JWT_SECRET_KEY as config #388
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Container | |
on: | |
push: | |
branches: | |
- main | |
- dev | |
- feature/** | |
paths: | |
- 'src/BE/**' | |
- 'src/FE/**' | |
- '.github/workflows/build-container.yml' | |
workflow_dispatch: | |
permissions: | |
contents: write | |
jobs: | |
build-fe: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Cache FE build output | |
id: fe_build_cache | |
uses: actions/cache@v4 | |
with: | |
path: ./src/FE/out | |
key: ${{ runner.os }}-fe-build-${{ hashFiles('src/FE/**/*.json', 'src/FE/**/*.tsx', 'src/FE/**/*.ts', 'src/FE/**/*.svg', 'src/FE/**/*.png') }} | |
- name: Cache node_modules | |
id: node_modules_cache | |
if: steps.fe_build_cache.outputs.cache-hit != 'true' | |
uses: actions/cache@v4 | |
with: | |
path: ./src/FE/node_modules | |
key: ${{ runner.os }}-fe-node_modules-${{ hashFiles('src/FE/package-lock.json') }} | |
- name: Install npm dependencies | |
if: steps.fe_build_cache.outputs.cache-hit != 'true' && steps.node_modules_cache.outputs.cache-hit != 'true' | |
working-directory: ./src/FE | |
run: npm i | |
- name: Build frontend | |
if: steps.fe_build_cache.outputs.cache-hit != 'true' | |
working-directory: ./src/FE | |
run: npm run build | |
- name: Upload FE build artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: chats-fe | |
path: ./src/FE/out | |
upload-fe-to-minio: | |
strategy: | |
matrix: | |
include: | |
- asset: chats-fe | |
needs: build-fe | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download build artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ matrix.asset }} | |
path: ${{ matrix.asset }} | |
- name: Compress artifacts into 7z | |
run: | | |
7z a ${{ matrix.asset }}.7z ${{ matrix.asset }} | |
shell: bash | |
- name: Configure MINIO Credentials | |
run: | | |
echo "AWS_ACCESS_KEY_ID=${{ secrets.MINIO_KEY }}" >> $GITHUB_ENV | |
echo "AWS_SECRET_ACCESS_KEY=${{ secrets.MINIO_SECRET }}" >> $GITHUB_ENV | |
echo "AWS_DEFAULT_REGION=us-east-1" >> $GITHUB_ENV | |
- name: Upload to Minio | |
run: | | |
aws --endpoint-url ${{ vars.MINIO_URL }} s3 cp ${{ matrix.asset }}.7z s3://chats/r${{ github.run_number }}/${{ matrix.asset }}.7z | |
build-primary-container: | |
needs: build-fe | |
runs-on: ubuntu-latest | |
steps: | |
- name: Login container | |
run: echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ vars.DOCKER_USERNAME }} ${{ vars.DOCKER_REGISTRY }} --password-stdin | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download FE build artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: chats-fe | |
path: ./src/BE/wwwroot | |
- name: sed version | |
run: | | |
# file: ./src/BE/Controllers/Admin/GlobalConfigs/VersionController.cs | |
# const int buildVersion = 0; -> const int buildVersion = github.run_number; | |
sed -i "s/const int buildVersion = 0;/const int buildVersion = ${{ github.run_number }};/" ./src/BE/Controllers/Admin/GlobalConfigs/VersionController.cs | |
- name: Build container | |
run: | | |
dotnet publish ./src/BE/Chats.BE.csproj -c Release --os linux --arch x64 /t:PublishContainer /p:ContainerRepository=chats | |
- name: Tag container with run number | |
run: | | |
docker tag chats ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-linux-x64 | |
- name: Push container | |
run: | | |
docker push ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-linux-x64 | |
build-containers: | |
if: github.ref == 'refs/heads/main' | |
needs: build-fe | |
strategy: | |
matrix: | |
include: | |
- tag: r${{ github.run_number }}-nanoserver-1809 | |
runs-on: windows-latest | |
os: win | |
arch: x64 | |
args: /p:ContainerBaseImage=mcr.microsoft.com/dotnet/aspnet:8.0-nanoserver-1809 | |
- tag: r${{ github.run_number }}-nanoserver-ltsc2022 | |
runs-on: windows-latest | |
os: win | |
arch: x64 | |
args: /p:ContainerBaseImage=mcr.microsoft.com/dotnet/aspnet:8.0-nanoserver-ltsc2022 | |
- tag: r${{ github.run_number }}-linux-arm64 | |
runs-on: ubuntu-latest | |
os: linux | |
arch: arm64 | |
runs-on: ${{ matrix.runs-on }} | |
steps: | |
- name: Login container | |
