ref: build self-hosted image in GHA (#61434)

<!-- Describe your PR here. -->

2 minutes 45 seconds, doesn't require `/gcbrun` vs 6 minutes 9 seconds

.craft.yml

@@ -10,11 +10,11 @@ statusProvider:
 targets:
   - id: release
     name: docker
-    source: us.gcr.io/sentryio/sentry
+    source: ghcr.io/getsentry/sentry-self-hosted
     target: getsentry/sentry
   - id: latest
     name: docker
-    source: us.gcr.io/sentryio/sentry
+    source: ghcr.io/getsentry/sentry-self-hosted
     target: getsentry/sentry
     targetFormat: '{{{target}}}:latest'
   - name: github

.github/workflows/acceptance.yml

@@ -65,7 +65,9 @@ jobs:
 
       - name: Step configurations
         id: config
-        run: echo "webpack-path=.webpack_cache" >> "$GITHUB_OUTPUT"
+        run: |
+          echo "webpack-path=.webpack_cache" >> "$GITHUB_OUTPUT"
+          echo "WEBPACK_CACHE_PATH=.webpack_cache" >> "$GITHUB_ENV"
 
       - name: webpack cache
         uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
@@ -86,7 +88,6 @@ jobs:
 
       - name: webpack
         env:
-          WEBPACK_CACHE_PATH: ${{ steps.config.outputs.webpack-path }}
           SENTRY_INSTRUMENTATION: 1
           # this is fine to not have for forks, it shouldn't fail
           SENTRY_WEBPACK_WEBHOOK_SECRET: ${{ secrets.SENTRY_WEBPACK_WEBHOOK_SECRET }}

.github/workflows/publish-dockerhub.yml

@@ -12,7 +12,7 @@ jobs:
       - name: Pull the test image
         id: image_pull
         env:
-          IMAGE_URL: us.gcr.io/sentryio/sentry:${{ github.sha }}
+          IMAGE_URL: ghcr.io/getsentry/sentry-self-hosted:${{ github.sha }}
         shell: bash
         run: |
           echo "We poll for the Docker image that the GCB/GHA build produces until it succeeds or this job times out."
@@ -33,7 +33,7 @@ jobs:
         shell: bash
         env:
           SHORT_SHA: ${{ steps.short_sha.outputs.sha }}
-          IMAGE_URL: us.gcr.io/sentryio/sentry:${{ github.sha }}
+          IMAGE_URL: ghcr.io/getsentry/sentry-self-hosted:${{ github.sha }}
         run: |
           # only login if the password is set
           if [[ "${{ secrets.DOCKER_HUB_RW_TOKEN }}" ]]; then echo "${{ secrets.DOCKER_HUB_RW_TOKEN }}" | docker login --username=sentrybuilder --password-stdin; fi

.github/workflows/self-hosted.yml

@@ -0,0 +1,80 @@
+name: self-hosted
+on:
+  push:
+    branches:
+      - master
+      - releases/**
+  pull_request:
+
+# Cancel in progress workflows on pull_requests.
+# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+# hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359
+env:
+  SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3
+
+jobs:
+  self-hosted:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+
+      - uses: getsentry/action-setup-volta@c52be2ea13cfdc084edb806e81958c13e445941e # v1.2.0
+
+      - name: Step configurations
+        id: config
+        run: |
+          echo "webpack-path=.webpack_cache" >> "$GITHUB_OUTPUT"
+          echo "WEBPACK_CACHE_PATH=.webpack_cache" >> "$GITHUB_ENV"
+
+      - name: webpack cache
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
+        with:
+          path: ${{ steps.config.outputs.webpack-path }}
+          key: ${{ runner.os }}-self-hosted-webpack-cache-${{ hashFiles('webpack.config.ts') }}
+
+      - name: node_modules cache
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
+        id: nodemodulescache
+        with:
+          path: node_modules
+          key: ${{ runner.os }}-self-hosted-node-modules-${{ hashFiles('yarn.lock') }}
+
+      - name: Install Javascript Dependencies
+        if: steps.nodemodulescache.outputs.cache-hit != 'true'
+        run: yarn install --frozen-lockfile --production
+
+      - run: |
+          python setup.py bdist_wheel --build-number 0
+          cp requirements-frozen.txt dist/
+
+      - run: docker login --username '${{ github.actor }}' --password-stdin ghcr.io <<< "$GHCR_TOKEN"
+        env:
+          GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        if: github.event_name != 'pull_request'
+
+      - run: docker buildx create --driver docker-container --use
+
+      - run: |
+          if [ ${{ github.event_name }} = 'push' ]; then
+            args=(
+              --tag ghcr.io/getsentry/sentry-self-hosted:latest
+              --push
+            )
+          else
+            args=()
+          fi
+
+          docker buildx build \
+            --pull \
+            --cache-from ghcr.io/getsentry/sentry-self-hosted:latest \
+            --cache-to type=inline \
+            --tag ghcr.io/getsentry/sentry-self-hosted:${{ github.sha }} \
+            --file self-hosted/Dockerfile \
+            --build-arg SOURCE_COMMIt=${{ github.sha }} \
+            "${args[@]}" \
+            .