This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build Docker Image" | |
| on: | |
| push: | |
| branches: | |
| - "master" | |
| - "dev" | |
| workflow_dispatch: | |
| inputs: | |
| canarytokens-docker-branch: | |
| description: "Branch of the canarytokens-docker repo to pull for build. Defaults to master" | |
| required: false | |
| default: "master" | |
| jobs: | |
| build-and-commit-frontend-dist: | |
| runs-on: ubuntu-20.04 | |
| env: | |
| NODE_VERSION: '18' | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Record author | |
| run: | | |
| echo "# Owners" >> $GITHUB_STEP_SUMMARY | |
| echo "Author: ${{ github.event.head_commit.author.name }} (${{ github.event.head_commit.author.email }})" >> $GITHUB_STEP_SUMMARY | |
| echo "Committer: ${{ github.event.head_commit.committer.name }} (${{ github.event.head_commit.committer.email }})" >> $GITHUB_STEP_SUMMARY | |
| - name: Restore Frontend Dist from Cache | |
| uses: actions/[email protected] | |
| id: cache-frontend-dist | |
| with: | |
| path: dist | |
| key: frontend-dist-${{ hashFiles('frontend_vue/**') }} | |
| - uses: actions/[email protected] | |
| if: steps.cache-frontend-dist.outputs.cache-hit != 'true' | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: Install node modules | |
| if: steps.cache-frontend-dist.outputs.cache-hit != 'true' | |
| working-directory: frontend_vue | |
| run: | | |
| npm config set "@fortawesome:registry" https://npm.fontawesome.com/ | |
| npm config set '//npm.fontawesome.com/:_authToken' "${{ secrets.FONTAWESOME_NPM_AUTH_TOKEN }}" | |
| npm ci | |
| - name: Include git commit SHA and Google Maps Key for Frontend Development release | |
| if: steps.cache-frontend-dist.outputs.cache-hit != 'true' && github.ref == 'refs/heads/dev' | |
| working-directory: frontend_vue | |
| run: | | |
| touch .env | |
| echo VITE_GITHUB_SHA=${GITHUB_SHA} >> .env | |
| echo VITE_GOOGLE_MAPS_API_KEY="${{ secrets.GOOGLE_MAPS_API_KEY_DEV }}" >> .env | |
| echo VITE_CLOUDFLARE_TURNSTILE_SITE_KEY="${{ secrets.CLOUDFLARE_TURNSTILE_SITE_KEY_DEV }}" >> .env | |
| cat .env | |
| - name: Include git Google Maps Key for Frontend Production release | |
| if: steps.cache-frontend-dist.outputs.cache-hit != 'true' && github.ref == 'refs/heads/master' | |
| working-directory: frontend_vue | |
| run: | | |
| touch .env | |
| echo VITE_GOOGLE_MAPS_API_KEY="${{ secrets.GOOGLE_MAPS_API_KEY_PROD }}" >> .env | |
| echo VITE_CLOUDFLARE_TURNSTILE_SITE_KEY="${{ secrets.CLOUDFLARE_TURNSTILE_SITE_KEY_PROD }}" >> .env | |
| cat .env | |
| - name: Build Frontend Dist | |
| if: steps.cache-frontend-dist.outputs.cache-hit != 'true' | |
| working-directory: frontend_vue | |
| env: | |
| NODE_OPTIONS: "--max_old_space_size=4096" | |
| run: | | |
| rm -rf dist | |
| npm run build | |
| - name: Commit report | |
| run: | | |
| git config --global user.name "Frontend Github Action" | |
| git config --global user.email "[email protected]" | |
| git add -f dist | |
| # Only commit if any files have changed | |
| # git status --porcelain is empty if there are no changes | |
| if [ -n "$(git status --porcelain)" ]; then | |
| git commit -am "Add Frontend Dist" | |
| git push | |
| fi | |
| build: | |
| needs: build-and-commit-frontend-dist | |
| runs-on: ubuntu-20.04 | |
| env: | |
| COPYFILE_DISABLE: 1 | |
| steps: | |
| - name: set Canarytokens Docker repo branch | |
| run: | | |
| if [ -z "${{ github.event.inputs.canarytokens-docker-branch }}" ]; then | |
| BRANCH="master" | |
| else | |
| BRANCH="${{ github.event.inputs.canarytokens-docker-branch }}" | |
| fi | |
| echo "CANARYTOKENS_DOCKER_BRANCH=$BRANCH" >> "$GITHUB_ENV" | |
| - uses: actions/[email protected] | |