run: echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ vars.DOCKER_USERNAME }} ${{ vars.DOCKER_REGISTRY }} --password-stdin | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download FE build artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: chats-fe | |
path: ./src/BE/wwwroot | |
- name: sed version | |
run: | | |
# file: ./src/BE/Controllers/Admin/GlobalConfigs/VersionController.cs | |
# const int buildVersion = 0; -> const int buildVersion = github.run_number; | |
sed -i "s/const int buildVersion = 0;/const int buildVersion = ${{ github.run_number }};/" ./src/BE/Controllers/Admin/GlobalConfigs/VersionController.cs | |
- name: Build container | |
run: | | |
dotnet publish ./src/BE/Chats.BE.csproj -c Release --os ${{ matrix.os }} --arch ${{ matrix.arch }} /t:PublishContainer /p:ContainerRepository=chats ${{ matrix.args }} | |
- name: Tag container with run number | |
run: | | |
docker tag chats ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:${{ matrix.tag }} | |
- name: Push container | |
run: | | |
docker push ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:${{ matrix.tag }} | |
docker-manifest: | |
if: github.ref == 'refs/heads/main' | |
needs: [build-primary-container, build-containers] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Login container | |
run: echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ vars.DOCKER_USERNAME }} ${{ vars.DOCKER_REGISTRY }} --password-stdin | |
- name: Create manifest | |
run: | | |
docker manifest create --amend ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }} \ | |
${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-linux-x64 \ | |
${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-linux-arm64 \ | |
${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-nanoserver-1809 \ | |
${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-nanoserver-ltsc2022 | |
- name: Annotation | |
run: | | |
docker manifest annotate ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }} ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-nanoserver-1809 --os-version 10.0.17763.6532 | |
docker manifest annotate ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }} ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-nanoserver-ltsc2022 --os-version 10.0.20348.2849 | |
docker manifest inspect ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }} | |
- name: Create latest manifest | |
run: | | |
docker manifest create --amend ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:latest \ | |
${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-linux-x64 \ | |
${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-linux-arm64 \ | |
${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-nanoserver-1809 \ | |
${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-nanoserver-ltsc2022 | |
- name: Annotate latest manifest | |
run: | | |
docker manifest annotate ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:latest ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-nanoserver-1809 --os-version 10.0.17763.6532 | |
docker manifest annotate ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:latest ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-nanoserver-ltsc2022 --os-version 10.0.20348.2849 | |
- name: Push manifest | |
run: | | |
docker manifest push ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }} | |
docker manifest push ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:latest | |
build-binaries: | |
if: github.ref == 'refs/heads/main' | |
needs: build-fe | |
strategy: | |
matrix: | |
include: | |
- id: chats | |
- id: chats-win-x64 | |
args: -r win-x64 --self-contained true /p:PublishReadyToRun=true /p:PublishSingleFile=true | |
- id: chats-linux-x64 | |
args: -r linux-x64 --self-contained true /p:PublishReadyToRun=true /p:PublishSingleFile=true | |
- id: chats-linux-arm64 | |
args: -r linux-arm64 --self-contained true /p:PublishReadyToRun=true /p:PublishSingleFile=true | |
- id: chats-linux-musl-x64 | |
args: -r linux-musl-x64 --self-contained true /p:PublishReadyToRun=true /p:PublishSingleFile=true | |
- id: chats-linux-musl-arm64 | |
args: -r linux-musl-arm64 --self-contained true /p:PublishReadyToRun=true /p:PublishSingleFile=true | |
