fix: update Docker workflow to build PAM plugin for linux/amd64 archi… #33
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build-binaries: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.24' | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libpam0g-dev | |
| - name: Install xgo for cross-compilation | |
| run: | | |
| go install src.techknowlogick.com/xgo@latest | |
| - name: Build main binaries for all architectures | |
| working-directory: ./v2 | |
| run: | | |
| # Initialize and update submodules for plugins | |
| git submodule update --init --recursive | |
| # Ensure all dependencies are properly downloaded and verified | |
| go mod download | |
| go mod verify | |
| go mod tidy | |
| # Explicitly get the missing dependency that causes issues in xgo | |
| go get github.com/munnerz/goautoneg | |
| go get github.com/prometheus/common/expfmt@v0.65.0 | |
| # Update go.sum and mod files after adding dependencies | |
| go mod tidy | |
| # List module status for debugging | |
| echo "Go module status:" | |
| go list -m all | grep -E "(prometheus|munnerz)" || true | |
| # Use xgo to build for multiple platforms | |
| GO_RELEASE_V=$(go version | { read _ _ v _; echo ${v#go}; }) | |
| # Build main binaries using xgo with the same targets as Makefile | |
| # Use local directory and enable modules | |
| xgo -image techknowlogick/xgo:latest -v -ldflags="-s -w" -go $GO_RELEASE_V -out glauth -dest bin \ | |
| -targets="linux/amd64,linux/386,linux/arm64,linux/arm-7,darwin/amd64,darwin/arm64,windows/amd64,windows/386" \ | |
| -env="GO111MODULE=on,GOPROXY=https://proxy.golang.org,direct" . | |
| # Fix ownership and permissions for files created by xgo (which runs as root in docker) | |
| sudo chown -R $USER:$USER bin/ 2>/dev/null || true | |
| chmod -R 755 bin/ 2>/dev/null || true | |
| # Create sha256 files for each binary | |
| cd bin | |
| for binary in glauth-*; do | |
| if [[ -f "$binary" ]]; then | |
| echo "Creating sha256 for $binary" | |
| sha256sum "$binary" > "$binary.sha256" | |
| fi | |
| done | |
| - name: Build plugins for supported architectures | |
| working-directory: ./v2 | |
| run: | | |
| # Prepare plugin dependencies | |
| make prepare-plugins-build | |
| # Ensure all dependencies are up to date after plugin preparation | |
| go mod download | |
| go mod verify | |
| go mod tidy | |
| GO_RELEASE_V=$(go version | { read _ _ v _; echo ${v#go}; }) | |
| # Build SQLite plugin | |
| if [ -d "pkg/plugins/glauth-sqlite" ]; then | |
| echo "Building SQLite plugin..." | |
| cd pkg/plugins/glauth-sqlite | |
| go mod download | |
| go mod verify | |
| go mod tidy | |
| xgo -image techknowlogick/xgo:latest -v -ldflags="-s -w" -go $GO_RELEASE_V -out sqlite -dest ../../../bin \ | |
| -buildmode=plugin -targets="linux/amd64,linux/386,linux/arm64,linux/arm-7,darwin/amd64,darwin/arm64" \ | |
| -env="GO111MODULE=on,GOPROXY=https://proxy.golang.org,direct" . | |
| cd ../../.. | |
| fi | |
| # Build MySQL plugin | |
| if [ -d "pkg/plugins/glauth-mysql" ]; then | |
| echo "Building MySQL plugin..." | |
| cd pkg/plugins/glauth-mysql | |
| go mod download | |
| go mod verify | |
| go mod tidy | |
| xgo -image techknowlogick/xgo:latest -v -ldflags="-s -w" -go $GO_RELEASE_V -out mysql -dest ../../../bin \ | |
| -buildmode=plugin -targets="linux/amd64,linux/386,linux/arm64,linux/arm-7,darwin/amd64,darwin/arm64" \ | |
| -env="GO111MODULE=on,GOPROXY=https://proxy.golang.org,direct" . | |
