Skip to content

Commit 6468d01

Browse files
ggguardianggguardian
committed
init
1 parent 955d13e commit 6468d01

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

50 files changed

+3250
-1
lines changed

.github/workflows/ci.yaml

Lines changed: 177 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,177 @@
1+
name: CI
2+
3+
on:
4+
pull_request:
5+
push:
6+
branches:
7+
- '*'
8+
tags-ignore:
9+
- '*'
10+
paths-ignore:
11+
- 'demo/**'
12+
- 'docs/**'
13+
- 'examples/**'
14+
- 'LICENSE'
15+
- 'README.md'
16+
workflow_dispatch:
17+
18+
env:
19+
DAGGER_VERSION: "0.14.0"
20+
DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY }}
21+
DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY }}
22+
DOCKER_REGISTRY_USERNAME: ${{ vars.DOCKER_REGISTRY_USERNAME }}
23+
DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
24+
GH_DOCKER_REPOSITORY: ${{ vars.GH_DOCKER_REPOSITORY }}
25+
GH_HELM_REPOSITORY: ${{ vars.GH_HELM_REPOSITORY }}
26+
27+
jobs:
28+
docker-unstable:
29+
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
30+
31+
name: Push Docker image
32+
runs-on: ubuntu-latest
33+
34+
strategy:
35+
matrix:
36+
target: ["debug", "prod"]
37+
38+
permissions:
39+
contents: read
40+
packages: write
41+
attestations: write
42+
id-token: write
43+
44+
steps:
45+
- name: Checkout
46+
uses: actions/checkout@v4
47+
48+
- name: Set short SHA
49+
id: sha
50+
run: echo "short_sha=${GITHUB_SHA::7}" >> $GITHUB_ENV
51+
52+
- name: Set image tag
53+
id: tag
54+
run: |
55+
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
56+
if [[ "${{ matrix.target }}" == "debug" ]]; then
57+
echo "tag=unstable-debug" >> $GITHUB_ENV
58+
else
59+
echo "tag=unstable" >> $GITHUB_ENV
60+
fi
61+
else
62+
if [[ "${{ matrix.target }}" == "debug" ]]; then
63+
echo "tag=build-${{ env.short_sha }}-debug" >> $GITHUB_ENV
64+
else
65+
echo "tag=build-${{ env.short_sha }}" >> $GITHUB_ENV
66+
fi
67+
fi
68+
69+
- name: Publish Docker image to Github
70+
uses: dagger/[email protected]
71+
env:
72+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
73+
with:
74+
version: ${{ env.DAGGER_VERSION }}
75+
engine-stop: false
76+
module: github.com/opopops/daggerverse/[email protected]
77+
verb: call
78+
args: |
79+
--registry=ghcr.io \
80+
--username=${{ github.actor }} \
81+
--password=env:GH_REGISTRY_PASSWORD \
82+
build \
83+
--context=. \
84+
--target=${{ matrix.target }} \
85+
--platform=linux/amd64,linux/arm64 \
86+
publish \
87+
--image=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.tag }} \
88+
ref \
89+
90+
- name: Copy Docker image to Docker Hub
91+
uses: dagger/[email protected]
92+
env:
93+
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
94+
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
95+
DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
96+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
97+
with:
98+
version: ${{ env.DAGGER_VERSION }}
99+
engine-stop: false
100+
module: github.com/opopops/daggerverse/[email protected]
101+
verb: call
102+
args: |
103+
with-registry-auth \
104+
--address=ghcr.io \
105+
--username=${{ github.actor }} \
106+
--secret=env:GH_REGISTRY_PASSWORD \
107+
with-registry-auth \
108+
--address=$DOCKER_REGISTRY \
109+
--username=$DOCKER_REGISTRY_USERNAME \
110+
--secret=env:DOCKER_REGISTRY_PASSWORD \
111+
with-copy \
112+
--source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.tag }} \
113+
--target=${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}:${{ env.tag }} \
114+
115+
- name: Scan Docker image
116+
uses: dagger/[email protected]
117+
env:
118+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
119+
with:
120+
version: ${{ env.DAGGER_VERSION }}
121+
module: github.com/opopops/daggerverse/[email protected]
122+
verb: call
123+
args: |
124+
with-registry-auth \
125+
--address=ghcr.io \
126+
--username=${{ github.actor }} \
127+
--secret=env:GH_REGISTRY_PASSWORD \
128+
scan \
129+
--source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.tag }} \
130+
131+
helm-unstable:
132+
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
133+
name: Push Helm Chart
134+
runs-on: ubuntu-latest
135+
136+
permissions:
137+
contents: read
138+
packages: write
139+
attestations: write
140+
id-token: write
141+
142+
steps:
143+
- name: Checkout
144+
uses: actions/checkout@v4
145+
146+
- name: Set short SHA
147+
id: sha
148+
run: echo "short_sha=${GITHUB_SHA::7}" >> $GITHUB_ENV
149+
150+
- name: Lint
151+
uses: dagger/[email protected]
152+
with:
153+
version: ${{ env.DAGGER_VERSION }}
154+
engine-stop: false
155+
module: github.com/opopops/daggerverse/[email protected]
156+
verb: call
157+
args: |
158+
lint \
159+
--path chart \
160+
--strict \
161+
162+
- name: Publish Helm chart
163+
uses: dagger/[email protected]
164+
env:
165+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
166+
with:
167+
version: ${{ env.DAGGER_VERSION }}
168+
module: github.com/opopops/daggerverse/[email protected]
169+
verb: call
170+
args: |
171+
package-push \
172+
--path=chart \
173+
--version="0.0.0" \
174+
--app-version="unstable" \
175+
--registry=ghcr.io/${GH_HELM_REPOSITORY} \
176+
--username=${{ github.actor }} \
177+
--password=env:GH_REGISTRY_PASSWORD \