- id: chats-osx-arm64 | |
args: -r osx-arm64 --self-contained true /p:PublishReadyToRun=true /p:PublishSingleFile=true | |
- id: chats-osx-x64 | |
args: -r osx-x64 --self-contained true /p:PublishReadyToRun=true /p:PublishSingleFile=true | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download FE build artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: chats-fe | |
path: ./src/BE/wwwroot | |
- name: sed version | |
run: | | |
# file: ./src/BE/Controllers/Admin/GlobalConfigs/VersionController.cs | |
# const int buildVersion = 0; -> const int buildVersion = github.run_number; | |
sed -i "s/const int buildVersion = 0;/const int buildVersion = ${{ github.run_number }};/" ./src/BE/Controllers/Admin/GlobalConfigs/VersionController.cs | |
- name: build binary | |
run: | | |
dotnet publish ./src/BE/Chats.BE.csproj -c Release -o ./Publish ${{ matrix.args }} /p:DeleteExistingFiles=True | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.id }} | |
path: ./Publish | |
- name: Compress artifacts into 7z | |
run: | | |
7z a ${{ matrix.id }}.7z ./Publish | |
- name: Configure MINIO Credentials | |
run: | | |
echo "AWS_ACCESS_KEY_ID=${{ secrets.MINIO_KEY }}" >> $GITHUB_ENV | |
echo "AWS_SECRET_ACCESS_KEY=${{ secrets.MINIO_SECRET }}" >> $GITHUB_ENV | |
echo "AWS_DEFAULT_REGION=us-east-1" >> $GITHUB_ENV | |
- name: Upload to Minio | |
run: | | |
aws --endpoint-url ${{ vars.MINIO_URL }} s3 cp ${{ matrix.id }}.7z s3://chats/r${{ github.run_number }}/${{ matrix.id }}.7z | |
create-release: | |
if: github.ref == 'refs/heads/main' | |
needs: [docker-manifest, build-binaries, upload-minio-latest] | |
runs-on: ubuntu-latest | |
outputs: | |
release_id: ${{ steps.create_release.outputs.release_id }} | |
steps: | |
- name: Get latest tag | |
id: get_latest_tag | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const { data: tags } = await github.rest.repos.listTags({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
per_page: 1, | |
}); | |
let latestTag = ""; | |
if (tags.length > 0) { | |
latestTag = tags[0].name; | |
} | |
core.setOutput('latestTag', latestTag); | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create Release | |
id: create_release | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const latestTag = "${{ steps.get_latest_tag.outputs.latestTag }}"; | |
const response = await github.rest.repos.createRelease({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
tag_name: `r-${{ github.run_number }}`, | |
name: `r-${{ github.run_number }}`, | |
target_commitish: '${{ github.sha }}', | |
body: `### Full Changelogs | |
https://github.com/sdcb/chats/compare/${latestTag}...r-${{ github.run_number }} | |
<details> | |
### Docker | |
| Description | Docker Image | | |
| ----------------------------- | ------------------------------------------------------------------------------------------------------------ | | |
| r${{ github.run_number }} | ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }} | | |
| Linux x64 | ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-linux-x64 | | |
| Linux ARM64 | ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-linux-arm64 | | |
| Windows Nano Server 1809 | ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-nanoserver-1809 | | |
| Windows Nano Server LTSC 2022 | ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-nanoserver-ltsc2022 | | |
| Latest | ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:latest | | |
### Alternative binaries download links that may faster than GitHub(for China users) | |
| Artifact | Download Link | | |
| ------------------------- | ------------------------------------------------------------------------------- | | |
| chats-win-x64.7z | ${{ vars.MINIO_URL }}/chats/r${{ github.run_number }}/chats-win-x64.7z | | |
| chats-linux-x64.7z | ${{ vars.MINIO_URL }}/chats/r${{ github.run_number }}/chats-linux-x64.7z | | |
| chats-linux-arm64.7z | ${{ vars.MINIO_URL }}/chats/r${{ github.run_number }}/chats-linux-arm64.7z | | |
| chats-linux-musl-x64.7z | ${{ vars.MINIO_URL }}/chats/r${{ github.run_number }}/chats-linux-musl-x64.7z | | |
