mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-11-16 06:52:07 +01:00
32543c46da
- Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
235 lines
8.2 KiB
YAML
235 lines
8.2 KiB
YAML
name: Release
|
|
|
|
on:
|
|
push:
|
|
paths:
|
|
- ".github/workflows/release.yml"
|
|
- "src/**"
|
|
- "migrations/**"
|
|
- "hooks/**"
|
|
- "docker/**"
|
|
- "Cargo.*"
|
|
- "build.rs"
|
|
- "diesel.toml"
|
|
- "rust-toolchain.toml"
|
|
|
|
branches: # Only on paths above
|
|
- main
|
|
|
|
tags: # Always, regardless of paths above
|
|
- '*'
|
|
|
|
jobs:
|
|
# https://github.com/marketplace/actions/skip-duplicate-actions
|
|
# Some checks to determine if we need to continue with building a new docker.
|
|
# We will skip this check if we are creating a tag, because that has the same hash as a previous run already.
|
|
skip_check:
|
|
runs-on: ubuntu-22.04
|
|
if: ${{ github.repository == 'dani-garcia/vaultwarden' }}
|
|
outputs:
|
|
should_skip: ${{ steps.skip_check.outputs.should_skip }}
|
|
steps:
|
|
- name: Skip Duplicates Actions
|
|
id: skip_check
|
|
uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281 # v5.3.0
|
|
with:
|
|
cancel_others: 'true'
|
|
# Only run this when not creating a tag
|
|
if: ${{ startsWith(github.ref, 'refs/heads/') }}
|
|
|
|
docker-build:
|
|
runs-on: ubuntu-22.04
|
|
timeout-minutes: 120
|
|
needs: skip_check
|
|
# Start a local docker registry to be used to generate multi-arch images.
|
|
services:
|
|
registry:
|
|
image: registry:2
|
|
ports:
|
|
- 5000:5000
|
|
env:
|
|
# Use BuildKit (https://docs.docker.com/build/buildkit/) for better
|
|
# build performance and the ability to copy extended file attributes
|
|
# (e.g., for executable capabilities) across build phases.
|
|
DOCKER_BUILDKIT: 1
|
|
SOURCE_COMMIT: ${{ github.sha }}
|
|
SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}"
|
|
# The *_REPO variables need to be configured as repository variables
|
|
# Append `/settings/variables/actions` to your repo url
|
|
# DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>'
|
|
# Check for Docker hub credentials in secrets
|
|
HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
|
|
# GHCR_REPO needs to be 'ghcr.io/<user>/<repo>'
|
|
# Check for Github credentials in secrets
|
|
HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }}
|
|
# QUAY_REPO needs to be 'quay.io/<user>/<repo>'
|
|
# Check for Quay.io credentials in secrets
|
|
HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }}
|
|
if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }}
|
|
strategy:
|
|
matrix:
|
|
base_image: ["debian","alpine"]
|
|
|
|
steps:
|
|
# Checkout the repo
|
|
- name: Checkout
|
|
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
# Determine Docker Tag
|
|
- name: Init Variables
|
|
id: vars
|
|
shell: bash
|
|
run: |
|
|
# Check which main tag we are going to build determined by github.ref
|
|
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
|
|
echo "DOCKER_TAG=${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_OUTPUT}"
|
|
elif [[ "${{ github.ref }}" == refs/heads/* ]]; then
|
|
echo "DOCKER_TAG=testing" | tee -a "${GITHUB_OUTPUT}"
|
|
fi
|
|
# End Determine Docker Tag
|
|
|
|
# Login to Docker Hub
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}
|
|
|
|
# Login to GitHub Container Registry
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
|
|
|
|
# Login to Quay.io
|
|
- name: Login to Quay.io
|
|
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
|
|
with:
|
|
registry: quay.io
|
|
username: ${{ secrets.QUAY_USERNAME }}
|
|
password: ${{ secrets.QUAY_TOKEN }}
|
|
if: ${{ env.HAVE_QUAY_LOGIN == 'true' }}
|
|
|
|
# Debian
|
|
|
|
# Docker Hub
|
|
- name: Build Debian based images (docker.io)
|
|
shell: bash
|
|
env:
|
|
DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
|
|
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
|
|
run: |
|
|
./hooks/build
|
|
if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
|
|
|
|
- name: Push Debian based images (docker.io)
|
|
shell: bash
|
|
env:
|
|
DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
|
|
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
|
|
run: |
|
|
./hooks/push
|
|
if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
|
|
|
|
# GitHub Container Registry
|
|
- name: Build Debian based images (ghcr.io)
|
|
shell: bash
|
|
env:
|
|
DOCKER_REPO: "${{ vars.GHCR_REPO }}"
|
|
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
|
|
run: |
|
|
./hooks/build
|
|
if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}
|
|
|
|
- name: Push Debian based images (ghcr.io)
|
|
shell: bash
|
|
env:
|
|
DOCKER_REPO: "${{ vars.GHCR_REPO }}"
|
|
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
|
|
run: |
|
|
./hooks/push
|
|
if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}
|
|
|
|
# Quay.io
|
|
- name: Build Debian based images (quay.io)
|
|
shell: bash
|
|
env:
|
|
DOCKER_REPO: "${{ vars.QUAY_REPO }}"
|
|
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
|
|
run: |
|
|
./hooks/build
|
|
if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}
|
|
|
|
- name: Push Debian based images (quay.io)
|
|
shell: bash
|
|
env:
|
|
DOCKER_REPO: "${{ vars.QUAY_REPO }}"
|
|
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
|
|
run: |
|
|
./hooks/push
|
|
if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}
|
|
|
|
# Alpine
|
|
|
|
# Docker Hub
|
|
- name: Build Alpine based images (docker.io)
|
|
shell: bash
|
|
env:
|
|
DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
|
|
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
|
|
run: |
|
|
./hooks/build
|
|
if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
|
|
|
|
- name: Push Alpine based images (docker.io)
|
|
shell: bash
|
|
env:
|
|
DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
|
|
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
|
|
run: |
|
|
./hooks/push
|
|
if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
|
|
|
|
# GitHub Container Registry
|
|
- name: Build Alpine based images (ghcr.io)
|
|
shell: bash
|
|
env:
|
|
DOCKER_REPO: "${{ vars.GHCR_REPO }}"
|
|
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
|
|
run: |
|
|
./hooks/build
|
|
if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}
|
|
|
|
- name: Push Alpine based images (ghcr.io)
|
|
shell: bash
|
|
env:
|
|
DOCKER_REPO: "${{ vars.GHCR_REPO }}"
|
|
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
|
|
run: |
|
|
./hooks/push
|
|
if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}
|
|
|
|
# Quay.io
|
|
- name: Build Alpine based images (quay.io)
|
|
shell: bash
|
|
env:
|
|
DOCKER_REPO: "${{ vars.QUAY_REPO }}"
|
|
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
|
|
run: |
|
|
./hooks/build
|
|
if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}
|
|
|
|
- name: Push Alpine based images (quay.io)
|
|
shell: bash
|
|
env:
|
|
DOCKER_REPO: "${{ vars.QUAY_REPO }}"
|
|
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
|
|
run: |
|
|
./hooks/push
|
|
if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}
|