| cd ../../.. | |
| fi | |
| # Build PostgreSQL plugin | |
| if [ -d "pkg/plugins/glauth-postgres" ]; then | |
| echo "Building PostgreSQL plugin..." | |
| cd pkg/plugins/glauth-postgres | |
| go mod download | |
| go mod verify | |
| go mod tidy | |
| xgo -image techknowlogick/xgo:latest -v -ldflags="-s -w" -go $GO_RELEASE_V -out postgres -dest ../../../bin \ | |
| -buildmode=plugin -targets="linux/amd64,linux/386,linux/arm64,linux/arm-7,darwin/amd64,darwin/arm64" \ | |
| -env="GO111MODULE=on,GOPROXY=https://proxy.golang.org,direct" . | |
| cd ../../.. | |
| fi | |
| # Build PAM plugin (Linux only due to PAM dependency) | |
| # Note: Building PAM plugin locally since it requires system PAM headers | |
| # Only building for linux/amd64 since cross-compilation with CGO and PAM dependencies is complex | |
| if [ -d "pkg/plugins/glauth-pam" ]; then | |
| echo "Building PAM plugin..." | |
| cd pkg/plugins/glauth-pam | |
| go mod download | |
| go mod verify | |
| go mod tidy | |
| # Build for linux/amd64 architecture (runner is amd64) | |
| GOOS=linux GOARCH=amd64 CGO_ENABLED=1 go build -trimpath -ldflags="-s -w" -buildmode=plugin -o ../../../bin/pam-linux-amd64.so . | |
| cd ../../.. | |
| fi | |
| # Fix ownership and permissions for plugin files created by xgo | |
| sudo chown -R $USER:$USER bin/ 2>/dev/null || true | |
| chmod -R 755 bin/ 2>/dev/null || true | |
| # Rename plugin files to add .so extension | |
| cd bin | |
| for lib in $(ls *-* | grep -v \.so$ | grep -v glauth-); do | |
| if [[ -f "$lib" ]]; then | |
| echo "Renaming $lib to $lib.so" | |
| mv "$lib" "$lib.so" | |
| fi | |
| done | |
| # Create sha256 files for each plugin | |
| for plugin in *.so; do | |
| if [[ -f "$plugin" ]]; then | |
| echo "Creating sha256 for $plugin" | |
| sha256sum "$plugin" > "$plugin.sha256" | |
| fi | |
| done | |
| - name: List all built artifacts | |
| working-directory: ./v2/bin | |
| run: | | |
| echo "Built artifacts:" | |
| ls -la | |
| echo "" | |
| echo "SHA256 files:" | |
| ls -la *.sha256 2>/dev/null || echo "No SHA256 files found yet" | |
| # Ensure all files have proper permissions and ownership | |
| sudo chown -R runner:runner . 2>/dev/null || true | |
| chmod -R 644 *.sha256 2>/dev/null || true | |
| chmod -R 755 glauth-* *.so 2>/dev/null || true | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: release-artifacts | |
| path: v2/bin/ | |
| build-docker-and-release: | |
| needs: build-binaries | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: release-artifacts | |
| path: v2/bin/ | |
| - name: Extract tag name | |
| id: tag | |
| run: echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT | |
| - name: Prepare Docker assets | |
| working-directory: ./v2 | |
| run: | | |
| # Create platform-specific directories for Docker build | |
| mkdir -p docker/assets/linux/amd64 docker/assets/linux/arm64 docker/assets/linux/arm/v7 | |
| # Copy static binaries for standalone builds | |
| if [[ -f "bin/glauth-linux-amd64" ]]; then | |
| cp bin/glauth-linux-amd64 docker/assets/linux/amd64/glauth-standalone | |
| chmod +x docker/assets/linux/amd64/glauth-standalone | |
| fi | |
| if [[ -f "bin/glauth-linux-arm64" ]]; then | |
| cp bin/glauth-linux-arm64 docker/assets/linux/arm64/glauth-standalone | |
| chmod +x docker/assets/linux/arm64/glauth-standalone | |
| fi | |
| if [[ -f "bin/glauth-linux-arm-7" ]]; then | |
