feat: subscription management via Stripe #4218
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
| name: Build Hub | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| tags: | |
| - '*' | |
| pull_request: | |
| jobs: | |
| validate-migrations: | |
| name: Validate migrations | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| - run: hack/validate-migrations.sh | |
| build: | |
| services: | |
| postgres: | |
| image: postgres | |
| env: | |
| POSTGRES_USER: test-user | |
| POSTGRES_PASSWORD: test-password | |
| POSTGRES_DB: distr | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 5432:5432 | |
| name: Build | |
| timeout-minutes: 10 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| - name: Setup Go | |
| uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| check-latest: true | |
| cache-dependency-path: | | |
| go.sum | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 | |
| with: | |
| version: 10 | |
| - name: Setup node.js | |
| uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| node-version: '24' | |
| cache: pnpm | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Generate commit hash | |
| id: hash | |
| run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| - name: Install frontend dependencies with pnpm | |
| run: pnpm install --frozen-lockfile | |
| - name: Lint with prettier | |
| run: pnpm run lint | |
| - name: Lint with golangci-lint | |
| uses: golangci/golangci-lint-action@e7fa5ac41e1cf5b7d48e45e42232ce7ada589601 # v9.1.0 | |
| with: | |
| version: v2.6.2 | |
| - name: Build frontend | |
| if: ${{ !startsWith(github.ref, 'refs/tags/') }} | |
| run: pnpm run build:prod | |
| - name: Build frontend and upload source maps (tag only) | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| run: | | |
| pnpm run build:prod --source-map=true || exit 1 | |
| pnpm run sentry-upload || exit 1 | |
| rm internal/frontend/dist/ui/browser/*.map || exit 1 | |
| env: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| VERSION: ${{ github.ref_name }} | |
| - name: Build application | |
| run: go build -ldflags="$LDFLAGS" -o dist/distr ./cmd/hub/ | |
| env: | |
| CGO_ENABLED: '0' | |
| LDFLAGS: >- | |
| -X github.com/glasskube/distr/internal/buildconfig.version=${{ github.ref_name }} | |
| -X github.com/glasskube/distr/internal/buildconfig.commit=${{ steps.hash.outputs.sha_short }} | |
| - name: Start Hub and verify migrations | |
| shell: bash | |
| run: dist/distr serve & | |
| sleep 5 && | |
| curl $DISTR_HOST/internal/environment -f && | |
| psql $DATABASE_URL -c "select version > 0, dirty from schema_migrations" --csv -t | grep "t,f" && | |
| pkill -SIGTERM distr && | |
| dist/distr migrate --down | |
| env: | |
| DATABASE_URL: postgres://test-user:test-password@localhost:5432/distr | |
| JWT_SECRET: H4V7z6mEpe8/k5H/KyogT/iATJhNpEIUMd5cHF6mqF8= | |
| DISTR_HOST: http://localhost:8080 | |
| - name: Generate SBOM for frontend project | |
| uses: anchore/sbom-action@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10 | |
| with: | |
| file: pnpm-lock.yaml | |
| output-file: dist/frontend.spdx.json | |
| format: spdx-json | |
| upload-release-assets: false | |
| - name: Login to GitHub Container Registry (tag only) | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Login to Distr Registry (tag only) | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: registry.distr.sh | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.DISTR_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - name: Generate Docker Metadata | |
| id: meta | |
| uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 | |
| with: | |
| images: | | |
| ghcr.io/glasskube/distr | |
| registry.distr.sh/glasskube/distr | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| flavor: | | |
| latest=false | |
| labels: | | |
| org.opencontainers.image.description=Distr Hub | |
| org.opencontainers.image.vendor=Glasskube | |
| - name: Docker build (push on tag only) | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| id: build-push | |
| with: | |
| platforms: ${{ startsWith(github.ref, 'refs/tags/') && 'linux/amd64,linux/arm64' || 'linux/amd64' }} | |
| context: . | |
| file: Dockerfile.hub | |
| push: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| sbom: true | |
| provenance: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| - name: Sign the images with GitHub OIDC Token | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| env: | |
| DIGEST: ${{ steps.build-push.outputs.digest }} | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| run: | | |
| images="" | |
| for tag in ${TAGS}; do | |
| images+="${tag}@${DIGEST} " | |
| done | |
| cosign sign --yes ${images} |