diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index 6c67bed9..00000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Tinyauth CI -on: - push: - branches: - - main - pull_request: - -jobs: - ci: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Setup bun - uses: oven-sh/setup-bun@v2 - - - name: Setup go - uses: actions/setup-go@v5 - with: - go-version: "^1.23.2" - - - name: Install frontend dependencies - run: | - cd frontend - bun install --frozen-lockfile - - - name: Set version - run: | - echo testing > internal/assets/version - - - name: Lint frontend - run: | - cd frontend - bun run lint - - - name: Build frontend - run: | - cd frontend - bun run build - - - name: Copy frontend - run: | - cp -r frontend/dist internal/assets/dist - - - name: Run tests - run: go test -coverprofile=coverage.txt -v ./... - - - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@v5 - with: - token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index f55ce677..0f1d2c30 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -1,60 +1,47 @@ -name: Docker Build and Publish +name: Build & Push Docker Image on: push: - branches: - - main - tags: - - 'v*' - pull_request: - branches: - - main + branches: [ "main" ] + tags: + - "v*" env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository_owner }}/remnawave-tinyauth jobs: - build-and-push: + build: runs-on: ubuntu-latest + permissions: contents: read packages: write steps: - - name: Checkout repository + - name: Checkout uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Log in to the Container registry + - name: Login to GHCR uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=raw,value=latest,enable={{is_default_branch}} - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=sha,format=short - - - name: Build and push Docker image + - name: Build and Push uses: docker/build-push-action@v5 with: context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + push: true + tags: | + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max \ No newline at end of file + build-args: | + VERSION=${{ github.ref_name }} + COMMIT_HASH=${{ github.sha }} + BUILD_TIMESTAMP=${{ github.run_id }} \ No newline at end of file diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml deleted file mode 100644 index ab4a9900..00000000 --- a/.github/workflows/nightly.yml +++ /dev/null @@ -1,465 +0,0 @@ -name: Nightly Release -on: - workflow_dispatch: - schedule: - - cron: "0 0 * * *" - -jobs: - create-release: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Delete old release - run: gh release delete --cleanup-tag --yes nightly || echo release not found - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - OWNER: ${{ github.repository_owner }} - REPO: ${{ github.event.repository.name }} - - - name: Create release - uses: softprops/action-gh-release@v2 - with: - prerelease: true - tag_name: nightly - - generate-metadata: - runs-on: ubuntu-latest - needs: create-release - outputs: - VERSION: ${{ steps.metadata.outputs.VERSION }} - COMMIT_HASH: ${{ steps.metadata.outputs.COMMIT_HASH }} - BUILD_TIMESTAMP: ${{ steps.metadata.outputs.BUILD_TIMESTAMP }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: nightly - - - name: Generate metadata - id: metadata - run: | - echo "VERSION=nightly" >> "$GITHUB_OUTPUT" - echo "COMMIT_HASH=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" - echo "BUILD_TIMESTAMP=$(date '+%Y-%m-%dT%H:%M:%S')" >> "$GITHUB_OUTPUT" - - binary-build: - runs-on: ubuntu-latest - needs: - - create-release - - generate-metadata - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: nightly - - - name: Install bun - uses: oven-sh/setup-bun@v2 - - - name: Install go - uses: actions/setup-go@v5 - with: - go-version: "^1.23.2" - - - name: Install frontend dependencies - run: | - cd frontend - bun install --frozen-lockfile - - - name: Install backend dependencies - run: | - go mod download - - - name: Build frontend - run: | - cd frontend - bun run build - - - name: Build - run: | - cp -r frontend/dist internal/assets/dist - go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64 - env: - CGO_ENABLED: 0 - - - name: Upload artifact - uses: actions/upload-artifact@v4 - with: - name: tinyauth-amd64 - path: tinyauth-amd64 - - binary-build-arm: - runs-on: ubuntu-24.04-arm - needs: - - create-release - - generate-metadata - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: nightly - - - name: Install bun - uses: oven-sh/setup-bun@v2 - - - name: Install go - uses: actions/setup-go@v5 - with: - go-version: "^1.23.2" - - - name: Install frontend dependencies - run: | - cd frontend - bun install --frozen-lockfile - - - name: Install backend dependencies - run: | - go mod download - - - name: Build frontend - run: | - cd frontend - bun run build - - - name: Build - run: | - cp -r frontend/dist internal/assets/dist - go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64 - env: - CGO_ENABLED: 0 - - - name: Upload artifact - uses: actions/upload-artifact@v4 - with: - name: tinyauth-arm64 - path: tinyauth-arm64 - - image-build: - runs-on: ubuntu-latest - needs: - - create-release - - generate-metadata - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: nightly - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository_owner }}/tinyauth - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build and push - uses: docker/build-push-action@v6 - id: build - with: - platforms: linux/amd64 - labels: ${{ steps.meta.outputs.labels }} - tags: ghcr.io/${{ github.repository_owner }}/tinyauth - outputs: type=image,push-by-digest=true,name-canonical=true,push=true - cache-from: type=gha - cache-to: type=gha,mode=max - github-token: ${{ secrets.GITHUB_TOKEN }} - build-args: | - VERSION=${{ needs.generate-metadata.outputs.VERSION }} - COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }} - BUILD_TIMESTAMP=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }} - - - name: Export digest - run: | - mkdir -p ${{ runner.temp }}/digests - digest="${{ steps.build.outputs.digest }}" - touch "${{ runner.temp }}/digests/${digest#sha256:}" - - - name: Upload digest - uses: actions/upload-artifact@v4 - with: - name: digests-linux-amd64 - path: ${{ runner.temp }}/digests/* - if-no-files-found: error - retention-days: 1 - - image-build-distroless: - runs-on: ubuntu-latest - needs: - - create-release - - generate-metadata - - image-build - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: nightly - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository_owner }}/tinyauth - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build and push - uses: docker/build-push-action@v6 - id: build - with: - platforms: linux/amd64 - labels: ${{ steps.meta.outputs.labels }} - tags: ghcr.io/${{ github.repository_owner }}/tinyauth - outputs: type=image,push-by-digest=true,name-canonical=true,push=true - file: Dockerfile.distroless - cache-from: type=gha - cache-to: type=gha,mode=max - github-token: ${{ secrets.GITHUB_TOKEN }} - build-args: | - VERSION=${{ needs.generate-metadata.outputs.VERSION }} - COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }} - BUILD_TIMESTAMP=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }} - - - name: Export digest - run: | - mkdir -p ${{ runner.temp }}/digests - digest="${{ steps.build.outputs.digest }}" - touch "${{ runner.temp }}/digests/${digest#sha256:}" - - - name: Upload digest - uses: actions/upload-artifact@v4 - with: - name: digests-distroless-linux-amd64 - path: ${{ runner.temp }}/digests/* - if-no-files-found: error - retention-days: 1 - - image-build-arm: - runs-on: ubuntu-24.04-arm - needs: - - create-release - - generate-metadata - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: nightly - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository_owner }}/tinyauth - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build and push - uses: docker/build-push-action@v6 - id: build - with: - platforms: linux/arm64 - labels: ${{ steps.meta.outputs.labels }} - tags: ghcr.io/${{ github.repository_owner }}/tinyauth - outputs: type=image,push-by-digest=true,name-canonical=true,push=true - cache-from: type=gha - cache-to: type=gha,mode=max - github-token: ${{ secrets.GITHUB_TOKEN }} - build-args: | - VERSION=${{ needs.generate-metadata.outputs.VERSION }} - COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }} - BUILD_TIMESTAMP=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }} - - - name: Export digest - run: | - mkdir -p ${{ runner.temp }}/digests - digest="${{ steps.build.outputs.digest }}" - touch "${{ runner.temp }}/digests/${digest#sha256:}" - - - name: