mirror of
https://github.com/MODSetter/SurfSense.git
synced 2026-04-27 09:46:25 +02:00
2b7465cdaa
Remove all Electric SQL client code, Docker service, env vars, CI build args, install scripts, and documentation. Feature hooks that depend on Electric are intentionally left in place to be rewritten with Rocicorp Zero in subsequent commits. Deleted: - lib/electric/ (client.ts, context.ts, auth.ts, baseline.ts) - ElectricProvider.tsx - docker/scripts/init-electric-user.sh - content/docs/how-to/electric-sql.mdx Cleaned: - package.json (4 @electric-sql/* deps) - app/layout.tsx, UserDropdown.tsx, LayoutDataProvider.tsx - docker-compose.yml, docker-compose.dev.yml - Dockerfile, docker-entrypoint.js - .env.example (frontend, docker, backend) - CI workflows, install scripts, docs
265 lines
9.2 KiB
YAML
265 lines
9.2 KiB
YAML
name: Build and Push Docker Images
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- dev
|
|
paths:
|
|
- 'surfsense_backend/**'
|
|
- 'surfsense_web/**'
|
|
workflow_dispatch:
|
|
inputs:
|
|
branch:
|
|
description: 'Branch to build from (leave empty for default branch)'
|
|
required: false
|
|
default: ''
|
|
|
|
concurrency:
|
|
group: docker-build
|
|
cancel-in-progress: false
|
|
|
|
permissions:
|
|
contents: write
|
|
packages: write
|
|
|
|
jobs:
|
|
tag_release:
|
|
runs-on: ubuntu-latest
|
|
if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || github.event_name == 'workflow_dispatch'
|
|
outputs:
|
|
new_tag: ${{ steps.tag_version.outputs.next_version }}
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
ref: ${{ github.event.inputs.branch }}
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Read app version and calculate next Docker build version
|
|
id: tag_version
|
|
run: |
|
|
APP_VERSION=$(grep -E '^version = ' surfsense_backend/pyproject.toml | sed 's/version = "\(.*\)"/\1/')
|
|
echo "App version from pyproject.toml: $APP_VERSION"
|
|
|
|
if [ -z "$APP_VERSION" ]; then
|
|
echo "Error: Could not read version from surfsense_backend/pyproject.toml"
|
|
exit 1
|
|
fi
|
|
|
|
git fetch --tags
|
|
|
|
LATEST_BUILD_TAG=$(git tag --list "${APP_VERSION}.*" --sort='-v:refname' | head -n 1)
|
|
|
|
if [ -z "$LATEST_BUILD_TAG" ]; then
|
|
echo "No previous Docker build tag found for version ${APP_VERSION}. Starting with ${APP_VERSION}.1"
|
|
NEXT_VERSION="${APP_VERSION}.1"
|
|
else
|
|
echo "Latest Docker build tag found: $LATEST_BUILD_TAG"
|
|
BUILD_NUMBER=$(echo "$LATEST_BUILD_TAG" | rev | cut -d. -f1 | rev)
|
|
NEXT_BUILD=$((BUILD_NUMBER + 1))
|
|
NEXT_VERSION="${APP_VERSION}.${NEXT_BUILD}"
|
|
fi
|
|
|
|
echo "Calculated next Docker version: $NEXT_VERSION"
|
|
echo "next_version=$NEXT_VERSION" >> $GITHUB_OUTPUT
|
|
|
|
- name: Create and Push Tag
|
|
run: |
|
|
git config --global user.name 'github-actions[bot]'
|
|
git config --global user.email 'github-actions[bot]@users.noreply.github.com'
|
|
|
|
NEXT_TAG="${{ steps.tag_version.outputs.next_version }}"
|
|
COMMIT_SHA=$(git rev-parse HEAD)
|
|
echo "Tagging commit $COMMIT_SHA with $NEXT_TAG"
|
|
|
|
git tag -a "$NEXT_TAG" -m "Docker build $NEXT_TAG"
|
|
echo "Pushing tag $NEXT_TAG to origin"
|
|
git push origin "$NEXT_TAG"
|
|
|
|
- name: Verify Tag Push
|
|
run: |
|
|
echo "Checking if tag ${{ steps.tag_version.outputs.next_version }} exists remotely..."
|
|
sleep 5
|
|
git ls-remote --tags origin | grep "refs/tags/${{ steps.tag_version.outputs.next_version }}" || (echo "Tag push verification failed!" && exit 1)
|
|
echo "Tag successfully pushed."
