Improve CI workflows for releases

.github/workflows/build-images.yml

@@ -1,53 +0,0 @@
-name: Docker build
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1 
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Get tag from VERSION file
-        id: meta
-        run: |
-          VERSION=$(cat VERSION)
-          TAG=${VERSION}
-          echo "::set-output name=tag::${TAG}"
-      -
-        name: Build and push dashboard
-        uses: docker/build-push-action@v2
-        with:
-          context: ./packages/dashboard
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: meienberger/tipi-dashboard:latest,meienberger/tipi-dashboard:${{ steps.meta.outputs.TAG }}
-          cache-from: type=registry,ref=meienberger/tipi-dashboard:latest
-          cache-to: type=inline
-      -
-        name: Build and push api
-        uses: docker/build-push-action@v2
-        with:
-          context: ./packages/system-api
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: meienberger/tipi-api:latest,meienberger/tipi-api:${{ steps.meta.outputs.TAG }}
-          cache-from: type=registry,ref=meienberger/tipi-api:latest
-          cache-to: type=inline

.github/workflows/ci.yml

@@ -46,21 +46,4 @@ jobs:
         run: pnpm -r lint
       
       - name: Run tests
-        run: pnpm -r test
-
-  # Test installation script
-  test-install:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@master
-
-      - name: Check if user id 1000 exists
-        run: |
-          if [[ ! $(id -u 1000) -eq 1000 ]]; then
-            echo "Creating user 1000"
-            sudo useradd -u 1000 test
-          fi
-        id: check-user-id
-          
-      - name: Run install script
-        run: sudo ./scripts/start.sh true
+        run: pnpm -r test

.github/workflows/release-candidate.yml

@@ -0,0 +1,101 @@
+name: Release candidate
+
+on:
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  verify:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 2
+
+      - uses: technote-space/get-diff-action@v6
+        with:
+          FILES: |
+            VERSION
+
+      - name: Ensure env.MATCHED_FILES has VERSION in it
+        id: check-version
+        run: |
+          if [[ -z "${{ env.MATCHED_FILES }}" ]]; then
+            echo "::error::VERSION not modified"
+            exit 1
+          fi
+          if [[ ! "${{ env.MATCHED_FILES }}" =~ VERSION ]]; then
+            echo "::error::VERSION not modified"
+            exit 1
+          fi
+      
+      - uses: vishnudxb/cancel-workflow@v1.2
+        if: failure()
+        with:
+          repo: meienberger/runtipi
+          workflow_id: ${{ github.run_id }}
+          access_token: ${{ github.token }}
+  
+  # Build images and publish RCs to DockerHub
+  build-images:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      
+      - name: Login to DockerHub
+        uses: docker/login-action@v1 
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      
+      - name: Get tag from VERSION file
+        id: meta
+        run: |
+          VERSION=$(cat VERSION)
+          TAG=${VERSION}
+          echo "::set-output name=tag::${TAG}"
+      
+      - name: Build and push dashboard
+        uses: docker/build-push-action@v2
+        with:
+          context: ./packages/dashboard
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: meienberger/tipi-dashboard:rc-${{ steps.meta.outputs.TAG }}
+          cache-from: type=registry,ref=meienberger/tipi-dashboard:latest
+          cache-to: type=inline
+      
+      - name: Build and push api
+        uses: docker/build-push-action@v2
+        with:
+          context: ./packages/system-api
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: meienberger/tipi-api:rc-${{ steps.meta.outputs.TAG }}
+          cache-from: type=registry,ref=meienberger/tipi-api:latest
+          cache-to: type=inline
+
+  # Test installation script
+  test-install:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+
+      - name: Check if user id 1000 exists
+        run: |
+          if [[ ! $(id -u 1000) -eq 1000 ]]; then
+            echo "Creating user 1000"
+            sudo useradd -u 1000 test
+          fi
+        id: check-user-id
+          
+      - name: Run install script
+        run: sudo ./scripts/start.sh --rc --ci
+
+          

