feat: server deployment images can be configured via env vars

- CI: moves github workflows to self hosted runner

Author: nxtcoder17

.github/workflows/helm-release.yml

@@ -37,7 +37,7 @@ jobs:
   release:
     # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
     # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -58,7 +58,7 @@ jobs:
     environment:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}
-    runs-on: ubuntu-latest
+    runs-on: ${{ inputs.runner }}
     needs: release
     steps:
       - name: Deploy to GitHub Pages

.github/workflows/release.yml

@@ -21,10 +21,13 @@ permissions:
 jobs:
   github-release:
     name: Create Github Release
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux, x64]
     outputs:
       version: ${{ steps.meta.outputs.version }}
-      is_nightly: ${{ steps.meta.outputs.is_nightly }}
+      ref_slug: ${{ steps.meta.outputs.ref_slug }}
+      default_branch_slug: ${{ steps.meta.outputs.default_branch_slug }}
+
+      is_pre_release: ${{ steps.meta.outputs.is_pre_release }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -35,46 +38,37 @@ jobs:
       - uses: nxtcoder17/actions/metadata@main
         id: meta
 
-      - name: create nightly github release (if applicable)
-        shell: bash
-        if: ${{ steps.meta.outputs.is_nightly == 'true' }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-          version: ${{steps.meta.outputs.version}}
-        run: |+
-          echo "🔖 recreating release for nightly tag ${{ steps.meta.outputs.version }}"
-          gh release delete ${{steps.meta.outputs.version}} -y --cleanup-tag -R ${{ github.repository }} || echo "cleaned up ${{steps.meta.outputs.version}} tag"
-          gh release create "${{steps.meta.outputs.version}}" -R "${{ github.repository }}" --generate-notes --prerelease
+      - name: create github release
+        uses: nxtcoder17/actions/github-release-create@main
+        with:
+          name: ${{steps.meta.outputs.version}}
+          github_token: ${{github.token}}
+          pre_release: ${{ steps.meta.outputs.is_pre_release }}
 
-      - name: upload kubernetes CRDs to github release
+      - name: create unified CRDs file
         shell: bash
-        env:
-          GH_TOKEN: ${{ github.token }}
-          version: ${{steps.meta.outputs.version}}
         run: |+
           for file in $(ls config/crd/bases/); do
             cat config/crd/bases/$file >> crds.yml
           done
 
-          opts=("-R" "${{github.repository}}")
-          if [ "${{ steps.meta.outputs.is_nightly }}" = "true" ]; then
-            opts+=("--clobber")
-          fi
-
-          gh release upload "${{ steps.meta.outputs.version }}" ${opts[@]} crds.yml
+      - name: upload kubernetes CRDs to github release
+        uses: nxtcoder17/actions/github-release-upload@main
+        with:
+          name: ${{steps.meta.outputs.version}}
+          github_token: ${{github.token}}
+          files: |+
+            crds.yml
 
-  build-container-image:
+  build-image:
     strategy:
       fail-fast: true
       matrix:
-        arch:
-          - amd64
-          - arm64
         include:
           - arch: amd64
-            runner: ubuntu-latest
+            runs-on: [self-hosted, linux, x64]
           - arch: arm64
-            runner: ubuntu-24.04-arm
+            runs-on: [self-hosted, linux, ARM64]
 
     runs-on: ${{ matrix.runner }}
     name: Build Container Image
@@ -96,24 +90,23 @@ jobs:
       - name: docker build and push
         env:
           image: "ghcr.io/${{ github.repository }}/controller:${{ needs.github-release.outputs.version }}-${{ matrix.arch }}"
-          buildx_cache: "ghcr.io/${{ github.repository }}/controller:__docker__buildx__cache__${{ matrix.arch }}__${{needs.github-release.outputs.version}}"
+          buildx_cache: "ghcr.io/${{ github.repository }}/controller:buildx-cache-${{needs.github-release.outputs.ref_slug}}-${{matrix.arch}}"
+          buildx_cache_default: "ghcr.io/${{ github.repository }}/controller:buildx-cache-${{needs.github-release.outputs.default_branch_slug}}-${{matrix.arch}}"
         run: |+
           docker buildx build -t "$image" \
             --cache-to type=registry,ref="$buildx_cache",mode=max,compression=zstd,compression-level=13,force-compression=true \
             --cache-from type=registry,ref="$buildx_cache" \
+            --cache-from type=registry,ref="$buildx_cache_default" \
             --output=type=image,compression=zstd,force-compression=true,compression-level=13,push=true \
           .
 
