From b971415f0c91ec6d2f85dc0a44892a3c3a022730 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 5 Nov 2020 14:11:59 +0100 Subject: [PATCH 1/9] Improve Docker build Signed-off-by: Mark Sagi-Kazar --- .github/workflows/ci.yml | 70 +++++++++++++++++++++++++++++----------- 1 file changed, 52 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 15e5d5e0..f0550b93 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,9 +1,13 @@ name: CI on: + schedule: + - cron: '0 5 * * *' # everyday at 5 am UTC push: branches: - master + tags: + - v[0-9]+.[0-9]+.[0-9]+ pull_request: jobs: @@ -87,21 +91,40 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout code + - name: Checkout uses: actions/checkout@v2 - - name: Get Version - id: info + - name: Calculate Docker image tags + id: tags + env: + DOCKER_IMAGES: "ghcr.io/dexidp/dex dexidp/dex" run: | - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + VERSION=noop - - name: Determine Docker Tag - uses: haya14busa/action-cond@v1 - id: imagetag - with: - cond: ${{ github.event_name == 'pull_request' }} - if_true: ${{ github.sha }} - if_false: 'master' + if [[ "${{ github.event_name }}" == "schedule" ]]; then + VERSION=nightly + else + case $GITHUB_REF in + refs/tags/*) VERSION=${GITHUB_REF#refs/tags/};; + refs/heads/*) VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g');; + refs/pull/*) VERSION=pr-${{ github.event.number }};; + *) VERSION=sha-${GITHUB_SHA::8};; + esac + fi + + TAGS=() + for image in $DOCKER_IMAGES; do + TAGS+=("${image}:${VERSION}") + + if [[ "${{ github.event.repository.default_branch }}" == "$VERSION" ]]; then + TAGS+=("${image}:latest") + fi + done + + echo ::set-output name=version::${VERSION} + echo ::set-output name=tags::$(IFS=,; echo "${TAGS[*]}") + echo ::set-output name=commit_hash::${GITHUB_SHA::8} + echo ::set-output name=build_date::$(git show -s --format=%cI) - name: Set up QEMU uses: docker/setup-qemu-action@v1 @@ -109,7 +132,6 @@ jobs: platforms: all - name: Set up Docker Buildx - id: buildx uses: docker/setup-buildx-action@v1 with: install: true @@ -117,27 +139,39 @@ jobs: # TODO: Remove driver-opts once fix is released docker/buildx#386 driver-opts: image=moby/buildkit:master - - name: Login to DockerHub + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.CR_PAT }} + if: github.event_name == 'push' + + - name: Login to Docker Hub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} if: github.event_name == 'push' - - name: Build and Push + - name: Build and push uses: docker/build-push-action@v2 with: context: . - file: Dockerfile platforms: linux/amd64,linux/arm/v7,linux/arm64 push: ${{ github.event_name == 'push' }} - tags: dexidp/dex:${{ steps.imagetag.outputs.value }} + tags: ${{ steps.tags.outputs.tags }} + build-args: | + VERSION=${{ steps.tags.outputs.version }} + COMMIT_HASH=${{ steps.tags.outputs.commit_hash }} + BUILD_DATE=${{ steps.tags.outputs.build_date }} labels: | org.opencontainers.image.title=${{ github.event.repository.name }} org.opencontainers.image.description=${{ github.event.repository.description }} org.opencontainers.image.url=${{ github.event.repository.html_url }} org.opencontainers.image.source=${{ github.event.repository.clone_url }} - org.opencontainers.image.version=${{ steps.imagetag.outputs.value }} - org.opencontainers.image.created=${{ steps.info.outputs.created }} + org.opencontainers.image.version=${{ steps.tags.outputs.version }} + org.opencontainers.image.created=${{ steps.tags.outputs.build_date }} org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }} + org.opencontainers.image.documentation=https://dexidp.io/docs/ From b9bc0b8b113ab750fa9e2b297118e74958d45a87 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 5 Nov 2020 14:12:16 +0100 Subject: [PATCH 2/9] Remove unused workflow Signed-off-by: Mark Sagi-Kazar --- .github/workflows/release.yml | 61 ----------------------------------- 1 file changed, 61 deletions(-) delete mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 9a655935..00000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: Release - -on: - push: - tags: - - 'v[0-9]+.[0-9]+.[0-9]+' - -jobs: - docker: - name: Docker - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Get Version - id: info - run: | - VERSION=$(shell ./scripts/git-version) - echo ::set-output name=version::${VERSION} - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - install: true - version: latest - # TODO: Remove driver-opts once fix is released docker/buildx#386 - driver-opts: image=moby/buildkit:master - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Build and Push - uses: docker/build-push-action@v2 - with: - context: . - file: Dockerfile - platforms: linux/amd64,linux/arm/v7,linux/arm64 - push: true - tags: | - dexidp/dex:latest - dexidp/dex:${{ steps.info.outputs.version }} - labels: | - org.opencontainers.image.title=${{ github.event.repository.name }} - org.opencontainers.image.description=${{ github.event.repository.description }} - org.opencontainers.image.url=${{ github.event.repository.html_url }} - org.opencontainers.image.source=${{ github.event.repository.clone_url }} - org.opencontainers.image.version=${{ steps.info.outputs.version }} - org.opencontainers.image.created=${{ steps.info.outputs.created }} - org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }} From 5cc8b562ec7a215fea81bc8523e1da1ca3791faf Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 5 Nov 2020 14:21:18 +0100 Subject: [PATCH 3/9] Run build on ubuntu-latest Signed-off-by: Mark Sagi-Kazar --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f0550b93..a837edf2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ on: jobs: build: name: Build - runs-on: ubuntu-16.04 + runs-on: ubuntu-latest env: GOFLAGS: -mod=readonly From 10ac93d42b2f91af61493af3bd63596cfbbc982d Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 5 Nov 2020 14:24:35 +0100 Subject: [PATCH 4/9] Add docker layer caching Signed-off-by: Mark Sagi-Kazar --- .github/workflows/ci.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a837edf2..46f761a8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -139,6 +139,14 @@ jobs: # TODO: Remove driver-opts once fix is released docker/buildx#386 driver-opts: image=moby/buildkit:master + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + - name: Login to GitHub Container Registry uses: docker/login-action@v1 with: @@ -161,6 +169,8 @@ jobs: platforms: linux/amd64,linux/arm/v7,linux/arm64 push: ${{ github.event_name == 'push' }} tags: ${{ steps.tags.outputs.tags }} + cache-from: type=local,mode=max,src=/tmp/.buildx-cache + cache-to: type=local,mode=max,dest=/tmp/.buildx-cache build-args: | VERSION=${{ steps.tags.outputs.version }} COMMIT_HASH=${{ steps.tags.outputs.commit_hash }} From 85239d515de80cd927304bad50eaf8b8bcea7b5d Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 5 Nov 2020 14:26:39 +0100 Subject: [PATCH 5/9] Download dependencies in advance Signed-off-by: Mark Sagi-Kazar --- Dockerfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Dockerfile b/Dockerfile index d9d050d0..bf50d51e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,6 +12,12 @@ ENV GOOS=${TARGETOS} \ RUN apk add --no-cache --update alpine-sdk +ARG GOPROXY + +COPY go.mod go.sum ./ +COPY api/v2/go.mod api/v2/go.sum ./api/v2/ +RUN go mod download + COPY . . RUN make release-binary From 4c86a5e7fe424f8d39f898c53f4c9127d381e422 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 5 Nov 2020 14:26:53 +0100 Subject: [PATCH 6/9] Ignore files from docker context Signed-off-by: Mark Sagi-Kazar --- .dockerignore | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.dockerignore b/.dockerignore index ba077a40..56588ee4 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,3 @@ -bin +.github/ +bin/ +tmp/ From b580ffad70725584097d3d6201fce347cec494af Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 5 Nov 2020 15:30:17 +0100 Subject: [PATCH 7/9] Remove cache for now Signed-off-by: Mark Sagi-Kazar --- .github/workflows/ci.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 46f761a8..a837edf2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -139,14 +139,6 @@ jobs: # TODO: Remove driver-opts once fix is released docker/buildx#386 driver-opts: image=moby/buildkit:master - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - name: Login to GitHub Container Registry uses: docker/login-action@v1 with: @@ -169,8 +161,6 @@ jobs: platforms: linux/amd64,linux/arm/v7,linux/arm64 push: ${{ github.event_name == 'push' }} tags: ${{ steps.tags.outputs.tags }} - cache-from: type=local,mode=max,src=/tmp/.buildx-cache - cache-to: type=local,mode=max,dest=/tmp/.buildx-cache build-args: | VERSION=${{ steps.tags.outputs.version }} COMMIT_HASH=${{ steps.tags.outputs.commit_hash }} From 0520465207afe77be7e05303941878521996024a Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 5 Nov 2020 15:31:58 +0100 Subject: [PATCH 8/9] Separate docker job again Signed-off-by: Mark Sagi-Kazar --- .github/workflows/ci.yml | 94 ------------------------------------ .github/workflows/docker.yml | 94 ++++++++++++++++++++++++++++++++++++ 2 files changed, 94 insertions(+), 94 deletions(-) create mode 100644 .github/workflows/docker.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a837edf2..f98bc4a0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,13 +1,9 @@ name: CI on: - schedule: - - cron: '0 5 * * *' # everyday at 5 am UTC push: branches: - master - tags: - - v[0-9]+.[0-9]+.