mirror of
https://github.com/Infisical/infisical.git
synced 2026-01-07 22:53:55 -05:00
154 lines
6.9 KiB
YAML
154 lines
6.9 KiB
YAML
name: Release standalone docker image
|
|
on:
|
|
push:
|
|
tags:
|
|
- "v*.*.*"
|
|
- "v*.*.*-nightly-*"
|
|
- "v*.*.*-nightly-*.*"
|
|
|
|
jobs:
|
|
infisical-tests:
|
|
name: Run tests before deployment
|
|
# https://docs.github.com/en/actions/using-workflows/reusing-workflows#overview
|
|
uses: ./.github/workflows/run-backend-tests.yml
|
|
|
|
infisical-standalone:
|
|
name: Build infisical standalone image postgres
|
|
runs-on: ubuntu-latest
|
|
needs: [infisical-tests]
|
|
steps:
|
|
- name: Extract version from tag
|
|
id: extract_version
|
|
run: echo "::set-output name=version::${GITHUB_REF_NAME}"
|
|
- name: ☁️ Checkout source
|
|
uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
- name: 📦 Install dependencies to test all dependencies
|
|
run: npm ci --only-production
|
|
working-directory: backend
|
|
- name: version output
|
|
run: |
|
|
echo "Output Value: ${{ steps.version.outputs.major }}"
|
|
echo "Output Value: ${{ steps.version.outputs.minor }}"
|
|
echo "Output Value: ${{ steps.version.outputs.patch }}"
|
|
echo "Output Value: ${{ steps.version.outputs.version }}"
|
|
echo "Output Value: ${{ steps.version.outputs.version_type }}"
|
|
echo "Output Value: ${{ steps.version.outputs.increment }}"
|
|
- name: Save commit hashes for tag
|
|
id: commit
|
|
uses: pr-mpt/actions-commit-hash@v2
|
|
- name: 🔧 Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v2
|
|
- name: 🐋 Login to Docker Hub
|
|
uses: docker/login-action@v2
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
- name: Set up Depot CLI
|
|
uses: depot/setup-action@v1
|
|
- name: 📦 Build backend and export to Docker
|
|
uses: depot/build-push-action@v1
|
|
with:
|
|
project: 64mmf0n610
|
|
token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
|
|
push: true
|
|
context: .
|
|
tags: |
|
|
infisical/infisical:latest
|
|
infisical/infisical:${{ steps.commit.outputs.short }}
|
|
infisical/infisical:${{ steps.extract_version.outputs.version }}
|
|
platforms: linux/amd64,linux/arm64
|
|
file: Dockerfile.standalone-infisical
|
|
build-args: |
|
|
POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
|
|
INFISICAL_PLATFORM_VERSION=${{ steps.extract_version.outputs.version }}
|
|
DD_GIT_REPOSITORY_URL=${{ github.server_url }}/${{ github.repository }}
|
|
DD_GIT_COMMIT_SHA=${{ github.sha }}
|
|
- name: Snyk to check Docker image for vulnerabilities
|
|
continue-on-error: true
|
|
uses: snyk/actions/docker@master
|
|
env:
|
|
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
|
with:
|
|
image: infisical/infisical:${{ steps.extract_version.outputs.version }}
|
|
command: monitor
|
|
args: --file=Dockerfile.standalone-infisical --project-name="infisical-core-docker-image"
|
|
|
|
infisical-fips-standalone:
|
|
name: Build infisical standalone image postgres
|
|
runs-on: ubuntu-latest
|
|
needs: [infisical-tests]
|
|
steps:
|
|
- name: Extract version from tag
|
|
id: extract_version
|
|
run: echo "::set-output name=version::${GITHUB_REF_NAME}"
|
|
- name: ☁️ Checkout source
|
|
uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
- name: 📦 Install dependencies to test all dependencies
|
|
run: npm ci --only-production
|
|
working-directory: backend
|
|
- name: version output
|
|
run: |
|
|
echo "Output Value: ${{ steps.version.outputs.major }}"
|
|
echo "Output Value: ${{ steps.version.outputs.minor }}"
|
|
echo "Output Value: ${{ steps.version.outputs.patch }}"
|
|
echo "Output Value: ${{ steps.version.outputs.version }}"
|
|
echo "Output Value: ${{ steps.version.outputs.version_type }}"
|
|
echo "Output Value: ${{ steps.version.outputs.increment }}"
|
|
- name: Save commit hashes for tag
|
|
id: commit
|
|
uses: pr-mpt/actions-commit-hash@v2
|
|
- name: 🔧 Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v2
|
|
- name: 🐋 Login to Docker Hub
|
|
uses: docker/login-action@v2
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
- name: Set up Depot CLI
|
|
uses: depot/setup-action@v1
|
|
- name: 📦 Build backend and export to Docker
|
|
uses: depot/build-push-action@v1
|
|
with:
|
|
project: 64mmf0n610
|
|
token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
|
|
push: true
|
|
context: .
|
|
tags: |
|
|
infisical/infisical-fips:latest
|
|
infisical/infisical-fips:${{ steps.commit.outputs.short }}
|
|
infisical/infisical-fips:${{ steps.extract_version.outputs.version }}
|
|
platforms: linux/amd64,linux/arm64
|
|
file: Dockerfile.fips.standalone-infisical
|
|
build-args: |
|
|
POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
|
|
INFISICAL_PLATFORM_VERSION=${{ steps.extract_version.outputs.version }}
|
|
trigger-binary-release:
|
|
runs-on: ubuntu-latest
|
|
needs: [infisical-standalone, infisical-fips-standalone]
|
|
steps:
|
|
- name: Create tag if it doesn't exist
|
|
run: |
|
|
TAG_NAME="${{ github.ref_name }}"
|
|
echo "Checking for tag: $TAG_NAME"
|
|
|
|
if gh api repos/Infisical/infisical-omnibus/git/refs/tags/$TAG_NAME --silent 2>/dev/null; then
|
|
echo "Tag $TAG_NAME already exists, skipping..."
|
|
else
|
|
echo "Creating tag in Infisical/infisical-omnibus: $TAG_NAME"
|
|
LATEST_SHA=$(gh api repos/Infisical/infisical-omnibus/git/refs/heads/main --jq '.object.sha')
|
|
echo "Latest SHA: $LATEST_SHA"
|
|
|
|
gh api repos/Infisical/infisical-omnibus/git/refs \
|
|
--method POST \
|
|
--field ref="refs/tags/$TAG_NAME" \
|
|
--field sha="$LATEST_SHA"
|
|
|
|
echo "Successfully created tag $TAG_NAME"
|
|
fi
|
|
env:
|
|
GH_TOKEN: ${{ secrets.OMNIBUS_RELEASE_TOKEN }}
|