|
|
|
|
build:
|
|
needs: tag_release
|
|
if: always() && (needs.tag_release.result == 'success' || needs.tag_release.result == 'skipped')
|
|
runs-on: ${{ matrix.os }}
|
|
permissions:
|
|
packages: write
|
|
contents: read
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
platform: [linux/amd64, linux/arm64]
|
|
image: [backend, web]
|
|
include:
|
|
- platform: linux/amd64
|
|
suffix: amd64
|
|
os: ubuntu-latest
|
|
- platform: linux/arm64
|
|
suffix: arm64
|
|
os: ubuntu-24.04-arm
|
|
- image: backend
|
|
name: surfsense-backend
|
|
context: ./surfsense_backend
|
|
file: ./surfsense_backend/Dockerfile
|
|
- image: web
|
|
name: surfsense-web
|
|
context: ./surfsense_web
|
|
file: ./surfsense_web/Dockerfile
|
|
env:
|
|
REGISTRY_IMAGE: ghcr.io/${{ github.repository_owner }}/${{ matrix.name }}
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set lowercase image name
|
|
id: image
|
|
run: echo "name=${REGISTRY_IMAGE,,}" >> $GITHUB_OUTPUT
|
|
|
|
- name: Docker meta
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ steps.image.outputs.name }}
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Free up disk space
|
|
run: |
|
|
sudo rm -rf /usr/share/dotnet
|
|
sudo rm -rf /opt/ghc
|
|
sudo rm -rf /usr/local/share/boost
|
|
sudo rm -rf "$AGENT_TOOLSDIRECTORY" || true
|
|
docker system prune -af
|
|
|
|
- name: Build and push by digest ${{ matrix.name }} (${{ matrix.suffix }})
|
|
id: build
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: ${{ matrix.context }}
|
|
file: ${{ matrix.file }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
tags: ${{ steps.image.outputs.name }}
|
|
outputs: type=image,push-by-digest=true,name-canonical=true,push=true
|
|
platforms: ${{ matrix.platform }}
|
|
cache-from: type=gha,scope=${{ matrix.image }}-${{ matrix.suffix }}
|
|
cache-to: type=gha,mode=max,scope=${{ matrix.image }}-${{ matrix.suffix }}
|
|
provenance: false
|
|
build-args: |
|
|
${{ matrix.image == 'web' && 'NEXT_PUBLIC_FASTAPI_BACKEND_URL=__NEXT_PUBLIC_FASTAPI_BACKEND_URL__' || '' }}
|
|
${{ matrix.image == 'web' && 'NEXT_PUBLIC_FASTAPI_BACKEND_AUTH_TYPE=__NEXT_PUBLIC_FASTAPI_BACKEND_AUTH_TYPE__' || '' }}
|
|
${{ matrix.image == 'web' && 'NEXT_PUBLIC_ETL_SERVICE=__NEXT_PUBLIC_ETL_SERVICE__' || '' }}
|
|
${{ matrix.image == 'web' && 'NEXT_PUBLIC_DEPLOYMENT_MODE=__NEXT_PUBLIC_DEPLOYMENT_MODE__' || '' }}
|
|
|
|
- name: Export digest
|
|
run: |
|
|
mkdir -p /tmp/digests
|
|
digest="${{ steps.build.outputs.digest }}"
|
|
touch "/tmp/digests/${digest#sha256:}"
|
|
|
|
- name: Upload digest
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: digests-${{ matrix.image }}-${{ matrix.suffix }}
|
|
path: /tmp/digests/*
|
|
if-no-files-found: error
|
|
retention-days: 1
|
|
|
|
create_manifest:
|
|
runs-on: ubuntu-latest
|
|
needs: [tag_release, build]
|
|
if: always() && needs.build.result == 'success'
|
|
permissions:
|
|
packages: write
|
|
contents: read
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- name: surfsense-backend
|
|
image: backend
|
|
- name: surfsense-web
|
|
image: web
|
|
env:
|
|
REGISTRY_IMAGE: ghcr.io/${{ github.repository_owner }}/${{ matrix.name }}
|
|
|
|
steps:
|
|
- name: Set lowercase image name
|
|
id: image
|
|
run: echo "name=${REGISTRY_IMAGE,,}" >> $GITHUB_OUTPUT
|
|
|
|
- name: Download amd64 digest
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: digests-${{ matrix.image }}-amd64
|
|
path: /tmp/digests
|
|
|
|
- name: Download arm64 digest
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: digests-${{ matrix.image }}-arm64
|
|
path: /tmp/digests
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Compute app version
|
|
id: appver
|
|
run: |
|
|
VERSION_TAG="${{ needs.tag_release.outputs.new_tag }}"
|
|
if [ -n "$VERSION_TAG" ]; then
|
|
APP_VERSION=$(echo "$VERSION_TAG" | rev | cut -d. -f2- | rev)
|
|
else
|
|
APP_VERSION=""
|
|
fi
|
|
echo "app_version=$APP_VERSION" >> $GITHUB_OUTPUT
|
|
|
|
- name: Docker meta
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ steps.image.outputs.name }}
|
|
tags: |
|
|
type=raw,value=${{ needs.tag_release.outputs.new_tag }},enable=${{ needs.tag_release.outputs.new_tag != '' }}
|
|
type=raw,value=${{ steps.appver.outputs.app_version }},enable=${{ needs.tag_release.outputs.new_tag != '' && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || github.event.inputs.branch == github.event.repository.default_branch) }}
|
|
type=ref,event=branch
|
|
type=sha,prefix=git-
|
|
flavor: |
|
|
latest=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || github.event.inputs.branch == github.event.repository.default_branch }}
|
|
|
|
- name: Create manifest list and push
|
|
working-directory: /tmp/digests
|
|
run: |
|
|
docker buildx imagetools create \
|
|
$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
|
|
$(printf '${{ steps.image.outputs.name }}@sha256:%s ' *)
|
|
- name: Inspect image
|
|
run: |
|
|
docker buildx imagetools inspect ${{ steps.image.outputs.name }}:${{ steps.meta.outputs.version }}
|
|
|
|
- name: Summary
|
|
run: |
|
|
echo "Multi-arch manifest created for ${{ matrix.name }}!"
|
|
echo "Tags: $(jq -cr '.tags | join(", ")' <<< "$DOCKER_METADATA_OUTPUT_JSON")"
|