From e171d30179d3a40befcf2376315aba5f819814aa Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Thu, 26 Mar 2026 07:50:55 +0000 Subject: [PATCH] ci: add build workflow for main branch Build and push multi-arch container images (linux/amd64, linux/arm64) to GHCR and Docker Hub on every push to main that changes Go or Nix files. Images are tagged as main- using ko with the same distroless base image as release builds. Cross-compiled binaries for linux and darwin (amd64, arm64) are uploaded as workflow artifacts. The README links to these via nightly.link for stable download URLs. --- .github/workflows/container-main.yml | 112 +++++++++++++++++++++++++++ README.md | 19 +++++ 2 files changed, 131 insertions(+) create mode 100644 .github/workflows/container-main.yml diff --git a/.github/workflows/container-main.yml b/.github/workflows/container-main.yml new file mode 100644 index 00000000..07d9f1b0 --- /dev/null +++ b/.github/workflows/container-main.yml @@ -0,0 +1,112 @@ +--- +name: Build (main) + +on: + push: + branches: + - main + paths: + - "*.nix" + - "go.*" + - "**/*.go" + - ".github/workflows/container-main.yml" + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.sha }} + cancel-in-progress: true + +jobs: + container: + if: github.repository == 'juanfont/headscale' + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + steps: + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + + - name: Login to DockerHub + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to GHCR + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - uses: nixbuild/nix-quick-install-action@2c9db80fb984ceb1bcaa77cdda3fdf8cfba92035 # v34 + - uses: nix-community/cache-nix-action@135667ec418502fa5a3598af6fb9eb733888ce6a # v6.1.3 + with: + primary-key: nix-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/*.nix', + '**/flake.lock') }} + restore-prefixes-first-match: nix-${{ runner.os }}-${{ runner.arch }} + + - name: Set commit timestamp + run: echo "SOURCE_DATE_EPOCH=$(git log -1 --format=%ct)" >> $GITHUB_ENV + + - name: Build and push to GHCR + env: + KO_DOCKER_REPO: ghcr.io/juanfont/headscale + KO_DEFAULTBASEIMAGE: gcr.io/distroless/base-debian13 + CGO_ENABLED: "0" + run: | + nix develop --command -- ko build \ + --bare \ + --platform=linux/amd64,linux/arm64 \ + --tags=main-${GITHUB_SHA::7} \ + ./cmd/headscale + + - name: Push to Docker Hub + env: + KO_DOCKER_REPO: headscale/headscale + KO_DEFAULTBASEIMAGE: gcr.io/distroless/base-debian13 + CGO_ENABLED: "0" + run: | + nix develop --command -- ko build \ + --bare \ + --platform=linux/amd64,linux/arm64 \ + --tags=main-${GITHUB_SHA::7} \ + ./cmd/headscale + + binaries: + if: github.repository == 'juanfont/headscale' + runs-on: ubuntu-latest + strategy: + matrix: + include: + - goos: linux + goarch: amd64 + - goos: linux + goarch: arm64 + - goos: darwin + goarch: amd64 + - goos: darwin + goarch: arm64 + steps: + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + + - uses: nixbuild/nix-quick-install-action@2c9db80fb984ceb1bcaa77cdda3fdf8cfba92035 # v34 + - uses: nix-community/cache-nix-action@135667ec418502fa5a3598af6fb9eb733888ce6a # v6.1.3 + with: + primary-key: nix-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/*.nix', + '**/flake.lock') }} + restore-prefixes-first-match: nix-${{ runner.os }}-${{ runner.arch }} + + - name: Build binary + env: + CGO_ENABLED: "0" + GOOS: ${{ matrix.goos }} + GOARCH: ${{ matrix.goarch }} + run: nix develop --command -- go build -o headscale ./cmd/headscale + + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: headscale-${{ matrix.goos }}-${{ matrix.goarch }} + path: headscale diff --git a/README.md b/README.md index 4814c210..68626814 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,25 @@ Please have a look at the [`documentation`](https://headscale.net/stable/). For NixOS users, a module is available in [`nix/`](./nix/). +## Builds from `main` + +Each push to `main` automatically builds container images and binaries. +These track the latest development state and are not versioned releases. + +**Container images** (multi-arch: amd64, arm64): + +- `ghcr.io/juanfont/headscale:main-` +- `docker.io/headscale/headscale:main-` + +**Binary downloads** (latest successful build via [nightly.link](https://nightly.link/juanfont/headscale/workflows/container-main/main)): + +| OS | Arch | Download | +| ----- | ----- | -------------------------------------------------------------------------------------------------------------------------- | +| Linux | amd64 | [headscale-linux-amd64](https://nightly.link/juanfont/headscale/workflows/container-main/main/headscale-linux-amd64.zip) | +| Linux | arm64 | [headscale-linux-arm64](https://nightly.link/juanfont/headscale/workflows/container-main/main/headscale-linux-arm64.zip) | +| macOS | amd64 | [headscale-darwin-amd64](https://nightly.link/juanfont/headscale/workflows/container-main/main/headscale-darwin-amd64.zip) | +| macOS | arm64 | [headscale-darwin-arm64](https://nightly.link/juanfont/headscale/workflows/container-main/main/headscale-darwin-arm64.zip) | + ## Talks - Fosdem 2026 (video): [Headscale & Tailscale: The complementary open source clone](https://fosdem.org/2026/schedule/event/KYQ3LL-headscale-the-complementary-open-source-clone/)