DefGuard · moubctez · Aug 15, 2024 · Dec 18, 2023 · Dec 18, 2023 · Dec 18, 2023
diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
@@ -0,0 +1,80 @@
+name: Build Docker image
+
+on:
+  workflow_call:
+    inputs:
+      tags:
+        description: "List of tags as key-value pair attributes"
+        required: false
+        type: string
+
+env:
+  GHCR_REPO: ghcr.io/defguard/defguard
+
+jobs:
+  build-docker:
+    runs-on:
+      - self-hosted
+      - Linux
+      - ${{ matrix.runner }}
+    strategy:
+      matrix:
+        cpu: [arm64, amd64]
+        include:
+          - cpu: arm64
+            runner: ARM64
+          - cpu: amd64
+            runner: X64
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: Login to GitHub container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          buildkitd-config-inline: |
+            [registry."docker.io"]
+              mirrors = ["dockerhub-proxy.teonite.net"]
+      - name: Build container
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/${{ matrix.cpu }}
+          provenance: false
+          push: true
+          tags: ${{ env.GHCR_REPO }}:${{ github.sha }}-${{ matrix.cpu }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  docker-manifest:
+    runs-on: [self-hosted, Linux]
+    needs: [build-docker]
+    steps:
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.GHCR_REPO }}
+          tags: ${{ inputs.tags }}
+      - name: Login to GitHub container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create manifest
+        run: |
+          docker manifest create ${{ env.GHCR_REPO }}:${{ github.sha }} \
+            ${{ env.GHCR_REPO }}:${{ github.sha }}-amd64 \
+            ${{ env.GHCR_REPO }}:${{ github.sha }}-arm64
+      - name: Push manifest
+        run: |
+          docker manifest push ${{ env.GHCR_REPO }}:${{ github.sha }}
diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml
@@ -4,51 +4,28 @@ on:
     branches:
       - main
       - dev
+      - build_multiarch
     paths-ignore:
       - "*.md"
       - "LICENSE"
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  GHCR_REPO: ghcr.io/defguard/defguard
+
 jobs:
-  build-docker:
-    runs-on: [self-hosted, Linux, X64]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          submodules: recursive
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ghcr.io/defguard/defguard
-          tags: |
-            type=raw,value=current
-            type=ref,event=branch
-            type=sha
-      - name: Login to GitHub container registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          buildkitd-config-inline: |
-            [registry."docker.io"]
-              mirrors = ["dockerhub-proxy.teonite.net"]
-      - name: Build container
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          platforms: linux/amd64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-  trigger-e2e:
-    needs: build-docker
-    uses: ./.github/workflows/e2e.yml
-    secrets: inherit
+  build-current:
+    uses: ./.github/workflows/build-docker.yml
+    with:
+      tags: |
+        type=raw,value=current
+        type=ref,event=branch
+        type=sha
+
+  # trigger-e2e:
+  #   needs: docker-manifest
+  #   uses: ./.github/workflows/e2e.yml
+  #   secrets: inherit
diff --git a/.github/workflows/dev-deployment.yml b/.github/workflows/dev-deployment.yml
@@ -15,6 +15,6 @@ jobs:
       - name: Add SHORT_SHA env variable
         run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-7`" >> $GITHUB_ENV
       - name: Deploy new image version
-        uses: actions-hub/kubectl@v1.30.0
+        uses: actions-hub/kubectl@v1.30.3
         with:
           args: --namespace defguard-dev set image deployment/defguard defguard=ghcr.io/defguard/defguard:sha-${{ env.SHORT_SHA }}
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -16,44 +16,23 @@ env:
 jobs:
   rustdoc:
     runs-on: [self-hosted, Linux, X64]
-    container: rust:1.77
-    services:
-      postgres:
-        image: postgres:15-alpine
-        env:
-          POSTGRES_DB: defguard
-          POSTGRES_USER: defguard
-          POSTGRES_PASSWORD: defguard
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-
+    container: rust:1-slim
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
           submodules: recursive
 
-      - name: Set database URL
-        run: sed -i -e 's,localhost,postgres,' .env
-
       - name: Install protoc
         run: apt-get update && apt-get -y install protobuf-compiler
 
       - name: Build Docs
         env:
-          DEFGUARD_DB_HOST: postgres
-          DEFGUARD_DB_PORT: 5432
-          DEFGUARD_DB_NAME: defguard
-          DEFGUARD_DB_USER: defguard
-          DEFGUARD_DB_PASSWORD: defguard
           SQLX_OFFLINE: true
-        run: cargo doc --all --no-deps
+        run: cargo doc --no-deps --workspace
 
       - name: Deploy Docs
-        uses: peaceiris/actions-gh-pages@v3
+        uses: peaceiris/actions-gh-pages@v4
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_branch: gh-pages

diff --git a/.github/workflows/lint-e2e.yml b/.github/workflows/lint-e2e.yml
@@ -19,7 +19,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: 19
+          node-version: 20
       - name: install deps
         working-directory: ./e2e
         run: |

diff --git a/.github/workflows/lint-web.yml b/.github/workflows/lint-web.yml
@@ -21,7 +21,7 @@ jobs:
           submodules: "recursive"
       - uses: actions/setup-node@v4
         with:
-          node-version: 19
+          node-version: 20
       - name: install deps
         working-directory: ./web
         run: |

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -9,49 +9,14 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  publish-docker:
-    runs-on: [self-hosted, Linux, X64]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          submodules: recursive
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ghcr.io/DefGuard/defguard
-          tags: |
-            type=raw,value=latest
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=sha
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker BuildX
-        uses: docker/setup-buildx-action@v3
-        with:
-          buildkitd-config-inline: |
-            [registry."docker.io"]
-              mirrors = ["dockerhub-proxy.teonite.net"]
-      - name: Login to GitHub container registry
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build container
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          platforms: linux/amd64, linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+  build-latest:
+    uses: ./.github/workflows/build-docker.yml
+    with:
+      tags: |
+        type=raw,value=latest
+        type=semver,pattern={{version}}
+        type=semver,pattern={{major}}.{{minor}}
+        type=sha
 
   create-release:
     name: create-release
@@ -61,14 +26,14 @@ jobs:
     steps:
       - name: Create GitHub release
         id: release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         if: startsWith(github.ref, 'refs/tags/')
         with:
           draft: true
           generate_release_notes: true
 
   build-binaries:
-    needs: ["create-release"]
+    needs: [create-release]
     runs-on:
       - self-hosted
       - ${{ matrix.os }}