From 844ebb2922eccbef5ecc4afacac10fa293568af5 Mon Sep 17 00:00:00 2001 From: sriram veeraghanta Date: Thu, 3 Jul 2025 03:33:49 +0530 Subject: [PATCH] fix: build branch ee and cloud workflows --- .github/workflows/build-branch-cloud.yml | 20 +- .github/workflows/build-branch-ee.yml | 1449 +++++++++++----------- 2 files changed, 747 insertions(+), 722 deletions(-) diff --git a/.github/workflows/build-branch-cloud.yml b/.github/workflows/build-branch-cloud.yml index 6e827aff7f..805a38ce5f 100644 --- a/.github/workflows/build-branch-cloud.yml +++ b/.github/workflows/build-branch-cloud.yml @@ -213,7 +213,7 @@ jobs: docker-image-owner: makeplane docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_web }} build-context: . - dockerfile-path: ./web/Dockerfile.web + dockerfile-path: ./apps/web/Dockerfile.web buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} @@ -241,7 +241,7 @@ jobs: docker-image-owner: makeplane docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_space }} build-context: . - dockerfile-path: ./space/Dockerfile.space + dockerfile-path: ./apps/space/Dockerfile.space buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} @@ -264,7 +264,7 @@ jobs: docker-image-owner: makeplane docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_live }} build-context: . - dockerfile-path: ./live/Dockerfile.live + dockerfile-path: ./apps/live/Dockerfile.live buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} @@ -286,9 +286,9 @@ jobs: docker-image-owner: makeplane docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_silo }} build-context: . - dockerfile-path: ./silo/Dockerfile.silo + dockerfile-path: ./apps/silo/Dockerfile.silo - branch_build_push_apiserver: + branch_build_push_server: name: Build-Push API Server Docker Image runs-on: ubuntu-22.04 needs: [branch_build_setup] @@ -303,8 +303,8 @@ jobs: dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} docker-image-owner: makeplane docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_backend }} - build-context: ./apiserver - dockerfile-path: ./apiserver/Dockerfile.api + build-context: ./apps/server + dockerfile-path: ./apps/server/Dockerfile.api buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} @@ -329,8 +329,8 @@ jobs: dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} docker-image-owner: makeplane docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_email }} - build-context: ./email - dockerfile-path: ./email/Dockerfile + build-context: ./apps/email + dockerfile-path: ./apps/email/Dockerfile buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} @@ -348,7 +348,7 @@ jobs: branch_build_push_space, branch_build_push_live, branch_build_push_silo, - branch_build_push_apiserver, + branch_build_push_server, branch_build_push_email, ] env: diff --git a/.github/workflows/build-branch-ee.yml b/.github/workflows/build-branch-ee.yml index 16d321f820..e6ed90423b 100644 --- a/.github/workflows/build-branch-ee.yml +++ b/.github/workflows/build-branch-ee.yml @@ -9,8 +9,8 @@ on: type: choice default: "Build" options: - - "Build" - - "Release" + - "Build" + - "Release" releaseVersion: description: "Release Version" type: string @@ -74,352 +74,352 @@ jobs: arm64_build: ${{ steps.set_env_variables.outputs.ARM64_BUILD }} steps: - - id: set_env_variables - name: Set Environment Variables - run: | - if [ "${{ env.ARM64_BUILD }}" == "true" ] || ([ "${{ env.BUILD_TYPE }}" == "Release" ] && [ "${{ env.IS_PRERELEASE }}" != "true" ]); then - echo "BUILDX_DRIVER=cloud" >> $GITHUB_OUTPUT - echo "BUILDX_VERSION=lab:latest" >> $GITHUB_OUTPUT - echo "BUILDX_PLATFORMS=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT - echo "BUILDX_ENDPOINT=makeplane/plane-dev" >> $GITHUB_OUTPUT - echo "ARM64_BUILD=true" >> $GITHUB_OUTPUT - else - echo "BUILDX_DRIVER=docker-container" >> $GITHUB_OUTPUT - echo "BUILDX_VERSION=latest" >> $GITHUB_OUTPUT - echo "BUILDX_PLATFORMS=linux/amd64" >> $GITHUB_OUTPUT - echo "BUILDX_ENDPOINT=" >> $GITHUB_OUTPUT - echo "ARM64_BUILD=false" >> $GITHUB_OUTPUT - fi - BR_NAME=$( echo "${{ env.TARGET_BRANCH }}" |sed 's/[^a-zA-Z0-9.-]//g') - echo "TARGET_BRANCH=$BR_NAME" >> $GITHUB_OUTPUT - - echo "DH_IMG_WEB=web-commercial" >> $GITHUB_OUTPUT - echo "DH_IMG_SPACE=space-commercial" >> $GITHUB_OUTPUT - echo "DH_IMG_ADMIN=admin-commercial" >> $GITHUB_OUTPUT - echo "DH_IMG_LIVE=live-commercial" >> $GITHUB_OUTPUT - echo "DH_IMG_BACKEND=backend-commercial" >> $GITHUB_OUTPUT - echo "DH_IMG_PROXY=proxy-commercial" >> $GITHUB_OUTPUT - echo "DH_IMG_MONITOR=monitor-commercial" >> $GITHUB_OUTPUT - echo "DH_IMG_SILO=silo-commercial" >> $GITHUB_OUTPUT - echo "DH_IMG_EMAIL=email-commercial" >> $GITHUB_OUTPUT - - echo "BUILD_TYPE=${{env.BUILD_TYPE}}" >> $GITHUB_OUTPUT - BUILD_RELEASE=false - BUILD_PRERELEASE=false - RELVERSION="latest" - HARBOR_PUSH=false - - BUILD_AIRGAPPED=${{ env.AIRGAPPED_BUILD }} - - if [ "${{ env.BUILD_TYPE }}" == "Release" ]; then - FLAT_RELEASE_VERSION=$(echo "${{ env.RELEASE_VERSION }}" | sed 's/[^a-zA-Z0-9.-]//g') - echo "FLAT_RELEASE_VERSION=${FLAT_RELEASE_VERSION}" >> $GITHUB_OUTPUT - # HARBOR_PUSH=true - - semver_regex="^v([0-9]+)\.([0-9]+)\.([0-9]+)(-[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*)?$" - if [[ ! $FLAT_RELEASE_VERSION =~ $semver_regex ]]; then - echo "Invalid Release Version Format : $FLAT_RELEASE_VERSION" - echo "Please provide a valid SemVer version" - echo "e.g. v1.2.3 or v1.2.3-alpha-1" - echo "Exiting the build process" - exit 1 # Exit with status 1 to fail the step + - id: set_env_variables + name: Set Environment Variables + run: | + if [ "${{ env.ARM64_BUILD }}" == "true" ] || ([ "${{ env.BUILD_TYPE }}" == "Release" ] && [ "${{ env.IS_PRERELEASE }}" != "true" ]); then + echo "BUILDX_DRIVER=cloud" >> $GITHUB_OUTPUT + echo "BUILDX_VERSION=lab:latest" >> $GITHUB_OUTPUT + echo "BUILDX_PLATFORMS=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT + echo "BUILDX_ENDPOINT=makeplane/plane-dev" >> $GITHUB_OUTPUT + echo "ARM64_BUILD=true" >> $GITHUB_OUTPUT + else + echo "BUILDX_DRIVER=docker-container" >> $GITHUB_OUTPUT + echo "BUILDX_VERSION=latest" >> $GITHUB_OUTPUT + echo "BUILDX_PLATFORMS=linux/amd64" >> $GITHUB_OUTPUT + echo "BUILDX_ENDPOINT=" >> $GITHUB_OUTPUT + echo "ARM64_BUILD=false" >> $GITHUB_OUTPUT fi - BUILD_RELEASE=true - RELVERSION=$FLAT_RELEASE_VERSION + BR_NAME=$( echo "${{ env.TARGET_BRANCH }}" |sed 's/[^a-zA-Z0-9.-]//g') + echo "TARGET_BRANCH=$BR_NAME" >> $GITHUB_OUTPUT - if [ "${{ env.IS_PRERELEASE }}" == "true" ]; then - BUILD_PRERELEASE=true + echo "DH_IMG_WEB=web-commercial" >> $GITHUB_OUTPUT + echo "DH_IMG_SPACE=space-commercial" >> $GITHUB_OUTPUT + echo "DH_IMG_ADMIN=admin-commercial" >> $GITHUB_OUTPUT + echo "DH_IMG_LIVE=live-commercial" >> $GITHUB_OUTPUT + echo "DH_IMG_BACKEND=backend-commercial" >> $GITHUB_OUTPUT + echo "DH_IMG_PROXY=proxy-commercial" >> $GITHUB_OUTPUT + echo "DH_IMG_MONITOR=monitor-commercial" >> $GITHUB_OUTPUT + echo "DH_IMG_SILO=silo-commercial" >> $GITHUB_OUTPUT + echo "DH_IMG_EMAIL=email-commercial" >> $GITHUB_OUTPUT + + echo "BUILD_TYPE=${{env.BUILD_TYPE}}" >> $GITHUB_OUTPUT + BUILD_RELEASE=false + BUILD_PRERELEASE=false + RELVERSION="latest" + HARBOR_PUSH=false + + BUILD_AIRGAPPED=${{ env.AIRGAPPED_BUILD }} + + if [ "${{ env.BUILD_TYPE }}" == "Release" ]; then + FLAT_RELEASE_VERSION=$(echo "${{ env.RELEASE_VERSION }}" | sed 's/[^a-zA-Z0-9.-]//g') + echo "FLAT_RELEASE_VERSION=${FLAT_RELEASE_VERSION}" >> $GITHUB_OUTPUT + # HARBOR_PUSH=true + + semver_regex="^v([0-9]+)\.([0-9]+)\.([0-9]+)(-[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*)?