Skip to content

Commit 4c6e7c9

Browse files
ggguardianggguardian
committed
init
1 parent 955d13e commit 4c6e7c9

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

41 files changed

+2813
-1
lines changed

.github/workflows/ci.yaml

Lines changed: 172 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,172 @@
1+
name: CI
2+
3+
on:
4+
pull_request:
5+
push:
6+
branches:
7+
- '*'
8+
tags-ignore:
9+
- '*'
10+
paths-ignore:
11+
- 'demo/**'
12+
- 'docs/**'
13+
- 'LICENSE'
14+
- 'README.md'
15+
workflow_dispatch:
16+
17+
env:
18+
DAGGER_VERSION: "0.14.0"
19+
DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY }}
20+
DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY }}
21+
DOCKER_REGISTRY_USERNAME: ${{ vars.DOCKER_REGISTRY_USERNAME }}
22+
DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
23+
GH_DOCKER_REPOSITORY: ${{ vars.GH_DOCKER_REPOSITORY }}
24+
GH_HELM_REPOSITORY: ${{ vars.GH_HELM_REPOSITORY }}
25+
26+
jobs:
27+
docker-unstable:
28+
if: github.ref == 'refs/heads/init' && github.event_name == 'push'
29+
30+
name: Push Docker image
31+
runs-on: ubuntu-latest
32+
33+
strategy:
34+
matrix:
35+
target: ["debug", "prod"]
36+
37+
permissions:
38+
contents: read
39+
packages: write
40+
attestations: write
41+
id-token: write
42+
43+
steps:
44+
- name: Checkout
45+
uses: actions/checkout@v4
46+
47+
- name: Set short SHA
48+
id: sha
49+
run: echo "short_sha=${GITHUB_SHA::7}" >> $GITHUB_ENV
50+
51+
- name: Set image tag
52+
id: tag
53+
run: |
54+
if [ "${{ github.ref }}" == "refs/heads/init" ]; then
55+
if [[ "${{ matrix.target }}" == "debug" ]]; then
56+
echo "tag=unstable-debug" >> $GITHUB_ENV
57+
else
58+
echo "tag=unstable" >> $GITHUB_ENV
59+
fi
60+
else
61+
if [[ "${{ matrix.target }}" == "debug" ]]; then
62+
echo "tag=build-${{ env.short_sha }}-debug" >> $GITHUB_ENV
63+
else
64+
echo "tag=build-${{ env.short_sha }}" >> $GITHUB_ENV
65+
fi
66+
fi
67+
68+
- name: Publish Docker image to Github
69+
uses: dagger/dagger-for-github@v7.0.1
70+
env:
71+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
72+
with:
73+
version: ${{ env.DAGGER_VERSION }}
74+
engine-stop: false
75+
module: github.com/opopops/daggerverse/docker@v1.1.0
76+
verb: call
77+
args: |
78+
--registry=ghcr.io \
79+
--username=${{ github.actor }} \
80+
--password=env:GH_REGISTRY_PASSWORD \
81+
build \
82+
--context=. \
83+
--target=${{ matrix.target }} \
84+
--platform=linux/amd64,linux/arm64 \
85+
publish \
86+
--image=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.tag }} \
87+
ref \
88+
89+
- name: Copy Docker image to Docker Hub
90+
uses: dagger/dagger-for-github@v7.0.1
91+
env:
92+
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
93+
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
94+
DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
95+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
96+
with:
97+
version: ${{ env.DAGGER_VERSION }}
98+
engine-stop: false
99+
module: github.com/opopops/daggerverse/crane@v1.1.0
100+
verb: call
101+
args: |
102+
with-registry-auth \
103+
--address=ghcr.io \
104+
--username=${{ github.actor }} \
105+
--secret=env:GH_REGISTRY_PASSWORD \
106+
with-registry-auth \
107+
--address=$DOCKER_REGISTRY \
108+
--username=$DOCKER_REGISTRY_USERNAME \
109+
--secret=env:DOCKER_REGISTRY_PASSWORD \
110+
copy \
111+
--source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.tag }} \
112+
--target=${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}:${{ env.tag }} \
113+
114+
- name: Scan Docker image
115+
uses: dagger/dagger-for-github@v7.0.1
116+
env:
117+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
118+
with:
119+
version: ${{ env.DAGGER_VERSION }}
120+
module: github.com/opopops/daggerverse/grype@v1.1.0
121+
verb: call
122+
args: |
123+
with-registry-auth \
124+
--address=ghcr.io \
125+
--username=${{ github.actor }} \
126+
--secret=env:GH_REGISTRY_PASSWORD \
127+
scan \
128+
--source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.tag }} \
129+
130+
helm-unstable:
131+
if: github.ref == 'refs/heads/init' && github.event_name == 'push'
132+
name: Push Helm Chart
133+
runs-on: ubuntu-latest
134+
135+
permissions:
136+
contents: read
137+
packages: write
138+
attestations: write
139+
id-token: write
140+
141+
steps:
142+
- name: Checkout
143+
uses: actions/checkout@v4
144+
145+
- name: Lint
146+
uses: dagger/dagger-for-github@v7.0.1
147+
with:
148+
version: ${{ env.DAGGER_VERSION }}
149+
engine-stop: false
150+
module: github.com/opopops/daggerverse/helm@v1.1.0
151+
verb: call
152+
args: |
153+
lint \
154+
--path chart \
155+
--strict \
156+
157+
- name: Publish Helm chart
158+
uses: dagger/dagger-for-github@v7.0.1
159+
env:
160+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
161+
with:
162+
version: ${{ env.DAGGER_VERSION }}
163+
module: github.com/opopops/daggerverse/helm@v1.1.0
164+
verb: call
165+
args: |
166+
package-push \
167+
--path chart \
168+
--version="0.0.0" \
169+
--app-version="unstable" \
170+
--registry=ghcr.io/${GH_HELM_REPOSITORY} \
171+
--username=${{ github.actor }} \
172+
--password=env:GH_REGISTRY_PASSWORD \

