fail2ban-dashboard/.github/workflows/release.yml at main · webishdev/fail2ban-dashboard · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: Create fail2ban-dashboard release

on:
  release:
    types: [published]

permissions:
  contents: write

env:
  CGO_ENABLED: 0
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:

  build:
    runs-on: ubuntu-latest
    permissions:
      contents: write

    steps:
      - name: Show tag
        run: echo "Building for release ${{ github.event.release.tag_name }}"

      - uses: actions/checkout@v4

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: 'go.mod'

      - name: Display Go version
        run: go version

      - name: Test
        run: |
          make test

      - name: Build
        run: |
          VERSION_INPUT=${{ github.event.release.tag_name }}
          CURRENT_VERSION=${VERSION_INPUT:-"ci"}
          make build-all VERSION=$CURRENT_VERSION

      - name: golangci-lint
        uses: golangci/golangci-lint-action@v8
        with:
          version: v2.9.0

      - name: Upload build result
        uses: actions/upload-artifact@v4
        with:
          name: build_result
          path: bin/**
          retention-days: 1

  build-and-push-image:
    runs-on: ubuntu-latest
    needs: build
    permissions:
      contents: read
      packages: write
      attestations: write
      id-token: write
    steps:
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Retrieve artifacts
        uses: actions/download-artifact@v4
        with:
          pattern: build_result
          merge-multiple: true
          path: bin

      - name: Display structure of downloaded files
        run: ls -hR

      - name: Log in to the Container registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

      - name: Build and push Docker image
        id: push
        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ghcr.io/${{ github.repository_owner }}/fail2ban-dashboard:${{ github.event.release.tag_name }},ghcr.io/${{ github.repository_owner }}/fail2ban-dashboard:latest
          labels: ${{ steps.meta.outputs.labels }}

      - name: Generate artifact attestation
        uses: actions/attest-build-provenance@v1
        with:
          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          subject-digest: ${{ steps.push.outputs.digest }}
          push-to-registry: true

  update-release:
    runs-on: ubuntu-latest
    needs: ["build", "build-and-push-image"]
    steps:
      - name: Retrieve artifacts
        uses: actions/download-artifact@v4
        with:
          pattern: build_result
          merge-multiple: true
          path: bin

      - name: Display structure of downloaded files
        run: ls -hR

      - name: Create compressed archives
        run: |
          # Create tar.gz archive
          cd bin/linux/amd64 && tar -czf ../fail2ban-dashboard-${{ github.event.release.tag_name }}-linux-amd64.tar.gz . && cd ..
          cd bin/linux/arm64 && tar -czf ../fail2ban-dashboard-${{ github.event.release.tag_name }}-linux-arm64.tar.gz . && cd ..

          sha256sum fail2ban-dashboard-${{ github.event.release.tag_name }}-linux-amd64.tar.gz >> SHA256SUMS

          cat SHA256SUMS

      - name: Display created files
        run: ls -hR

      - uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ github.event.release.tag_name }}
          append_body: true
          body: |
            ## Binary Downloads
            The compiled binary for Linux are attached to this release as compressed archives.

            ## Docker Container
            Docker images are available at:
            - **Tagged version**: `ghcr.io/${{ github.repository_owner }}/fail2ban-dashboard:${{ github.event.release.tag_name }}`
            - **Latest version**: `ghcr.io/${{ github.repository_owner }}/fail2ban-dashboard:latest`
          files: |
            **/*.tar.gz
            SHA256SUMS