TDvorak/Beszel
1
0
Fork 0
mirror of https://github.com/Dvorinka/beszel.git synced 2026-06-03 21:02:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ci/cd

Browse Source
This commit is contained in:
Tomas Dvorak
2026-04-28 10:05:06 +02:00
parent e06fcd07a8
commit 517b9ea37d
5 changed files with 83 additions and 364 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.dockerignore
+2
View File
@@ -5,6 +5,8 @@ internalsite/node_modules
# Go build artifacts and binaries # Go build artifacts and binaries
build build
dist dist
!internal/site/dist
!internal/site/dist/**
*.exe *.exe
beszel-agent beszel-agent
beszel_data* beszel_data*
.github/workflows/docker-images.yml
+110 -171
View File
@@ -1,201 +1,140 @@
name: Make docker images name: Build Docker images
on: on:
push: push:
branches:
- "**"
tags: tags:
- "v*" - "v*"
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 60
strategy:
fail-fast: false
max-parallel: 5
matrix:
include:
# henrygd/beszel
- image: henrygd/beszel
dockerfile: ./internal/dockerfile_hub
registry: docker.io
username_secret: DOCKERHUB_USERNAME
password_secret: DOCKERHUB_TOKEN
tags: |
type=raw,value=edge
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value={{sha}},enable=${{ github.ref_type != 'tag' }}
# henrygd/beszel-agent:alpine
- image: henrygd/beszel-agent
dockerfile: ./internal/dockerfile_agent_alpine
registry: docker.io
username_secret: DOCKERHUB_USERNAME
password_secret: DOCKERHUB_TOKEN
tags: |
type=raw,value=alpine
type=semver,pattern={{version}}-alpine
type=semver,pattern={{major}}.{{minor}}-alpine
type=semver,pattern={{major}}-alpine
# henrygd/beszel-agent-nvidia
- image: henrygd/beszel-agent-nvidia
dockerfile: ./internal/dockerfile_agent_nvidia
platforms: linux/amd64
registry: docker.io
username_secret: DOCKERHUB_USERNAME
password_secret: DOCKERHUB_TOKEN
tags: |
type=raw,value=edge
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value={{sha}},enable=${{ github.ref_type != 'tag' }}
# henrygd/beszel-agent-intel
- image: henrygd/beszel-agent-intel
dockerfile: ./internal/dockerfile_agent_intel
platforms: linux/amd64
registry: docker.io
username_secret: DOCKERHUB_USERNAME
password_secret: DOCKERHUB_TOKEN
tags: |
type=raw,value=edge
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value={{sha}},enable=${{ github.ref_type != 'tag' }}
# ghcr.io/henrygd/beszel
- image: ghcr.io/${{ github.repository }}/beszel
dockerfile: ./internal/dockerfile_hub
registry: ghcr.io
username: ${{ github.actor }}
password_secret: GITHUB_TOKEN
tags: |
type=raw,value=edge
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value={{sha}},enable=${{ github.ref_type != 'tag' }}
# ghcr.io/henrygd/beszel-agent
- image: ghcr.io/${{ github.repository }}/beszel-agent
dockerfile: ./internal/dockerfile_agent
registry: ghcr.io
username: ${{ github.actor }}
password_secret: GITHUB_TOKEN
tags: |
type=raw,value=edge
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value={{sha}},enable=${{ github.ref_type != 'tag' }}
# ghcr.io/henrygd/beszel-agent-nvidia
- image: ghcr.io/${{ github.repository }}/beszel-agent-nvidia
dockerfile: ./internal/dockerfile_agent_nvidia
platforms: linux/amd64
registry: ghcr.io
username: ${{ github.actor }}
password_secret: GITHUB_TOKEN
tags: |
type=raw,value=edge
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value={{sha}},enable=${{ github.ref_type != 'tag' }}
# ghcr.io/henrygd/beszel-agent-intel
- image: ghcr.io/${{ github.repository }}/beszel-agent-intel
dockerfile: ./internal/dockerfile_agent_intel
platforms: linux/amd64
registry: ghcr.io
username: ${{ github.actor }}
password_secret: GITHUB_TOKEN
tags: |
type=raw,value=edge
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value={{sha}},enable=${{ github.ref_type != 'tag' }}
# ghcr.io/henrygd/beszel-agent:alpine
- image: ghcr.io/${{ github.repository }}/beszel-agent
dockerfile: ./internal/dockerfile_agent_alpine
registry: ghcr.io
username: ${{ github.actor }}
password_secret: GITHUB_TOKEN
tags: |
