions and causes OOMKills
- with:
- buildkitd-config-inline: |
- [worker.oci]
- max-parallelism = 2
- driver-opts: |
- network=host
- # Determine Base Tags and Source Version
- - name: Determine Base Tags and Source Version
- shell: bash
- run: |
- # Check which main tag we are going to build determined by github.ref_type
- if [[ "${{ github.ref_type }}" == "tag" ]]; then
- echo "BASE_TAGS=latest,${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_ENV}"
- elif [[ "${{ github.ref_type }}" == "branch" ]]; then
- echo "BASE_TAGS=testing" | tee -a "${GITHUB_ENV}"
- fi
- # Get the Source Version for this release
- GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null || true)"
- if [[ -n "${GIT_EXACT_TAG}" ]]; then
- echo "SOURCE_VERSION=${GIT_EXACT_TAG}" | tee -a "${GITHUB_ENV}"
- else
- GIT_LAST_TAG="$(git describe --tags --abbrev=0)"
- echo "SOURCE_VERSION=${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}"
- fi
- # End Determine Base Tags
- # Login to Docker Hub
- - name: Login to Docker Hub
- uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
- with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKERHUB_TOKEN }}
- if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}
- - name: Add registry for DockerHub
- if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}
- shell: bash
- run: |
- echo "CONTAINER_REGISTRIES=${{ vars.DOCKERHUB_REPO }}" | tee -a "${GITHUB_ENV}"
- # Login to GitHub Container Registry
- - name: Login to GitHub Container Registry
- uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
- with:
- registry: ghcr.io
- username: ${{ github.repository_owner }}
- password: ${{ secrets.GITHUB_TOKEN }}
- if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
- - name: Add registry for ghcr.io
- if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
- shell: bash
- run: |
- echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.GHCR_REPO }}" | tee -a "${GITHUB_ENV}"
- # Login to Quay.io
- - name: Login to Quay.io
- uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
- with:
- registry: quay.io
- username: ${{ secrets.QUAY_USERNAME }}
- password: ${{ secrets.QUAY_TOKEN }}
- if: ${{ env.HAVE_QUAY_LOGIN == 'true' }}
- - name: Add registry for Quay.io
- if: ${{ env.HAVE_QUAY_LOGIN == 'true' }}
- shell: bash
- run: |
- echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.QUAY_REPO }}" | tee -a "${GITHUB_ENV}"
- - name: Configure build cache from/to
- shell: bash
- run: |
- #
- # Check if there is a GitHub Container Registry Login and use it for caching
- if [[ -n "${HAVE_GHCR_LOGIN}" ]]; then
- echo "BAKE_CACHE_FROM=type=registry,ref=${{ vars.GHCR_REPO }}-buildcache:${{ matrix.base_image }}" | tee -a "${GITHUB_ENV}"
- echo "BAKE_CACHE_TO=type=registry,ref=${{ vars.GHCR_REPO }}-buildcache:${{ matrix.base_image }},compression=zstd,mode=max" | tee -a "${GITHUB_ENV}"
- else
- echo "BAKE_CACHE_FROM="
- echo "BAKE_CACHE_TO="
- fi
- #
- - name: Add localhost registry
- if: ${{ matrix.base_image == 'alpine' }}
- shell: bash
- run: |
- echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}localhost:5000/vaultwarden/server" | tee -a "${GITHUB_ENV}"
- - name: Bake ${{ matrix.base_image }} containers
- uses: docker/bake-action@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0
- env:
- BASE_TAGS: "${{ env.BASE_TAGS }}"
- SOURCE_COMMIT: "${{ env.SOURCE_COMMIT }}"
- SOURCE_VERSION: "${{ env.SOURCE_VERSION }}"
- SOURCE_REPOSITORY_URL: "${{ env.SOURCE_REPOSITORY_URL }}"
- CONTAINER_REGISTRIES: "${{ env.CONTAINER_REGISTRIES }}"
- with:
- pull: true
- push: true
- files: docker/docker-bake.hcl
- targets: "${{ matrix.base_image }}-multi"
- set: |
- *.cache-from=${{ env.BAKE_CACHE_FROM }}
- *.cache-to=${{ env.BAKE_CACHE_TO }}
- # Extract the Alpine binaries from the containers
- - name: Extract binaries
- if: ${{ matrix.base_image == 'alpine' }}
- shell: bash
- run: |
- # Check which main tag we are going to build determined by github.ref_type
- if [[ "${{ github.ref_type }}" == "tag" ]]; then
- EXTRACT_TAG="latest"
- elif [[ "${{ github.ref_type }}" == "branch" ]]; then
- EXTRACT_TAG="testing"
- fi
- # After each extraction the image is removed.
- # This is needed because using different platforms doesn't trigger a new pull/download
- # Extract amd64 binary
- docker create --name amd64 --platform=linux/amd64 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
- docker cp amd64:/vaultwarden vaultwarden-amd64
- docker rm --force amd64
- docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
- # Extract arm64 binary
- docker create --name arm64 --platform=linux/arm64 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
- docker cp arm64:/vaultwarden vaultwarden-arm64
- docker rm --force arm64
- docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
- # Extract armv7 binary
- docker create --name armv7 --platform=linux/arm/v7 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
- docker cp armv7:/vaultwarden vaultwarden-armv7
- docker rm --force armv7
- docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
- # Extract armv6 binary
- docker create --name armv6 --platform=linux/arm/v6 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
- docker cp armv6:/vaultwarden vaultwarden-armv6
- docker rm --force armv6
- docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
- # Upload artifacts to Github Actions
- - name: "Upload amd64 artifact"
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
- if: ${{ matrix.base_image == 'alpine' }}
- with:
- name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-amd64
- path: vaultwarden-amd64
- - name: "Upload arm64 artifact"
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
- if: ${{ matrix.base_image == 'alpine' }}
- with:
- name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-arm64
- path: vaultwarden-arm64
- - name: "Upload armv7 artifact"
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
- if: ${{ matrix.base_image == 'alpine' }}
- with:
- name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-armv7
- path: vaultwarden-armv7
- - name: "Upload armv6 artifact"
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
- if: ${{ matrix.base_image == 'alpine' }}
- with:
- name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-armv6
- path: vaultwarden-armv6
- # End Upload artifacts to Github Actions
|
