mirror/syncthing
1
0
Fork 0
mirror of https://github.com/syncthing/syncthing.git synced 2025-12-23 22:18:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

build: refactor builds for forks/PRs

Browse Source 
Make sure as much as possible runs for forks and PRs as well, while
keeping the release specific stuff out of the way.
This commit is contained in:
Jakob Borg
2025-05-31 09:07:17 +02:00
parent 50480f6ccb
commit d49df1e44c
3 changed files with 130 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
.github/regsync.yml vendored Normal file
View File

@@ -0,0 +1,52 @@
version: 1
creds:
- registry: docker.io
user: "{{env \"DOCKERHUB_USERNAME\"}}"
pass: "{{env \"DOCKERHUB_TOKEN\"}}"
defaults:
ratelimit:
min: 100
retry: 1m
parallel: 4
sync:
- source: ghcr.io/syncthing/syncthing
target: docker.io/syncthing/syncthing
type: repository
tags:
allow:
- latest
- rc
- edge
- \d+
- \d+\.\d+
- \d+\.\d+\.\d+
- \d+\.\d+\.\d+-rc\.\d+
- source: ghcr.io/syncthing/relaysrv
target: docker.io/syncthing/relaysrv
type: repository
tags:
allow:
- latest
- rc
- edge
- \d+
- \d+\.\d+
- \d+\.\d+\.\d+
- \d+\.\d+\.\d+-rc\.\d+
- source: ghcr.io/syncthing/discosrv
target: docker.io/syncthing/discosrv
type: repository
tags:
allow:
- latest
- rc
- edge
- \d+
- \d+\.\d+
- \d+\.\d+\.\d+
- \d+\.\d+\.\d+-rc\.\d+

102
.github/workflows/build-syncthing.yaml vendored
View File

@@ -111,6 +111,8 @@ jobs:
- package-debian - package-debian
- package-windows - package-windows
- govulncheck - govulncheck
- golangci
- meta
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@@ -163,6 +165,12 @@ jobs:
name: unsigned-packages-windows name: unsigned-packages-windows
path: "*.zip" path: "*.zip"
#
# Codesign binaries for Windows. This job runs only when called in the
# Syncthing repo for release branches and tags, as it requires our
# specific code signing keys etc.
#
codesign-windows: codesign-windows:
name: Codesign for Windows name: Codesign for Windows
if: github.repository_owner == 'syncthing' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && (github.ref == 'refs/heads/release-nightly' || startsWith(github.ref, 'refs/tags/v')) if: github.repository_owner == 'syncthing' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && (github.ref == 'refs/heads/release-nightly' || startsWith(github.ref, 'refs/tags/v'))
@@ -280,12 +288,14 @@ jobs:
compat.json compat.json
# #
# macOS # macOS. The entire build runs in the release environment because code
# signing is part of the build process, so it is limited to release
# branches on the Syncthing repo.
# #
package-macos: package-macos:
name: Package for macOS name: Package for macOS
if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && (github.ref == 'refs/heads/release-nightly' || startsWith(github.ref, 'refs/tags/v')) if: github.repository_owner == 'syncthing' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && (github.ref == 'refs/heads/release-nightly' || startsWith(github.ref, 'refs/tags/v'))
environment: release environment: release
env: env:
CODESIGN_IDENTITY: ${{ secrets.CODESIGN_IDENTITY }} CODESIGN_IDENTITY: ${{ secrets.CODESIGN_IDENTITY }}
@@ -899,16 +909,12 @@ jobs:
args: sync -v dists objstore:apt/dists args: sync -v dists objstore:apt/dists
# #
# Build and push to Docker Hub # Build and push (except for PRs) to GHCR.
# #
docker-syncthing: docker-ghcr:
name: Build and push Docker images name: Build and push Docker images (GHCR)
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.repository_owner == 'syncthing' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/release-nightly' || github.ref == 'refs/heads/infrastructure' || startsWith(github.ref, 'refs/tags/v'))
environment: docker
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
permissions: permissions:
contents: read contents: read
packages: write packages: write
@@ -972,14 +978,6 @@ jobs:
BUILD_USER: docker BUILD_USER: docker
EXTRA_LDFLAGS: "-linkmode=external -extldflags=-static" EXTRA_LDFLAGS: "-linkmode=external -extldflags=-static"
- name: Login to Docker Hub
uses: docker/login-action@v3
if: env.DOCKERHUB_USERNAME != ''
with:
registry: docker.io
username: ${{ env.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GHCR - name: Login to GHCR
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
@@ -1011,12 +1009,6 @@ jobs:
tags=$repo:$ref tags=$repo:$ref
fi fi
# If we have a Docker Hub secret, also push to there.
if [[ $DOCKERHUB_USERNAME != "" ]] ; then
dockerhubtags="${tags//ghcr.io\/syncthing/docker.io\/syncthing}"
tags="$tags,$dockerhubtags"
fi
echo Pushing to $tags echo Pushing to $tags
echo "DOCKER_TAGS=$tags" >> $GITHUB_ENV echo "DOCKER_TAGS=$tags" >> $GITHUB_ENV
@@ -1029,11 +1021,35 @@ jobs:
file: ${{ matrix.dockerfile }} file: ${{ matrix.dockerfile }}
platforms: linux/amd64,linux/arm64,linux/arm/7 platforms: linux/amd64,linux/arm64,linux/arm/7
tags: ${{ env.DOCKER_TAGS }} tags: ${{ env.DOCKER_TAGS }}
push: true push: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
labels: | labels: |
org.opencontainers.image.version=${{ env.VERSION }} org.opencontainers.image.version=${{ env.VERSION }}
org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.revision=${{ github.sha }}
#
# Sync images to Docker hub. This takes the images already pushed to GHCR
# and copies them to Docker hub. Runs for releases only.
#
docker-hub:
name: Sync images to Docker hub
if: github.repository_owner == 'syncthing' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/release-nightly' || github.ref == 'refs/heads/infrastructure' || startsWith(github.ref, 'refs/tags/v'))
runs-on: ubuntu-latest
needs:
- docker-ghcr
environment: docker
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
steps:
- uses: actions/checkout@v4
- name: Sync images
uses: docker://docker.io/regclient/regsync:latest
with:
args:
-c ./.github/regsync.yml
once
# #
# Check for known vulnerabilities in Go dependencies # Check for known vulnerabilities in Go dependencies
# #
@@ -1055,3 +1071,41 @@ jobs:
go run build.go assets go run build.go assets
go install golang.org/x/vuln/cmd/govulncheck@latest go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./... govulncheck ./...
#
# golangci-lint runs a suite of static analysis checks on the code
#
golangci:
runs-on: ubuntu-latest
name: Run golangci-lint
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: 'stable'
- name: ensure asset generation
run: go run build.go assets
- name: golangci-lint
uses: golangci/golangci-lint-action@v8
with:
only-new-issues: true
#
# Meta checks for formatting, copyright, etc
#
meta:
name: Run meta checks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: 'stable'
- run: |
go run build.go assets
go test -v ./meta

49
.github/workflows/pr-linters.yaml vendored
View File

@@ -1,49 +0,0 @@
name: Run PR linters
on:
pull_request:
workflow_dispatch:
permissions:
contents: read
pull-requests: read
jobs:
#
# golangci-lint runs a suite of static analysis checks on the code
#
golangci:
runs-on: ubuntu-latest
name: Golangci-lint
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: 'stable'
- name: ensure asset generation
run: go run build.go assets
- name: golangci-lint
uses: golangci/golangci-lint-action@v8
with:
only-new-issues: true
#
# Meta checks for formatting, copyright, etc
#
meta:
name: Meta checks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: 'stable'
- run: |
go run build.go assets
go test -v ./meta