start gh actions workflows

.github/actions/setup-tools/action.yml

@@ -0,0 +1,91 @@
+name: 'Setup Common Tools'
+description: 'Setup Helm, Task, yq, kubectl, preflight, helmfile, and Replicated CLI'
+inputs:
+  helm-version:
+    description: 'Helm version'
+    default: '3.17.3'
+  kubectl-version:
+    description: 'kubectl version'
+    default: 'v1.30.0'
+  app-dir:
+    description: 'Application directory'
+    default: 'applications/wg-easy'
+  install-kubectl:
+    description: 'Whether to install kubectl'
+    default: 'false'
+  install-preflight:
+    description: 'Whether to install preflight'
+    default: 'false'
+  install-helmfile:
+    description: 'Whether to install helmfile'
+    default: 'false'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Setup Helm
+      uses: azure/setup-helm@v4
+      with:
+        version: ${{ inputs.helm-version }}
+
+    - name: Setup Task
+      uses: arduino/setup-task@v2
+      with:
+        version: 3.x
+        repo-token: ${{ github.token }}
+
+    - name: Setup kubectl
+      if: inputs.install-kubectl == 'true'
+      uses: azure/setup-kubectl@v4
+      with:
+        version: ${{ inputs.kubectl-version }}
+
+    - name: Cache tools
+      uses: actions/cache@v4
+      with:
+        path: |
+          /usr/local/bin/yq
+          /usr/local/bin/preflight
+          /usr/local/bin/helmfile
+        key: tools-${{ runner.os }}-yq-v4.44.3-preflight-v0.95.0-helmfile-v0.170.0
+
+    - name: Install yq
+      shell: bash
+      run: |
+        if [ ! -f /usr/local/bin/yq ]; then
+          echo "Installing yq v4.44.3..."
+          sudo wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 -O /usr/local/bin/yq
+          sudo chmod +x /usr/local/bin/yq
+        else
+          echo "yq already installed (cached)"
+        fi
+
+    - name: Install preflight CLI
+      if: inputs.install-preflight == 'true'
+      shell: bash
+      run: |
+        if [ ! -f /usr/local/bin/preflight ]; then
+          echo "Installing preflight v0.95.0..."
+          curl -L https://github.com/replicatedhq/troubleshoot/releases/download/v0.95.0/preflight_linux_amd64.tar.gz | tar xz
+          sudo mv preflight /usr/local/bin/
+        else
+          echo "preflight already installed (cached)"
+        fi
+
+    - name: Install helmfile
+      if: inputs.install-helmfile == 'true'
+      shell: bash
+      run: |
+        if [ ! -f /usr/local/bin/helmfile ]; then
+          echo "Installing helmfile v0.170.0..."
+          curl -L https://github.com/helmfile/helmfile/releases/download/v0.170.0/helmfile_0.170.0_linux_amd64.tar.gz | tar xz
+          sudo mv helmfile /usr/local/bin/
+          sudo chmod +x /usr/local/bin/helmfile
+        else
+          echo "helmfile already installed (cached)"
+        fi
+
+    - name: Install Replicated CLI
+      shell: bash
+      working-directory: ${{ inputs.app-dir }}
+      run: task utils:install-replicated-cli

.github/workflows/wg-easy-image.yml

@@ -3,6 +3,7 @@ name: WG-Easy Image CI
 on:
   push:
     branches: [ main ]
+    tags: [ 'v*' ]
     paths:
       - 'applications/wg-easy/**'
       - '.github/workflows/wg-easy-image.yml'
@@ -13,16 +14,27 @@ on:
   workflow_dispatch:
 
 env:
-  DEV_CONTAINER_REGISTRY: ghcr.io
-  DEV_CONTAINER_IMAGE: replicatedhq/platform-examples/wg-easy-tools
+  # GitHub Container Registry
+  GHCR_REGISTRY: ghcr.io
+  GHCR_IMAGE: replicatedhq/platform-examples/wg-easy-tools
+  # Google Artifact Registry
+  GAR_LOCATION: us-central1
+  GAR_PROJECT_ID: replicated-qa
+  GAR_REPOSITORY: wg-easy
+  GAR_IMAGE: wg-easy-tools
+  # Replicated Registry
+  REPLICATED_REGISTRY: registry.replicated.com
+  REPLICATED_APP: wg-easy-cre
+  REPLICATED_IMAGE: wg-easy-tools
 
 jobs:
-  build-and-push:
+  build:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-
+    outputs:
+      image-digest: ${{ steps.build.outputs.digest }}
+      metadata: ${{ steps.meta.outputs.json }}
+      tags: ${{ steps.meta.outputs.tags }}
+      labels: ${{ steps.meta.outputs.labels }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -33,32 +45,189 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Log in to GHCR
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.DEV_CONTAINER_REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set branch variables
+        id: vars
+        run: |
+          # Check if this is a tag push
+          if [[ "${{ github.ref }}" == refs/tags/* ]]; then
+            TAG_NAME="${{ github.ref_name }}"
+            echo "is-tag=true" >> $GITHUB_OUTPUT
+            echo "tag-name=$TAG_NAME" >> $GITHUB_OUTPUT
+            echo "Tag: $TAG_NAME"
+          else
+            # Get branch name and normalize to lowercase with hyphens
+            BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
+            NORMALIZED_BRANCH=$(echo "$BRANCH_NAME" | tr '[:upper:]' '[:lower:]' | tr '/' '-')
+            IS_MAIN=${{ github.ref_name == 'main' || github.ref_name == 'refs/heads/main' }}
+            echo "is-tag=false" >> $GITHUB_OUTPUT
+            echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT
+            echo "normalized-branch=$NORMALIZED_BRANCH" >> $GITHUB_OUTPUT
+            echo "is-main=$IS_MAIN" >> $GITHUB_OUTPUT
+            echo "Branch: $BRANCH_NAME, Normalized: $NORMALIZED_BRANCH, Is Main: $IS_MAIN"
+          fi
 