$" + if [[ ! $FLAT_RELEASE_VERSION =~ $semver_regex ]]; then + echo "Invalid Release Version Format : $FLAT_RELEASE_VERSION" + echo "Please provide a valid SemVer version" + echo "e.g. v1.2.3 or v1.2.3-alpha-1" + echo "Exiting the build process" + exit 1 # Exit with status 1 to fail the step + fi + BUILD_RELEASE=true + RELVERSION=$FLAT_RELEASE_VERSION + + if [ "${{ env.IS_PRERELEASE }}" == "true" ]; then + BUILD_PRERELEASE=true + fi fi - fi - echo "BUILD_RELEASE=${BUILD_RELEASE}" >> $GITHUB_OUTPUT - echo "BUILD_PRERELEASE=${BUILD_PRERELEASE}" >> $GITHUB_OUTPUT - echo "RELEASE_VERSION=${RELVERSION}" >> $GITHUB_OUTPUT - echo "HARBOR_PUSH=${HARBOR_PUSH}" >> $GITHUB_OUTPUT + echo "BUILD_RELEASE=${BUILD_RELEASE}" >> $GITHUB_OUTPUT + echo "BUILD_PRERELEASE=${BUILD_PRERELEASE}" >> $GITHUB_OUTPUT + echo "RELEASE_VERSION=${RELVERSION}" >> $GITHUB_OUTPUT + echo "HARBOR_PUSH=${HARBOR_PUSH}" >> $GITHUB_OUTPUT - if [ "${{ env.BUILD_TYPE }}" == "Release" ]; then - echo "artifact_upload_to_s3=true" >> $GITHUB_OUTPUT - echo "artifact_s3_suffix=${{ env.RELEASE_VERSION }}" >> $GITHUB_OUTPUT - BUILD_AIRGAPPED=true - elif [ "${{ env.TARGET_BRANCH }}" == "master" ]; then - echo "artifact_upload_to_s3=true" >> $GITHUB_OUTPUT - echo "artifact_s3_suffix=${{ env.AIRGAPPED_BUILD }}" >> $GITHUB_OUTPUT - elif [ "${{ env.TARGET_BRANCH }}" == "preview" ] || [ "${{ env.TARGET_BRANCH }}" == "develop" ] || [ "${{ env.TARGET_BRANCH }}" == "uat" ]; then - echo "artifact_upload_to_s3=true" >> $GITHUB_OUTPUT - echo "artifact_s3_suffix=$BR_NAME" >> $GITHUB_OUTPUT - else - echo "artifact_upload_to_s3=false" >> $GITHUB_OUTPUT - echo "artifact_s3_suffix=$BR_NAME" >> $GITHUB_OUTPUT - fi - echo "AIRGAPPED_BUILD=${BUILD_AIRGAPPED}" >> $GITHUB_OUTPUT + if [ "${{ env.BUILD_TYPE }}" == "Release" ]; then + echo "artifact_upload_to_s3=true" >> $GITHUB_OUTPUT + echo "artifact_s3_suffix=${{ env.RELEASE_VERSION }}" >> $GITHUB_OUTPUT + BUILD_AIRGAPPED=true + elif [ "${{ env.TARGET_BRANCH }}" == "master" ]; then + echo "artifact_upload_to_s3=true" >> $GITHUB_OUTPUT + echo "artifact_s3_suffix=${{ env.AIRGAPPED_BUILD }}" >> $GITHUB_OUTPUT + elif [ "${{ env.TARGET_BRANCH }}" == "preview" ] || [ "${{ env.TARGET_BRANCH }}" == "develop" ] || [ "${{ env.TARGET_BRANCH }}" == "uat" ]; then + echo "artifact_upload_to_s3=true" >> $GITHUB_OUTPUT + echo "artifact_s3_suffix=$BR_NAME" >> $GITHUB_OUTPUT + else + echo "artifact_upload_to_s3=false" >> $GITHUB_OUTPUT + echo "artifact_s3_suffix=$BR_NAME" >> $GITHUB_OUTPUT + fi + echo "AIRGAPPED_BUILD=${BUILD_AIRGAPPED}" >> $GITHUB_OUTPUT branch_build_push_admin: name: Build-Push Admin Docker Image runs-on: ubuntu-22.04 - needs: [ branch_build_setup ] + needs: [branch_build_setup] steps: - - name: Admin Build and Push - uses: makeplane/actions/build-push@v1.0.0 - with: - build-release: ${{ needs.branch_build_setup.outputs.build_release }} - build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} - release-version: ${{ needs.branch_build_setup.outputs.release_version }} - dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} - dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} - private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} - private-registry-username: ${{ secrets.HARBOR_USERNAME }} - private-registry-token: ${{ secrets.HARBOR_TOKEN }} - private-registry-addr: ${{ vars.HARBOR_REGISTRY }} - private-registry-project: ${{ vars.HARBOR_PROJECT }} - docker-image-owner: makeplane - docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_admin }} - build-context: . - dockerfile-path: ./admin/Dockerfile.admin - buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} - buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} - buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} - buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} + - name: Admin Build and Push + uses: makeplane/actions/build-push@v1.0.0 + with: + build-release: ${{ needs.branch_build_setup.outputs.build_release }} + build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} + release-version: ${{ needs.branch_build_setup.outputs.release_version }} + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} + private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} + private-registry-username: ${{ secrets.HARBOR_USERNAME }} + private-registry-token: ${{ secrets.HARBOR_TOKEN }} + private-registry-addr: ${{ vars.HARBOR_REGISTRY }} + private-registry-project: ${{ vars.HARBOR_PROJECT }} + docker-image-owner: makeplane + docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_admin }} + build-context: . + dockerfile-path: ./apps/admin/Dockerfile.admin + buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} + buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} + buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} + buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} branch_build_push_web: name: Build-Push Web Docker Image runs-on: ubuntu-22.04 - needs: [ branch_build_setup ] + needs: [branch_build_setup] steps: - - name: Web Build and Push - uses: makeplane/actions/build-push@v1.0.0 - with: - build-release: ${{ needs.branch_build_setup.outputs.build_release }} - build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} - release-version: ${{ needs.branch_build_setup.outputs.release_version }} - dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} - dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} - private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} - private-registry-username: ${{ secrets.HARBOR_USERNAME }} - private-registry-token: ${{ secrets.HARBOR_TOKEN }} - private-registry-addr: ${{ vars.HARBOR_REGISTRY }} - private-registry-project: ${{ vars.HARBOR_PROJECT }} - docker-image-owner: makeplane - docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_web }} - build-context: . - dockerfile-path: ./web/Dockerfile.web - buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} - buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} - buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} - buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} + - name: Web Build and Push + uses: makeplane/actions/build-push@v1.0.0 + with: + build-release: ${{ needs.branch_build_setup.outputs.build_release }} + build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} + release-version: ${{ needs.branch_build_setup.outputs.release_version }} + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} + private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} + private-registry-username: ${{ secrets.HARBOR_USERNAME }} + private-registry-token: ${{ secrets.HARBOR_TOKEN }} + private-registry-addr: ${{ vars.HARBOR_REGISTRY }} + private-registry-project: ${{ vars.HARBOR_PROJECT }} + docker-image-owner: makeplane + docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_web }} + build-context: . + dockerfile-path: ./apps/web/Dockerfile.web + buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} + buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} + buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} + buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} branch_build_push_space: name: Build-Push Space Docker Image runs-on: ubuntu-22.04 - needs: [ branch_build_setup ] + needs: [branch_build_setup] steps: - - name: Space Build and Push - uses: makeplane/actions/build-push@v1.0.0 - with: - build-release: ${{ needs.branch_build_setup.outputs.build_release }} - build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} - release-version: ${{ needs.branch_build_setup.outputs.release_version }} - dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} - dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} - private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} - private-registry-username: ${{ secrets.HARBOR_USERNAME }} - private-registry-token: ${{ secrets.HARBOR_TOKEN }} - private-registry-addr: ${{ vars.HARBOR_REGISTRY }} - private-registry-project: ${{ vars.HARBOR_PROJECT }} - docker-image-owner: makeplane - docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_space }} - build-context: . - dockerfile-path: ./space/Dockerfile.space - buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} - buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} - buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} - buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} + - name: Space Build and Push + uses: makeplane/actions/build-push@v1.0.0 + with: + build-release: ${{ needs.branch_build_setup.outputs.build_release }} + build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} + release-version: ${{ needs.branch_build_setup.outputs.release_version }} + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} + private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} + private-registry-username: ${{ secrets.HARBOR_USERNAME }} + private-registry-token: ${{ secrets.HARBOR_TOKEN }} + private-registry-addr: ${{ vars.HARBOR_REGISTRY }} + private-registry-project: ${{ vars.HARBOR_PROJECT }} + docker-image-owner: makeplane + docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_space }} + build-context: . + dockerfile-path: ./apps/space/Dockerfile.space + buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} + buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} + buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} + buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} branch_build_push_live: name: Build-Push Live Collaboration Docker Image runs-on: ubuntu-22.04 - needs: [ branch_build_setup ] + needs: [branch_build_setup] steps: - - name: Live Build and Push - uses: makeplane/actions/build-push@v1.0.0 - with: - build-release: ${{ needs.branch_build_setup.outputs.build_release }} - build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} - release-version: ${{ needs.branch_build_setup.outputs.release_version }} - dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} - dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} - private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} - private-registry-username: ${{ secrets.HARBOR_USERNAME }} - private-registry-token: ${{ secrets.HARBOR_TOKEN }} - private-registry-addr: ${{ vars.HARBOR_REGISTRY }} - private-registry-project: ${{ vars.HARBOR_PROJECT }} - docker-image-owner: makeplane - docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_live }} - build-context: . - dockerfile-path: ./live/Dockerfile.live - buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} - buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} - buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} - buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} + - name: Live Build and Push + uses: makeplane/actions/build-push@v1.0.0 + with: + build-release: ${{ needs.branch_build_setup.outputs.build_release }} + build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} + release-version: ${{ needs.branch_build_setup.outputs.release_version }} + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} + private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} + private-registry-username: ${{ secrets.HARBOR_USERNAME }} + private-registry-token: ${{ secrets.HARBOR_TOKEN }} + private-registry-addr: ${{ vars.HARBOR_REGISTRY }} + private-registry-project: ${{ vars.HARBOR_PROJECT }} + docker-image-owner: makeplane + docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_live }} + build-context: . + dockerfile-path: ./apps/live/Dockerfile.live + buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} + buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} + buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} + buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} branch_build_push_silo: name: Build-Push Silo Docker Image runs-on: ubuntu-22.04 - needs: [ branch_build_setup ] + needs: [branch_build_setup] steps: - - name: Silo Build and Push - uses: makeplane/actions/build-push@v1.0.0 - with: - build-release: ${{ needs.branch_build_setup.outputs.build_release }} - build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} - release-version: ${{ needs.branch_build_setup.outputs.release_version }} - dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} - dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} - private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} - private-registry-username: ${{ secrets.HARBOR_USERNAME }} - private-registry-token: ${{ secrets.HARBOR_TOKEN }} - private-registry-addr: ${{ vars.HARBOR_REGISTRY }} - private-registry-project: ${{ vars.HARBOR_PROJECT }} - docker-image-owner: makeplane - docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_silo }} - build-context: . - dockerfile-path: ./silo/Dockerfile.silo - buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} - buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} - buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} - buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} + - name: Silo Build and Push + uses: makeplane/actions/build-push@v1.0.0 + with: + build-release: ${{ needs.branch_build_setup.outputs.build_release }} + build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} + release-version: ${{ needs.branch_build_setup.outputs.release_version }} + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} + private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} + private-registry-username: ${{ secrets.HARBOR_USERNAME }} + private-registry-token: ${{ secrets.HARBOR_TOKEN }} + private-registry-addr: ${{ vars.HARBOR_REGISTRY }} + private-registry-project: ${{ vars.HARBOR_PROJECT }} + docker-image-owner: makeplane + docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_silo }} + build-context: . + dockerfile-path: ./apps/silo/Dockerfile.silo + buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} + buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} + buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} + buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} branch_build_push_apiserver: name: Build-Push API Server Docker Image runs-on: ubuntu-22.04 - needs: [ branch_build_setup ] + needs: [branch_build_setup] steps: - - name: Backend Build and Push - uses: makeplane/actions/build-push@v1.0.0 - with: - build-release: ${{ needs.branch_build_setup.outputs.build_release }} - build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} - release-version: ${{ needs.branch_build_setup.outputs.release_version }} - dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} - dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} - private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} - private-registry-username: ${{ secrets.HARBOR_USERNAME }} - private-registry-token: ${{ secrets.HARBOR_TOKEN }} - private-registry-addr: ${{ vars.HARBOR_REGISTRY }} - private-registry-project: ${{ vars.HARBOR_PROJECT }} - docker-image-owner: makeplane - docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_backend }} - build-context: ./apiserver - dockerfile-path: ./apiserver/Dockerfile.api - buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} - buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} - buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} - buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} + - name: Backend Build and Push + uses: makeplane/actions/build-push@v1.0.0 + with: + build-release: ${{ needs.branch_build_setup.outputs.build_release }} + build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} + release-version: ${{ needs.branch_build_setup.outputs.release_version }} + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} + private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} + private-registry-username: ${{ secrets.HARBOR_USERNAME }} + private-registry-token: ${{ secrets.HARBOR_TOKEN }} + private-registry-addr: ${{ vars.HARBOR_REGISTRY }} + private-registry-project: ${{ vars.HARBOR_PROJECT }} + docker-image-owner: makeplane + docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_backend }} + build-context: ./apps/server + dockerfile-path: ./apps/server/Dockerfile.api + buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} + buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} + buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} + buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} branch_build_push_proxy: name: Build-Push Proxy Docker Image runs-on: ubuntu-22.04 - needs: [ branch_build_setup ] + needs: [branch_build_setup] steps: - - name: Proxy Build and Push - uses: makeplane/actions/build-push@v1.0.0 - with: - build-release: ${{ needs.branch_build_setup.outputs.build_release }} - build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} - release-version: ${{ needs.branch_build_setup.outputs.release_version }} - dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} - dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} - private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} - private-registry-username: ${{ secrets.HARBOR_USERNAME }} - private-registry-token: ${{ secrets.HARBOR_TOKEN }} - private-registry-addr: ${{ vars.HARBOR_REGISTRY }} - private-registry-project: ${{ vars.HARBOR_PROJECT }} - docker-image-owner: makeplane - docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_proxy }} - build-context: ./proxy - dockerfile-path: ./proxy/Dockerfile.ee - buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} - buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} - buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} - buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} + - name: Proxy Build and Push + uses: makeplane/actions/build-push@v1.0.0 + with: + build-release: ${{ needs.branch_build_setup.outputs.build_release }} + build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} + release-version: ${{ needs.branch_build_setup.outputs.release_version }} + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} + private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} + private-registry-username: ${{ secrets.HARBOR_USERNAME }} + private-registry-token: ${{ secrets.HARBOR_TOKEN }} + private-registry-addr: ${{ vars.HARBOR_REGISTRY }} + private-registry-project: ${{ vars.HARBOR_PROJECT }} + docker-image-owner: makeplane + docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_proxy }} + build-context: ./apps/proxy + dockerfile-path: ./apps/proxy/Dockerfile.ee + buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} + buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} + buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} + buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} branch_build_push_monitor: name: Build-Push Monitor Docker Image runs-on: ubuntu-22.04 - needs: [ branch_build_setup ] + needs: [branch_build_setup] steps: - - name: Generate Keypair - run: | - if [ "${{ env.TARGET_BRANCH }}" == "master" ] || [ "${{ env.BUILD_TYPE }}" == "Release" ]; then - openssl genrsa -out private_key.pem 2048 - else - echo "${{ secrets.DEFAULT_PRIME_PRIVATE_KEY }}" > private_key.pem - fi - openssl rsa -in private_key.pem -pubout -out public_key.pem - cat public_key.pem + - name: Generate Keypair + run: | + if [ "${{ env.TARGET_BRANCH }}" == "master" ] || [ "${{ env.BUILD_TYPE }}" == "Release" ]; then + openssl genrsa -out private_key.pem 2048 + else + echo "${{ secrets.DEFAULT_PRIME_PRIVATE_KEY }}" > private_key.pem + fi + openssl rsa -in private_key.pem -pubout -out public_key.pem + cat public_key.pem - # Generating the private key env for the generated keys - PRIVATE_KEY=$(cat private_key.pem | base64 -w 0) - echo "PRIVATE_KEY=${PRIVATE_KEY}" >> $GITHUB_ENV + # Generating the private key env for the generated keys + PRIVATE_KEY=$(cat private_key.pem | base64 -w 0) + echo "PRIVATE_KEY=${PRIVATE_KEY}" >> $GITHUB_ENV - - name: Monitor Build and Push - uses: makeplane/actions/build-push@v1.0.0 - with: - build-release: ${{ needs.branch_build_setup.outputs.build_release }} - build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} - release-version: ${{ needs.branch_build_setup.outputs.release_version }} - dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} - dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} - private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} - private-registry-username: ${{ secrets.HARBOR_USERNAME }} - private-registry-token: ${{ secrets.HARBOR_TOKEN }} - private-registry-addr: ${{ vars.HARBOR_REGISTRY }} - private-registry-project: ${{ vars.HARBOR_PROJECT }} - docker-image-owner: makeplane - docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_monitor }} - build-context: ./monitor - dockerfile-path: ./monitor/Dockerfile - buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} - buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} - buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} - buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} - build-args: | - PRIVATE_KEY=${{ env.PRIVATE_KEY }} + - name: Monitor Build and Push + uses: makeplane/actions/build-push@v1.0.0 + with: + build-release: ${{ needs.branch_build_setup.outputs.build_release }} + build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} + release-version: ${{ needs.branch_build_setup.outputs.release_version }} + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} + private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} + private-registry-username: ${{ secrets.HARBOR_USERNAME }} + private-registry-token: ${{ secrets.HARBOR_TOKEN }} + private-registry-addr: ${{ vars.HARBOR_REGISTRY }} + private-registry-project: ${{ vars.HARBOR_PROJECT }} + docker-image-owner: makeplane + docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_monitor }} + build-context: ./apps/monitor + dockerfile-path: ./apps/monitor/Dockerfile + buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} + buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} + buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} + buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} + build-args: | + PRIVATE_KEY=${{ env.PRIVATE_KEY }} branch_build_push_email: name: Build-Push Email Docker Image runs-on: ubuntu-22.04 - needs: [ branch_build_setup ] + needs: [branch_build_setup] steps: - - id: checkout_files - name: Checkout Files - uses: actions/checkout@v4 + - id: checkout_files + name: Checkout Files + uses: actions/checkout@v4 - - name: Email Build and Push - uses: makeplane/actions/build-push@v1.0.0 - with: - build-release: ${{ needs.branch_build_setup.outputs.build_release }} - build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} - release-version: ${{ needs.branch_build_setup.outputs.release_version }} - dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} - dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} - private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} - private-registry-username: ${{ secrets.HARBOR_USERNAME }} - private-registry-token: ${{ secrets.HARBOR_TOKEN }} - private-registry-addr: ${{ vars.HARBOR_REGISTRY }} - private-registry-project: ${{ vars.HARBOR_PROJECT }} - docker-image-owner: makeplane - docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_email }} - build-context: ./email - dockerfile-path: ./email/Dockerfile - buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} - buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} - buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} - buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} + - name: Email Build and Push + uses: makeplane/actions/build-push@v1.0.0 + with: + build-release: ${{ needs.branch_build_setup.outputs.build_release }} + build-prerelease: ${{ needs.branch_build_setup.outputs.build_prerelease }} + release-version: ${{ needs.branch_build_setup.outputs.release_version }} + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} + private-registry-push: ${{ needs.branch_build_setup.outputs.harbor_push }} + private-registry-username: ${{ secrets.HARBOR_USERNAME }} + private-registry-token: ${{ secrets.HARBOR_TOKEN }} + private-registry-addr: ${{ vars.HARBOR_REGISTRY }} + private-registry-project: ${{ vars.HARBOR_PROJECT }} + docker-image-owner: makeplane + docker-image-name: ${{ needs.branch_build_setup.outputs.dh_img_email }} + build-context: ./apps/email + dockerfile-path: ./apps/email/Dockerfile + buildx-driver: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }} + buildx-version: ${{ needs.branch_build_setup.outputs.gh_buildx_version }} + buildx-platforms: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }} + buildx-endpoint: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }} upload_artifacts_s3: if: ${{ needs.branch_build_setup.outputs.artifact_upload_to_s3 == 'true' }} name: Upload artifacts to S3 Bucket runs-on: ubuntu-22.04 - needs: [ branch_build_setup ] + needs: [branch_build_setup] container: image: docker:20.10.7 credentials: @@ -430,173 +430,198 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.SELF_HOST_BUCKET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.SELF_HOST_BUCKET_SECRET_KEY }} steps: - - id: checkout_files - name: Checkout Files - uses: actions/checkout@v4 + - id: checkout_files + name: Checkout Files + uses: actions/checkout@v4 - - name: Upload artifacts - run: | - apk update - apk add --no-cache aws-cli + - name: Upload artifacts + run: | + apk update + apk add --no-cache aws-cli - mkdir -p ~/${{ env.ARTIFACT_SUFFIX }} + mkdir -p ~/${{ env.ARTIFACT_SUFFIX }} - sed -i 's@APP_RELEASE_VERSION=.*@APP_RELEASE_VERSION='${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/variables.env - cp deploy/cli-install/variables.env ~/${{ env.ARTIFACT_SUFFIX }}/variables.env + sed -i 's@APP_RELEASE_VERSION=.*@APP_RELEASE_VERSION='${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/variables.env + cp deploy/cli-install/variables.env ~/${{ env.ARTIFACT_SUFFIX }}/variables.env - sed -i 's@${APP_RELEASE_VERSION.*@'${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/docker-compose-caddy.yml - cp deploy/cli-install/docker-compose-caddy.yml ~/${{ env.ARTIFACT_SUFFIX }}/docker-compose-caddy.yml + sed -i 's@${APP_RELEASE_VERSION.*@'${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/docker-compose-caddy.yml + cp deploy/cli-install/docker-compose-caddy.yml ~/${{ env.ARTIFACT_SUFFIX }}/docker-compose-caddy.yml - sed -i 's@${APP_RELEASE_VERSION.*@'${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/coolify-compose.yml - cp deploy/cli-install/coolify-compose.yml ~/${{ env.ARTIFACT_SUFFIX }}/coolify-compose.yml + sed -i 's@${APP_RELEASE_VERSION.*@'${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/coolify-compose.yml + cp deploy/cli-install/coolify-compose.yml ~/${{ env.ARTIFACT_SUFFIX }}/coolify-compose.yml - sed -i 's@${APP_RELEASE_VERSION.*@'${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/portainer-compose.yml - cp deploy/cli-install/portainer-compose.yml ~/${{ env.ARTIFACT_SUFFIX }}/portainer-compose.yml + sed -i 's@${APP_RELEASE_VERSION.*@'${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/portainer-compose.yml + cp deploy/cli-install/portainer-compose.yml ~/${{ env.ARTIFACT_SUFFIX }}/portainer-compose.yml - # required for prime-cli backward compatibility - cp proxy/Caddyfile.ee ~/${{ env.ARTIFACT_SUFFIX }}/Caddyfile - cp deploy/cli-install/docker-compose-caddy.yml ~/${{ env.ARTIFACT_SUFFIX }}/docker-compose.yml - - # Process podman quadlets - cd deploy/cli-install/podman-quadlets - rm -rf plane-podman - mkdir -p plane-podman/plane/ - mkdir -p plane-podman/config/ + # required for prime-cli backward compatibility + cp proxy/Caddyfile.ee ~/${{ env.ARTIFACT_SUFFIX }}/Caddyfile + cp deploy/cli-install/docker-compose-caddy.yml ~/${{ env.ARTIFACT_SUFFIX }}/docker-compose.yml + + # Process podman quadlets + cd deploy/cli-install/podman-quadlets + rm -rf plane-podman + mkdir -p plane-podman/plane/ + mkdir -p plane-podman/config/ - # Create a new file with initial content - cp ./install.sh ./plane-podman/install.sh - cp ../variables.env ./plane-podman/plane/plane.env - echo "" >> ./plane-podman/plane/plane.env + # Create a new file with initial content + cp ./install.sh ./plane-podman/install.sh + cp ../variables.env ./plane-podman/plane/plane.env + echo "" >> ./plane-podman/plane/plane.env - # Process quadlets.env - while IFS= read -r line; do - # Replace APP_VERSION with ARTIFACT_SUFFIX - if echo "$line" | grep -q "^APP_VERSION="; then - echo "APP_VERSION=${{ env.ARTIFACT_SUFFIX }}" >> ./plane-podman/plane/plane.env - continue + # Process quadlets.env + while IFS= read -r line; do + # Replace APP_VERSION with ARTIFACT_SUFFIX + if echo "$line" | grep -q "^APP_VERSION="; then + echo "APP_VERSION=${{ env.ARTIFACT_SUFFIX }}" >> ./plane-podman/plane/plane.env + continue + fi + + # If line starts with #, write it and a single empty line + if echo "$line" | grep -q '^[[:space:]]*#'; then + echo "" >> ./plane-podman/plane/plane.env + echo "$line" >> ./plane-podman/plane/plane.env + continue + fi + + # Skip empty lines + if [ -z "$line" ]; then + continue + fi + + # Process key-value pairs + key=$(echo "$line" | cut -d'=' -f1) + value=$(echo "$line" | cut -d'=' -f2) + if ! grep -q "^${key}=" ./plane-podman/plane/plane.env; then + echo "${key}=${value}" >> ./plane-podman/plane/plane.env + elif [[ "$OSTYPE" == "darwin"* ]]; then + sed -i '' "s|${key}=.*|${key}=${value}|" ./plane-podman/plane/plane.env + else + sed -i "s|${key}=.*|${key}=${value}|" ./plane-podman/plane/plane.env + fi + done < quadlets.env + + # Verify files exist before copying + if [ ! -f Caddyfile ]; then + echo "Error: Caddyfile not found" + exit 1 + fi + cp Caddyfile ./plane-podman/plane/Caddyfile + + # Verify podman-quadlets.ini exists + if [ ! -f podman-quadlets.ini ]; then + echo "Error: podman-quadlets.ini not found" + exit 1 fi - # If line starts with #, write it and a single empty line - if echo "$line" | grep -q '^[[:space:]]*#'; then - echo "" >> ./plane-podman/plane/plane.env - echo "$line" >> ./plane-podman/plane/plane.env - continue + # check APP_RELEASE_VERSION in podman-quadlets.ini and change it to ${ARTIFACT_SUFFIX} + sed -i 's@${APP_RELEASE_VERSION}.*@'${{ env.ARTIFACT_SUFFIX }}'@' podman-quadlets.ini + + # Split podman-quadlets.ini into separate files in plane-podman folder + cat podman-quadlets.ini | awk '/^# [a-z_-]+\.(container|network)$/ {filename="plane-podman/config/" substr($2,1); next} /^---$/ {next} filename && !/^#/ {print > filename}' + + # Create tar of podman quadlets with proper directory structure + cd plane-podman + tar -czf ~/${{ env.ARTIFACT_SUFFIX }}/podman-quadlets.tar.gz . + cd .. + + # Verify the tar was created successfully + if [ ! -f ~/${{ env.ARTIFACT_SUFFIX }}/podman-quadlets.tar.gz ]; then + echo "Error: Failed to create podman-quadlets.tar.gz" + exit 1 fi - - # Skip empty lines - if [ -z "$line" ]; then - continue - fi - - # Process key-value pairs - key=$(echo "$line" | cut -d'=' -f1) - value=$(echo "$line" | cut -d'=' -f2) - if ! grep -q "^${key}=" ./plane-podman/plane/plane.env; then - echo "${key}=${value}" >> ./plane-podman/plane/plane.env - elif [[ "$OSTYPE" == "darwin"* ]]; then - sed -i '' "s|${key}=.*|${key}=${value}|" ./plane-podman/plane/plane.env - else - sed -i "s|${key}=.*|${key}=${value}|" ./plane-podman/plane/plane.env - fi - done < quadlets.env - # Verify files exist before copying - if [ ! -f Caddyfile ]; then - echo "Error: Caddyfile not found" - exit 1 - fi - cp Caddyfile ./plane-podman/plane/Caddyfile - - # Verify podman-quadlets.ini exists - if [ ! -f podman-quadlets.ini ]; then - echo "Error: podman-quadlets.ini not found" - exit 1 - fi - - # check APP_RELEASE_VERSION in podman-quadlets.ini and change it to ${ARTIFACT_SUFFIX} - sed -i 's@${APP_RELEASE_VERSION}.*@'${{ env.ARTIFACT_SUFFIX }}'@' podman-quadlets.ini - - # Split podman-quadlets.ini into separate files in plane-podman folder - cat podman-quadlets.ini | awk '/^# [a-z_-]+\.(container|network)$/ {filename="plane-podman/config/" substr($2,1); next} /^---$/ {next} filename && !/^#/ {print > filename}' - - # Create tar of podman quadlets with proper directory structure - cd plane-podman - tar -czf ~/${{ env.ARTIFACT_SUFFIX }}/podman-quadlets.tar.gz . - cd .. - - # Verify the tar was created successfully - if [ ! -f ~/${{ env.ARTIFACT_SUFFIX }}/podman-quadlets.tar.gz ]; then - echo "Error: Failed to create podman-quadlets.tar.gz" - exit 1 - fi - - aws s3 cp ~/${{ env.ARTIFACT_SUFFIX }} s3://${{ vars.SELF_HOST_BUCKET_NAME }}/plane-enterprise/${{ env.ARTIFACT_SUFFIX }} --recursive - - name: Upload tar artifacts - uses: actions/upload-artifact@v4 - with: - name: podman-quadlets.tar.gz - path: ~/${{ env.ARTIFACT_SUFFIX }}/podman-quadlets.tar.gz + aws s3 cp ~/${{ env.ARTIFACT_SUFFIX }} s3://${{ vars.SELF_HOST_BUCKET_NAME }}/plane-enterprise/${{ env.ARTIFACT_SUFFIX }} --recursive + - name: Upload tar artifacts + uses: actions/upload-artifact@v4 + with: + name: podman-quadlets.tar.gz + path: ~/${{ env.ARTIFACT_SUFFIX }}/podman-quadlets.tar.gz publish_release: if: ${{ needs.branch_build_setup.outputs.build_type == 'Release' }} name: Build Release runs-on: ubuntu-22.04 - needs: [ branch_build_setup, branch_build_push_admin, branch_build_push_web, branch_build_push_space, branch_build_push_live, branch_build_push_apiserver, branch_build_push_proxy, branch_build_push_monitor, branch_build_push_email, branch_build_push_silo, upload_artifacts_s3 ] + needs: + [ + branch_build_setup, + branch_build_push_admin, + branch_build_push_web, + branch_build_push_space, + branch_build_push_live, + branch_build_push_apiserver, + branch_build_push_proxy, + branch_build_push_monitor, + branch_build_push_email, + branch_build_push_silo, + upload_artifacts_s3, + ] env: REL_VERSION: ${{ needs.branch_build_setup.outputs.release_version }} ARTIFACT_SUFFIX: ${{ needs.branch_build_setup.outputs.artifact_s3_suffix }} AIRGAPPED_ARM64_BUILD: ${{ needs.branch_build_setup.outputs.arm64_build == 'true' }} steps: - - name: Checkout - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 - - name: Download Artifact - uses: actions/download-artifact@v4 - with: - path: /tmp/airgapped - merge-multiple: true + - name: Download Artifact + uses: actions/download-artifact@v4 + with: + path: /tmp/airgapped + merge-multiple: true - - name: Download podman quadlets - uses: actions/download-artifact@v4 - with: - name: podman-quadlets.tar.gz - path: deploy/cli-install/ + - name: Download podman quadlets + uses: actions/download-artifact@v4 + with: + name: podman-quadlets.tar.gz + path: deploy/cli-install/ - - name: Update docker-compose - run: | - sed -i 's@APP_RELEASE_VERSION=.*@APP_RELEASE_VERSION='${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/variables.env - sed -i 's@${APP_RELEASE_VERSION.*@'${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/docker-compose-caddy.yml - sed -i 's@${APP_RELEASE_VERSION.*@'${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/coolify-compose.yml - sed -i 's@${APP_RELEASE_VERSION.*@'${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/portainer-compose.yml + - name: Update docker-compose + run: | + sed -i 's@APP_RELEASE_VERSION=.*@APP_RELEASE_VERSION='${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/variables.env + sed -i 's@${APP_RELEASE_VERSION.*@'${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/docker-compose-caddy.yml + sed -i 's@${APP_RELEASE_VERSION.*@'${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/coolify-compose.yml + sed -i 's@${APP_RELEASE_VERSION.