| cp bin/glauth-linux-arm-7 docker/assets/linux/arm/v7/glauth-standalone | |
| chmod +x docker/assets/linux/arm/v7/glauth-standalone | |
| fi | |
| # Copy the same binaries for plugins builds (they can load plugins) | |
| if [[ -f "bin/glauth-linux-amd64" ]]; then | |
| cp bin/glauth-linux-amd64 docker/assets/linux/amd64/glauth-plugins | |
| chmod +x docker/assets/linux/amd64/glauth-plugins | |
| fi | |
| if [[ -f "bin/glauth-linux-arm64" ]]; then | |
| cp bin/glauth-linux-arm64 docker/assets/linux/arm64/glauth-plugins | |
| chmod +x docker/assets/linux/arm64/glauth-plugins | |
| fi | |
| if [[ -f "bin/glauth-linux-arm-7" ]]; then | |
| cp bin/glauth-linux-arm-7 docker/assets/linux/arm/v7/glauth-plugins | |
| chmod +x docker/assets/linux/arm/v7/glauth-plugins | |
| fi | |
| # Copy plugin .so files | |
| for plugin in sqlite mysql postgres; do | |
| if [[ -f "bin/${plugin}-linux-amd64.so" ]]; then | |
| cp "bin/${plugin}-linux-amd64.so" "docker/assets/linux/amd64/${plugin}.so" | |
| fi | |
| if [[ -f "bin/${plugin}-linux-arm64.so" ]]; then | |
| cp "bin/${plugin}-linux-arm64.so" "docker/assets/linux/arm64/${plugin}.so" | |
| fi | |
| if [[ -f "bin/${plugin}-linux-arm-7.so" ]]; then | |
| cp "bin/${plugin}-linux-arm-7.so" "docker/assets/linux/arm/v7/${plugin}.so" | |
| fi | |
| done | |
| # Handle PAM plugin separately (only built for amd64) | |
| if [[ -f "bin/pam-linux-amd64.so" ]]; then | |
| cp "bin/pam-linux-amd64.so" "docker/assets/linux/amd64/pam.so" | |
| fi | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata for standalone | |
| id: meta-standalone | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=tag | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| labels: | | |
| org.opencontainers.image.title=GLAuth | |
| org.opencontainers.image.description=A simple LDAP server for development, home use, or CI pipelines | |
| org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.licenses=MIT | |
| - name: Extract metadata for plugins | |
| id: meta-plugins | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-plugins | |
| tags: | | |
| type=ref,event=tag | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| labels: | | |
| org.opencontainers.image.title=GLAuth Plugins | |
| org.opencontainers.image.description=A simple LDAP server for development, home use, or CI pipelines (with plugins support) | |
| org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.licenses=MIT | |
| - name: Build and push standalone Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./v2/docker | |
| file: ./v2/docker/Dockerfile-standalone | |
| platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
| push: true | |
| tags: ${{ steps.meta-standalone.outputs.tags }} | |
| labels: ${{ steps.meta-standalone.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Build and push plugins Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./v2/docker | |
| file: ./v2/docker/Dockerfile-plugins | |
| platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
| push: true | |
| tags: ${{ steps.meta-plugins.outputs.tags }} | |
| labels: ${{ steps.meta-plugins.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| tag_name: ${{ steps.tag.outputs.tag }} | |
| name: Release ${{ steps.tag.outputs.tag }} | |
| draft: false | |
| prerelease: false | |
| generate_release_notes: true | |
| files: | | |
| v2/bin/glauth-* | |
| v2/bin/*.so | |
| v2/bin/*.sha256 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |