Release 2024.12.0-rc1 #206
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: authentik-on-release | |
on: | |
release: | |
types: [published, created] | |
jobs: | |
build-server: | |
runs-on: ubuntu-latest | |
permissions: | |
# Needed to upload contianer images to ghcr.io | |
packages: write | |
# Needed for attestation | |
id-token: write | |
attestations: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/[email protected] | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: prepare variables | |
uses: ./.github/actions/docker-push-variables | |
id: ev | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
with: | |
image-name: ghcr.io/goauthentik/server,beryju/authentik | |
- name: Docker Login Registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: make empty clients | |
run: | | |
mkdir -p ./gen-ts-api | |
mkdir -p ./gen-go-api | |
- name: Build Docker Image | |
uses: docker/build-push-action@v6 | |
id: push | |
with: | |
context: . | |
push: true | |
secrets: | | |
GEOIPUPDATE_ACCOUNT_ID=${{ secrets.GEOIPUPDATE_ACCOUNT_ID }} | |
GEOIPUPDATE_LICENSE_KEY=${{ secrets.GEOIPUPDATE_LICENSE_KEY }} | |
build-args: | | |
VERSION=${{ github.ref }} | |
tags: ${{ steps.ev.outputs.imageTags }} | |
platforms: linux/amd64,linux/arm64 | |
- uses: actions/attest-build-provenance@v2 | |
id: attest | |
with: | |
subject-name: ${{ steps.ev.outputs.attestImageNames }} | |
subject-digest: ${{ steps.push.outputs.digest }} | |
push-to-registry: true | |
build-outpost: | |
runs-on: ubuntu-latest | |
permissions: | |
# Needed to upload contianer images to ghcr.io | |
packages: write | |
# Needed for attestation | |
id-token: write | |
attestations: write | |
strategy: | |
fail-fast: false | |
matrix: | |
type: | |
- proxy | |
- ldap | |
- radius | |
- rac | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- name: Set up QEMU | |
uses: docker/[email protected] | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: prepare variables | |
uses: ./.github/actions/docker-push-variables | |
id: ev | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
with: | |
image-name: ghcr.io/goauthentik/${{ matrix.type }},beryju/authentik-${{ matrix.type }} | |
- name: make empty clients | |
run: | | |
mkdir -p ./gen-ts-api | |
mkdir -p ./gen-go-api | |
- name: Docker Login Registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build Docker Image | |
uses: docker/build-push-action@v6 | |
id: push | |
with: | |
push: true | |
build-args: | | |
VERSION=${{ github.ref }} | |
tags: ${{ steps.ev.outputs.imageTags }} | |
file: ${{ matrix.type }}.Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
context: . | |
- uses: actions/attest-build-provenance@v2 | |
id: attest | |
with: | |
subject-name: ${{ steps.ev.outputs.attestImageNames }} | |
subject-digest: ${{ steps.push.outputs.digest }} | |
push-to-registry: true | |
build-outpost-binary: | |
timeout-minutes: 120 | |
runs-on: ubuntu-latest | |
permissions: | |
# Needed to upload binaries to the release | |
contents: write | |
strategy: | |
fail-fast: false | |
matrix: | |
type: | |
- proxy | |
- ldap | |
- radius | |
goos: [linux, darwin] | |
goarch: [amd64, arm64] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: web/package.json | |
cache: "npm" | |
cache-dependency-path: web/package-lock.json | |
- name: Build web | |
working-directory: web/ | |
run: | | |
npm ci | |
npm run build-proxy | |
- name: Build outpost | |
run: | | |
set -x | |
export GOOS=${{ matrix.goos }} | |
export GOARCH=${{ matrix.goarch }} | |
export CGO_ENABLED=0 | |
go build -tags=outpost_static_embed -v -o ./authentik-outpost-${{ matrix.type }}_${{ matrix.goos }}_${{ matrix.goarch }} ./cmd/${{ matrix.type }} | |
- name: Upload binaries to release | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: ./authentik-outpost-${{ matrix.type }}_${{ matrix.goos }}_${{ matrix.goarch }} | |
asset_name: authentik-outpost-${{ matrix.type }}_${{ matrix.goos }}_${{ matrix.goarch }} | |
tag: ${{ github.ref }} | |
upload-aws-cfn-template: | |
permissions: | |
# Needed for AWS login | |
id-token: write | |
contents: read | |
needs: | |
- build-server | |
- build-outpost | |
env: | |
AWS_REGION: eu-central-1 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: "arn:aws:iam::016170277896:role/github_goauthentik_authentik" | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Upload template | |
run: | | |
aws s3 cp website/docs/install-config/install/aws/template.yaml s3://authentik-cloudformation-templates/authentik.ecs.${{ github.ref }}.yaml | |
aws s3 cp website/docs/install-config/install/aws/template.yaml s3://authentik-cloudformation-templates/authentik.ecs.latest.yaml | |
test-release: | |
needs: | |
- build-server | |
- build-outpost | |
- build-outpost-binary | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Run test suite in final docker images | |
run: | | |
echo "PG_PASS=$(openssl rand 32 | base64 -w 0)" >> .env | |
echo "AUTHENTIK_SECRET_KEY=$(openssl rand 32 | base64 -w 0)" >> .env | |
docker compose pull -q | |
docker compose up --no-start | |
docker compose start postgresql redis | |
docker compose run -u root server test-all | |
sentry-release: | |
needs: | |
- build-server | |
- build-outpost | |
- build-outpost-binary | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: prepare variables | |
uses: ./.github/actions/docker-push-variables | |
id: ev | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
with: | |
image-name: ghcr.io/goauthentik/server | |
- name: Get static files from docker image | |
run: | | |
docker pull ${{ steps.ev.outputs.imageMainName }} | |
container=$(docker container create ${{ steps.ev.outputs.imageMainName }}) | |
docker cp ${container}:web/ . | |
- name: Create a Sentry.io release | |
uses: getsentry/action-release@v1 | |
continue-on-error: true | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: authentik-security-inc | |
SENTRY_PROJECT: authentik | |
with: | |
version: authentik@${{ steps.ev.outputs.version }} | |
sourcemaps: "./web/dist" | |
url_prefix: "~/static/dist" |