.github/workflows/release.yaml

Lines changed: 145 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,145 @@
1+
name: Release
2+
3+
on:
4+
push:
5+
tags:
6+
- 'v*'
7+
8+
env:
9+
DAGGER_VERSION: "0.14.0"
10+
DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY }}
11+
DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY }}
12+
DOCKER_REGISTRY_USERNAME: ${{ vars.DOCKER_REGISTRY_USERNAME }}
13+
GH_DOCKER_REPOSITORY: ${{ vars.GH_DOCKER_REPOSITORY }}
14+
GH_HELM_REPOSITORY: ${{ vars.GH_HELM_REPOSITORY }}
15+
16+
jobs:
17+
docker:
18+
if: startsWith(github.event.ref, 'refs/tags/v')
19+
20+
name: Release Docker image
21+
runs-on: ubuntu-latest
22+
23+
strategy:
24+
matrix:
25+
target: ["debug", "prod"]
26+
27+
permissions:
28+
contents: read
29+
packages: write
30+
attestations: write
31+
id-token: write
32+
33+
steps:
34+
- name: Checkout
35+
uses: actions/checkout@v4
36+
37+
- name: Publish Docker image to GitHub
38+
uses: dagger/dagger-for-github@v7.0.1
39+
env:
40+
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
41+
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
42+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
43+
with:
44+
version: ${{ env.DAGGER_VERSION }}
45+
engine-stop: false
46+
module: github.com/opopops/daggerverse/docker@v1.1.0
47+
verb: call
48+
args: |
49+
--registry=ghcr.io \
50+
--username=${{ github.actor }} \
51+
--password=env:GH_REGISTRY_PASSWORD \
52+
build \
53+
--context=. \
54+
--target=${{ matrix.target }} \
55+
--platform=linux/amd64,linux/arm64 \
56+
publish \
57+
--image=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ github.ref_name }} \
58+
sign \
59+
--password=env:COSIGN_PASSWORD \
60+
--private-key=env:COSIGN_PRIVATE_KEY \
61+
62+
- name: Copy Docker image to Docker Hub
63+
uses: dagger/dagger-for-github@v7.0.1
64+
env:
65+
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
66+
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
67+
DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
68+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
69+
with:
70+
version: ${{ env.DAGGER_VERSION }}
71+
engine-stop: false
72+
module: github.com/opopops/daggerverse/crane@v1.1.0
73+
verb: call
74+
args: |
75+
with-registry-auth \
76+
--address=ghcr.io \
77+
--username=${{ github.actor }} \
78+
--secret=env:GH_REGISTRY_PASSWORD \
79+
with-registry-auth \
80+
--address=$DOCKER_REGISTRY \
81+
--username=$DOCKER_REGISTRY_USERNAME \
82+
--secret=env:DOCKER_REGISTRY_PASSWORD \
83+
copy \
84+
--source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ github.ref_name }} \
85+
--target=${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}:${{ github.ref_name }} \
86+
87+
- name: Scan Docker image
88+
uses: dagger/dagger-for-github@v7.0.1
89+
env:
90+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
91+
with:
92+
version: ${{ env.DAGGER_VERSION }}
93+
module: github.com/opopops/daggerverse/grype@v1.1.0
94+
verb: call
95+
args: |
96+
with-registry-auth \
97+
--address=ghcr.io \
98+
--username=${{ github.actor }} \
99+
--secret=env:GH_REGISTRY_PASSWORD \
100+
scan \
101+
--source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ github.ref_name }} \
102+
--fail-on=high \
103+
104+
105+
helm:
106+
name: Push Helm Chart
107+
runs-on: ubuntu-latest
108+
109+
permissions:
110+
contents: read
111+
packages: write
112+
attestations: write
113+
id-token: write
114+
115+
steps:
116+
- name: Checkout
117+
uses: actions/checkout@v4
118+
119+
- name: Lint
120+
uses: dagger/dagger-for-github@v7.0.1
121+
with:
122+
version: ${{ env.DAGGER_VERSION }}
123+
engine-stop: false
124+
module: github.com/opopops/daggerverse/helm@v1.1.0
125+
verb: call
126+
args: |
127+
lint \
128+
--path chart \
129+
--strict \
130+
131+
- name: Publish Helm chart
132+
uses: dagger/dagger-for-github@v7.0.1
133+
env:
134+
GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
135+
with:
136+
version: ${{ env.DAGGER_VERSION }}
137+
module: github.com/opopops/daggerverse/helm@v1.1.0
138+
verb: call
139+
args: |
140+
package-push \
141+
--path chart \
142+
--app-version="${{ github.ref_name }}" \
143+
--registry=ghcr.io/${GH_HELM_REPOSITORY} \
144+
--username=${{ github.actor }} \
145+
--password=env:GH_REGISTRY_PASSWORD \

.gitignore

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
.DS_Store
2+
.local/

0 commit comments

Comments
 (0)