Update web vault to 2023.10.0 #216
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
paths: | |
- ".github/workflows/release.yml" | |
- "src/**" | |
- "migrations/**" | |
- "docker/**" | |
- "Cargo.*" | |
- "build.rs" | |
- "diesel.toml" | |
- "rust-toolchain.toml" | |
branches: # Only on paths above | |
- main | |
- release-build-revision | |
tags: # Always, regardless of paths above | |
- '*' | |
jobs: | |
# https://github.com/marketplace/actions/skip-duplicate-actions | |
# Some checks to determine if we need to continue with building a new docker. | |
# We will skip this check if we are creating a tag, because that has the same hash as a previous run already. | |
skip_check: | |
runs-on: ubuntu-22.04 | |
if: ${{ github.repository == 'dani-garcia/vaultwarden' }} | |
outputs: | |
should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
steps: | |
- name: Skip Duplicates Actions | |
id: skip_check | |
uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281 # v5.3.0 | |
with: | |
cancel_others: 'true' | |
# Only run this when not creating a tag | |
if: ${{ github.ref_type == 'branch' }} | |
docker-build: | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 120 | |
needs: skip_check | |
if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }} | |
# TODO: Start a local docker registry to be used to extract the final Alpine static build images | |
# services: | |
# registry: | |
# image: registry:2 | |
# ports: | |
# - 5000:5000 | |
env: | |
SOURCE_COMMIT: ${{ github.sha }} | |
SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}" | |
# The *_REPO variables need to be configured as repository variables | |
# Append `/settings/variables/actions` to your repo url | |
# DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>' | |
# Check for Docker hub credentials in secrets | |
HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }} | |
# GHCR_REPO needs to be 'ghcr.io/<user>/<repo>' | |
# Check for Github credentials in secrets | |
HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }} | |
# QUAY_REPO needs to be 'quay.io/<user>/<repo>' | |
# Check for Quay.io credentials in secrets | |
HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }} | |
strategy: | |
matrix: | |
base_image: ["debian","alpine"] | |
steps: | |
# Checkout the repo | |
- name: Checkout | |
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
with: | |
fetch-depth: 0 | |
- name: Initialize QEMU binfmt support | |
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | |
with: | |
platforms: "arm64,arm" | |
# Start Docker Buildx | |
- name: Setup Docker Buildx | |
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | |
# https://github.com/moby/buildkit/issues/3969 | |
# Also set max parallelism to 2, the default of 4 breaks GitHub Actions | |
with: | |
config-inline: | | |
[worker.oci] | |
max-parallelism = 2 | |
driver-opts: | | |
network=host | |
# Determine Base Tags and Source Version | |
- name: Determine Base Tags and Source Version | |
shell: bash | |
run: | | |
# Check which main tag we are going to build determined by github.ref_type | |
if [[ "${{ github.ref_type }}" == "tag" ]]; then | |
echo "BASE_TAGS=latest,${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_ENV}" | |
elif [[ "${{ github.ref_type }}" == "branch" ]]; then | |
echo "BASE_TAGS=testing" | tee -a "${GITHUB_ENV}" | |
fi | |
# Get the Source Version for this release | |
GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null || true)" | |
if [[ -n "${GIT_EXACT_TAG}" ]]; then | |
echo "SOURCE_VERSION=${GIT_EXACT_TAG}" | tee -a "${GITHUB_ENV}" | |
else | |
GIT_LAST_TAG="$(git describe --tags --abbrev=0)" | |
echo "SOURCE_VERSION=${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}" | |
fi | |
# End Determine Base Tags | |
# Login to Docker Hub | |
- name: Login to Docker Hub | |
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }} | |
- name: Add registry for DockerHub | |
if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }} | |
shell: bash | |
run: | | |
echo "CONTAINER_REGISTRIES=${{ vars.DOCKERHUB_REPO }}" | tee -a "${GITHUB_ENV}" | |
# Login to GitHub Container Registry | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
if: ${{ env.HAVE_GHCR_LOGIN == 'true' }} | |
- name: Add registry for ghcr.io | |
if: ${{ env.HAVE_GHCR_LOGIN == 'true' }} | |
shell: bash | |
run: | | |
echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.GHCR_REPO }}" | tee -a "${GITHUB_ENV}" | |
# Login to Quay.io | |
- name: Login to Quay.io | |
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_TOKEN }} | |
if: ${{ env.HAVE_QUAY_LOGIN == 'true' }} | |
- name: Add registry for Quay.io | |
if: ${{ env.HAVE_QUAY_LOGIN == 'true' }} | |
shell: bash | |
run: | | |
echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.QUAY_REPO }}" | tee -a "${GITHUB_ENV}" | |
- name: Bake ${{ matrix.base_image }} containers | |
uses: docker/bake-action@511fde2517761e303af548ec9e0ea74a8a100112 # v4.0.0 | |
env: | |
BASE_TAGS: "${{ env.BASE_TAGS }}" | |
SOURCE_COMMIT: "${{ env.SOURCE_COMMIT }}" | |
SOURCE_VERSION: "${{ env.SOURCE_VERSION }}" | |
SOURCE_REPOSITORY_URL: "${{ env.SOURCE_REPOSITORY_URL }}" | |
CONTAINER_REGISTRIES: "${{ env.CONTAINER_REGISTRIES }}" | |
with: | |
pull: true | |
push: true | |
files: docker/docker-bake.hcl | |
targets: "${{ matrix.base_image }}-multi" |