.github/workflows/release.yaml

Lines changed: 149 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,149 @@
1+
name: Release
2+
3+
on:
4+
push:
5+
tags:
6+
- 'v*'
7+
8+
env:
9+
DAGGER_VERSION: "0.14.0"
10+
DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY }}
11+
DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY }}
12+
DOCKER_REGISTRY_USERNAME: ${{ vars.DOCKER_REGISTRY_USERNAME }}
13+
GH_DOCKER_REPOSITORY: ${{ vars.GH_DOCKER_REPOSITORY }}
14+
GH_HELM_REPOSITORY: ${{ vars.GH_HELM_REPOSITORY }}
15+
16+
jobs:
17+
docker:
18+
if: startsWith(github.event.ref, 'refs/tags/v')
19+
20+
name: Release Docker image
21+
runs-on: ubuntu-latest
22+
23+
strategy:
24+
matrix:
25+
target: ["debug", "prod"]
26+
27+
permissions:
28+
contents: read
29+
packages: write
30+
attestations: write
31+
id-token: write
32+
33+
steps:
34+
- name: Checkout
35+
uses: actions/checkout@v4
36+
37+
- name: Publish Docker image to GitHub
38+
uses: dagger/[email protected]
39+
env:
40+
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
41+
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
42+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
43+
with:
44+
version: ${{ env.DAGGER_VERSION }}
45+
engine-stop: false
46+
module: github.com/opopops/daggerverse/[email protected]
47+
verb: call
48+
args: |
49+
--registry=ghcr.io \
50+
--username=${{ github.actor }} \
51+
--password=env:GH_REGISTRY_PASSWORD \
52+
build \
53+
--context=. \
54+
--target=${{ matrix.target }} \
55+
--platform=linux/amd64,linux/arm64 \
56+
publish \
57+
--image=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ github.ref_name }} \
58+
with-tag \
59+
--tag=latest \
60+
sign \
61+
--password=env:COSIGN_PASSWORD \
62+
--private-key=env:COSIGN_PRIVATE_KEY \
63+
64+
- name: Copy Docker image to Docker Hub
65+
uses: dagger/[email protected]
66+
env:
67+
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
68+
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
69+
DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
70+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
71+
with:
72+
version: ${{ env.DAGGER_VERSION }}
73+
engine-stop: false
74+
module: github.com/opopops/daggerverse/[email protected]
75+
verb: call
76+
args: |
77+
with-registry-auth \
78+
--address=ghcr.io \
79+
--username=${{ github.actor }} \
80+
--secret=env:GH_REGISTRY_PASSWORD \
81+
with-registry-auth \
82+
--address=$DOCKER_REGISTRY \
83+
--username=$DOCKER_REGISTRY_USERNAME \
84+
--secret=env:DOCKER_REGISTRY_PASSWORD \
85+
copy \
86+
--source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ github.ref_name }} \
87+
--target=${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}:${{ github.ref_name }} \
88+
tag \
89+
--image=${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}:${{ github.ref_name }} \
90+
--tag=latest \
91+
92+
- name: Scan Docker image
93+
uses: dagger/[email protected]
94+
env:
95+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
96+
with:
97+
version: ${{ env.DAGGER_VERSION }}
98+
module: github.com/opopops/daggerverse/[email protected]
99+
verb: call
100+
args: |
101+
with-registry-auth \
102+
--address=ghcr.io \
103+
--username=${{ github.actor }} \
104+
--secret=env:GH_REGISTRY_PASSWORD \
105+
scan \
106+
--source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ github.ref_name }} \
107+
--fail-on=high \
108+
109+
helm:
110+
name: Push Helm Chart
111+
runs-on: ubuntu-latest
112+
113+
permissions:
114+
contents: read
115+
packages: write
116+
attestations: write
117+
id-token: write
118+
119+
steps:
120+
- name: Checkout
121+
uses: actions/checkout@v4
122+
123+
- name: Lint
124+
uses: dagger/[email protected]
125+
with:
126+
version: ${{ env.DAGGER_VERSION }}
127+
engine-stop: false
128+
module: github.com/opopops/daggerverse/[email protected]
129+
verb: call
130+
args: |
131+
lint \
132+
--path chart \
133+
--strict \
134+
135+
- name: Publish Helm chart
136+
uses: dagger/[email protected]
137+
env:
138+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
139+
with:
140+
version: ${{ env.DAGGER_VERSION }}
141+
module: github.com/opopops/daggerverse/[email protected]
142+
verb: call
143+
args: |
144+
package-push \
145+
--path=chart \
146+
--app-version="${{ github.ref_name }}" \
147+
--registry=ghcr.io/${GH_HELM_REPOSITORY} \
148+
--username=${{ github.actor }} \
149+
--password=env:GH_REGISTRY_PASSWORD \

.gitignore

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
.DS_Store
2+
.local/

0 commit comments

Comments
 (0)