name: authentik-on-release on: release: types: [published, created] jobs: build-server: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v3.0.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: prepare variables uses: ./.github/actions/docker-push-variables id: ev - name: Docker Login Registry uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: make empty ts client run: mkdir -p ./gen-ts-client - name: Build Docker Image uses: docker/build-push-action@v5 with: context: . push: ${{ github.event_name == 'release' }} secrets: | GEOIPUPDATE_ACCOUNT_ID=${{ secrets.GEOIPUPDATE_ACCOUNT_ID }} GEOIPUPDATE_LICENSE_KEY=${{ secrets.GEOIPUPDATE_LICENSE_KEY }} tags: | beryju/authentik:${{ steps.ev.outputs.version }}, beryju/authentik:${{ steps.ev.outputs.versionFamily }}, beryju/authentik:latest, ghcr.io/goauthentik/server:${{ steps.ev.outputs.version }}, ghcr.io/goauthentik/server:${{ steps.ev.outputs.versionFamily }}, ghcr.io/goauthentik/server:latest platforms: linux/amd64,linux/arm64 build-args: | VERSION=${{ steps.ev.outputs.version }} VERSION_FAMILY=${{ steps.ev.outputs.versionFamily }} build-outpost: runs-on: ubuntu-latest strategy: fail-fast: false matrix: type: - proxy - ldap - radius steps: - uses: actions/checkout@v4 - uses: actions/setup-go@v4 with: go-version-file: "go.mod" - name: Set up QEMU uses: docker/setup-qemu-action@v3.0.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: prepare variables uses: ./.github/actions/docker-push-variables id: ev - name: Docker Login Registry uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build Docker Image uses: docker/build-push-action@v5 with: push: ${{ github.event_name == 'release' }} tags: | beryju/authentik-${{ matrix.type }}:${{ steps.ev.outputs.version }}, beryju/authentik-${{ matrix.type }}:${{ steps.ev.outputs.versionFamily }}, beryju/authentik-${{ matrix.type }}:latest, ghcr.io/goauthentik/${{ matrix.type }}:${{ steps.ev.outputs.version }}, ghcr.io/goauthentik/${{ matrix.type }}:${{ steps.ev.outputs.versionFamily }}, ghcr.io/goauthentik/${{ matrix.type }}:latest file: ${{ matrix.type }}.Dockerfile platforms: linux/amd64,linux/arm64 build-args: | VERSION=${{ steps.ev.outputs.version }} VERSION_FAMILY=${{ steps.ev.outputs.versionFamily }} build-outpost-binary: timeout-minutes: 120 runs-on: ubuntu-latest strategy: fail-fast: false matrix: type: - proxy - ldap - radius goos: [linux, darwin] goarch: [amd64, arm64] steps: - uses: actions/checkout@v4 - uses: actions/setup-go@v4 with: go-version-file: "go.mod" - uses: actions/setup-node@v3 with: node-version: "20.5" cache: "npm" cache-dependency-path: web/package-lock.json - name: Build web working-directory: web/ run: | npm ci npm run build-proxy - name: Build outpost run: | set -x export GOOS=${{ matrix.goos }} export GOARCH=${{ matrix.goarch }} export CGO_ENABLED=0 go build -tags=outpost_static_embed -v -o ./authentik-outpost-${{ matrix.type }}_${{ matrix.goos }}_${{ matrix.goarch }} ./cmd/${{ matrix.type }} - name: Upload binaries to release uses: svenstaro/upload-release-action@v2 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: ./authentik-outpost-${{ matrix.type }}_${{ matrix.goos }}_${{ matrix.goarch }} asset_name: authentik-outpost-${{ matrix.type }}_${{ matrix.goos }}_${{ matrix.goarch }} tag: ${{ github.ref }} test-release: needs: - build-server - build-outpost - build-outpost-binary runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Run test suite in final docker images run: | echo "PG_PASS=$(openssl rand -base64 32)" >> .env echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 32)" >> .env docker-compose pull -q docker-compose up --no-start docker-compose start postgresql redis docker-compose run -u root server test-all sentry-release: needs: - build-server - build-outpost - build-outpost-binary runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: prepare variables uses: ./.github/actions/docker-push-variables id: ev - name: Get static files from docker image run: | docker pull ghcr.io/goauthentik/server:latest container=$(docker container create ghcr.io/goauthentik/server:latest) docker cp ${container}:web/ . - name: Create a Sentry.io release uses: getsentry/action-release@v1 continue-on-error: true if: ${{ github.event_name == 'release' }} env: SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} SENTRY_ORG: authentik-security-inc SENTRY_PROJECT: authentik with: version: authentik@${{ steps.ev.outputs.version }} sourcemaps: "./web/dist" url_prefix: "~/static/dist"