feature: add CORS_ALLOW_PRIVATE_NETWORK_ACCESS env var #481
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
# Controls when the action will run. Triggers the workflow on push or pull request | |
# events but only for the master branch | |
on: | |
push: | |
branches: [ master ] | |
pull_request: | |
branches: [ master ] | |
env: | |
CI: true | |
# Job progression. We make sure that the base image [oss] builds and passes tests before kicking off the other builds | |
# ┌──────────────────┐ ┌────────────────┐ ┌────────────────┐ | |
# ┌─────────┐ ┌─────────┬────► Build Latest NJS ├────────►Test Latest NJS ├─────►│Push Latest NJS │ | |
# │Build OSS├────►│Test OSS │ └──────────────────┘ └────────────────┘ └────────────────┘ | |
# └─────────┘ └──┬──────┤ | |
# │ │ ┌──────────────────┐ ┌──────────────────┐ ┌─────────────────┐ | |
# │ └────►Build Unprivileged├───────►Test Unprivileged ├────►│Push Unprivileged│ | |
# │ └──────────────────┘ └──────────────────┘ ├────────┬────────┘ | |
# │ ├────────┤ | |
# └──────────────────────────────────────────────────────────────►│Push OSS│ | |
# └────────┘ | |
# As a last step, if we are on the main/master branch, multi-architecture images will be built and pushed to github packages | |
# and docker hub | |
jobs: | |
build-oss-for-test: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and export | |
uses: docker/build-push-action@v5 | |
with: | |
file: Dockerfile.oss | |
context: . | |
tags: nginx-s3-gateway , nginx-s3-gateway:oss | |
outputs: type=docker,dest=${{ runner.temp }}/oss.tar | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: oss | |
path: ${{ runner.temp }}/oss.tar | |
retention-days: 1 | |
if-no-files-found: error | |
test-oss: | |
runs-on: ubuntu-22.04 | |
needs: build-oss-for-test | |
strategy: | |
matrix: | |
path_style: [virtual, virtual-v2] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it | |
- name: Restore cached binaries | |
id: cache-binaries-restore | |
uses: actions/cache/restore@v3 | |
with: | |
path: .bin | |
key: ${{ runner.os }}-binaries | |
- name: Install MinIO Client | |
run: | | |
mkdir .bin || exit 0 | |
cd .bin | |
curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" | |
curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - | |
mv mc.RELEASE.2023-06-19T19-31-19Z mc | |
chmod +x mc | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: oss | |
path: ${{ runner.temp }} | |
- name: Load image | |
run: | | |
docker load --input ${{ runner.temp }}/oss.tar | |
- name: Run tests - stable njs version | |
run: S3_STYLE=${{ matrix.path_style }} ./test.sh --type oss | |
build-latest-njs-for-test: | |
runs-on: ubuntu-22.04 | |
needs: test-oss | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver: docker | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: oss | |
path: ${{ runner.temp }} | |
- name: Load image | |
run: | | |
docker load --input ${{ runner.temp }}/oss.tar | |
- name: Build and load oss image | |
uses: docker/build-push-action@v5 | |
with: | |
file: Dockerfile.latest-njs | |
context: . | |
tags: nginx-s3-gateway:latest-njs-oss | |
load: true | |
# Save manually here since we need to use the `docker` buildx `driver` but that can't output | |
# a file that upload-artifact likes. | |
- name: save image | |
run: | | |
docker save nginx-s3-gateway:latest-njs-oss > ${{ runner.temp }}/latest-njs.tar | |
- name: Upload artifact - latest-njs | |
uses: actions/upload-artifact@v3 | |
with: | |
name: latest-njs | |
path: ${{ runner.temp }}/latest-njs.tar | |
retention-days: 1 | |
if-no-files-found: error | |
test-latest-njs: | |
runs-on: ubuntu-22.04 | |
needs: build-latest-njs-for-test | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it | |
- name: Restore cached binaries | |
id: cache-binaries-restore | |
uses: actions/cache/restore@v3 | |
with: | |
path: .bin | |
key: ${{ runner.os }}-binaries | |
- name: Install MinIO Client | |
run: | | |
mkdir .bin || exit 0 | |
cd .bin | |
curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" | |
curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - | |
mv mc.RELEASE.2023-06-19T19-31-19Z mc | |
chmod +x mc | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: latest-njs | |
path: ${{ runner.temp }} | |
- name: Load image | |
run: | | |
docker load --input ${{ runner.temp }}/latest-njs.tar | |
docker tag nginx-s3-gateway:latest-njs-oss nginx-s3-gateway | |
- name: Run tests - latest njs version | |
run: ./test.sh --latest-njs --type oss | |
build-unprivileged-for-test: | |
runs-on: ubuntu-22.04 | |
needs: test-oss | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver: docker | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: oss | |