.github/workflows/release.yml

@@ -1,5 +1,5 @@
 
-name: Build & Deploy
+name: Publish release
 on:
   push:
     branches:    
@@ -29,4 +29,50 @@ jobs:
           tag_name: ${{ steps.create_tag.outputs.version }}
           release_name: ${{ steps.create_tag.outputs.version }}
           draft: false
-          prerelease: false
+          prerelease: false
+
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v1 
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Get tag from VERSION file
+        id: meta
+        run: |
+          VERSION=$(cat VERSION)
+          TAG=${VERSION}
+          echo "::set-output name=tag::${TAG}"
+      -
+        name: Build and push dashboard
+        uses: docker/build-push-action@v2
+        with:
+          context: ./packages/dashboard
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: meienberger/tipi-dashboard:latest,meienberger/tipi-dashboard:${{ steps.meta.outputs.TAG }}
+          cache-from: type=registry,ref=meienberger/tipi-dashboard:latest
+          cache-to: type=inline
+      -
+        name: Build and push api
+        uses: docker/build-push-action@v2
+        with:
+          context: ./packages/system-api
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: meienberger/tipi-api:latest,meienberger/tipi-api:${{ steps.meta.outputs.TAG }}
+          cache-from: type=registry,ref=meienberger/tipi-api:latest
+          cache-to: type=inline

.github/workflows/verify-release.yml

@@ -1,34 +0,0 @@
-name: Verify release
-
-on:
-  pull_request:
-    branches:
-      - master
-
-jobs:
-  verify:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 2
-
-      - uses: technote-space/get-diff-action@v6
-        with:
-          FILES: |
-            VERSION
-
-      - name: Ensure env.MATCHED_FILES has VERSION in it
-        id: check-version
-        run: |
-          if [[ -z "${{ env.MATCHED_FILES }}" ]]; then
-            echo "::error::VERSION not modified"
-            exit 1
-          fi
-          if [[ ! "${{ env.MATCHED_FILES }}" =~ VERSION ]]; then
-            echo "::error::VERSION not modified"
-            exit 1
-          fi
-
-          

docker-compose.rc.yml

@@ -0,0 +1,60 @@
+version: "3.7"
+
+services:
+  reverse-proxy:
+    container_name: reverse-proxy
+    image: traefik:v2.6
+    restart: always
+    ports:
+      - 80:80
+      - 8080:8080
+    command: --api.insecure=true --providers.docker
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ${PWD}/traefik:/root/.config
+    networks:
+      - tipi_main_network
+
+  api:
+    image: meienberger/tipi-api:rc-${TIPI_VERSION}
+    container_name: api
+    ports:
+      - 3001:3001
+    volumes:
+      ## Docker sock
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ${PWD}:/tipi
+    environment:
+      - INTERNAL_IP=${INTERNAL_IP}
+      - TIPI_VERSION=${TIPI_VERSION}
+      - JWT_SECRET=${JWT_SECRET}
+      - ROOT_FOLDER_HOST=${ROOT_FOLDER_HOST}
+    networks:
+      - tipi_main_network
+
+  dashboard:
+    image: meienberger/tipi-dashboard:rc-${TIPI_VERSION}
+    container_name: dashboard
+    ports:
+      - 3000:3000
+    networks:
+      - tipi_main_network
+    environment:
+      - INTERNAL_IP=${INTERNAL_IP}
+    labels:
+      traefik.enable: true
+      traefik.http.routers.dashboard.rule: PathPrefix("/") # Host(`tipi.local`) &&
+      traefik.http.routers.dashboard.entrypoints: webinsecure
+      traefik.http.routers.dashboard.service: dashboard
+      traefik.http.services.dashboard.loadbalancer.server.port: 3000
+
+networks:
+  tipi_main_network:
+    driver: bridge
+    driver_opts:
+      com.docker.network.bridge.enable_ip_masquerade: "true"
+      com.docker.network.bridge.enable_icc: "true"
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.21.21.0/24

package.json

@@ -7,6 +7,7 @@
     "act:test-install": "act --container-architecture linux/amd64 -j test-install",
     "act:docker": "act --container-architecture linux/amd64 --secret-file github.secrets -j docker",
     "start:dev": "docker-compose -f docker-compose.dev.yml --env-file .env.dev up --build",
+    "start:rc": "docker-compose -f docker-compose.rc.yml --env-file .env up --build",
     "start:prod": "docker-compose --env-file .env up --build"
   },
   "dependencies": {},

packages/dashboard/.prettierrc.js

@@ -1,6 +1,6 @@
 module.exports = {
   singleQuote: true,
   semi: true,
-  trailingComma: "all",
+  trailingComma: 'all',
   printWidth: 200,
 };

packages/dashboard/Dockerfile

@@ -1,13 +1,13 @@
-FROM node:18
+FROM node:18-buster-slim 
 
 WORKDIR /app
 
 COPY ./package.json ./
 
-RUN yarn
+RUN npm install
 
 COPY ./ ./
 
-RUN yarn build
+RUN npm run build
 
-CMD ["yarn", "start"]
+CMD ["npm", "run", "start"]

packages/dashboard/Dockerfile.dev

@@ -1,4 +1,4 @@
-FROM node:latest
+FROM node:18-buster-slim 
 
 WORKDIR /app
 

packages/system-api/src/modules/system/system.controller.ts

@@ -75,7 +75,9 @@ const getVersion = async (_: Request, res: Response<{ current: string; latest: s
     version = json.name.replace('v', '');
   }
 
-  res.status(200).send({ current: config.VERSION, latest: version });
+  TipiCache.set('latestVersion', version.replace('v', ''));
+
+  res.status(200).send({ current: config.VERSION, latest: version.replace('v', '') });
 };
 
 export default { getCpuInfo, getDiskInfo, getMemoryInfo, getVersion };

scripts/start.sh

@@ -8,19 +8,34 @@ else
   readlink=readlink
 fi
 
-config_only="$1"
+while [ -n "$1" ]; do # while loop starts
+
+	case "$1" in
+	--rc) rc="true" ;;
+	--ci) ci="true" ;;
+	--)
+		shift # The double dash makes them parameters
+		break
+		;;
+	*) echo "Option $1 not recognized" && exit 1 ;;
+	esac
+	shift
+done
+
+# Check we are on linux
+if [[ "$(uname)" != "Linux" ]]; then
+  echo "Tipi only works on Linux"
+  exit 1
+fi
 
 ROOT_FOLDER="$($readlink -f $(dirname "${BASH_SOURCE[0]}")/..)"
 STATE_FOLDER="${ROOT_FOLDER}/state"
 SED_ROOT_FOLDER="$(echo $ROOT_FOLDER | sed 's/\//\\\//g')"
 INTERNAL_IP="$(hostname -I | awk '{print $1}')"
 DNS_IP=9.9.9.9 # Default to Quad9 DNS
-USERNAME="$(id -nu 1000)"
 ARCHITECTURE="$(uname -m)"
 
-
-
-if [[ "$architecture" == "aarch64" ]]; then
+if [[ "$ARCHITECTURE" == "aarch64" ]]; then
   ARCHITECTURE="arm64"
 fi
 
@@ -48,7 +63,7 @@ function get_json_field() {
 function derive_entropy() {
   SEED_FILE="${STATE_FOLDER}/seed"
   identifier="${1}"
-  tipi_seed=$(cat "${SEED_FILE}") || true
+  tipi_seed=$(cat "${SEED_FILE}") || true 
 
   if [[ -z "$tipi_seed" ]] || [[ -z "$identifier" ]]; then
     >&2 echo "Missing derivation parameter, this is unsafe, exiting."
@@ -76,6 +91,11 @@ fi
 chown -R 1000:1000 "${STATE_FOLDER}/apps.json"
 chown -R 1000:1000 "${STATE_FOLDER}/users.json"
 
+# Get current dns from host
+if [[ -f "/etc/resolv.conf" ]]; then
+  TEMP=$(cat /etc/resolv.conf | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -n 1)
+fi
+
 # Get dns ip if pihole is installed
 str=$(get_json_field ${STATE_FOLDER}/apps.json installed)
 
@@ -126,16 +146,26 @@ echo "Running system-info.sh..."
 bash "${ROOT_FOLDER}/scripts/system-info.sh"
 
 # Give permissions 1000:1000 to app data
-chown -R 1000:1000 "${ROOT_FOLDER}/app-data"
+# chown -R 1000:1000 "${ROOT_FOLDER}/app-data"
 
 ## Don't run if config-only
-if [[ ! $config_only == "true" ]]; then
-  docker-compose --env-file "${ROOT_FOLDER}/.env" pull
-  # Run docker-compose
-  docker-compose --env-file "${ROOT_FOLDER}/.env" up --detach --remove-orphans --build || {
-    echo "Failed to start containers"
-    exit 1
-  }
+if [[ ! $ci == "true" ]]; then
+
+  if [[ $rc == "true" ]]; then
+    docker-compose -f docker-compose.rc.yml --env-file "${ROOT_FOLDER}/.env" pull
+    # Run docker-compose
+    docker-compose -f docker-compose.rc.yml --env-file "${ROOT_FOLDER}/.env" up --detach --remove-orphans --build || {
+      echo "Failed to start containers"
+      exit 1
+    }
+  else
+    docker-compose --env-file "${ROOT_FOLDER}/.env" pull
+    # Run docker-compose
+    docker-compose --env-file "${ROOT_FOLDER}/.env" up --detach --remove-orphans --build || {
+      echo "Failed to start containers"
+      exit 1
+    }
+  fi
 fi
 
 echo "Tipi is now running"