dockerhub-release-aio.yml

name: Release AIO image

on:
  push:
    branches:
      - develop
    paths:
      - ".github/workflows/dockerhub-release-aio.yml"
      - "docker/all-in-one/*"
  workflow_run:
    workflows: [Release on Dockerhub]
    branches:
      - develop
    types:
      - completed
    
jobs:
  settings:
    runs-on: ubuntu-latest
    outputs:
      docker_version: ${{ steps.settings.outputs.postgres-version }}
      image_tag: supabase/postgres:aio-${{ steps.settings.outputs.postgres-version }}
      fly_image_tag: supabase-postgres-image:aio-${{ steps.settings.outputs.postgres-version }}
      build_args: ${{ steps.args.outputs.result }}
    steps:
      - uses: actions/checkout@v3
      - id: settings
        # Remove spaces and quotes to get the raw version string
        run: sed -r 's/(\s|\")+//g' common.vars.pkr.hcl >> $GITHUB_OUTPUT
      - id: args
        uses: mikefarah/yq@master
        with:
          cmd: yq 'to_entries | map(select(.value|type == "!!str")) |  map(.key + "=" + .value) | join("\n")' 'ansible/vars.yml'

  build_image:
    needs: settings
    strategy:
      matrix:
        include:
          - runner: [self-hosted, X64]
            arch: amd64
          - runner: arm-runner
            arch: arm64
    runs-on: ${{ matrix.runner }}
    timeout-minutes: 180
    outputs:
      image_digest: ${{ steps.build.outputs.digest }}
    steps:
      - run: docker context create builders
      - uses: docker/setup-buildx-action@v3
        with:
          endpoint: builders
      - uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - id: build
        uses: docker/build-push-action@v5
        with:
          file: docker/all-in-one/Dockerfile
          push: true
          build-args: |
            postgres_version=${{ needs.settings.outputs.docker_version }}
            ${{ needs.settings.outputs.build_args }}
          target: production
          tags: ${{ needs.settings.outputs.image_tag }}_${{ matrix.arch }}
          platforms: linux/${{ matrix.arch }}
          cache-from: type=gha,scope=${{ github.ref_name }}-aio-${{ matrix.arch }}
          cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-aio-${{ matrix.arch }}
      - name: Slack Notification
        if: ${{ failure() }}
        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }}
          SLACK_USERNAME: "gha-failures-notifier"
          SLACK_COLOR: "danger"
          SLACK_MESSAGE: "Building Postgres AIO ${{ matrix.arch }} image failed"
          SLACK_FOOTER: ""

  merge_manifest:
    needs: [settings, build_image]
    runs-on: ubuntu-latest
    steps:
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Merge multi-arch manifests
        run: |
          docker buildx imagetools create -t ${{ needs.settings.outputs.image_tag }} \
          ${{ needs.settings.outputs.image_tag }}_amd64 \
          ${{ needs.settings.outputs.image_tag }}_arm64
      - name: Slack Notification
        if: ${{ failure() }}
        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }}
          SLACK_USERNAME: "gha-failures-notifier"
          SLACK_COLOR: "danger"
          SLACK_MESSAGE: "Building Postgres image failed"
          SLACK_FOOTER: ""

  publish:
    needs: [settings, merge_manifest]
    # Call workflow explicitly because events from actions cannot trigger more actions
    uses: ./.github/workflows/mirror.yml
    with:
      version: aio-${{ needs.settings.outputs.docker_version }}
    secrets: inherit

  publish_to_fly:
    needs: [settings, build_image]
    runs-on: ubuntu-latest
    steps:
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Push to Fly
        uses: superfly/flyctl-actions/setup-flyctl@dfdfedc86b296f5e5384f755a18bf400409a15d0
        with:
          version: 0.1.64
      - run: |
          docker pull ${{ needs.settings.outputs.image_tag }}_amd64
          docker tag ${{ needs.settings.outputs.image_tag }}_amd64 "registry.fly.io/staging-${{ needs.settings.outputs.fly_image_tag }}"
          docker tag ${{ needs.settings.outputs.image_tag }}_amd64 "registry.fly.io/prod-${{ needs.settings.outputs.fly_image_tag }}"

          flyctl auth docker
          docker push "registry.fly.io/staging-${{ needs.settings.outputs.fly_image_tag }}"
          docker push "registry.fly.io/prod-${{ needs.settings.outputs.fly_image_tag }}"
        env:
          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
          
      - name: Slack Notification
        if: ${{ failure() }}
        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }}
          SLACK_USERNAME: "gha-failures-notifier"
          SLACK_COLOR: "danger"
          SLACK_MESSAGE: "Failed pushing AIO image to Fly.io"
          SLACK_FOOTER: ""