misc(release): Release workflow (#2390)

Co-authored-by: Ivan Novosad <ivannovosad@users.noreply.github.com>
getlago · Aug 12, 2024 · 317125d · 317125d
1 parent b0e338f
commit 317125d
Show file tree

Hide file tree

Showing 2 changed files with 103 additions and 55 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,78 +7,126 @@ on:
       version:
         description: Version
         required: true
+env:
+  REGISTRY_IMAGE: getlago/api
+
 jobs:
-  build-arm-image:
-    name: Build ARM Image
-    runs-on: macos-latest
+  build-images:
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+    name: Build ${{ matrix.platform }} Image
+    runs-on: ${{ matrix.platform }}
     steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
       - name: Checkout Repository
         uses: actions/checkout@v4
 
-      - name: Sep up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+      - name: Docker Meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+          tags: |
+            type=raw,value=${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.version }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: latest
 
       - name: Log In to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Add version into docker image
-        if: github.event_name == 'release'
-        id: add_version
-        run: |
-          echo ${{ github.event.release.tag_name }} > LAGO_VERSION
-          echo lago_version=${{ github.event.release.tag_name }} >> $GITHUB_ENV
-
-      - name: Add version into docker image
-        if: github.event_name == 'workflow_dispatch'
         id: add_version
         run: |
-          echo ${{ github.event.inputs.version }} > LAGO_VERSION
-          echo lago_version=${{ github.event.inputs.version }} >> $GITHUB_ENV
+          echo "${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.version }}" > LAGO_VERSION
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
+        id: build
         with:
           context: .
-          platforms: linux/arm64
-          push: true
-          tags: getlago/api:${{ steps.add_version.outputs.lago_version }}
+          platforms: ${{ matrix.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
           build-args: |
             SEGMENT_WRITE_KEY=${{ secrets.SEGMENT_WRITE_KEY }}
             GOCARDLESS_CLIENT_ID=${{ secrets.PRODUCTION_GOCARDLESS_CLIENT_ID }}
             GOCARDLESS_CLIENT_SECRET=${{ secrets.PRODUCTION_GOCARDLESS_CLIENT_SECRET }}
             LAGO_OAUTH_URL=https://proxy.getlago.com
 
-  # build-amd-image:
-  #   name: Build AMD Image
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - name: Checkout Repository
-  #       uses: actions/checkout@v4
-
-  #     - name: Set up Docker Buildx
-  #       uses: docker/setup-buildx-action@v2
-
-  #     - name: Log In to Docker Hub
-  #       uses: docker/login-action@v2
-  #       with:
-  #         username: ${{ secrets.DOCKERHUB_USERNAME }}
-  #         password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-  #     - name: Add version into docker image
-  #       run: echo ${{ github.event.release.tag_name }} > LAGO_VERSION
-
-  #     - name: Build and push Docker image
-  #       uses: docker/build-push-action@v3
-  #       with:
-  #         context: .
-  #         platforms: linux/amd64
-  #         push: true
-  #         tags: getlago/api:${{ github.event.release.tag_name }}
-  #         build-args: |
-  #           SEGMENT_WRITE_KEY=${{ secrets.SEGMENT_WRITE_KEY }}
-  #           GOCARDLESS_CLIENT_ID=${{ secrets.PRODUCTION_GOCARDLESS_CLIENT_ID }}
-  #           GOCARDLESS_CLIENT_SECRET=${{ secrets.PRODUCTION_GOCARDLESS_CLIENT_SECRET }}
-  #           LAGO_OAUTH_URL=https://proxy.getlago.com
+      - name: Export Digest
+        run: |
+          mkdir -p ./_tmp/${{ github.run_id }}/${{ github.run_attempt }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "./_tmp/${{ github.run_id }}/${{ github.run_attempt }}/digests/${digest#sha256:}"
+
+      - name: Upload Digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}
+          path: ./_tmp/${{ github.run_id }}/${{ github.run_attempt }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+      - name: Clean up
+        if: always()
+        run: |
+          [ -e ./_tmp/${{ github.run_id }}/${{ github.run_attempt }}/digests ] && \
+          rm -rf ./_tmp/${{ github.run_id }}/${{ github.run_attempt }}/digests
+
+  merge:
+    name: Merge Images
+    runs-on: lago-runner
+    needs: [build-images]
+    steps:
+      - name: Download Digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ./_tmp/${{ github.run_id}}/${{ github.run_attempt }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+          tags: |
+            type=raw,value=${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.version }}
+
+      - name: Set up Docker buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Create manifest and push
+        working-directory: ./_tmp/${{ github.run_id }}/${{ github.run_attempt}}/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
+
+      - name: Inspect Image
+        run: |
+          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
+
+      - name: Clean up
+        if: always()
+        run: |
+          [ -e ./_tmp/${{ github.run_id }}/${{ github.run_attempt }}/digests ] && \
+          rm -rf ./_tmp/${{ github.run_id }}/${{ github.run_attempt }}/digests
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ruby:3.3.4-slim as build
+FROM ruby:3.3.4-slim AS build
 
 WORKDIR /app
 
@@ -25,9 +25,9 @@ ARG GOCARDLESS_CLIENT_SECRET
 
 RUN apt update -qq && apt install git libpq-dev curl -y
 
-ENV SEGMENT_WRITE_KEY $SEGMENT_WRITE_KEY
-ENV GOCARDLESS_CLIENT_ID $GOCARDLESS_CLIENT_ID
-ENV GOCARDLESS_CLIENT_SECRET $GOCARDLESS_CLIENT_SECRET
+ENV SEGMENT_WRITE_KEY=$SEGMENT_WRITE_KEY
+ENV GOCARDLESS_CLIENT_ID=$GOCARDLESS_CLIENT_ID
+ENV GOCARDLESS_CLIENT_SECRET=$GOCARDLESS_CLIENT_SECRET
 
 COPY --from=build /usr/local/bundle/ /usr/local/bundle