*@'${{ env.ARTIFACT_SUFFIX }}'@' deploy/cli-install/portainer-compose.yml - cp deploy/cli-install/docker-compose-caddy.yml deploy/cli-install/docker-compose.yml - cp deploy/cli-install/portainer-compose.yml deploy/cli-install/swarm-compose.yml - - - name: Create Release - id: create_release - uses: softprops/action-gh-release@v2.0.8 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token - with: - tag_name: ${{ env.REL_VERSION }} - name: ${{ env.REL_VERSION }} - draft: false - prerelease: ${{ env.IS_PRERELEASE }} - generate_release_notes: true - files: | - ${{ github.workspace }}/deploy/cli-install/variables.env - ${{ github.workspace }}/deploy/cli-install/docker-compose.yml - ${{ github.workspace }}/deploy/cli-install/coolify-compose.yml - ${{ github.workspace }}/deploy/cli-install/portainer-compose.yml - ${{ github.workspace }}/deploy/cli-install/swarm-compose.yml - ${{ github.workspace }}/deploy/cli-install/podman-quadlets.tar.gz + cp deploy/cli-install/docker-compose-caddy.yml deploy/cli-install/docker-compose.yml + cp deploy/cli-install/portainer-compose.yml deploy/cli-install/swarm-compose.yml + - name: Create Release + id: create_release + uses: softprops/action-gh-release@v2.0.8 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + with: + tag_name: ${{ env.REL_VERSION }} + name: ${{ env.REL_VERSION }} + draft: false + prerelease: ${{ env.IS_PRERELEASE }} + generate_release_notes: true + files: | + ${{ github.workspace }}/deploy/cli-install/variables.env + ${{ github.workspace }}/deploy/cli-install/docker-compose.yml + ${{ github.workspace }}/deploy/cli-install/coolify-compose.yml + ${{ github.workspace }}/deploy/cli-install/portainer-compose.yml + ${{ github.workspace }}/deploy/cli-install/swarm-compose.yml + ${{ github.workspace }}/deploy/cli-install/podman-quadlets.tar.gz package_airgapped_artifacts: if: ${{ needs.branch_build_setup.outputs.airgapped_build == 'true' || needs.branch_build_setup.outputs.build_type == 'Release' }} name: Package Airgapped Artifacts runs-on: ubuntu-22.04 - needs: [ branch_build_setup, branch_build_push_admin, branch_build_push_web, branch_build_push_space, branch_build_push_live, branch_build_push_apiserver, branch_build_push_proxy, branch_build_push_monitor, branch_build_push_email, branch_build_push_silo, upload_artifacts_s3 ] + needs: + [ + branch_build_setup, + branch_build_push_admin, + branch_build_push_web, + branch_build_push_space, + branch_build_push_live, + branch_build_push_apiserver, + branch_build_push_proxy, + branch_build_push_monitor, + branch_build_push_email, + branch_build_push_silo, + upload_artifacts_s3, + ] env: AWS_ACCESS_KEY_ID: ${{ secrets.SELF_HOST_BUCKET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.SELF_HOST_BUCKET_SECRET_KEY }} @@ -610,338 +635,338 @@ jobs: PRESIGNED_URL_EXPIRY: 604800 # 7 days (max allowed by AWS) AIRGAPPED_ARM64_BUILD: ${{ needs.branch_build_setup.outputs.arm64_build == 'true' }} steps: - - id: checkout_files - name: Checkout Files - uses: actions/checkout@v4 + - id: checkout_files + name: Checkout Files + uses: actions/checkout@v4 - - id: install-qemu - uses: docker/setup-qemu-action@v3 + - id: install-qemu + uses: docker/setup-qemu-action@v3 - - name: Docker Setup - uses: docker/setup-buildx-action@v3 + - name: Docker Setup + uses: docker/setup-buildx-action@v3 - - name: Setup yq - run: | - echo "Installing yq..." - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 - sudo chmod +x /usr/local/bin/yq + - name: Setup yq + run: | + echo "Installing yq..." + sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 + sudo chmod +x /usr/local/bin/yq - - name: Install crane - run: | - echo "Installing crane..." - curl -sL "https://github.com/google/go-containerregistry/releases/latest/download/go-containerregistry_Linux_x86_64.tar.gz" | tar -xz -C /usr/local/bin crane - sudo chmod +x /usr/local/bin/crane + - name: Install crane + run: | + echo "Installing crane..." + curl -sL "https://github.com/google/go-containerregistry/releases/latest/download/go-containerregistry_Linux_x86_64.tar.gz" | tar -xz -C /usr/local/bin crane + sudo chmod +x /usr/local/bin/crane - - id: install-aws-cli - uses: unfor19/install-aws-cli-action@v1 - with: - version: 2 + - id: install-aws-cli + uses: unfor19/install-aws-cli-action@v1 + with: + version: 2 - - name: Get secrets by name - uses: aws-actions/aws-secretsmanager-get-secrets@v2 - with: - secret-ids: | - GPG_KEYS,github/actions/plane-ee/branch-build-ee - parse-json-secrets: true + - name: Get secrets by name + uses: aws-actions/aws-secretsmanager-get-secrets@v2 + with: + secret-ids: | + GPG_KEYS,github/actions/plane-ee/branch-build-ee + parse-json-secrets: true - - name: Save GPG secrets - id: save_gpg_secrets - run: | - mkdir -p /tmp/gpg_keys + - name: Save GPG secrets + id: save_gpg_secrets + run: | + mkdir -p /tmp/gpg_keys - single_line_key="${{ env.GPG_KEYS_GPG_PRIVATE_KEY }}" - begin_part="-----BEGIN PGP PRIVATE KEY BLOCK----- " - end_part="-----END PGP PRIVATE KEY BLOCK-----" - middle=$(echo "$single_line_key" | sed "s/$begin_part//" | sed "s/$end_part//") + single_line_key="${{ env.GPG_KEYS_GPG_PRIVATE_KEY }}" + begin_part="-----BEGIN PGP PRIVATE KEY BLOCK----- " + end_part="-----END PGP PRIVATE KEY BLOCK-----" + middle=$(echo "$single_line_key" | sed "s/$begin_part//" | sed "s/$end_part//") - formatted_middle=$(echo "$middle" | sed 's/ /\n/g') - pem_key="${begin_part}${formatted_middle}${end_part}" - passphrase="${{ env.GPG_KEYS_GPG_PRIVATE_KEY_PASSPHRASE }}" + formatted_middle=$(echo "$middle" | sed 's/ /\n/g') + pem_key="${begin_part}${formatted_middle}${end_part}" + passphrase="${{ env.GPG_KEYS_GPG_PRIVATE_KEY_PASSPHRASE }}" - echo "$begin_part" > /tmp/gpg_keys/gpg_private_key.pem - echo "$formatted_middle" >> /tmp/gpg_keys/gpg_private_key.pem - echo "$end_part" >> /tmp/gpg_keys/gpg_private_key.pem + echo "$begin_part" > /tmp/gpg_keys/gpg_private_key.pem + echo "$formatted_middle" >> /tmp/gpg_keys/gpg_private_key.pem + echo "$end_part" >> /tmp/gpg_keys/gpg_private_key.pem - echo "$passphrase" > /tmp/gpg_keys/gpg_private_key_passphrase.txt + echo "$passphrase" > /tmp/gpg_keys/gpg_private_key_passphrase.txt - echo "GPG_PRIVATE_KEY_PASSPHRASE=${passphrase}" >> $GITHUB_OUTPUT + echo "GPG_PRIVATE_KEY_PASSPHRASE=${passphrase}" >> $GITHUB_OUTPUT - - name: Download podman quadlets - uses: actions/download-artifact@v4 - with: - name: podman-quadlets.tar.gz - path: /tmp/podman-quadlets + - name: Download podman quadlets + uses: actions/download-artifact@v4 + with: + name: podman-quadlets.tar.gz + path: /tmp/podman-quadlets - - id: package_airgapped_artifacts - name: Package Airgapped Artifacts - env: - GPG_PUBLIC_KEY_ID: ${{ vars.GPG_PUBLIC_KEY_ID }} - CR_PASSPHRASE_FILE: ${{ env.GNUPGHOME }}/gpg-passphrase - run: | - echo "Setup GPG environment..." + - id: package_airgapped_artifacts + name: Package Airgapped Artifacts + env: + GPG_PUBLIC_KEY_ID: ${{ vars.GPG_PUBLIC_KEY_ID }} + CR_PASSPHRASE_FILE: ${{ env.GNUPGHOME }}/gpg-passphrase + run: | + echo "Setup GPG environment..." - GPG_PRIVATE_KEY=$(cat /tmp/gpg_keys/gpg_private_key.pem) - GPG_PRIVATE_KEY_PASSPHRASE=${{ steps.save_gpg_secrets.outputs.GPG_PRIVATE_KEY_PASSPHRASE }} + GPG_PRIVATE_KEY=$(cat /tmp/gpg_keys/gpg_private_key.pem) + GPG_PRIVATE_KEY_PASSPHRASE=${{ steps.save_gpg_secrets.outputs.GPG_PRIVATE_KEY_PASSPHRASE }} - mkdir -p ${{env.GNUPGHOME}} - chmod 700 ${{env.GNUPGHOME}} - # Disable the use of the gpg-agent - echo "use-agent" >> ${{env.GNUPGHOME}}/gpg.conf - echo "pinentry-mode loopback" >> ${{env.GNUPGHOME}}/gpg.conf - echo "no-tty" >> ${{env.GNUPGHOME}}/gpg.conf - echo "no-autostart" >> ${{env.GNUPGHOME}}/gpg-agent.conf - echo "allow-loopback-pinentry" >> ${{env.GNUPGHOME}}/gpg-agent.conf - echo "${GPG_PRIVATE_KEY_PASSPHRASE}" > ${{env.CR_PASSPHRASE_FILE}} + mkdir -p ${{env.GNUPGHOME}} + chmod 700 ${{env.GNUPGHOME}} + # Disable the use of the gpg-agent + echo "use-agent" >> ${{env.GNUPGHOME}}/gpg.conf + echo "pinentry-mode loopback" >> ${{env.GNUPGHOME}}/gpg.conf + echo "no-tty" >> ${{env.GNUPGHOME}}/gpg.conf + echo "no-autostart" >> ${{env.GNUPGHOME}}/gpg-agent.conf + echo "allow-loopback-pinentry" >> ${{env.GNUPGHOME}}/gpg-agent.conf + echo "${GPG_PRIVATE_KEY_PASSPHRASE}" > ${{env.CR_PASSPHRASE_FILE}} - echo "Importing GPG key..." - echo "${GPG_PRIVATE_KEY}" | gpg --import --batch --yes - if [ $? -ne 0 ]; then - echo "GPG key import failed!" - exit 1 - fi - echo "GPG key imported successfully." - - echo "Exporting GPG public key..." - gpg --export -a $GPG_PUBLIC_KEY_ID > "/tmp/plane_public_key.asc" - - AIRGAPPED_RELEASE_VERSION=${{ env.AIRGAPPED_RELEASE_VERSION }} - if [ "${{ needs.branch_build_setup.outputs.build_type}}" == "Build" ]; then - AIRGAPPED_RELEASE_VERSION=${{ needs.branch_build_setup.outputs.gh_branch_name }} - fi - echo "AIRGAPPED_RELEASE_VERSION=$AIRGAPPED_RELEASE_VERSION" >> $GITHUB_ENV - - # Common function for packaging and signing - package_and_sign() { - local platform_suffix=$1 # "amd64" or "arm64" - local s3_path_prefix="${{ env.S3_PATH }}/airgapped-${platform_suffix}" - local tarball_name="airgapped-${platform_suffix}.tar.gz" - local sha_file="${tarball_name}.sha256" - local asc_file="${sha_file}.asc" - - mkdir -p "/tmp/airgapped-${platform_suffix}" - cp /tmp/podman-quadlets/podman-quadlets.tar.gz . - - echo "Copying platform specific files to /tmp/airgapped-${platform_suffix}..." - cp docker-compose.yml "/tmp/airgapped-${platform_suffix}/airgapped-docker-compose-${platform_suffix}.yml" - # For our first run, if we're in amd64, we'll need to copy the plane.env file - if [ "${platform_suffix}" == "amd64" ]; then - cp plane.env "/tmp/airgapped-plane.env" - cp install.sh "/tmp/airgapped-install.sh" - fi - - echo "Packaging airgapped artifacts for ${platform_suffix}..." - tar -czf "${tarball_name}" * - - cp "${tarball_name}" "/tmp/airgapped-${platform_suffix}/" - - echo "Generating SHA256 sum for ${tarball_name}..." - sha256sum "${tarball_name}" > "${sha_file}" - - echo "Signing SHA256 sum for ${tarball_name} with key ID ${GPG_PUBLIC_KEY_ID}..." - gpg --local-user ${GPG_PUBLIC_KEY_ID} --pinentry-mode