diff --git a/.github/dependabot.yml b/.github/dependabot.yml index ecaedba..120a559 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,7 +12,7 @@ updates: - package-ecosystem: "docker" directory: "/" schedule: - interval: "weekly" + interval: "daily" - package-ecosystem: "github-actions" directory: ".github/workflows/" schedule: diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 0000000..9e94ea2 --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,14 @@ +changelog: + exclude: + labels: + - ignore-for-release + categories: + - title: 🏕 Features + labels: + - '*' + exclude: + labels: + - dependencies + - title: 👒 Dependencies + labels: + - dependencies diff --git a/.github/workflows/auto-merge-dependebot.yml b/.github/workflows/auto-merge-dependebot.yml new file mode 100644 index 0000000..23209e7 --- /dev/null +++ b/.github/workflows/auto-merge-dependebot.yml @@ -0,0 +1,17 @@ +name: Auto-merge Dependabot +on: pull_request + +permissions: + pull-requests: write + contents: write + +jobs: + automerge: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + - name: Enable Pull Request Automerge + run: gh pr merge --merge --auto "$PR" + env: + GH_TOKEN: ${{ secrets.PAT }} + PR: ${{ github.event.pull_request.number }} diff --git a/.github/workflows/main-tag.yml b/.github/workflows/main-tag.yml index bc8c0c0..6d03a01 100644 --- a/.github/workflows/main-tag.yml +++ b/.github/workflows/main-tag.yml @@ -27,10 +27,10 @@ jobs: PLATFORMS=amd64,arm,arm64 REPO_OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') - TAGS1="ghcr.io/${REPO_OWNER}/tor-controller:${{ steps.vars.outputs.tag }}" - TAGS2="ghcr.io/${REPO_OWNER}/tor-daemon:${{ steps.vars.outputs.tag }}" - TAGS3="ghcr.io/${REPO_OWNER}/tor-daemon-manager:${{ steps.vars.outputs.tag }}" - TAGS4="ghcr.io/${REPO_OWNER}/tor-onionbalance-manager:${{ steps.vars.outputs.tag }}" + TAGS1="${REPO_OWNER}/tor-controller:${{ steps.vars.outputs.tag }}" + TAGS2="${REPO_OWNER}/tor-daemon:${{ steps.vars.outputs.tag }}" + TAGS3="${REPO_OWNER}/tor-daemon-manager:${{ steps.vars.outputs.tag }}" + TAGS4="${REPO_OWNER}/tor-onionbalance-manager:${{ steps.vars.outputs.tag }}" if [ "${{github.event_name}}" == "pull_request" ]; then echo ::set-output name=push::false else @@ -43,17 +43,23 @@ jobs: fi echo ::set-output name=platforms::${PLATFORMS} - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: ${{ steps.prep.outputs.platforms }} - - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: ${{ steps.prep.outputs.platforms }} - name: Set up Docker Buildx id: buildx @@ -73,7 +79,9 @@ jobs: file: Dockerfile platforms: ${{ steps.prep.outputs.platforms }} push: ${{ steps.prep.outputs.push }} - tags: ${{ steps.prep.outputs.tags1 }} + tags: | + ${{ steps.prep.outputs.tags1 }} + ghcr.io/${{ steps.prep.outputs.tags1 }} - name: Build and push (tor-daemon) uses: docker/build-push-action@v6 @@ -85,7 +93,9 @@ jobs: file: Dockerfile.tor-daemon platforms: ${{ steps.prep.outputs.platforms }} push: ${{ steps.prep.outputs.push }} - tags: ${{ steps.prep.outputs.tags2 }} + tags: | + ${{ steps.prep.outputs.tags2 }} + ghcr.io/${{ steps.prep.outputs.tags2 }} - name: Build and push (tor-daemon-manager) uses: docker/build-push-action@v6 @@ -97,7 +107,9 @@ jobs: file: Dockerfile.tor-daemon-manager platforms: ${{ steps.prep.outputs.platforms }} push: ${{ steps.prep.outputs.push }} - tags: ${{ steps.prep.outputs.tags3 }} + tags: | + ${{ steps.prep.outputs.tags3 }} + ghcr.io/${{ steps.prep.outputs.tags3 }} - name: Build and push (tor-onionbalance-manager) uses: docker/build-push-action@v6 @@ -109,4 +121,6 @@ jobs: file: Dockerfile.tor-onionbalance-manager platforms: ${{ steps.prep.outputs.platforms }} push: ${{ steps.prep.outputs.push }} - tags: ${{ steps.prep.outputs.tags4 }} + tags: | + ${{ steps.prep.outputs.tags4 }} + ghcr.io/${{ steps.prep.outputs.tags4 }} diff --git a/.github/workflows/release-image.yml b/.github/workflows/release-image.yml new file mode 100644 index 0000000..731a6ed --- /dev/null +++ b/.github/workflows/release-image.yml @@ -0,0 +1,89 @@ +name: Release Image Version + +on: + schedule: + - cron: '44 12,22 * * *' # Twice a day + workflow_dispatch: + +jobs: + release: + runs-on: ubuntu-latest + permissions: + contents: write # needed to create releases + + steps: + # ---------------------------------------------------------------------- + # Checkout the repository (full history needed for tag look‑ups) + # ---------------------------------------------------------------------- + - name: Checkout repository + uses: actions/checkout@v6 + with: + fetch-depth: 0 + + # ---------------------------------------------------------------------- + # Get the latest semantic‑version tag (ignoring tor‑controller tags) + # ---------------------------------------------------------------------- + - name: Get latest version tag + id: latest_tag + run: | + TAGS=$(git tag -l '[0-9]*.