       - name: Extract metadata
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ${{ env.DEV_CONTAINER_REGISTRY }}/${{ env.DEV_CONTAINER_IMAGE }}
+          images: |
+            ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_IMAGE }}
+            ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GAR_PROJECT_ID }}/${{ env.GAR_REPOSITORY }}/${{ env.GAR_IMAGE }}
+            ${{ env.REPLICATED_REGISTRY }}/${{ env.REPLICATED_APP }}/${{ env.REPLICATED_IMAGE }}
           tags: |
+            # Git tag releases (semver tags)
+            type=ref,event=tag
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            # Main branch tags
             type=raw,value=latest,enable={{is_default_branch}}
-            type=sha,format=short
-            type=ref,event=branch
-            type=ref,event=pr
+            type=raw,value=sha-{{sha}},enable={{is_default_branch}}
+            # Non-main branch tags - branch name as "latest" for that branch
+            type=raw,value=${{ steps.vars.outputs.normalized-branch }},enable=${{ steps.vars.outputs.is-tag == 'false' && steps.vars.outputs.is-main == 'false' }}
+            # SHA-suffixed tags for all branches (main and non-main)
+            type=raw,value=${{ steps.vars.outputs.normalized-branch }}-sha-{{sha}},enable=${{ steps.vars.outputs.is-tag == 'false' && steps.vars.outputs.is-main == 'false' }}
 
-      - name: Build and push image
+      - name: Build multi-arch image
+        id: build
         uses: docker/build-push-action@v6
         with:
           context: applications/wg-easy
           file: applications/wg-easy/container/Containerfile
           platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
+          push: false
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+  push-ghcr:
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.GHCR_REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract GHCR tags
+        id: ghcr-tags
+        run: |
+          GHCR_TAGS=$(echo '${{ needs.build.outputs.metadata }}' | jq -r '.tags[]' | grep "^${{ env.GHCR_REGISTRY }}" | tr '\n' ',')
+          echo "tags=${GHCR_TAGS%,}" >> $GITHUB_OUTPUT
+          echo "GHCR tags: ${GHCR_TAGS%,}"
+
+      - name: Build and push to GHCR
+        uses: docker/build-push-action@v6
+        with:
+          context: applications/wg-easy
+          file: applications/wg-easy/container/Containerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.ghcr-tags.outputs.tags }}
+          labels: ${{ needs.build.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  push-gar:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+      - name: Configure Docker for Artifact Registry
+        run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev
+
+      - name: Log in to Google Artifact Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev
+          username: _json_key
+          password: ${{ secrets.GCP_SA_KEY }}
+
+      - name: Extract GAR tags
+        id: gar-tags
+        run: |
+          GAR_TAGS=$(echo '${{ needs.build.outputs.metadata }}' | jq -r '.tags[]' | grep "^${{ env.GAR_LOCATION }}-docker.pkg.dev" | tr '\n' ',')
+          echo "tags=${GAR_TAGS%,}" >> $GITHUB_OUTPUT
+          echo "GAR tags: ${GAR_TAGS%,}"
+
+      - name: Build and push to GAR
+        uses: docker/build-push-action@v6
+        with:
+          context: applications/wg-easy
+          file: applications/wg-easy/container/Containerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.gar-tags.outputs.tags }}
+          labels: ${{ needs.build.outputs.labels }}
+          cache-from: type=gha
+
+  push-replicated:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Setup tools
+        uses: ./.github/actions/setup-tools
+        with:
+          app-dir: applications/wg-easy
+
+      - name: Log in to Replicated Registry
+        run: |
+          replicated registry login
+          docker login ${{ env.REPLICATED_REGISTRY }} -u "${{ secrets.WG_EASY_REPLICATED_API_TOKEN }}" -p "${{ secrets.WG_EASY_REPLICATED_API_TOKEN }}"
+        env:
+          REPLICATED_API_TOKEN: ${{ secrets.WG_EASY_REPLICATED_API_TOKEN }}
+
+      - name: Extract Replicated tags
+        id: replicated-tags
+        run: |
+          REPLICATED_TAGS=$(echo '${{ needs.build.outputs.metadata }}' | jq -r '.tags[]' | grep "^${{ env.REPLICATED_REGISTRY }}" | tr '\n' ',')
+          echo "tags=${REPLICATED_TAGS%,}" >> $GITHUB_OUTPUT
+          echo "Replicated tags: ${REPLICATED_TAGS%,}"
+
+      - name: Build and push to Replicated Registry
+        uses: docker/build-push-action@v6
+        with:
+          context: applications/wg-easy
+          file: applications/wg-easy/container/Containerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.replicated-tags.outputs.tags }}
+          labels: ${{ needs.build.outputs.labels }}
+          cache-from: type=gha