loopback --detach-sign --armor --batch --yes --passphrase-file "${{env.CR_PASSPHRASE_FILE}}" "${sha_file}" + echo "Importing GPG key..." + echo "${GPG_PRIVATE_KEY}" | gpg --import --batch --yes if [ $? -ne 0 ]; then - echo "GPG signing failed for ${platform_suffix}!" + echo "GPG key import failed!" exit 1 fi - echo "GPG signing successful for ${platform_suffix}." + echo "GPG key imported successfully." - echo "Copying ${asc_file} to /tmp/airgapped-${platform_suffix}..." - cp "${asc_file}" "/tmp/airgapped-${platform_suffix}/" + echo "Exporting GPG public key..." + gpg --export -a $GPG_PUBLIC_KEY_ID > "/tmp/plane_public_key.asc" - echo "Uploading ${platform_suffix} artifacts to S3..." - aws s3 cp "${tarball_name}" "${s3_path_prefix}.tar.gz" - aws s3 cp "${asc_file}" "${s3_path_prefix}.tar.gz.sha256.asc" - echo "${platform_suffix} artifacts and signatures uploaded to S3 at ${s3_path_prefix}" + AIRGAPPED_RELEASE_VERSION=${{ env.AIRGAPPED_RELEASE_VERSION }} + if [ "${{ needs.branch_build_setup.outputs.build_type}}" == "Build" ]; then + AIRGAPPED_RELEASE_VERSION=${{ needs.branch_build_setup.outputs.gh_branch_name }} + fi + echo "AIRGAPPED_RELEASE_VERSION=$AIRGAPPED_RELEASE_VERSION" >> $GITHUB_ENV - echo "Creating presigned URLs for ${platform_suffix} artifacts..." - S3_PRESIGNED_URL=$(aws s3 presign "${s3_path_prefix}.tar.gz" --expires-in ${{ env.PRESIGNED_URL_EXPIRY }} --region ${{ env.S3_REGION }}) - echo "$S3_PRESIGNED_URL" > "/tmp/presigned_url_${platform_suffix}.txt" + # Common function for packaging and signing + package_and_sign() { + local platform_suffix=$1 # "amd64" or "arm64" + local s3_path_prefix="${{ env.S3_PATH }}/airgapped-${platform_suffix}" + local tarball_name="airgapped-${platform_suffix}.tar.gz" + local sha_file="${tarball_name}.sha256" + local asc_file="${sha_file}.asc" - S3_PRESIGNED_URL_ASC=$(aws s3 presign "${s3_path_prefix}.tar.gz.sha256.asc" --expires-in ${{ env.PRESIGNED_URL_EXPIRY }} --region ${{ env.S3_REGION }}) - echo "$S3_PRESIGNED_URL_ASC" > "/tmp/presigned_url_${platform_suffix}_sha256_asc.txt" - echo "Presigned URLs for ${platform_suffix} created." - } + mkdir -p "/tmp/airgapped-${platform_suffix}" + cp /tmp/podman-quadlets/podman-quadlets.tar.gz . + + echo "Copying platform specific files to /tmp/airgapped-${platform_suffix}..." + cp docker-compose.yml "/tmp/airgapped-${platform_suffix}/airgapped-docker-compose-${platform_suffix}.yml" + # For our first run, if we're in amd64, we'll need to copy the plane.env file + if [ "${platform_suffix}" == "amd64" ]; then + cp plane.env "/tmp/airgapped-plane.env" + cp install.sh "/tmp/airgapped-install.sh" + fi - # Build for amd64 - echo "Starting AMD64 build..." - cd ${{ github.workspace }}/deploy/airgapped - bash ./build.sh --release=$AIRGAPPED_RELEASE_VERSION --platform=linux/amd64 - cd dist - package_and_sign "amd64" + echo "Packaging airgapped artifacts for ${platform_suffix}..." + tar -czf "${tarball_name}" * - # Build for arm64 - echo "AIRGAPPED_ARM64_BUILD=${{ env.AIRGAPPED_ARM64_BUILD }}" >> $GITHUB_OUTPUT - if [ "${{ env.AIRGAPPED_ARM64_BUILD }}" == "true" ]; then - echo "Starting ARM64 build..." + cp "${tarball_name}" "/tmp/airgapped-${platform_suffix}/" + + echo "Generating SHA256 sum for ${tarball_name}..." + sha256sum "${tarball_name}" > "${sha_file}" + + echo "Signing SHA256 sum for ${tarball_name} with key ID ${GPG_PUBLIC_KEY_ID}..." + gpg --local-user ${GPG_PUBLIC_KEY_ID} --pinentry-mode loopback --detach-sign --armor --batch --yes --passphrase-file "${{env.CR_PASSPHRASE_FILE}}" "${sha_file}" + if [ $? -ne 0 ]; then + echo "GPG signing failed for ${platform_suffix}!" + exit 1 + fi + echo "GPG signing successful for ${platform_suffix}." + + echo "Copying ${asc_file} to /tmp/airgapped-${platform_suffix}..." + cp "${asc_file}" "/tmp/airgapped-${platform_suffix}/" + + echo "Uploading ${platform_suffix} artifacts to S3..." + aws s3 cp "${tarball_name}" "${s3_path_prefix}.tar.gz" + aws s3 cp "${asc_file}" "${s3_path_prefix}.tar.gz.sha256.asc" + echo "${platform_suffix} artifacts and signatures uploaded to S3 at ${s3_path_prefix}" + + echo "Creating presigned URLs for ${platform_suffix} artifacts..." + S3_PRESIGNED_URL=$(aws s3 presign "${s3_path_prefix}.tar.gz" --expires-in ${{ env.PRESIGNED_URL_EXPIRY }} --region ${{ env.S3_REGION }}) + echo "$S3_PRESIGNED_URL" > "/tmp/presigned_url_${platform_suffix}.txt" + + S3_PRESIGNED_URL_ASC=$(aws s3 presign "${s3_path_prefix}.tar.gz.sha256.asc" --expires-in ${{ env.PRESIGNED_URL_EXPIRY }} --region ${{ env.S3_REGION }}) + echo "$S3_PRESIGNED_URL_ASC" > "/tmp/presigned_url_${platform_suffix}_sha256_asc.txt" + echo "Presigned URLs for ${platform_suffix} created." + } + + # Build for amd64 + echo "Starting AMD64 build..." cd ${{ github.workspace }}/deploy/airgapped - bash ./build.sh --release=$AIRGAPPED_RELEASE_VERSION --platform=linux/arm64 + bash ./build.sh --release=$AIRGAPPED_RELEASE_VERSION --platform=linux/amd64 cd dist - package_and_sign "arm64" - fi + package_and_sign "amd64" - echo "COMMIT_HASH=$(git rev-parse HEAD)" >> $GITHUB_ENV + # Build for arm64 + echo "AIRGAPPED_ARM64_BUILD=${{ env.AIRGAPPED_ARM64_BUILD }}" >> $GITHUB_OUTPUT + if [ "${{ env.AIRGAPPED_ARM64_BUILD }}" == "true" ]; then + echo "Starting ARM64 build..." + cd ${{ github.workspace }}/deploy/airgapped + bash ./build.sh --release=$AIRGAPPED_RELEASE_VERSION --platform=linux/arm64 + cd dist + package_and_sign "arm64" + fi - - name: Upload Public Key - uses: actions/upload-artifact@v4 - with: - name: plane_public_key.asc - path: /tmp/plane_public_key.asc + echo "COMMIT_HASH=$(git rev-parse HEAD)" >> $GITHUB_ENV - - name: Upload Airgapped Plane Env - uses: actions/upload-artifact@v4 - with: - name: airgapped-plane.env - path: /tmp/airgapped-plane.env + - name: Upload Public Key + uses: actions/upload-artifact@v4 + with: + name: plane_public_key.asc + path: /tmp/plane_public_key.asc - - name: Upload Airgapped Install Script - uses: actions/upload-artifact@v4 - with: - name: airgapped-install.sh - path: /tmp/airgapped-install.sh + - name: Upload Airgapped Plane Env + uses: actions/upload-artifact@v4 + with: + name: airgapped-plane.env + path: /tmp/airgapped-plane.env - - name: Upload Airgapped Docker Compose (AMD64) - uses: actions/upload-artifact@v4 - with: - name: airgapped-docker-compose-amd64.yml - path: /tmp/airgapped-amd64/airgapped-docker-compose-amd64.yml + - name: Upload Airgapped Install Script + uses: actions/upload-artifact@v4 + with: + name: airgapped-install.sh + path: /tmp/airgapped-install.sh - # - name: Upload Airgapped Tarball (AMD64) - # uses: actions/upload-artifact@v4 - # with: - # name: airgapped-amd64.tar.gz - # path: /tmp//airgapped-amd64/airgapped-amd64.tar.gz + - name: Upload Airgapped Docker Compose (AMD64) + uses: actions/upload-artifact@v4 + with: + name: airgapped-docker-compose-amd64.yml + path: /tmp/airgapped-amd64/airgapped-docker-compose-amd64.yml - - name: Upload Tarball Signature (AMD64) - uses: actions/upload-artifact@v4 - with: - name: airgapped-amd64.tar.gz.sha256.asc - path: /tmp/airgapped-amd64/airgapped-amd64.tar.gz.sha256.asc + # - name: Upload Airgapped Tarball (AMD64) + # uses: actions/upload-artifact@v4 + # with: + # name: airgapped-amd64.tar.gz + # path: /tmp//airgapped-amd64/airgapped-amd64.tar.gz - - name: Upload Airgapped Presigned URL (AMD64) - uses: actions/upload-artifact@v4 - with: - name: pre-signed-url-amd64.txt - path: /tmp/presigned_url_amd64.txt + - name: Upload Tarball Signature (AMD64) + uses: actions/upload-artifact@v4 + with: + name: airgapped-amd64.tar.gz.sha256.asc + path: /tmp/airgapped-amd64/airgapped-amd64.tar.gz.sha256.asc - - name: Upload Airgapped Presigned URL (AMD64 SHA256 ASC) - uses: actions/upload-artifact@v4 - with: - name: pre-signed-url-amd64-sha256.asc.txt - path: /tmp/presigned_url_amd64_sha256_asc.txt + - name: Upload Airgapped Presigned URL (AMD64) + uses: actions/upload-artifact@v4 + with: + name: pre-signed-url-amd64.txt + path: /tmp/presigned_url_amd64.txt - - name: Upload Airgapped Docker Compose (ARM64) - if: ${{ steps.package_airgapped_artifacts.outputs.AIRGAPPED_ARM64_BUILD == 'true' }} - uses: actions/upload-artifact@v4 - with: - name: airgapped-docker-compose-arm64.yml - path: /tmp/airgapped-arm64/airgapped-docker-compose-arm64.yml + - name: Upload Airgapped Presigned URL (AMD64 SHA256 ASC) + uses: actions/upload-artifact@v4 + with: + name: pre-signed-url-amd64-sha256.asc.txt + path: /tmp/presigned_url_amd64_sha256_asc.txt - # - name: Upload Airgapped Tarball (ARM64) - # if: ${{ steps.package_airgapped_artifacts.outputs.AIRGAPPED_ARM64_BUILD == 'true' }} - # uses: actions/upload-artifact@v4 - # with: - # name: airgapped-arm64.tar.gz - # path: /tmp/airgapped-arm64/airgapped-arm64.tar.gz + - name: Upload Airgapped Docker Compose (ARM64) + if: ${{ steps.package_airgapped_artifacts.outputs.AIRGAPPED_ARM64_BUILD == 'true' }} + uses: actions/upload-artifact@v4 + with: + name: airgapped-docker-compose-arm64.yml + path: /tmp/airgapped-arm64/airgapped-docker-compose-arm64.yml - - name: Upload Tarball Signature (ARM64) - if: ${{ steps.package_airgapped_artifacts.outputs.AIRGAPPED_ARM64_BUILD == 'true' }} - uses: actions/upload-artifact@v4 - with: - name: airgapped-arm64.tar.gz.sha256.asc - path: /tmp/airgapped-arm64/airgapped-arm64.tar.gz.sha256.asc + # - name: Upload Airgapped Tarball (ARM64) + # if: ${{ steps.package_airgapped_artifacts.outputs.AIRGAPPED_ARM64_BUILD == 'true' }} + # uses: actions/upload-artifact@v4 + # with: + # name: airgapped-arm64.tar.gz + # path: /tmp/airgapped-arm64/airgapped-arm64.tar.gz - - name: Upload Airgapped Presigned URL (ARM64) - if: ${{ steps.package_airgapped_artifacts.outputs.AIRGAPPED_ARM64_BUILD == 'true' }} - uses: actions/upload-artifact@v4 - with: - name: pre-signed-url-arm64.txt - path: /tmp/presigned_url_arm64.txt + - name: Upload Tarball Signature (ARM64) + if: ${{ steps.package_airgapped_artifacts.outputs.AIRGAPPED_ARM64_BUILD == 'true' }} + uses: actions/upload-artifact@v4 + with: + name: airgapped-arm64.tar.gz.sha256.asc + path: /tmp/airgapped-arm64/airgapped-arm64.tar.gz.sha256.asc - - name: Upload Airgapped Presigned URL (ARM64 SHA256 ASC) - if: ${{ steps.package_airgapped_artifacts.outputs.AIRGAPPED_ARM64_BUILD == 'true' }} - uses: actions/upload-artifact@v4 - with: - name: pre-signed-url-arm64-sha256.asc.txt - path: /tmp/presigned_url_arm64_sha256_asc.txt + - name: Upload Airgapped Presigned URL (ARM64) + if: ${{ steps.package_airgapped_artifacts.outputs.AIRGAPPED_ARM64_BUILD == 'true' }} + uses: actions/upload-artifact@v4 + with: + name: pre-signed-url-arm64.txt + path: /tmp/presigned_url_arm64.txt - - name: Attach Airgapped Artifacts (AMD64) - if: ${{ needs.branch_build_setup.outputs.build_type == 'Release' }} - uses: softprops/action-gh-release@v2.0.8 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token - with: - tag_name: ${{ env.REL_VERSION }} - name: ${{ env.REL_VERSION }} - draft: false - prerelease: ${{ env.IS_PRERELEASE }} - files: | - /tmp/airgapped-plane.env - /tmp/airgapped-install.sh - /tmp/plane_public_key.asc - /tmp/airgapped-amd64/airgapped-docker-compose-amd64.yml - /tmp/airgapped-amd64/airgapped-amd64.tar.gz - /tmp/airgapped-amd64/airgapped-amd64.tar.gz.sha256.asc + - name: Upload Airgapped Presigned URL (ARM64 SHA256 ASC) + if: ${{ steps.package_airgapped_artifacts.outputs.AIRGAPPED_ARM64_BUILD == 'true' }} + uses: actions/upload-artifact@v4 + with: + name: pre-signed-url-arm64-sha256.asc.txt + path: /tmp/presigned_url_arm64_sha256_asc.txt - - name: Attach Airgapped Artifacts (ARM64) - if: ${{ needs.branch_build_setup.outputs.build_type == 'Release' && needs.branch_build_setup.outputs.arm64_build == 'true' }} - uses: softprops/action-gh-release@v2.0.8 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token - with: - tag_name: ${{ env.REL_VERSION }} - name: ${{ env.REL_VERSION }} - draft: false - prerelease: ${{ env.IS_PRERELEASE }} - files: | - /tmp/airgapped-arm64/airgapped-docker-compose-arm64.yml - /tmp/airgapped-arm64/airgapped-arm64.tar.gz - /tmp/airgapped-arm64/airgapped-arm64.tar.gz.sha256.asc + - name: Attach Airgapped Artifacts (AMD64) + if: ${{ needs.branch_build_setup.outputs.build_type == 'Release' }} + uses: softprops/action-gh-release@v2.0.8 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + with: + tag_name: ${{ env.REL_VERSION }} + name: ${{ env.REL_VERSION }} + draft: false + prerelease: ${{ env.IS_PRERELEASE }} + files: | + /tmp/airgapped-plane.env + /tmp/airgapped-install.sh + /tmp/plane_public_key.asc + /tmp/airgapped-amd64/airgapped-docker-compose-amd64.yml + /tmp/airgapped-amd64/airgapped-amd64.tar.gz + /tmp/airgapped-amd64/airgapped-amd64.tar.gz.sha256.asc - - name: Airgapped Package Summary - run: | - - # Print Step Build Summary - echo "# 🚀 Airgapped Build Summary" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "## 🌍 Artifacts" >> $GITHUB_STEP_SUMMARY - echo "| Key | Value |" >> $GITHUB_STEP_SUMMARY - echo "| --- | --- |" >> $GITHUB_STEP_SUMMARY - echo "| Release Version | \`${{ env.AIRGAPPED_RELEASE_VERSION }}\` |" >> $GITHUB_STEP_SUMMARY - echo "| S3 Path Public Key | \`${{ env.S3_PATH }}/plane_public_key.asc\` |" >> $GITHUB_STEP_SUMMARY - echo "| S3 Path Plane Env | \`${{ env.S3_PATH }}/airgapped-plane.env\` |" >> $GITHUB_STEP_SUMMARY - echo "| S3 Path AMD | \`${{ env.S3_PATH }}/airgapped-amd64.tar.gz\` |" >> $GITHUB_STEP_SUMMARY - echo "| S3 Path AMD SHA256 | \`${{ env.S3_PATH }}/airgapped-amd64.tar.gz.sha256\` |" >> $GITHUB_STEP_SUMMARY - echo "| S3 Path AMD SHA256 ASC | \`${{ env.S3_PATH }}/airgapped-amd64.tar.gz.sha256.asc\` |" >> $GITHUB_STEP_SUMMARY - if [ "${{ steps.package_airgapped_artifacts.outputs.AIRGAPPED_ARM64_BUILD }}" == "true" ]; then - echo "| S3 Path ARM | \`${{ env.S3_PATH }}/airgapped-arm64.tar.gz\` |" >> $GITHUB_STEP_SUMMARY - echo "| S3 Path ARM SHA256 | \`${{ env.S3_PATH }}/airgapped-arm64.tar.gz.sha256\` |" >> $GITHUB_STEP_SUMMARY - echo "| S3 Path ARM SHA256 ASC | \`${{ env.S3_PATH }}/airgapped-arm64.tar.gz.sha256.asc\` |" >> $GITHUB_STEP_SUMMARY - fi - echo "| Git Branch | \`${{env.TARGET_BRANCH}}\` |" >> $GITHUB_STEP_SUMMARY - echo "| Git Commit Hash | \`${{ env.COMMIT_HASH }}\` |" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY + - name: Attach Airgapped Artifacts (ARM64) + if: ${{ needs.branch_build_setup.outputs.build_type == 'Release' && needs.branch_build_setup.outputs.arm64_build == 'true' }} + uses: softprops/action-gh-release@v2.0.8 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + with: + tag_name: ${{ env.REL_VERSION }} + name: ${{ env.REL_VERSION }} + draft: false + prerelease: ${{ env.IS_PRERELEASE }} + files: | + /tmp/airgapped-arm64/airgapped-docker-compose-arm64.yml + /tmp/airgapped-arm64/airgapped-arm64.tar.gz + /tmp/airgapped-arm64/airgapped-arm64.tar.gz.sha256.asc - cat >> $GITHUB_STEP_SUMMARY << 'EOF' - ## 📘 Usage Instructions - ```bash - curl -fsSL -o airgapped-[amd64|arm64].tar.gz "" - mkdir -p airgapped - tar -xzf airgapped-[amd64|arm64].tar.gz -C airgapped - cd airgapped - bash install.sh - ``` + - name: Airgapped Package Summary + run: | - Importing Public Key for Verification - ```bash - curl -fsSL -o plane_public_key.asc "" - gpg --import plane_public_key.asc - ``` + # Print Step Build Summary + echo "# 🚀 Airgapped Build Summary" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "## 🌍 Artifacts" >> $GITHUB_STEP_SUMMARY + echo "| Key | Value |" >> $GITHUB_STEP_SUMMARY + echo "| --- | --- |" >> $GITHUB_STEP_SUMMARY + echo "| Release Version | \`${{ env.AIRGAPPED_RELEASE_VERSION }}\` |" >> $GITHUB_STEP_SUMMARY + echo "| S3 Path Public Key | \`${{ env.S3_PATH }}/plane_public_key.asc\` |" >> $GITHUB_STEP_SUMMARY + echo "| S3 Path Plane Env | \`${{ env.S3_PATH }}/airgapped-plane.env\` |" >> $GITHUB_STEP_SUMMARY + echo "| S3 Path AMD | \`${{ env.S3_PATH }}/airgapped-amd64.tar.gz\` |" >> $GITHUB_STEP_SUMMARY + echo "| S3 Path AMD SHA256 | \`${{ env.S3_PATH }}/airgapped-amd64.tar.gz.sha256\` |" >> $GITHUB_STEP_SUMMARY + echo "| S3 Path AMD SHA256 ASC | \`${{ env.S3_PATH }}/airgapped-amd64.tar.gz.sha256.asc\` |" >> $GITHUB_STEP_SUMMARY + if [ "${{ steps.package_airgapped_artifacts.outputs.AIRGAPPED_ARM64_BUILD }}" == "true" ]; then + echo "| S3 Path ARM | \`${{ env.S3_PATH }}/airgapped-arm64.tar.gz\` |" >> $GITHUB_STEP_SUMMARY + echo "| S3 Path ARM SHA256 | \`${{ env.S3_PATH }}/airgapped-arm64.tar.gz.sha256\` |" >> $GITHUB_STEP_SUMMARY + echo "| S3 Path ARM SHA256 ASC | \`${{ env.S3_PATH }}/airgapped-arm64.tar.gz.sha256.asc\` |" >> $GITHUB_STEP_SUMMARY + fi + echo "| Git Branch | \`${{env.TARGET_BRANCH}}\` |" >> $GITHUB_STEP_SUMMARY + echo "| Git Commit Hash | \`${{ env.COMMIT_HASH }}\` |" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY - Verification of SHA256 and ASC files: - ```bash - curl -fsSL -o airgapped-[amd64|arm64].tar.gz "" - sha256sum -c airgapped-[amd64|arm64].tar.gz.sha256 - curl -fsSL -o airgapped-[amd64|arm64].tar.gz.sha256.asc "" - gpg --verify airgapped-[amd64|arm64].tar.gz.sha256.asc - ``` - EOF + cat >> $GITHUB_STEP_SUMMARY << 'EOF' + ## 📘 Usage Instructions + ```bash + curl -fsSL -o airgapped-[amd64|arm64].tar.gz "" + mkdir -p airgapped + tar -xzf airgapped-[amd64|arm64].tar.gz -C airgapped + cd airgapped + bash install.sh + ``` + + Importing Public Key for Verification + ```bash + curl -fsSL -o plane_public_key.asc "" + gpg --import plane_public_key.asc + ``` + + Verification of SHA256 and ASC files: + ```bash + curl -fsSL -o airgapped-[amd64|arm64].tar.gz "" + sha256sum -c airgapped-[amd64|arm64].tar.gz.sha256 + curl -fsSL -o airgapped-[amd64|arm64].tar.gz.sha256.asc "" + gpg --verify airgapped-[amd64|arm64].tar.gz.sha256.asc + ``` + EOF