Refactor workflows

Trigus42 · Oct 4, 2024 · 8821e0e · 8821e0e
1 parent 1e08e36
commit 8821e0e
Show file tree

Hide file tree

Showing 8 changed files with 340 additions and 186 deletions.
diff --git a/.github/actions/build-push-info/action.yml b/.github/actions/build-push-info/action.yml
@@ -0,0 +1,78 @@
+name: build-push-info
+
+description: Get docker tags and other version related infos
+
+inputs:
+ qbt_tag:
+ description: "qBittorrent release tag"
+ required: false
+ docker_tag:
+ description: "docker tag"
+ required: false
+
+outputs:
+ qbt_release_tag:
+ description: "The qBittorrent release tag"
+ value: ${{ steps.qbt-release.outputs.release_tag }}
+ qbt_version_number:
+ description: "The extracted version number from the release tag"
+ value: ${{ steps.qbt-release.outputs.version_number }}
+ date:
+ description: "Current UTC date in YYYYMMDD format"
+ value: ${{ steps.env-info.outputs.date }}
+ short_sha:
+ description: "Short SHA of the current commit"
+ value: ${{ steps.env-info.outputs.short_sha }}
+ tags:
+ description: "Docker tags to publish"
+ value: ${{ steps.docker-tags.outputs.tags }}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Get latest release or use provided tag
+ id: qbt-release
+ uses: ./.github/actions/get-qbt-release
+ with:
+ qbt_tag: ${{ inputs.qbt_tag }}
+
+ - name: Setup additional environment variables
+ id: env-info
+ shell: bash
+ run: |
+ echo "date=$(date -u +%Y%m%d)" | tee -a $GITHUB_OUTPUT
+ echo "short_sha=$(git rev-parse --short HEAD)" | tee -a $GITHUB_OUTPUT
+
+ - name: Set up Docker Tags
+ id: docker-tags
+ shell: bash
+ run: |
+ GHCR_REPO="ghcr.io/trigus42/alpine-qbittorrentvpn"
+ DOCKERHUB_REPO="trigus42/qbittorrentvpn"
+
+ if [[ -n "${{ inputs.docker_tag }}" ]]; then
+ TAGS_NAMES=(
+ ${{ inputs.docker_tag }}
+ )
+ elif [ "${{ github.ref_name }}" == "master" ]; then
+ TAGS_NAMES=(
+ "latest"
+ "qbt${{ steps.qbt-release.outputs.version_number }}"
+ "qbt${{ steps.qbt-release.outputs.version_number }}-${{ steps.env-info.outputs.date }}"
+ )
+ fi
+
+ TAGS_NAMES+=(
+ "${{ github.head_ref || github.ref_name }}"
+ "${{ github.sha }}"
+ "${{ github.sha }}-qbt${{ steps.qbt-release.outputs.version_number }}"
+ )
+
+ # Prepare the tags for both repositories
+ DOCKER_TAGS=()
+ for tag in "${TAGS_NAMES[@]}"; do
+ DOCKER_TAGS+=("$GHCR_REPO:$tag")
+ DOCKER_TAGS+=("$DOCKERHUB_REPO:$tag")
+ done
+
+ bash .github/helper/setOutput.sh "tags" "$(IFS=$'\n'; echo "${DOCKER_TAGS[*]}")"
diff --git a/.github/actions/docker-setup/action.yml b/.github/actions/docker-setup/action.yml
@@ -0,0 +1,46 @@
+name: docker-setup
+
+description: Setup Docker environment for QEMU, Buildx, and registry logins
+
+inputs:
+ login_enabled:
+ type: boolean
+ description: "Enable or disable all logins"
+ default: true
+ required: false
+ github_token:
+ type: string
+ description: "Set to enable GitHub Container Registry login"
+ required: false
+ dockerhub_username:
+ type: string
+ description: "Set to enable DockerHub login"
+ required: false
+ dockerhub_token:
+ type: string
+ description: "Set to enable DockerHub login"
+ required: false
+
+runs:
+ using: "composite"
+ steps:
+ - name: Set up QEMU
+ uses: docker/setup-qemu-action@v3
+
+ - name: Setup Docker buildx
+ uses: docker/setup-buildx-action@v3
+
+ - name: Login to GitHub Container Registry
+ if: ${{ inputs.login_enabled && inputs.github_token }}
+ uses: docker/login-action@v3
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ inputs.github_token }}
+
+ - name: Login to Docker Hub
+ if: ${{ inputs.login_enabled && inputs.dockerhub_username && inputs.dockerhub_token }}
+ uses: docker/login-action@v3
+ with:
+ username: ${{ inputs.dockerhub_username }}
+ password: ${{ inputs.dockerhub_token }}
diff --git a/.github/actions/get-qbt-release/action.yml b/.github/actions/get-qbt-release/action.yml
@@ -0,0 +1,32 @@
+name: get-qbt-release
+
+description: Get latest qbt release tag
+
+inputs:
+ qbt_tag:
+ description: "qBittorrent release tag"
+ required: false
+
+outputs:
+ release_tag:
+ description: "The qBittorrent release tag"
+ value: ${{ steps.qbt-release.outputs.release_tag }}
+ version_number:
+ description: "The extracted version number from the release tag"
+ value: ${{ steps.qbt-release.outputs.version_number }}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Get latest release or use provided tag
+ id: qbt-release
+ shell: bash
+ run: |
+ if [ -z "${{ inputs.qbt_tag }}"]; then
+ echo "No qBittorrent tag provided, fetching latest release..."
+ RELEASE_TAG=$(curl -s https://api.github.com/repos/userdocs/qbittorrent-nox-static/releases/latest | jq -r '.tag_name')
+ else
+ RELEASE_TAG=${{ inputs.qbt_tag }}
+ fi
+ echo "release_tag=$RELEASE_TAG" | tee -a $GITHUB_OUTPUT
+ echo "version_number=$(echo $RELEASE_TAG | grep -P "\d(\.\d+)+" -o | head -n 1)" | tee -a $GITHUB_OUTPUT
diff --git a/.github/actions/sign-docker-image/action.yml b/.github/actions/sign-docker-image/action.yml
@@ -0,0 +1,28 @@
+name: sign-docker-image