path: ${{ runner.temp }} | |
- name: Load image | |
run: | | |
docker load --input ${{ runner.temp }}/oss.tar | |
- name: Build and load oss image | |
uses: docker/build-push-action@v5 | |
with: | |
file: Dockerfile.unprivileged | |
context: . | |
tags: nginx-s3-gateway:unprivileged-oss | |
load: true | |
# Save manually here since we need to use the `docker` buildx `driver` but that can't output | |
# a file that upload-artifact likes. | |
- name: save image | |
run: | | |
docker save nginx-s3-gateway:unprivileged-oss > ${{ runner.temp }}/unprivileged.tar | |
- name: Upload artifact - unprivileged | |
uses: actions/upload-artifact@v3 | |
with: | |
name: unprivileged | |
path: ${{ runner.temp }}/unprivileged.tar | |
retention-days: 1 | |
if-no-files-found: error | |
test-unprivileged: | |
runs-on: ubuntu-22.04 | |
needs: build-unprivileged-for-test | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it | |
- name: Restore cached binaries | |
id: cache-binaries-restore | |
uses: actions/cache/restore@v3 | |
with: | |
path: .bin | |
key: ${{ runner.os }}-binaries | |
- name: Install MinIO Client | |
run: | | |
mkdir .bin || exit 0 | |
cd .bin | |
curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" | |
curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - | |
mv mc.RELEASE.2023-06-19T19-31-19Z mc | |
chmod +x mc | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: unprivileged | |
path: ${{ runner.temp }} | |
- name: Load image | |
run: | | |
docker load --input ${{ runner.temp }}/unprivileged.tar | |
docker tag nginx-s3-gateway:unprivileged-oss nginx-s3-gateway | |
- name: Run tests - unprivileged | |
run: ./test.sh --unprivileged --type oss | |
# After the tests are done, build multiarch and push to both github packages and dockerhub if we are on master/main | |
tag-and-push: | |
runs-on: ubuntu-22.04 | |
needs: [test-oss, test-latest-njs, test-unprivileged] | |
if: | | |
github.ref == 'refs/heads/master' || | |
github.ref == 'refs/heads/main' | |
services: | |
registry: | |
image: registry:2 | |
ports: | |
- 5000:5000 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Get current date | |
id: date | |
run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx for local image build and push | |
uses: docker/setup-buildx-action@v3 | |
with: | |
platforms: linux/amd64,linux/arm64 | |
driver-opts: network=host | |
# Do an initial build of the base image and push to a local registry for downstream | |
# images because the `docker-container` driver can't find local images with `load` | |
- name: Build and push image [oss] to local registry for downstream | |
uses: docker/build-push-action@v5 | |
with: | |
file: Dockerfile.oss | |
context: . | |
push: true | |
platforms: linux/amd64,linux/arm64 | |
provenance: false | |
tags: localhost:5000/nginx-oss-s3-gateway:oss | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
# This second invocation of build/push should just use the existing build cache | |
- name: Build and push image [oss] | |
uses: docker/build-push-action@v5 | |
with: | |
file: Dockerfile.oss | |
context: . | |
push: true | |
platforms: linux/amd64,linux/arm64 | |
provenance: false | |
tags: | | |
ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }} | |
ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:latest | |
nginxinc/nginx-s3-gateway:latest-${{ steps.date.outputs.date }} | |
nginxinc/nginx-s3-gateway:latest | |
- name: Build and push image [latest-njs] | |
uses: docker/build-push-action@v5 | |
with: | |
file: Dockerfile.latest-njs | |
context: . | |
build-contexts: | | |
nginx-s3-gateway=docker-image://localhost:5000/nginx-oss-s3-gateway:oss | |
push: true | |
platforms: linux/amd64,linux/arm64 | |
provenance: false | |
tags: | | |
ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} | |
ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:latest-njs-oss | |
nginxinc/nginx-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} | |
nginxinc/nginx-s3-gateway:latest-njs-oss | |
- name: Build and push image [unprivileged] | |
uses: docker/build-push-action@v5 | |
with: | |
file: Dockerfile.unprivileged | |
context: . | |
build-contexts: | | |
nginx-s3-gateway=docker-image://localhost:5000/nginx-oss-s3-gateway:oss | |
push: true | |
platforms: linux/amd64,linux/arm64 | |
provenance: false | |
tags: | | |
ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} | |
ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:unprivileged-oss | |
nginxinc/nginx-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} | |
nginxinc/nginx-s3-gateway:unprivileged-oss |