| chats-linux-musl-arm64.7z | ${{ vars.MINIO_URL }}/chats/r${{ github.run_number }}/chats-linux-musl-arm64.7z | | |
| chats-osx-arm64.7z | ${{ vars.MINIO_URL }}/chats/r${{ github.run_number }}/chats-osx-arm64.7z | | |
| chats-osx-x64.7z | ${{ vars.MINIO_URL }}/chats/r${{ github.run_number }}/chats-osx-x64.7z | | |
| chats-fe.7z | ${{ vars.MINIO_URL }}/chats/r${{ github.run_number }}/chats-fe.7z | | |
| chats.7z | ${{ vars.MINIO_URL }}/chats/r${{ github.run_number }}/chats.7z | | |
**NOTE**: | |
Replace \`r${{ github.run_number }}\` with \`latest\` in the download link to get the latest version, for example: \`${{ vars.MINIO_URL }}/chats/latest/chats-win-x64.7z\` | |
</details> | |
`, | |
draft: false, | |
prerelease: false, | |
}); | |
core.setOutput('release_id', response.data.id); | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
upload-release-assets: | |
if: github.ref == 'refs/heads/main' | |
strategy: | |
matrix: | |
include: | |
- asset: chats | |
- asset: chats-fe | |
- asset: chats-win-x64 | |
- asset: chats-linux-x64 | |
- asset: chats-linux-arm64 | |
- asset: chats-linux-musl-x64 | |
- asset: chats-linux-musl-arm64 | |
- asset: chats-osx-arm64 | |
- asset: chats-osx-x64 | |
needs: create-release | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download build artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ matrix.asset }} | |
path: ${{ matrix.asset }} | |
- name: Compress artifacts | |
run: | | |
7z a ${{ matrix.asset }}.7z ${{ matrix.asset }} | |
zip -r ${{ matrix.asset }}.zip ${{ matrix.asset }} | |
shell: bash | |
- name: Upload Asset | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const fs = require('fs'); | |
const assetNames = [ '${{ matrix.asset }}.7z', '${{ matrix.asset }}.zip' ]; | |
const releaseId = "${{ needs.create-release.outputs.release_id }}"; | |
const promises = assetNames.map(assetName => { | |
const asset = fs.readFileSync('./' + assetName); | |
return github.rest.repos.uploadReleaseAsset({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
release_id: releaseId, | |
name: assetName, | |
data: asset, | |
}); | |
}); | |
await Promise.all(promises); | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Delete build artifacts | |
uses: geekyeggo/delete-artifact@v5 | |
with: | |
name: ${{ matrix.asset }} | |
upload-minio-latest: | |
if: github.ref == 'refs/heads/main' | |
needs: [build-binaries, upload-fe-to-minio] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Configure MINIO Credentials | |
run: | | |
echo "AWS_ACCESS_KEY_ID=${{ secrets.MINIO_KEY }}" >> $GITHUB_ENV | |
echo "AWS_SECRET_ACCESS_KEY=${{ secrets.MINIO_SECRET }}" >> $GITHUB_ENV | |
echo "AWS_DEFAULT_REGION=us-east-1" >> $GITHUB_ENV | |
- name: Update latest files | |
run: | | |
aws --endpoint-url ${{ vars.MINIO_URL }} s3 rm s3://chats/latest --recursive | |
aws --endpoint-url ${{ vars.MINIO_URL }} s3 cp s3://chats/r${{ github.run_number }} s3://chats/latest --recursive | |
deploy: | |
runs-on: ubuntu-latest | |
needs: build-primary-container | |
steps: | |
- uses: webfactory/[email protected] | |
with: | |
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | |
- name: deploy dev/stg or feature | |
run: | | |
ssh -o StrictHostKeyChecking=no -p 22 ${{ secrets.SSH_TARGET }} << 'EOF' | |
docker pull ${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_NAMESPACE }}/chats:r${{ github.run_number }}-linux-x64 | |
cd chats | |
if [[ "${{ github.ref_name }}" == feature/* ]]; then | |
echo "Deploying feature branch: ${{ github.ref_name }}" | |
sed -i "s/^TAG=.*/TAG=r${{ github.run_number }}-linux-x64/" ~/chats/feature.env | |
docker compose --env-file=./feature.env --project-name chats-feature up -d --remove-orphans | |
else | |
echo "Deploying non-feature branch: ${{ github.ref_name }}" | |
sed -i "s/^TAG=.*/TAG=r${{ github.run_number }}-linux-x64/" ~/chats/dev.env | |
sed -i "s/^TAG=.*/TAG=r${{ github.run_number }}-linux-x64/" ~/chats/stg.env | |
docker compose --env-file=./dev.env --project-name chats-dev up -d --remove-orphans | |
docker compose --env-file=./stg.env --project-name chats-stg up -d --remove-orphans | |
fi | |
EOF |