[0-9]*.[0-9]*' | grep -v '^tor-controller') + LATEST=$(printf "%s\n" $TAGS | sort -V | tail -n1) + echo "tag=$LATEST" >> $GITHUB_OUTPUT + + # ---------------------------------------------------------------------- + # Detect changes (excluding the `charts` directory) since the latest tag + # ---------------------------------------------------------------------- + - name: Detect changes (excluding charts) + id: changes + run: | + # If no previous version tag exists, compare against the initial commit + if [ -z "${{ steps.latest_tag.outputs.tag }}" ]; then + BASE=$(git rev-list --max-parents=0 HEAD) # first commit + else + BASE="${{ steps.latest_tag.outputs.tag }}" + fi + + # List files changed since $BASE and filter out anything under `charts/` + if git diff --name-only "$BASE"..HEAD | grep -v '^charts/' | grep -q .; then + echo "changed=true" >> $GITHUB_OUTPUT + else + echo "changed=false" >> $GITHUB_OUTPUT + fi + + # ---------------------------------------------------------------------- + # Stop if no relevant changes were found + # ---------------------------------------------------------------------- + - name: Stop if no relevant changes + if: steps.changes.outputs.changed == 'false' + run: | + echo "No changes outside 'charts' since ${{ steps.latest_tag.outputs.tag }} – skipping release." + exit 0 + + # ---------------------------------------------------------------------- + # Bump the patch version (e.g., 0.11.0 → 0.11.1) + # ---------------------------------------------------------------------- + - name: Bump patch version + if: steps.changes.outputs.changed == 'true' + id: bump + run: | + LATEST="${{ steps.latest_tag.outputs.tag }}" + if [ -z "$LATEST" ]; then + NEW="0.0.1" + else + IFS='.' read -r MAJOR MINOR PATCH <<< "$LATEST" + PATCH=$((PATCH + 1)) + NEW="${MAJOR}.${MINOR}.${PATCH}" + fi + echo "new_version=$NEW" >> $GITHUB_OUTPUT + + # ---------------------------------------------------------------------- + # Create a new tag and GitHub release + # ---------------------------------------------------------------------- + - name: Create GitHub release + if: steps.changes.outputs.changed == 'true' + uses: softprops/action-gh-release@v2 + with: + tag_name: ${{ steps.bump.outputs.new_version }} + release_name: Release ${{ steps.bump.outputs.new_version }} + generate_release_notes: true + token: ${{ secrets.PAT_TOKEN }} diff --git a/Dockerfile.tor-daemon b/Dockerfile.tor-daemon index 351040c..6d7c5e6 100644 --- a/Dockerfile.tor-daemon +++ b/Dockerfile.tor-daemon @@ -1 +1 @@ -FROM ghcr.io/rinsecode/tor:0.4.8.21 AS tor +FROM docker.io/rinsecode/tor:0.4.8.22-r1 AS tor diff --git a/Dockerfile.tor-daemon-manager b/Dockerfile.tor-daemon-manager index 52d8e18..2fc9a18 100644 --- a/Dockerfile.tor-daemon-manager +++ b/Dockerfile.tor-daemon-manager @@ -10,7 +10,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \ --mount=type=cache,target=/go/pkg \ CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -a -ldflags="-s -w" -o /out/tor-local-manager ./agents/tor/main.go -FROM ghcr.io/rinsecode/tor:0.4.8.21 AS tor +FROM docker.io/rinsecode/tor:0.4.8.22-r1 AS tor RUN mkdir -p /app COPY --from=builder --chmod=0555 /out/tor-local-manager /app diff --git a/charts/tor-controller/values.yaml b/charts/tor-controller/values.yaml index cc2bcac..ddb5c46 100644 --- a/charts/tor-controller/values.yaml +++ b/charts/tor-controller/values.yaml @@ -13,7 +13,7 @@ upgradeRollout: true # -- tor-controller image, it watches onionservices objects image: - repository: ghcr.io/rinsecode/tor-controller + repository: docker.io/rinsecode/tor-controller pullPolicy: Always # -- Overrides the image tag whose default is the chart appVersion. tag: "" @@ -21,7 +21,7 @@ image: daemon: # -- tor-daemon image, it runs Tor client image: - repository: ghcr.io/rinsecode/tor-daemon + repository: docker.io/rinsecode/tor-daemon pullPolicy: Always # -- Overrides the image tag whose default is the chart appVersion. tag: "" @@ -29,7 +29,7 @@ daemon: manager: # -- tor-daemon-manager image, it runs Tor client with manager image: - repository: ghcr.io/rinsecode/tor-daemon-manager + repository: docker.io/rinsecode/tor-daemon-manager pullPolicy: Always # -- Overrides the image tag whose default is the chart appVersion. tag: "" @@ -37,7 +37,7 @@ manager: onionbalance: # -- tor-onionbalance-manager image, it runs Tor client image: - repository: ghcr.io/rinsecode/tor-onionbalance-manager + repository: docker.io/rinsecode/tor-onionbalance-manager pullPolicy: Always # -- Overrides the image tag whose default is the chart appVersion. tag: ""