+
+description: Sign the Docker image using cosign
+
+inputs:
+ digest:
+ type: string
+ description: "The image digest to sign"
+ required: true
+ tags:
+ type: string
+ description: "The image tags to sign"
+ required: true
+
+runs:
+ using: "composite"
+ steps:
+ - name: Install cosign
+ uses: sigstore/cosign-installer@v3
+ with:
+ cosign-release: 'v2.2.4'
+
+ - name: Sign Docker image
+ env:
+ COSIGN_EXPERIMENTAL: "true"
+ shell: bash
+ run: |
+ echo "${{ inputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ inputs.digest }}
diff --git a/.github/helper/setOutput.sh b/.github/helper/setOutput.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# Description: This script is used to set the output for the GitHub action. 
+# It writes the output to the file specified by the GITHUB_OUTPUT environment variable. 
+# The output is formatted as name<<delimiter followed by the value and then the delimiter. 
+# This allows for arrays to be passed as output. However they must be joined to a string
+# using newline characters before like so: "$(IFS=$'\n'; echo "${ARRAY[*]}")""
+
+# Arguments:
+# $1: name of the output
+# $2: value of the output
+
+name=$1
+value=$2
+
+filePath="${GITHUB_OUTPUT}"
+delimiter="ghadelimiter_$(uuidgen)"
+
+# Shouldn't happen, but just in case
+if [[ "$name" == *"$delimiter"* ]]; then
+ echo "Error: name contains the delimiter $delimiter"
+ return 1
+fi
+
+# Write to the output file with the formatted message
+echo "${name}<<${delimiter}" >> "$filePath"
+echo "${value}" >> "$filePath"
+echo "${delimiter}" >> "$filePath"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,117 @@
+name: Build Docker Image
+
+on:
+ push:
+ branches: [ "master" ]
+ tags: [ 'v*.*.*' ]
+ paths:
+ - '.github/workflows/**'
+ - 'rootfs/**'
+ - 'build/**'
+ - 'Dockerfile'
+ pull_request:
+ branches: [ "master" ]
+ paths:
+ - '.github/workflows/**'
+ - 'rootfs/**'
+ - 'build/**'
+ - 'Dockerfile'
+ workflow_dispatch:
+ inputs:
+ push:
+ description: 'Push image to registry'
+ required: false
+ default: false
+ type: boolean
+ qbt_tag:
+ description: 'qBittorrent tag'
+ required: false
+ type: string
+ docker_tag:
+ description: 'Tag for the docker image'
+ required: false
+ type: string
+ commit_sha:
+ description: 'Commit SHA to checkout. Requires docker_tag.'
+ required: false
+ type: string
+
+jobs:
+ build-and-sign:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ id-token: write
+
+ steps:
+ - name: Evaluate run triggers
+ id: triggers
+ run: |
+ if [[ "${{ github.event_name }}" == "workflow_dispatch" && "${{ inputs.push }}" != "true" ]]; then
+ echo "Workflow was manually triggered, but push is disabled. Skipping push."
+ elif [[ -n "${{ inputs.commit_sha }}" && -z "${{ inputs.docker_tag }}" ]]; then
+ echo "commit_sha is set, but docker_tag isn't. Deploying specific commit to default tag is not allowed. Please provide a docker_tag."
+ elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
+ echo "Pull request event detected. Skipping push."
+ else
+ echo "do_push=true" >> $GITHUB_OUTPUT
+ fi
+
+ - name: Checkout repository
+ uses: actions/checkout@v4
+
+ - name: Get version infos
+ id: version_info
+ uses: ./.github/actions/build-push-info
+ with:
+ qbt_tag: ${{ inputs.qbt_tag }}
+ docker_tag: ${{ inputs.docker_tag }}
+
+ - name: Setup Docker
+ uses: ./.github/actions/docker-setup
+ with:
+ login_enabled: ${{ steps.triggers.outputs.do_push == 'true' }}
+ github_token: ${{ secrets.GITHUB_TOKEN }}
+ dockerhub_username: ${{ vars.DOCKERHUB_USERNAME }}
+ dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Extract Docker metadata
+ id: meta
+ uses: docker/metadata-action@v5
+ with:
+ images: |
+ ghcr.io/${{ github.repository }}
+ trigus42/qbittorrentvpn
+
+ - name: Checkout custom commit before building
+ uses: actions/checkout@v4
+ if: ${{ inputs.commit_sha }}
+ with:
+ ref: ${{ inputs.commit_sha }}
+
+ - name: Build and push Docker image
+ id: build
+ uses: docker/build-push-action@v5
+ with:
+ context: .
+ platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
+ push: ${{ steps.triggers.outputs.do_push == 'true' }}
+ build-args: |
+ "SOURCE_COMMIT=${{ steps.version_info.outputs.short_sha }}"
+ "QBITTORRENT_TAG=${{ steps.version_info.outputs.qbt_release_tag }}"
+ tags: ${{ steps.version_info.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}
+ cache-from: type=gha
+ cache-to: type=gha,mode=max
+
+ - name: Checkout back to current commit
+ if: ${{ inputs.commit_sha }}
+ run: git checkout ${{ github.sha }}
+
+ - name: Sign Docker image
+ if: ${{ steps.triggers.outputs.do_push == 'true' }}
+ uses: ./.github/actions/sign-docker-image
+ with:
+ digest: ${{ steps.build.outputs.digest }}
+ tags: ${{ steps.version_info.outputs.tags }}
diff --git a/.github/workflows/check_update.yml → .github/workflows/check-update.yml b/.github/workflows/check_update.yml → .github/workflows/check-update.yml
@@ -1,4 +1,4 @@
-name: Check for qBT update
+name: Check for qBt update
 
 on:
  schedule:
@@ -8,8 +8,9 @@ on:
 jobs:
  check:
  runs-on: ubuntu-latest
-
  steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
 
  - name: Download previous release info
  id: download-artifact
@@ -21,30 +22,25 @@ jobs:
  if_no_artifact_found: warn
 
  - name: Get latest release
- id: get_release
- run: |
- # Fetch release information and extract the release tag
- RELEASE_TAG=$(curl -s https://api.github.com/repos/userdocs/qbittorrent-nox-static/releases/latest | jq -r '.tag_name')
-
- echo "RELEASE_TAG=$RELEASE_TAG" | tee -a $GITHUB_ENV
- echo "VERSION_NUMBER=$(echo $RELEASE_TAG | grep -P "\d(\.\d+)+" -o | head -n 1)" | tee -a $GITHUB_ENV
+ id: get-qbt-release
+ uses: ./.github/actions/get-qbt-release
 
  - name: Compare with previous release
- id: compare_release
+ id: compare-release
  run: |
  # Read the release info from the downloaded artifact
  PREVIOUS_RELEASE=$(cat qbt-release-info 2> /dev/null || echo "NONE")
  echo "PREVIOUS_RELEASE=$PREVIOUS_RELEASE"
 
  # Compare the fetched release tag with the previous release tag
- if [ "${{ env.RELEASE_TAG }}" != "$PREVIOUS_RELEASE" ]; then
- echo "RELEASE_CHANGED=true" | tee -a $GITHUB_ENV
+ if [ "${{ steps.get-qbt-release.outputs.release_tag }}" == "$PREVIOUS_RELEASE" ]; then
+ echo release_changed=false | tee -a $GITHUB_OUTPUT
  else
- echo "RELEASE_CHANGED=false" | tee -a $GITHUB_ENV
+ echo release_changed=true | tee -a $GITHUB_OUTPUT
  fi
 
  - name: Call workflow to build docker image
- if: env.RELEASE_CHANGED == 'true'
+ if: ${{ steps.compare-release.outputs.release_changed == 'true' }}
  uses: benc-uk/workflow-dispatch@v1
  with:
- workflow: publish.yml
+ workflow: build.yml