type=raw,value=alpine
type=semver,pattern={{version}}-alpine
type=semver,pattern={{major}}.{{minor}}-alpine
type=semver,pattern={{major}}-alpine
# henrygd/beszel-agent (keep at bottom so it gets built after :alpine and gets the latest tag)
- image: henrygd/beszel-agent
dockerfile: ./internal/dockerfile_agent
registry: docker.io
username_secret: DOCKERHUB_USERNAME
password_secret: DOCKERHUB_TOKEN
tags: |
type=raw,value=edge
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value={{sha}},enable=${{ github.ref_type != 'tag' }}
permissions: permissions:
contents: read contents: read
packages: write packages: write
steps: concurrency:
- name: Checkout group: docker-images-${{ github.ref }}
uses: actions/checkout@v6 cancel-in-progress: true
- name: Set up bun jobs:
build:
name: ${{ matrix.name }}
runs-on: ubuntu-latest
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
include:
- name: Hub
image: beszel
dockerfile: ./internal/dockerfile_hub
platforms: linux/amd64,linux/arm64,linux/arm/v7
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=edge,enable={{is_default_branch}}
type=ref,event=branch
type=sha,prefix=sha-
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
- name: Agent
image: beszel-agent
dockerfile: ./internal/dockerfile_agent
platforms: linux/amd64,linux/arm64,linux/arm/v7
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=edge,enable={{is_default_branch}}
type=ref,event=branch
type=sha,prefix=sha-
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
- name: Agent Alpine
image: beszel-agent
dockerfile: ./internal/dockerfile_agent_alpine
platforms: linux/amd64,linux/arm64,linux/arm/v7
tags: |
type=raw,value=alpine,enable={{is_default_branch}}
type=raw,value=edge-alpine,enable={{is_default_branch}}
type=ref,event=branch,suffix=-alpine
type=sha,prefix=sha-,suffix=-alpine
type=semver,pattern={{version}}-alpine
type=semver,pattern={{major}}.{{minor}}-alpine
type=semver,pattern={{major}}-alpine
- name: Agent NVIDIA
image: beszel-agent-nvidia
dockerfile: ./internal/dockerfile_agent_nvidia
platforms: linux/amd64
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=edge,enable={{is_default_branch}}
type=ref,event=branch
type=sha,prefix=sha-
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
- name: Agent Intel
image: beszel-agent-intel
dockerfile: ./internal/dockerfile_agent_intel
platforms: linux/amd64
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=edge,enable={{is_default_branch}}
type=ref,event=branch
type=sha,prefix=sha-
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Normalize GHCR owner
id: ghcr
run: echo "owner=${GITHUB_REPOSITORY_OWNER,,}" >> "$GITHUB_OUTPUT"
shell: bash
- name: Set up Bun
uses: oven-sh/setup-bun@v2 uses: oven-sh/setup-bun@v2
- name: Install dependencies - name: Install frontend dependencies
run: bun install --frozen-lockfile --cwd ./internal/site run: bun install --frozen-lockfile --cwd ./internal/site
shell: bash
- name: Build site - name: Build frontend
run: bun run --cwd ./internal/site build run: bun run --cwd ./internal/site build
shell: bash
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v4 uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4 uses: docker/setup-buildx-action@v3
- name: Sign in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Docker metadata - name: Docker metadata
id: metadata id: metadata
uses: docker/metadata-action@v6 uses: docker/metadata-action@v5
with: with:
images: ${{ matrix.image }} images: ghcr.io/${{ steps.ghcr.outputs.owner }}/${{ matrix.image }}
tags: ${{ matrix.tags }} tags: ${{ matrix.tags }}
# https://github.com/docker/login-action - name: Build and publish
- name: Login to Docker Hub uses: docker/build-push-action@v6
env:
password_secret_exists: ${{ secrets[matrix.password_secret] != '' && 'true' || 'false' }}
if: github.event_name != 'pull_request' && env.password_secret_exists == 'true'
uses: docker/login-action@v4
with: with:
username: ${{ matrix.username || secrets[matrix.username_secret] }} context: .
