Fix manifest path #731
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Custom Build | |
| on: | |
| push: | |
| branches: | |
| - '*' | |
| - '!gh-pages' | |
| tags: | |
| - '*' | |
| # We need to set id-token to write. | |
| # But we cannot simply write | |
| # permissions: | |
| # id-token: write | |
| # because those unspecified permissions are 'none', instead of taking their default values, as documented in | |
| # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#permissions | |
| # So we repeat the defaults here. | |
| permissions: | |
| # The following are the default values we have to repeat here. | |
| actions: "write" | |
| attestations: "write" | |
| checks: "write" | |
| contents: "write" | |
| deployments: "write" | |
| discussions: "write" | |
| issues: "write" | |
| packages: "write" | |
| pages: "write" | |
| pull-requests: "write" | |
| repository-projects: "write" | |
| security-events: "write" | |
| statuses: "write" | |
| # The above are the default values we have to repeat here. | |
| # We need to set id-token: write so that we can fetch the ID token. | |
| # See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings | |
| # The ID token is used in Workload Identity Federation. | |
| id-token: "write" | |
| jobs: | |
| authgear-image-custom: | |
| runs-on: ubuntu-24.04 | |
| if: ${{ github.repository == 'authgear/authgear-server' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install qemu for multi arch build | |
| run: docker run --privileged --rm tonistiigi/binfmt --install all | |
| - name: Setup container builder | |
| run: | | |
| docker buildx create \ | |
| --name container-builder \ | |
| --driver docker-container \ | |
| --bootstrap --use | |
| # https://aran.dev/posts/github-actions-go-private-modules/ | |
| - name: Set up SSH key | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| AUTHGEAR_PRIVATE_DEPLOY_KEY: ${{ secrets.AUTHGEAR_PRIVATE_DEPLOY_KEY }} | |
| run: | | |
| mkdir -p ~/.ssh | |
| eval $(ssh-agent -a $SSH_AUTH_SOCK) | |
| printf "$AUTHGEAR_PRIVATE_DEPLOY_KEY" | base64 --decode | ssh-add - | |
| echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> "$GITHUB_ENV" | |
| echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> "$GITHUB_ENV" | |
| - name: Build and push to HK | |
| uses: ./.github/actions/build-custom-image | |
| with: | |
| target: authgearx | |
| image_name: "${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_PREFIX_HK }}/authgear-server" | |
| gcp_project_id: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_PROJECT_ID_HK }} | |
| gcp_workload_identity_provider: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_WORKLOAD_IDENTITY_PROVIDER_HK }} | |
| docker_repo: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_HK }} | |
| - name: Build and push to US | |
| uses: ./.github/actions/build-custom-image | |
| with: | |
| target: authgearx | |
| image_name: "${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_PREFIX_US }}/authgear-server" | |
| gcp_project_id: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_PROJECT_ID_US }} | |
| gcp_workload_identity_provider: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_WORKLOAD_IDENTITY_PROVIDER_US }} | |
| docker_repo: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_US }} | |
| - name: Clean up SSH key | |
| if: ${{ always() }} | |
| run: | | |
| ssh-add -D | |
| ssh-agent -k | |
| echo "SSH_AUTH_SOCK=" >> "$GITHUB_ENV" | |
| echo "SSH_AGENT_PID=" >> "$GITHUB_ENV" | |
| portal-image-custom: | |
| runs-on: ubuntu-24.04 | |
| if: ${{ github.repository == 'authgear/authgear-server' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install qemu for multi arch build | |
| run: docker run --privileged --rm tonistiigi/binfmt --install all | |
| - name: Setup container builder | |
| run: | | |
| docker buildx create \ | |
| --name container-builder \ | |
| --driver docker-container \ | |
| --bootstrap --use | |
| # https://aran.dev/posts/github-actions-go-private-modules/ | |
| - name: Set up SSH key | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| AUTHGEAR_PRIVATE_DEPLOY_KEY: ${{ secrets.AUTHGEAR_PRIVATE_DEPLOY_KEY }} | |
| run: | | |
| mkdir -p ~/.ssh | |
| eval $(ssh-agent -a $SSH_AUTH_SOCK) | |
| printf "$AUTHGEAR_PRIVATE_DEPLOY_KEY" | base64 --decode | ssh-add - | |
| echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> "$GITHUB_ENV" | |
| echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> "$GITHUB_ENV" | |
| - name: Build and push to HK | |
| uses: ./.github/actions/build-custom-image | |
| with: | |
| target: portalx | |
| image_name: "${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_PREFIX_HK }}/authgear-portal" | |
| gcp_project_id: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_PROJECT_ID_HK }} | |
| gcp_workload_identity_provider: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_WORKLOAD_IDENTITY_PROVIDER_HK }} | |
| docker_repo: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_HK }} | |
| - name: Build and push to US | |
| uses: ./.github/actions/build-custom-image | |
| with: | |
| target: portalx | |
| image_name: "${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_PREFIX_US }}/authgear-portal" | |
| gcp_project_id: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_PROJECT_ID_US }} | |
| gcp_workload_identity_provider: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_GOOGLE_WORKLOAD_IDENTITY_PROVIDER_US }} | |
| docker_repo: ${{ secrets.AUTHGEAR_CUSTOM_BUILD_REPO_US }} | |
| - name: Clean up SSH key | |
| if: ${{ always() }} | |
| run: | | |
| ssh-add -D | |
| ssh-agent -k | |
| echo "SSH_AUTH_SOCK=" >> "$GITHUB_ENV" | |
| echo "SSH_AGENT_PID=" >> "$GITHUB_ENV" |