   publish-multiarch-image:
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
     name: publish-multiarch-image
     needs:
       - github-release
-      - build-container-image
+      - build-image
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
       - uses: nxtcoder17/actions/setup-docker@main
         with:
           docker_registry: "ghcr.io"
@@ -133,11 +126,11 @@ jobs:
     secrets: inherit
     needs:
       - github-release
-      - build-container-image
+      - build-image
     with:
       chart_version: ${{ needs.github-release.outputs.version }}
       chart_app_version: ${{ needs.github-release.outputs.version }}
-      overwrite_release_assets: ${{ needs.github-release.outputs.is_nightly }}
+      overwrite_release_assets: ${{ needs.github-release.outputs.is_pre_release }}
       charts: |+
         ./helm-chart
       github_release: "${{ needs.github-release.outputs.version }}"

config/manager/kustomization.yaml

@@ -3,6 +3,16 @@ resources:
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
-- name: controller
+- name: controller-image
   newName: ghcr.io/kloudlite/wireguard/controller
   newTag: master-nightly
+
+replacements:
+  - source:
+      value: "SAMPLE"
+    targets:
+      - select:
+          name: controller-manager
+          kind: Deployment
+        fieldPaths:
+        - spec.template.spec.containers.[name=manager].env.[name=WG_SERVER_IMAGE].value

config/manager/manager.yaml

@@ -61,8 +61,15 @@ spec:
       - args:
           - --leader-elect
           - --health-probe-bind-address=:8081
-        image: controller:latest
+        image: controller-image
         name: manager
+        env:
+          - name: WG_SERVER_IMAGE
+            value: "ghcr.io/kloudlite/wireguard/images/wireguard:latest"
+
+          - name: SIMPLE_DNS_SERVER_IMAGE
+            value: "ghcr.io/nxtcoder17/simple-dns:v1.0.0"
+
         ports: []
         securityContext:
           allowPrivilegeEscalation: false

internal/controller/server_controller.go

@@ -46,6 +46,9 @@ import (
 type envVars struct {
 	PodCIDR string `env:"POD_CIDR" default:"10.42.0.0/16"`
 	SvcCIDR string `env:"SVC_CIDR" default:"10.43.0.0/16"`
+
+	WgServerImage        string `env:"WG_SERVER_IMAGE" default:"ghcr.io/kloudlite/wireguard/images/wireguard:latest"`
+	SimpleDNSServerImage string `env:"SIMPLE_DNS_SERVER_IMAGE" default:"ghcr.io/nxtcoder17/simple-dns:v1.0.0"`
 }
 
 // ServerReconciler reconciles a Server object
@@ -253,13 +256,15 @@ func (r *ServerReconciler) createDeployment(check *reconciler.Check[*v1.Server],
 		})
 	}
 
-	b, err := templates.ParseBytes(r.templateServerDeploymentSpec, templates.ParamsServerDeploymentSpec{
+	b, err := templates.ParseBytes(r.templateServerDeploymentSpec, templates.ServerDeploymentSpecParams{
 		PodLabels: map[string]string{"app": obj.Name},
 		Wg0Conf:   string(wg0Config),
 		WgDNSTemplateParams: templates.WgDNSTemplateParams{
-			KubeDNSSvcIP:  kubeDNSSvc.Spec.ClusterIP,
-			DNSLocalhosts: obj.Spec.DNS.Localhosts,
+			SimpleDNSServerImage: r.env.SimpleDNSServerImage,
+			KubeDNSSvcIP:         kubeDNSSvc.Spec.ClusterIP,
+			DNSLocalhosts:        obj.Spec.DNS.Localhosts,
 		},
+		WgServerImage:         r.env.WgServerImage,
 		WgProxyTemplateParams: proxyParams,
 	})
 	if err != nil {

internal/templates/server-deployment-spec.yml.tpl

@@ -13,7 +13,7 @@ spec:
 
       containers:
         - name: wireguard
-          image: ghcr.io/kloudlite/wireguard/images/wireguard:latest
+          image: {{.WgServerImage}}
           imagePullPolicy: Always
           command:
             - sh
@@ -52,7 +52,7 @@ spec:
 
         {{- with .WgDNSTemplateParams }}
         - name: dns
-          image: ghcr.io/nxtcoder17/simple-dns:master-nightly
+          image: {{.SimpleDNSServerImage}}
           imagePullPolicy: Always
           args:
             - --addr

internal/templates/types.go

@@ -27,10 +27,12 @@ type ParamsWgPeerConf struct {
 	KeepAlive  int32
 }
 
-type ParamsServerDeploymentSpec struct {
+type ServerDeploymentSpecParams struct {
 	PodLabels map[string]string
 	Wg0Conf   string
 
+	WgServerImage string
+
 	WgDNSTemplateParams
 
 	WgProxyTemplateParams
@@ -47,6 +49,8 @@ type WgServiceSpecParams struct {
 type WgDNSTemplateParams struct {
 	KubeDNSSvcIP  string
 	DNSLocalhosts []string
+
+	SimpleDNSServerImage string
 }
 
 type PortMapping struct {