diff --git a/.github/workflows/_build-app.yml b/.github/workflows/_build-app.yml index e642ea9..4ca6af6 100644 --- a/.github/workflows/_build-app.yml +++ b/.github/workflows/_build-app.yml @@ -8,6 +8,11 @@ on: required: false type: boolean default: false + push-images: + description: "Push images to registries" + required: false + type: boolean + default: true secrets: DOCKERHUB_USERNAME: required: true @@ -15,7 +20,7 @@ on: required: true jobs: - build-and-push-app: + build: runs-on: ubuntu-latest permissions: contents: read @@ -61,7 +66,7 @@ jobs: with: context: . file: ./Dockerfile - push: true + push: ${{ inputs.push-images }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: ${{ inputs.enable-cache && 'type=gha' || '' }} diff --git a/.github/workflows/_build-builder.yml b/.github/workflows/_build-builder.yml index 1386fe2..20bbcd5 100644 --- a/.github/workflows/_build-builder.yml +++ b/.github/workflows/_build-builder.yml @@ -8,6 +8,11 @@ on: required: false type: boolean default: false + push-images: + description: "Push images to registries" + required: false + type: boolean + default: true secrets: DOCKERHUB_USERNAME: required: true @@ -15,7 +20,7 @@ on: required: true jobs: - build-and-push-builder: + build: runs-on: ubuntu-latest permissions: contents: read @@ -61,7 +66,7 @@ jobs: with: context: ./plugins/builder file: ./plugins/builder/Dockerfile - push: true + push: ${{ inputs.push-images }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: ${{ inputs.enable-cache && 'type=gha' || '' }} diff --git a/.github/workflows/_upload-scripts.yml b/.github/workflows/_upload-scripts.yml new file mode 100644 index 0000000..e19548c --- /dev/null +++ b/.github/workflows/_upload-scripts.yml @@ -0,0 +1,47 @@ +name: Upload Scripts (Reusable) + +on: + workflow_call: + secrets: + SCRIPTS_BUCKET_ACCOUNT_ID: + required: true + SCRIPTS_BUCKET_ACCESS_KEY_ID: + required: true + SCRIPTS_BUCKET_SECRET_ACCESS_KEY: + required: true + SCRIPTS_BUCKET_NAME: + required: true + +jobs: + upload: + runs-on: ubuntu-latest + permissions: + contents: read + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Extract version from tag + id: version + run: | + if [[ "${{ github.ref }}" == refs/tags/* ]]; then + VERSION=${GITHUB_REF#refs/tags/} + else + VERSION="latest" + fi + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Replace version placeholder in YAML files + run: | + sed -i "s|{{.App.Version}}|${{ steps.version.outputs.version }}|g" ./scripts/install/cloudness-app.yaml + + - name: Upload Script files + uses: ryand56/r2-upload-action@latest + with: + r2-account-id: ${{ secrets.SCRIPTS_BUCKET_ACCOUNT_ID }} + r2-access-key-id: ${{ secrets.SCRIPTS_BUCKET_ACCESS_KEY_ID }} + r2-secret-access-key: ${{ secrets.SCRIPTS_BUCKET_SECRET_ACCESS_KEY }} + r2-bucket: ${{ secrets.SCRIPTS_BUCKET_NAME }} + source-dir: ./scripts/install + destination-dir: ./ diff --git a/.github/workflows/cloudness-build.yml b/.github/workflows/cloudness-build.yml index 3b3b42d..022b4b4 100644 --- a/.github/workflows/cloudness-build.yml +++ b/.github/workflows/cloudness-build.yml @@ -10,7 +10,8 @@ env: IMAGE_NAME: ${{ github.repository }} jobs: - build-and-push-app: + build-cloudness-app: + name: Cloudness App permissions: contents: read packages: write diff --git a/.github/workflows/cloudness-builder.yml b/.github/workflows/cloudness-builder.yml index 72fb28f..a7b41d9 100644 --- a/.github/workflows/cloudness-builder.yml +++ b/.github/workflows/cloudness-builder.yml @@ -15,7 +15,8 @@ env: IMAGE_NAME: ${{ github.repository }} jobs: - build-and-push-builder: + build-cloudness-builder: + name: Builder Plugin permissions: contents: read packages: write diff --git a/.github/workflows/cloudness-release.yml b/.github/workflows/cloudness-release.yml index ff1983c..c55b5e3 100644 --- a/.github/workflows/cloudness-release.yml +++ b/.github/workflows/cloudness-release.yml @@ -12,7 +12,8 @@ env: IMAGE_NAME: ${{ github.repository }} jobs: - build-and-push-app: + build-cloudness-app: + name: Cloudness App permissions: contents: read packages: write @@ -23,7 +24,8 @@ jobs: DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - build-and-push-builder: + build-cloudness-builder: + name: Builder Plugin permissions: contents: read packages: write @@ -35,35 +37,13 @@ jobs: DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} upload-scripts: - runs-on: ubuntu-latest - needs: [build-and-push-app, build-and-push-builder] + name: Upload Scripts + needs: [build-cloudness-app, build-cloudness-builder] permissions: contents: read - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Extract version from tag - id: version - run: | - if [[ "${{ github.ref }}" == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - else - VERSION="latest" - fi - echo "version=$VERSION" >> $GITHUB_OUTPUT - - - name: Replace version placeholder in YAML files - run: | - sed -i "s|{{.App.Version}}|${{ steps.version.outputs.version }}|g" ./scripts/install/cloudness-app.yaml - - - name: Upload Script files - uses: ryand56/r2-upload-action@latest - with: - r2-account-id: ${{ secrets.SCRIPTS_BUCKET_ACCOUNT_ID }} - r2-access-key-id: ${{ secrets.SCRIPTS_BUCKET_ACCESS_KEY_ID }} - r2-secret-access-key: ${{ secrets.SCRIPTS_BUCKET_SECRET_ACCESS_KEY }} - r2-bucket: ${{ secrets.SCRIPTS_BUCKET_NAME }} - source-dir: ./scripts/install - destination-dir: ./ + uses: ./.github/workflows/_upload-scripts.yml + secrets: + SCRIPTS_BUCKET_ACCOUNT_ID: ${{ secrets.SCRIPTS_BUCKET_ACCOUNT_ID }} + SCRIPTS_BUCKET_ACCESS_KEY_ID: ${{ secrets.SCRIPTS_BUCKET_ACCESS_KEY_ID }} + SCRIPTS_BUCKET_SECRET_ACCESS_KEY: ${{ secrets.SCRIPTS_BUCKET_SECRET_ACCESS_KEY }} + SCRIPTS_BUCKET_NAME: ${{ secrets.SCRIPTS_BUCKET_NAME }} diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml new file mode 100644 index 0000000..47e127c --- /dev/null +++ b/.github/workflows/pr-validation.yml @@ -0,0 +1,33 @@ +name: PR Validation + +on: + pull_request: + branches: + - main + +jobs: + validate-app: + name: Validate App + permissions: + contents: read + packages: read + uses: ./.github/workflows/_build-app.yml + with: + enable-cache: true + push-images: false + secrets: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + + validate-builder: + name: Validate Builder + permissions: + contents: read + packages: read + uses: ./.github/workflows/_build-builder.yml + with: + enable-cache: true + push-images: false + secrets: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}