[0-9]+ pull_request: jobs: @@ -85,93 +81,3 @@ jobs: # Ensure proto generation doesn't depend on external packages. - name: Verify proto run: make verify-proto - - docker: - name: Docker - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Calculate Docker image tags - id: tags - env: - DOCKER_IMAGES: "ghcr.io/dexidp/dex dexidp/dex" - run: | - VERSION=noop - - if [[ "${{ github.event_name }}" == "schedule" ]]; then - VERSION=nightly - else - case $GITHUB_REF in - refs/tags/*) VERSION=${GITHUB_REF#refs/tags/};; - refs/heads/*) VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g');; - refs/pull/*) VERSION=pr-${{ github.event.number }};; - *) VERSION=sha-${GITHUB_SHA::8};; - esac - fi - - TAGS=() - for image in $DOCKER_IMAGES; do - TAGS+=("${image}:${VERSION}") - - if [[ "${{ github.event.repository.default_branch }}" == "$VERSION" ]]; then - TAGS+=("${image}:latest") - fi - done - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::$(IFS=,; echo "${TAGS[*]}") - echo ::set-output name=commit_hash::${GITHUB_SHA::8} - echo ::set-output name=build_date::$(git show -s --format=%cI) - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - with: - install: true - version: latest - # TODO: Remove driver-opts once fix is released docker/buildx#386 - driver-opts: image=moby/buildkit:master - - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.CR_PAT }} - if: github.event_name == 'push' - - - name: Login to Docker Hub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - if: github.event_name == 'push' - - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: . - platforms: linux/amd64,linux/arm/v7,linux/arm64 - push: ${{ github.event_name == 'push' }} - tags: ${{ steps.tags.outputs.tags }} - build-args: | - VERSION=${{ steps.tags.outputs.version }} - COMMIT_HASH=${{ steps.tags.outputs.commit_hash }} - BUILD_DATE=${{ steps.tags.outputs.build_date }} - labels: | - org.opencontainers.image.title=${{ github.event.repository.name }} - org.opencontainers.image.description=${{ github.event.repository.description }} - org.opencontainers.image.url=${{ github.event.repository.html_url }} - org.opencontainers.image.source=${{ github.event.repository.clone_url }} - org.opencontainers.image.version=${{ steps.tags.outputs.version }} - org.opencontainers.image.created=${{ steps.tags.outputs.build_date }} - org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }} - org.opencontainers.image.documentation=https://dexidp.io/docs/ diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 00000000..12e4cd44 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,94 @@ +name: CI + +on: + push: + branches: + - master + tags: + - v[0-9]+.[0-9]+.[0-9]+ + pull_request: + +jobs: + docker: + name: Docker + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Calculate Docker image tags + id: tags + env: + DOCKER_IMAGES: "ghcr.io/dexidp/dex dexidp/dex" + run: | + case $GITHUB_REF in + refs/tags/*) VERSION=${GITHUB_REF#refs/tags/};; + refs/heads/*) VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g');; + refs/pull/*) VERSION=pr-${{ github.event.number }};; + *) VERSION=sha-${GITHUB_SHA::8};; + esac + + TAGS=() + for image in $DOCKER_IMAGES; do + TAGS+=("${image}:${VERSION}") + + if [[ "${{ github.event.repository.default_branch }}" == "$VERSION" ]]; then + TAGS+=("${image}:latest") + fi + done + + echo ::set-output name=version::${VERSION} + echo ::set-output name=tags::$(IFS=,; echo "${TAGS[*]}") + echo ::set-output name=commit_hash::${GITHUB_SHA::8} + echo ::set-output name=build_date::$(git show -s --format=%cI) + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + with: + install: true + version: latest + # TODO: Remove driver-opts once fix is released docker/buildx#386 + driver-opts: image=moby/buildkit:master + + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.CR_PAT }} + if: github.event_name == 'push' + + - name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + if: github.event_name == 'push' + + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + platforms: linux/amd64,linux/arm/v7,linux/arm64 + push: ${{ github.event_name == 'push' }} + tags: ${{ steps.tags.outputs.tags }} + build-args: | + VERSION=${{ steps.tags.outputs.version }} + COMMIT_HASH=${{ steps.tags.outputs.commit_hash }} + BUILD_DATE=${{ steps.tags.outputs.build_date }} + labels: | + org.opencontainers.image.title=${{ github.event.repository.name }} + org.opencontainers.image.description=${{ github.event.repository.description }} + org.opencontainers.image.url=${{ github.event.repository.html_url }} + org.opencontainers.image.source=${{ github.event.repository.clone_url }} + org.opencontainers.image.version=${{ steps.tags.outputs.version }} + org.opencontainers.image.created=${{ steps.tags.outputs.build_date }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }} + org.opencontainers.image.documentation=https://dexidp.io/docs/ From 9b629b6568f59452e79fb88641cf8c0331493d24 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 5 Nov 2020 15:35:31 +0100 Subject: [PATCH 9/9] Fix docker workflow name Signed-off-by: Mark Sagi-Kazar --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 12e4cd44..5fd46ebc 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -1,4 +1,4 @@ -name: CI +name: Docker on: push: