feat: publish signoz to multiple registry using primus (#7504)

### Summary - publish signoz images to multiple registry using primus - deprecate old build workflow --------- Signed-off-by: Prashant Shahi <prashant@signoz.io>
2025-06-02 04:30:03 +08:00 · 2025-04-08 18:06:22 +05:30 · 2025-04-08 18:06:22 +05:30 · c269c8c6b8
commit c269c8c6b8
parent 3142b6cc6d
7 changed files with 183 additions and 149 deletions
--- a/.github/workflows/build-community.yaml
+++ b/.github/workflows/build-community.yaml
@ -0,0 +1,57 @@
+name: build-community
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - v*
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      docker_providers: ${{ steps.set-docker-providers.outputs.providers }}
+    steps:
+      - name: set-docker-providers
+        id: set-docker-providers
+        run: |
+          if [[ ${{ github.event.ref }} =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ || ${{ github.event.ref }} =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$ ]]; then
+            echo "providers=dockerhub gcp" >> $GITHUB_OUTPUT
+          else
+            echo "providers=gcp" >> $GITHUB_OUTPUT
+          fi
+  js-build:
+    uses: signoz/primus.workflows/.github/workflows/js-build.yaml@main
+    needs: prepare
+    secrets: inherit
+    with:
+      PRIMUS_REF: main
+      JS_SRC: frontend
+      JS_OUTPUT_ARTIFACT_CACHE_KEY: community-jsbuild-${{ github.sha }}
+      JS_OUTPUT_ARTIFACT_PATH: frontend/build
+      DOCKER_BUILD: false
+      DOCKER_MANIFEST: false
+  go-build:
+    uses: signoz/primus.workflows/.github/workflows/go-build.yaml@main
+    needs: [prepare, js-build]
+    secrets: inherit
+    with:
+      PRIMUS_REF: main
+      GO_NAME: signoz-community
+      GO_INPUT_ARTIFACT_CACHE_KEY: community-jsbuild-${{ github.sha }}
+      GO_INPUT_ARTIFACT_PATH: frontend/build
+      GO_BUILD_CONTEXT: ./pkg/query-service
+      GO_BUILD_FLAGS: >-
+        -tags timetzdata
+        -ldflags='-linkmode external -extldflags \"-static\" -s -w
+        -X github.com/signoz/zeus/pkg/version.Version=\$($MAKE info-version)
+        -X github.com/signoz/zeus/pkg/version.variant=community
+        -X github.com/signoz/zeus/pkg/version.hash=\$($MAKE info-commit-short)
+        -X github.com/signoz/zeus/pkg/version.time=\$($MAKE info-timestamp)
+        -X github.com/signoz/zeus/pkg/version.branch=\$($MAKE info-branch)'
+      GO_CGO_ENABLED: 1
+      DOCKER_BASE_IMAGES: '{"alpine": "alpine:3.20.3"}'
+      DOCKER_DOCKERFILE_PATH: ./pkg/query-service/Dockerfile.multi-arch
+      DOCKER_MANIFEST: true
+      DOCKER_PROVIDERS: ${{ needs.prepare.outputs.docker_providers }}
--- a/.github/workflows/build-enterprise.yaml
+++ b/.github/workflows/build-enterprise.yaml
@ -0,0 +1,80 @@
+name: build-enterprise
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - v*
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      docker_providers: ${{ steps.set-docker-providers.outputs.providers }}
+    steps:
+      - name: set-docker-providers
+        id: set-docker-providers
+        run: |
+          if [[ ${{ github.event.ref }} =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ || ${{ github.event.ref }} =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$ ]]; then
+            echo "providers=dockerhub gcp" >> $GITHUB_OUTPUT
+          else
+            echo "providers=gcp" >> $GITHUB_OUTPUT
+          fi
+      - name: create-dotenv
+        run: |
+          mkdir -p frontend
+          echo 'CI=1' > frontend/.env
+          echo 'INTERCOM_APP_ID="${{ secrets.INTERCOM_APP_ID }}"' >> frontend/.env
+          echo 'SEGMENT_ID="${{ secrets.SEGMENT_ID }}"' >> frontend/.env
+          echo 'SENTRY_AUTH_TOKEN="${{ secrets.SENTRY_AUTH_TOKEN }}"' >> frontend/.env
+          echo 'SENTRY_ORG="${{ secrets.SENTRY_ORG }}"' >> frontend/.env
+          echo 'SENTRY_PROJECT_ID="${{ secrets.SENTRY_PROJECT_ID }}"' >> frontend/.env
+          echo 'SENTRY_DSN="${{ secrets.SENTRY_DSN }}"' >> frontend/.env
+          echo 'TUNNEL_URL="${{ secrets.TUNNEL_URL }}"' >> frontend/.env
+          echo 'TUNNEL_DOMAIN="${{ secrets.TUNNEL_DOMAIN }}"' >> frontend/.env
+          echo 'POSTHOG_KEY="${{ secrets.POSTHOG_KEY }}"' >> frontend/.env
+          echo 'CUSTOMERIO_ID="${{ secrets.CUSTOMERIO_ID }}"' >> frontend/.env
+          echo 'CUSTOMERIO_SITE_ID="${{ secrets.CUSTOMERIO_SITE_ID }}"' >> frontend/.env
+      - name: cache-dotenv
+        uses: actions/cache@v4
+        with:
+          path: frontend/.env
+          key: enterprise-dotenv-${{ github.sha }}
+  js-build:
+    uses: signoz/primus.workflows/.github/workflows/js-build.yaml@main
+    needs: prepare
+    secrets: inherit
+    with:
+      PRIMUS_REF: main
+      JS_SRC: frontend
+      JS_INPUT_ARTIFACT_CACHE_KEY: enterprise-dotenv-${{ github.sha }}
+      JS_INPUT_ARTIFACT_PATH: frontend/.env
+      JS_OUTPUT_ARTIFACT_CACHE_KEY: enterprise-jsbuild-${{ github.sha }}
+      JS_OUTPUT_ARTIFACT_PATH: frontend/build
+      DOCKER_BUILD: false
+      DOCKER_MANIFEST: false
+  go-build:
+    uses: signoz/primus.workflows/.github/workflows/go-build.yaml@main
+    needs: [prepare, js-build]
+    secrets: inherit
+    with:
+      PRIMUS_REF: main
+      GO_INPUT_ARTIFACT_CACHE_KEY: enterprise-jsbuild-${{ github.sha }}
+      GO_INPUT_ARTIFACT_PATH: frontend/build
+      GO_BUILD_CONTEXT: ./ee/query-service
+      GO_BUILD_FLAGS: >-
+        -tags timetzdata
+        -ldflags='-linkmode external -extldflags \"-static\" -s -w
+        -X github.com/signoz/zeus/pkg/version.Version=\$($MAKE info-version)
+        -X github.com/signoz/zeus/pkg/version.variant=enterprise
+        -X github.com/signoz/zeus/pkg/version.hash=\$($MAKE info-commit-short)
+        -X github.com/signoz/zeus/pkg/version.time=\$($MAKE info-timestamp)
+        -X github.com/signoz/zeus/pkg/version.branch=\$($MAKE info-branch)
+        -X github.com/signoz/zeus/ee/query-service/constants.ZeusURL=https://api.signoz.cloud
+        -X github.com/signoz/zeus/ee/query-service/constants.LicenseSignozIo=https://license.signoz.io/api/v1'
+      GO_CGO_ENABLED: 1
+      DOCKER_BASE_IMAGES: '{"alpine": "alpine:3.20.3"}'
+      DOCKER_DOCKERFILE_PATH: ./ee/query-service/Dockerfile.multi-arch
+      DOCKER_MANIFEST: true
+      DOCKER_PROVIDERS: ${{ needs.prepare.outputs.docker_providers }}
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@ -1,122 +0,0 @@
-name: build
-
-on:
-  push:
-    branches:
-      - main
-    tags:
-      - v*
-
-jobs:
-  enterprise:
-    runs-on: ubuntu-latest
-    steps:
-      - name: checkout
-        uses: actions/checkout@v4
-      - name: setup
-        uses: actions/setup-go@v5
-        with:
-          go-version: "1.22"
-      - name: setup-qemu
-        uses: docker/setup-qemu-action@v3
-      - name: setup-buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          version: latest
-      - name: docker-login
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: create-env-file
-        run: |
-          echo 'INTERCOM_APP_ID="${{ secrets.INTERCOM_APP_ID }}"' > frontend/.env
-          echo 'SEGMENT_ID="${{ secrets.SEGMENT_ID }}"' >> frontend/.env
-          echo 'SENTRY_AUTH_TOKEN="${{ secrets.SENTRY_AUTH_TOKEN }}"' >> frontend/.env
-          echo 'SENTRY_ORG="${{ secrets.SENTRY_ORG }}"' >> frontend/.env
-          echo 'SENTRY_PROJECT_ID="${{ secrets.SENTRY_PROJECT_ID }}"' >> frontend/.env
-          echo 'SENTRY_DSN="${{ secrets.SENTRY_DSN }}"' >> frontend/.env
-          echo 'TUNNEL_URL="${{ secrets.TUNNEL_URL }}"' >> frontend/.env
-          echo 'TUNNEL_DOMAIN="${{ secrets.TUNNEL_DOMAIN }}"' >> frontend/.env
-          echo 'POSTHOG_KEY="${{ secrets.POSTHOG_KEY }}"' >> frontend/.env
-          echo 'CUSTOMERIO_ID="${{ secrets.CUSTOMERIO_ID }}"' >> frontend/.env
-          echo 'CUSTOMERIO_SITE_ID="${{ secrets.CUSTOMERIO_SITE_ID }}"' >> frontend/.env
-      - name: github-ref-info
-        shell: bash
-        run: |
-          GH_REF=${{ github.ref }}
-          if [[ "${{ github.ref_type }}" == "tag" ]]; then
-            PREFIX="refs/tags/"
-            echo "GH_IS_TAG=true" >> $GITHUB_ENV
-            echo "GH_TAG=${GH_REF#$PREFIX}" >> $GITHUB_ENV
-          else
-            PREFIX="refs/heads/"
-            echo "GH_IS_TAG=false" >> $GITHUB_ENV
-            echo "GH_BRANCH_NAME=${GH_REF#$PREFIX}" >> $GITHUB_ENV
-          fi
-      - name: set-version
-        run: |
-          if [ '${{ env.GH_IS_TAG }}' == 'true' ]; then
-            echo "VERSION=${{ env.GH_TAG }}" >> $GITHUB_ENV
-          elif [ '${{ env.GH_BRANCH_NAME }}' == 'main' ]; then
-            echo "VERSION=latest" >> $GITHUB_ENV
-          else
-            echo "VERSION=${{ env.GH_BRANCH_NAME }}" >> $GITHUB_ENV
-          fi
-      - name: cross-compilation-tools
-        run: |
-          set -ex
-          sudo apt-get update
-          sudo apt-get install -y gcc-aarch64-linux-gnu musl-tools
-      - name: publish
-        run: make docker-buildx-enterprise
-
-  community:
-    runs-on: ubuntu-latest
-    steps:
-      - name: checkout
-        uses: actions/checkout@v4
-      - name: setup-go
-        uses: actions/setup-go@v5
-        with:
-          go-version: "1.22"
-      - name: setup-qemu
-        uses: docker/setup-qemu-action@v3
-      - name: setup-buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          version: latest
-      - name: docker-login
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: github-ref-info
-        shell: bash
-        run: |
-          GH_REF=${{ github.ref }}
-          if [[ "${{ github.ref_type }}" == "tag" ]]; then
-            PREFIX="refs/tags/"
-            echo "GH_IS_TAG=true" >> $GITHUB_ENV
-            echo "GH_TAG=${GH_REF#$PREFIX}" >> $GITHUB_ENV
-          else
-            PREFIX="refs/heads/"
-            echo "GH_IS_TAG=false" >> $GITHUB_ENV
-            echo "GH_BRANCH_NAME=${GH_REF#$PREFIX}" >> $GITHUB_ENV
-          fi
-      - name: set-version
-        run: |
-          if [ '${{ env.GH_IS_TAG }}' == 'true' ]; then
-            echo "VERSION=${{ env.GH_TAG }}" >> $GITHUB_ENV
-          elif [ '${{ env.GH_BRANCH_NAME }}' == 'main' ]; then
-            echo "VERSION=latest" >> $GITHUB_ENV
-          else
-            echo "VERSION=${{ env.GH_BRANCH_NAME }}" >> $GITHUB_ENV
-          fi
-      - name: cross-compilation-tools
-        run: |