| with: | |
| repository: thinkst/canarytokens-docker | |
| path: canarytokens-docker | |
| ref: ${{ env.CANARYTOKENS_DOCKER_BRANCH }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Fixup the build branch | |
| run: | | |
| sed -i'' "s/master/${GITHUB_REF##*/}/g" /home/runner/work/canarytokens/canarytokens/canarytokens-docker/canarytokens/Dockerfile | |
| sed -i'' "s/_COMMIT_HASH_/${GITHUB_SHA##*/}/g" /home/runner/work/canarytokens/canarytokens/canarytokens-docker/canarytokens/Dockerfile | |
| echo "Building for ${GITHUB_REF##*/}" | |
| cat /home/runner/work/canarytokens/canarytokens/canarytokens-docker/canarytokens/Dockerfile | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/[email protected] | |
| with: | |
| images: | | |
| thinkst/canarytokens | |
| tags: | | |
| type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }} | |
| type=schedule | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| - name: Build and push | |
| id: docker_build | |
| uses: docker/[email protected] | |
| with: | |
| context: /home/runner/work/canarytokens/canarytokens/canarytokens-docker/canarytokens | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: ${{ steps.meta.outputs.tags }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-args: | | |
| CACHE_BUSTER_COMMIT=${{ github.sha }} | |
| outputs: | |
| canarytokens-docker-branch: ${{ env.CANARYTOKENS_DOCKER_BRANCH }} | |
| dev-deploy: | |
| if: github.repository == 'thinkst/canarytokens' && github.ref == 'refs/heads/dev' | |
| runs-on: [self-hosted, dev] | |
| needs: build | |
| steps: | |
| - name: Deploy to dev machine | |
| run: | | |
| cd /home/ubuntu/canarytokens-scripts/ | |
| ./canarytokensdb_s3backup.sh | |
| cd /home/ubuntu/canarytokens-docker | |
| git stash && git checkout ${{ needs.build.outputs.canarytokens-docker-branch }} && git pull | |
| sed "s/thinkst\/canarytokens$/thinkst\/canarytokens:${GITHUB_REF##*/}/g" common-services.yml > common-services-${GITHUB_REF##*/}.yml | |
| sed "s/file: common-services.yml/file: common-services-${GITHUB_REF##*/}.yml/g" docker-compose-letsencrypt.yml > docker-compose-letsencrypt-${GITHUB_REF##*/}.yml | |
| sed -i'' "s/CANARY_DEV_BUILD_ID=.*/CANARY_DEV_BUILD_ID=${GITHUB_SHA:0:8}/" frontend.env | |
| sudo docker pull thinkst/canarytokens:${GITHUB_REF##*/} | |
| sudo docker compose -f docker-compose-letsencrypt-${GITHUB_REF##*/}.yml pull | |
| sudo docker compose -f docker-compose-letsencrypt-${GITHUB_REF##*/}.yml up -d | |
| sudo docker system prune -f -a | |
| staging-deploy: | |
| if: github.repository == 'thinkst/canarytokens' && github.ref == 'refs/heads/master' | |
| runs-on: [self-hosted, staging] | |
| needs: build | |
| steps: | |
| - name: Deploy to staging machine | |
| run: | | |
| cd /home/ubuntu/canarytokens-scripts/ | |
| ./canarytokensdb_s3backup.sh | |
| cd /home/ubuntu/canarytokens-docker | |
| git stash && git checkout ${{ needs.build.outputs.canarytokens-docker-branch }} && git pull | |
| sed "s/thinkst\/canarytokens$/thinkst\/canarytokens:${GITHUB_REF##*/}/g" common-services.yml > common-services-${GITHUB_REF##*/}.yml | |
| sed "s/file: common-services.yml/file: common-services-${GITHUB_REF##*/}.yml/g" docker-compose-aws-logging-letsencrypt.yml > docker-compose-aws-logging-letsencrypt-${GITHUB_REF##*/}.yml | |
| sed -i'' "s/CANARY_DEV_BUILD_ID=.*/CANARY_DEV_BUILD_ID=${GITHUB_SHA:0:8}/" frontend.env | |
| sudo docker pull thinkst/canarytokens:${GITHUB_REF##*/} | |
| sudo docker compose -f docker-compose-aws-logging-letsencrypt-${GITHUB_REF##*/}.yml pull | |
| sudo docker compose -f docker-compose-aws-logging-letsencrypt-${GITHUB_REF##*/}.yml up -d | |
| sudo docker system prune -f -a |