OPSEXP-2784 Add cleanup workflow for packages #469
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, Run and Test Docker Image | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- 'Makefile' | |
- '.github/workflows/test-make.yml' | |
- '.github/workflows/kics.yml' | |
- 'README.md' | |
pull_request: | |
branches: | |
- main | |
paths-ignore: | |
- 'Makefile' | |
- '.github/workflows/test-make.yml' | |
- '.github/workflows/kics.yml' | |
- 'README.md' | |
env: | |
ACS_CHART_VERSION: 172410cfb4ad44d4839d9aefd31b4bcefc44f316 | |
ARTIFACT_NAME: alfresco-docker-images | |
REGISTRY: ghcr.io | |
REGISTRY_NAMESPACE: alfresco | |
TAG: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || github.sha }} | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name || github.run_id }} | |
cancel-in-progress: true | |
permissions: | |
contents: read | |
# telemetry | |
actions: read | |
# ghcr push | |
packages: write | |
attestations: write | |
id-token: write | |
jobs: | |
pre-commit: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
with: | |
auto-commit: "true" | |
build-test: | |
runs-on: ubuntu-latest | |
needs: pre-commit | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: Setup nexus authentication | |
run: | | |
echo "machine nexus.alfresco.com" >> ~/.netrc | |
echo "login ${{ secrets.NEXUS_USERNAME }}" >> ~/.netrc | |
echo "password ${{ secrets.NEXUS_PASSWORD }}" >> ~/.netrc | |
- name: Restore packages artifacts | |
uses: actions/cache/restore@v4 | |
id: artifacts-cache | |
with: | |
key: ${{ runner.os }}-packages-${{ hashFiles('**/artifacts.json') }} | |
path: | | |
**/*.jar | |
**/*.zip | |
**/*.amp | |
**/*.tgz | |
**/*.gz | |
**/*.rpm | |
- name: Fetch artifacts from nexus | |
run: ./scripts/fetch-artifacts.sh | |
- name: Save packages artifacts | |
id: cache-primes-save | |
uses: actions/cache/save@v4 | |
with: | |
key: ${{ steps.artifacts-cache.outputs.cache-primary-key }} | |
path: | | |
**/*.jar | |
**/*.zip | |
**/*.amp | |
**/*.tgz | |
**/*.gz | |
**/*.rpm | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | |
- name: Login to Quay.io | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: Log in to the Container registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Collect Workflow Telemetry | |
uses: catchpoint/workflow-telemetry-action@v2 | |
with: | |
comment_on_pr: false | |
- name: Bake Docker images | |
env: | |
TARGETARCH: linux/amd64,linux/arm64 | |
uses: docker/bake-action@a4d7f0b5b91c14a296d792d4ec53a9db17f02e67 # v5.5.0 | |
with: | |
set: | | |
*.output=type=registry,push=true | |
compose-test: | |
name: compose-test | |
needs: build-test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Log in to the Container registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | |
- name: Verify docker-compose | |
uses: Alfresco/alfresco-build-tools/.github/actions/dbp-charts/[email protected] | |
timeout-minutes: 10 | |
with: | |
compose_file_path: test/docker-compose.yml | |
quay_username: ${{ secrets.QUAY_USERNAME }} | |
quay_password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
helm-test: | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: [arm64, amd64] | |
name: helm test | |
needs: build-test | |
runs-on: ${{ matrix.arch == 'arm64' && 'alfrescoARM-ubuntu2404-16G-4CPU' || 'alfrescoPub-ubuntu2204-16G-4CPU' }} | |
steps: | |
- name: Setup cluster | |
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
with: | |
ingress-nginx-ref: controller-v1.8.2 | |
metrics: "true" | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 | |
with: | |
version: "3.15.2" | |
- name: Login to Quay.io | |
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: Log in to the Container registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create registries auth secret | |
run: >- | |
kubectl create secret generic regcred | |
--from-file=.dockerconfigjson=$HOME/.docker/config.json | |
--type=kubernetes.io/dockerconfigjson | |
- name: Checkout acs-deployment sources | |
uses: actions/checkout@v4 | |
with: | |
repository: Alfresco/acs-deployment | |
ref: ${{ env.ACS_CHART_VERSION }} | |
path: github-source | |
- name: Setup helm repository | |
working-directory: github-source/helm/alfresco-content-services | |
run: | | |
helm repo add self https://alfresco.github.io/alfresco-helm-charts/ | |
helm repo add activiti https://activiti.github.io/activiti-cloud-helm-charts | |
helm repo add bitnami https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami/ | |
helm repo add elastic https://helm.elastic.co | |
helm dependency build | |
- name: Preprocess test-overrides.yaml | |
env: | |
OVERRIDES_VALUES_FILE: test/helm/test-overrides.yaml | |
run: | | |
sed -i "s|localhost/|${REGISTRY}/${REGISTRY_NAMESPACE}/|g" ${{ env.OVERRIDES_VALUES_FILE }} | |
sed -i "s|tag: latest|tag: ${TAG}|g" ${{ env.OVERRIDES_VALUES_FILE }} | |
cat ${{ env.OVERRIDES_VALUES_FILE }} | |
- name: Helm install | |
id: helm_install | |
run: | | |
helm install acs ./github-source/helm/alfresco-content-services \ | |
--set global.search.sharedSecret="$(openssl rand -hex 24)" \ | |
--set global.known_urls=http://localhost \ | |
--set global.alfrescoRegistryPullSecrets=regcred \ | |
--values ./github-source/test/enterprise-integration-test-values.yaml \ | |
--values test/helm/test-overrides.yaml | |
- name: Watch Helm deployment | |
env: | |
HELM_INSTALL_TIMEOUT: 10m | |
run: | | |
kubectl get pods --watch & | |
KWPID=$! | |
kubectl wait --timeout=${{ env.HELM_INSTALL_TIMEOUT }} --all=true --for=condition=Ready pods | |
kill $KWPID | |
echo "Waiting for ESC Reindexing job to complete... " | |
kubectl wait --timeout=5m --for=condition=complete job/acs-alfresco-search-enterprise-reindexing | |
- name: Debug cluster status after install | |
if: always() && steps.helm_install.outcome != 'skipped' | |
run: | | |
helm ls --all-namespaces --all | |
kubectl get all --all-namespaces | |
kubectl describe pod | |
- name: Collect logs from all containers | |
if: always() && steps.helm_install.outcome != 'skipped' | |
run: | | |
mkdir -p logs | |
for pod in $(kubectl get pods -n default -o jsonpath='{.items[*].metadata.name}'); do | |
kubectl logs $pod -n default > logs/${pod}.log | |
done | |
- name: Upload logs as artifact | |
if: always() && steps.helm_install.outcome != 'skipped' | |
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 #v4.4.0 | |
with: | |
name: k8s-logs-${{ matrix.arch }} | |
path: logs | |
- name: Run helm test | |
id: helm_test | |
run: helm test acs | |
- name: Debug cluster status after helm test | |
if: always() && steps.helm_test.outcome != 'skipped' | |
run: | | |
kubectl logs -l app.kubernetes.io/component=dtas --tail=-1 | |
kubectl get all --all-namespaces | |
kubectl describe pod |