Upload digest - uses: actions/upload-artifact@v4 - with: - name: digests-linux-arm64 - path: ${{ runner.temp }}/digests/* - if-no-files-found: error - retention-days: 1 - - image-build-arm-distroless: - runs-on: ubuntu-24.04-arm - needs: - - create-release - - generate-metadata - - image-build-arm - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: nightly - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository_owner }}/tinyauth - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build and push - uses: docker/build-push-action@v6 - id: build - with: - platforms: linux/arm64 - labels: ${{ steps.meta.outputs.labels }} - tags: ghcr.io/${{ github.repository_owner }}/tinyauth - outputs: type=image,push-by-digest=true,name-canonical=true,push=true - file: Dockerfile.distroless - cache-from: type=gha - cache-to: type=gha,mode=max - github-token: ${{ secrets.GITHUB_TOKEN }} - build-args: | - VERSION=${{ needs.generate-metadata.outputs.VERSION }} - COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }} - BUILD_TIMESTAMP=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }} - - - name: Export digest - run: | - mkdir -p ${{ runner.temp }}/digests - digest="${{ steps.build.outputs.digest }}" - touch "${{ runner.temp }}/digests/${digest#sha256:}" - - - name: Upload digest - uses: actions/upload-artifact@v4 - with: - name: digests-distroless-linux-arm64 - path: ${{ runner.temp }}/digests/* - if-no-files-found: error - retention-days: 1 - - image-merge: - runs-on: ubuntu-latest - needs: - - image-build - - image-build-arm - steps: - - name: Download digests - uses: actions/download-artifact@v4 - with: - path: ${{ runner.temp }}/digests - pattern: digests-* - merge-multiple: true - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository_owner }}/tinyauth - flavor: | - latest=false - tags: | - type=raw,nightly - - - name: Create manifest list and push - working-directory: ${{ runner.temp }}/digests - run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf 'ghcr.io/${{ github.repository_owner }}/tinyauth@sha256:%s ' *) - - image-merge-distroless: - runs-on: ubuntu-latest - needs: - - image-build-distroless - - image-build-arm-distroless - steps: - - name: Download digests - uses: actions/download-artifact@v4 - with: - path: ${{ runner.temp }}/digests - pattern: digests-distroless-* - merge-multiple: true - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository_owner }}/tinyauth - flavor: | - latest=false - tags: | - type=raw,nightly-distroless - - - name: Create manifest list and push - working-directory: ${{ runner.temp }}/digests - run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf 'ghcr.io/${{ github.repository_owner }}/tinyauth@sha256:%s ' *) - - update-release: - runs-on: ubuntu-latest - needs: - - binary-build - - binary-build-arm - steps: - - uses: actions/download-artifact@v4 - with: - pattern: tinyauth-* - path: binaries - merge-multiple: true - - - name: Release - uses: softprops/action-gh-release@v2 - with: - files: binaries/* - tag_name: nightly diff --git a/Dockerfile b/Dockerfile index 5f9e64eb..6555b6a2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,6 +19,7 @@ COPY ./frontend/vite.config.ts ./ RUN bun run build + # Builder FROM golang:1.25-alpine3.21 AS builder @@ -26,11 +27,14 @@ ARG VERSION ARG COMMIT_HASH ARG BUILD_TIMESTAMP +ENV VERSION=${VERSION} +ENV COMMIT_HASH=${COMMIT_HASH} +ENV BUILD_TIMESTAMP=${BUILD_TIMESTAMP} + WORKDIR /tinyauth COPY go.mod ./ COPY go.sum ./ - RUN go mod download COPY ./main.go ./ @@ -38,8 +42,14 @@ COPY ./cmd ./cmd COPY ./internal ./internal COPY --from=frontend-builder /frontend/dist ./internal/assets/dist -RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" - +RUN CGO_ENABLED=0 go build -ldflags "\ + -s -w \ + -X github.com/remnawave/tinyauth/internal/config.Version=${VERSION} \ + -X github.com/remnawave/tinyauth/internal/config.CommitHash=${COMMIT_HASH} \ + -X github.com/remnawave/tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" \ + -o tinyauth + + # Runner FROM alpine:3.22 AS runner @@ -50,11 +60,9 @@ COPY --from=builder /tinyauth/tinyauth ./ RUN mkdir -p /data EXPOSE 3000 - VOLUME ["/data"] ENV GIN_MODE=release - ENV PATH=$PATH:/tinyauth HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["tinyauth", "healthcheck"]