OPSEXP-2736 Push to ghcr.io #362
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Run and Test Docker Image | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| env: | |
| ACS_CHART_VERSION: 8.3.0 | |
| ACS_VALUES_VERSION: cfb0d426eff14a8b581c31e61db5e670da09ba3b | |
| ARTIFACT_NAME: alfresco-docker-images | |
| REGISTRY: ghcr.io | |
| REGISTRY_NAMESPACE: alfresco | |
| TAG: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || github.sha }} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name || github.run_id }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| # telemetry | |
| actions: read | |
| # ghcr push | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| jobs: | |
| pre-commit: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| with: | |
| auto-commit: "true" | |
| build-test: | |
| runs-on: ubuntu-latest | |
| needs: pre-commit | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - name: Setup nexus authentication | |
| run: | | |
| echo "machine nexus.alfresco.com" >> ~/.netrc | |
| echo "login ${{ secrets.NEXUS_USERNAME }}" >> ~/.netrc | |
| echo "password ${{ secrets.NEXUS_PASSWORD }}" >> ~/.netrc | |
| - name: Restore packages artifacts | |
| uses: actions/cache/restore@v4 | |
| id: artifacts-cache | |
| with: | |
| key: ${{ runner.os }}-packages-${{ hashFiles('**/artifacts.json') }} | |
| path: | | |
| **/*.jar | |
| **/*.zip | |
| **/*.amp | |
| **/*.tgz | |
| **/*.gz | |
| **/*.rpm | |
| - name: Fetch artifacts from nexus | |
| run: ./scripts/fetch-artifact.sh | |
| - name: Save packages artifacts | |
| id: cache-primes-save | |
| uses: actions/cache/save@v4 | |
| with: | |
| key: ${{ steps.artifacts-cache.outputs.cache-primary-key }} | |
| path: | | |
| **/*.jar | |
| **/*.zip | |
| **/*.amp | |
| **/*.tgz | |
| **/*.gz | |
| **/*.rpm | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | |
| - name: Login to Quay.io | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Collect Workflow Telemetry | |
| uses: catchpoint/workflow-telemetry-action@v2 | |
| with: | |
| comment_on_pr: false | |
| - name: Bake Docker images | |
| uses: docker/bake-action@a4d7f0b5b91c14a296d792d4ec53a9db17f02e67 # v5.5.0 | |
| with: | |
| push: true | |
| - name: Show all built images | |
| run: docker images | |
| compose-test: | |
| name: compose-test | |
| needs: build-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | |
| - name: Verify docker-compose | |
| uses: Alfresco/alfresco-build-tools/.github/actions/dbp-charts/[email protected] | |
| timeout-minutes: 10 | |
| with: | |
| compose_file_path: test/docker-compose.yml | |
| quay_username: ${{ secrets.QUAY_USERNAME }} | |
| quay_password: ${{ secrets.QUAY_PASSWORD }} | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| helm-test: | |
| name: helm test | |
| needs: build-test | |
| runs-on: alfrescoPub-ubuntu2204-16G-4CPU | |
| steps: | |
| - name: Setup cluster | |
| uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| with: | |
| ingress-nginx-ref: controller-v1.8.2 | |
| metrics: "true" | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 | |
| with: | |
| version: "3.15.2" | |
| - name: Login to Quay.io | |
| uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create registries auth secret | |
| run: >- | |
| kubectl create secret generic regcred | |
| --from-file=.dockerconfigjson=$HOME/.docker/config.json | |
| --type=kubernetes.io/dockerconfigjson | |
| - name: Fetch upstream values for tests | |
| run: >- | |
| curl -ssfL | |
| https://raw.githubusercontent.com/Alfresco/acs-deployment/${{ env.ACS_VALUES_VERSION }}/test/enterprise-integration-test-values.yaml | |
| -o test/helm/enterprise-integration-test-values.yaml && | |
| ls -l test/helm/enterprise-integration-test-values.yaml && | |
| cat test/helm/enterprise-integration-test-values.yaml | |
| - name: Preprocess test-overrides.yaml | |
| env: | |
| OVERRIDES_VALUES_FILE: test/helm/test-overrides.yaml | |
| run: | | |
| sed -i "s|localhost/|${REGISTRY}/${REGISTRY_NAMESPACE}/|g" ${{ env.OVERRIDES_VALUES_FILE }} | |
| sed -i "s|tag: latest|tag: ${TAG}|g" ${{ env.OVERRIDES_VALUES_FILE }} | |
| cat ${{ env.OVERRIDES_VALUES_FILE }} | |
| - name: Helm install | |
| id: helm_install | |
| run: | | |
| helm repo add alfresco https://kubernetes-charts.alfresco.com/stable | |
| helm repo update | |
| helm install acs alfresco/alfresco-content-services \ | |
| --version ${{ env.ACS_CHART_VERSION }} \ | |
| --set global.search.sharedSecret="$(openssl rand -hex 24)" \ | |
| --set global.known_urls=http://localhost \ | |
| --set global.alfrescoRegistryPullSecrets=regcred \ | |
| --values test/helm/enterprise-integration-test-values.yaml \ | |
| --values test/helm/test-overrides.yaml | |
| - name: Watch Helm deployment | |
| env: | |
| HELM_INSTALL_TIMEOUT: 10m | |
| run: | | |
| kubectl get pods --watch & | |
| KWPID=$! | |
| kubectl wait --timeout=${{ env.HELM_INSTALL_TIMEOUT }} --all=true --for=condition=Ready pods | |
| kill $KWPID | |
| echo "Waiting for ESC Reindexing job to complete... " | |
| kubectl wait --timeout=5m --for=condition=complete job/acs-alfresco-search-enterprise-reindexing | |
| - name: Debug cluster status after install | |
| if: always() && steps.helm_install.outcome != 'skipped' | |
| run: | | |
| helm ls --all-namespaces --all | |
| kubectl get all --all-namespaces | |
| kubectl describe pod | |
| - name: Run helm test | |
| id: helm_test | |
| run: helm test acs | |
| - name: Debug cluster status after helm test | |
| if: always() && steps.helm_test.outcome != 'skipped' | |
| run: | | |
| kubectl logs -l app.kubernetes.io/component=dtas --tail=-1 | |
| kubectl get all --all-namespaces | |
| kubectl describe pod |