password: ${{ secrets[matrix.password_secret] }}
registry: ${{ matrix.registry }}
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
uses: docker/build-push-action@v7
with:
context: ./
file: ${{ matrix.dockerfile }} file: ${{ matrix.dockerfile }}
platforms: ${{ matrix.platforms || 'linux/amd64,linux/arm64,linux/arm/v7' }} platforms: ${{ matrix.platforms }}
push: ${{ github.ref_type == 'tag' && secrets[matrix.password_secret] != '' }} push: true
tags: ${{ steps.metadata.outputs.tags }} tags: ${{ steps.metadata.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }} labels: ${{ steps.metadata.outputs.labels }}
.github/workflows/release.yml
-56
View File
@@ -1,56 +0,0 @@
name: Make release and binaries
on:
push:
tags:
- "v*"
permissions:
contents: write
jobs:
goreleaser:
runs-on: ubuntu-latest
timeout-minutes: 45
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Set up bun
uses: oven-sh/setup-bun@v2
- name: Install dependencies
run: bun install --frozen-lockfile --cwd ./internal/site
- name: Build site
run: bun run --cwd ./internal/site build
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache-dependency-path: go.sum
- name: Set up .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: "9.0.x"
- name: Build .NET LHM executable for Windows sensors
run: |
dotnet build -c Release ./agent/lhm/beszel_lhm.csproj
shell: bash
- name: GoReleaser beszel
uses: goreleaser/goreleaser-action@v6
with:
workdir: ./
distribution: goreleaser
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.TOKEN || secrets.GITHUB_TOKEN }}
WINGET_TOKEN: ${{ secrets.WINGET_TOKEN }}
IS_FORK: ${{ github.repository_owner != 'henrygd' }}
.github/workflows/test.yml
-132
View File
@@ -1,132 +0,0 @@
name: CI
on:
pull_request:
branches:
- main
push:
branches:
- main
permissions:
contents: read
concurrency:
group: ci-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
frontend-build:
name: Frontend Build
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Check out code
uses: actions/checkout@v6
- name: Set up bun
uses: oven-sh/setup-bun@v2
- name: Install dependencies
run: bun install --frozen-lockfile --cwd ./internal/site
shell: bash
- name: Build site
run: bun run --cwd ./internal/site build
shell: bash
go-test:
name: Go Tests
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- name: Check out code
uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache-dependency-path: go.sum
- name: Run tests
run: go test -tags=testing ./...
shell: bash
release-smoke:
name: Release Smoke Build
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Check out code
uses: actions/checkout@v6
- name: Set up bun
uses: oven-sh/setup-bun@v2
- name: Install dependencies
run: bun install --frozen-lockfile --cwd ./internal/site
shell: bash
- name: Build site
run: bun run --cwd ./internal/site build
shell: bash
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache-dependency-path: go.sum
- name: Set up .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: "9.0.x"
- name: Build Windows sensor helper
run: dotnet build -c Release ./agent/lhm/beszel_lhm.csproj
shell: bash
- name: Fetch Windows smartctl asset
run: go generate -run fetchsmartctl ./agent
shell: bash
- name: Build Linux binaries
run: go build ./internal/cmd/hub ./internal/cmd/agent
shell: bash
- name: Build Windows agent
run: GOOS=windows GOARCH=amd64 go build ./internal/cmd/agent
shell: bash
docker-smoke:
name: Docker Smoke Build
runs-on: ubuntu-latest
timeout-minutes: 45
strategy:
fail-fast: false
matrix:
include:
- dockerfile: ./internal/dockerfile_hub
image: beszel-hub-smoke
- dockerfile: ./internal/dockerfile_agent
image: beszel-agent-smoke
steps:
- name: Check out code
uses: actions/checkout@v6
- name: Set up bun
uses: oven-sh/setup-bun@v2
- name: Install dependencies
run: bun install --frozen-lockfile --cwd ./internal/site
shell: bash
- name: Build site
run: bun run --cwd ./internal/site build
shell: bash
- name: Build Docker image
run: docker build --file "${{ matrix.dockerfile }}" --tag "${{ matrix.image }}" .
shell: bash
.github/workflows/vulncheck.yml
-34
View File
@@ -1,34 +0,0 @@
# https://github.com/minio/minio/blob/master/.github/workflows/vulncheck.yml
name: VulnCheck
on:
pull_request:
branches:
- main
push:
branches:
- main
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
vulncheck:
name: VulnCheck
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache-dependency-path: go.sum
- name: Get official govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
shell: bash
- name: Run govulncheck
run: govulncheck -show verbose ./...
shell: bash