-          set -ex
-          sudo apt-get update
-          sudo apt-get install -y gcc-aarch64-linux-gnu musl-tools
-      - name: publish
-        run: make docker-buildx-community
--- a/.versions/alpine
+++ b/.versions/alpine
@ -0,0 +1,17 @@
+#### Auto generated by make docker-version-alpine. DO NOT EDIT! ####  
+amd64=029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
+unknown=5fea95373b9ec85974843f31446fa6a9df4492dddae4e1cb056193c34a20a5be
+arm=b4aef1a899e0271f06d948c9a8fa626ecdb2202d3a178bc14775dd559e23df8e
+unknown=a4d1e27e63a9d6353046eb25a2f0ec02945012b217f4364cd83a73fe6dfb0b15
+arm=4fdafe217d0922f3c3e2b4f64cf043f8403a4636685cd9c51fea2cbd1f419740
+unknown=7f21ac2018d95b2c51a5779c1d5ca6c327504adc3b0fdc747a6725d30b3f13c2
+arm64=ea3c5a9671f7b3f7eb47eab06f73bc6591df978b0d5955689a9e6f943aa368c0
+unknown=a8ba68c1a9e6eea8041b4b8f996c235163440808b9654a865976fdcbede0f433
+386=dea9f02e103e837849f984d5679305c758aba7fea1b95b7766218597f61a05ab
+unknown=3c6629bec05c8273a927d46b77428bf4a378dad911a0ae284887becdc149b734
+ppc64le=0880443bffa028dfbbc4094a32dd6b7ac25684e4c0a3d50da9e0acae355c5eaf
+unknown=bb48308f976b266e3ab39bbf9af84521959bd9c295d3c763690cf41f8df2a626
+riscv64=d76e6fbe348ff20c2931bb7f101e49379648e026de95dd37f96e00ce1909dcf7
+unknown=dd807544365f6dc187cbe6de0806adce2ea9de3e7124717d1d8e8b7a18b77b64
+s390x=b815fadf80495594eb6296a6af0bc647ae5f193e0044e07acec7e5b378c9ce2d
+unknown=74681be74a280a88abb53ff1e048eb1fb624b30d0066730df6d8afd02ba82e01
--- a/ee/query-service/Dockerfile.multi-arch
+++ b/ee/query-service/Dockerfile.multi-arch
@ -1,16 +1,17 @@
-FROM alpine:3.20.3
+ARG ALPINE_SHA="pass-a-valid-docker-sha-otherwise-this-will-fail"
+
+FROM alpine@sha256:${ALPINE_SHA}
 LABEL maintainer="signoz"
 WORKDIR /root

 ARG OS="linux"
-ARG TARGETARCH
+ARG ARCH

 RUN apk update && \
-	apk add ca-certificates && \
-	rm -rf /var/cache/apk/*
+    apk add ca-certificates && \
+    rm -rf /var/cache/apk/*

-
-COPY ./target/${OS}-${TARGETARCH}/signoz /root/signoz
+COPY ./target/${OS}-${ARCH}/signoz /root/signoz
 COPY ./conf/prometheus.yml /root/config/prometheus.yml
 COPY ./templates/email /root/templates
 COPY frontend/build/ /etc/signoz/web/
--- a/pkg/query-service/Dockerfile
+++ b/pkg/query-service/Dockerfile
@ -1,21 +0,0 @@
-FROM alpine:3.20.3
-LABEL maintainer="signoz"
-WORKDIR /root
-
-ARG OS="linux"
-ARG TARGETARCH
-
-RUN apk update && \
-	apk add ca-certificates && \
-	rm -rf /var/cache/apk/*
-
-
-COPY ./target/${OS}-${TARGETARCH}/signoz-community /root/signoz
-COPY ./conf/prometheus.yml /root/config/prometheus.yml
-COPY ./templates/email /root/templates
-COPY frontend/build/ /etc/signoz/web/
-
-RUN chmod 755 /root /root/signoz
-
-ENTRYPOINT ["./signoz"]
-CMD ["-config", "/root/config/prometheus.yml"]
--- a/pkg/query-service/Dockerfile.multi-arch
+++ b/pkg/query-service/Dockerfile.multi-arch
@ -0,0 +1,22 @@
+ARG ALPINE_SHA="pass-a-valid-docker-sha-otherwise-this-will-fail"
+
+FROM alpine@sha256:${ALPINE_SHA}
+LABEL maintainer="signoz"
+WORKDIR /root
+
+ARG OS="linux"
+ARG ARCH
+
+RUN apk update && \
+    apk add ca-certificates && \
+    rm -rf /var/cache/apk/*
+
+COPY ./target/${OS}-${ARCH}/signoz-community /root/signoz-community
+COPY ./conf/prometheus.yml /root/config/prometheus.yml
+COPY ./templates/email /root/templates
+COPY frontend/build/ /etc/signoz/web/
+
+RUN chmod 755 /root /root/signoz-community
+
+ENTRYPOINT ["./signoz-community"]
+CMD ["-config", "/root/config/prometheus.yml"]