Skip to content

OPSEXP-2784 Add cleanup workflow for packages #477

OPSEXP-2784 Add cleanup workflow for packages

OPSEXP-2784 Add cleanup workflow for packages #477

Workflow file for this run

name: Build, Run and Test Docker Image
on:
push:
branches:
- main
paths-ignore:
- 'Makefile'
- '.github/workflows/test-make.yml'
- '.github/workflows/kics.yml'
- 'README.md'
pull_request:
branches:
- main
paths-ignore:
- 'Makefile'
- '.github/workflows/test-make.yml'
- '.github/workflows/kics.yml'
- 'README.md'
env:
ACS_CHART_VERSION: 172410cfb4ad44d4839d9aefd31b4bcefc44f316
ARTIFACT_NAME: alfresco-docker-images
REGISTRY: ghcr.io
REGISTRY_NAMESPACE: alfresco
TAG: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || github.ref_name }}
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
# telemetry
actions: read
# ghcr push
packages: write
attestations: write
id-token: write
jobs:
pre-commit:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
auto-commit: "true"
build-test:
runs-on: ubuntu-latest
needs: pre-commit
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: Setup nexus authentication
run: |
echo "machine nexus.alfresco.com" >> ~/.netrc
echo "login ${{ secrets.NEXUS_USERNAME }}" >> ~/.netrc
echo "password ${{ secrets.NEXUS_PASSWORD }}" >> ~/.netrc
- name: Restore packages artifacts
uses: actions/cache/restore@v4
id: artifacts-cache
with:
key: ${{ runner.os }}-packages-${{ hashFiles('**/artifacts.json') }}
path: |
**/*.jar
**/*.zip
**/*.amp
**/*.tgz
**/*.gz
**/*.rpm
- name: Fetch artifacts from nexus
run: ./scripts/fetch-artifacts.sh
- name: Save packages artifacts
id: cache-primes-save
uses: actions/cache/save@v4
with:
key: ${{ steps.artifacts-cache.outputs.cache-primary-key }}
path: |
**/*.jar
**/*.zip
**/*.amp
**/*.tgz
**/*.gz
**/*.rpm
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
- name: Login to Quay.io
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Collect Workflow Telemetry
uses: catchpoint/workflow-telemetry-action@v2
with:
comment_on_pr: false
- name: Bake Docker images
env:
TARGETARCH: linux/amd64,linux/arm64
uses: docker/bake-action@a4d7f0b5b91c14a296d792d4ec53a9db17f02e67 # v5.5.0
with:
set: |
*.output=type=registry,push=true
compose-test:
name: compose-test
needs: build-test
runs-on: ubuntu-latest
steps:
- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
- name: Verify docker-compose
uses: Alfresco/alfresco-build-tools/.github/actions/dbp-charts/[email protected]
timeout-minutes: 10
with:
compose_file_path: test/docker-compose.yml
quay_username: ${{ secrets.QUAY_USERNAME }}
quay_password: ${{ secrets.QUAY_PASSWORD }}
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
helm-test:
strategy:
fail-fast: false
matrix:
arch: [arm64, amd64]
name: helm test
needs: build-test
runs-on: ${{ matrix.arch == 'arm64' && 'alfrescoARM-ubuntu2404-16G-4CPU' || 'alfrescoPub-ubuntu2204-16G-4CPU' }}
steps:
- name: Setup cluster
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
ingress-nginx-ref: controller-v1.8.2
metrics: "true"
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
with:
version: "3.15.2"
- name: Login to Quay.io
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create registries auth secret
run: >-
kubectl create secret generic regcred
--from-file=.dockerconfigjson=$HOME/.docker/config.json
--type=kubernetes.io/dockerconfigjson
- name: Checkout acs-deployment sources
uses: actions/checkout@v4
with:
repository: Alfresco/acs-deployment
ref: ${{ env.ACS_CHART_VERSION }}
path: github-source
- name: Setup helm repository
working-directory: github-source/helm/alfresco-content-services
run: |
helm repo add self https://alfresco.github.io/alfresco-helm-charts/
helm repo add activiti https://activiti.github.io/activiti-cloud-helm-charts
helm repo add bitnami https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami/
helm repo add elastic https://helm.elastic.co
helm dependency build
- name: Preprocess test-overrides.yaml
env:
OVERRIDES_VALUES_FILE: test/helm/test-overrides.yaml
run: |
sed -i "s|localhost/|${REGISTRY}/${REGISTRY_NAMESPACE}/|g" ${{ env.OVERRIDES_VALUES_FILE }}
sed -i "s|tag: latest|tag: ${TAG}|g" ${{ env.OVERRIDES_VALUES_FILE }}
cat ${{ env.OVERRIDES_VALUES_FILE }}
- name: Helm install
id: helm_install
run: |
helm install acs ./github-source/helm/alfresco-content-services \
--set global.search.sharedSecret="$(openssl rand -hex 24)" \
--set global.known_urls=http://localhost \
--set global.alfrescoRegistryPullSecrets=regcred \
--values ./github-source/test/enterprise-integration-test-values.yaml \
--values test/helm/test-overrides.yaml
- name: Watch Helm deployment
env:
HELM_INSTALL_TIMEOUT: 10m
run: |
kubectl get pods --watch &
KWPID=$!
kubectl wait --timeout=${{ env.HELM_INSTALL_TIMEOUT }} --all=true --for=condition=Ready pods
kill $KWPID
echo "Waiting for ESC Reindexing job to complete... "
kubectl wait --timeout=5m --for=condition=complete job/acs-alfresco-search-enterprise-reindexing
- name: Debug cluster status after install
if: always() && steps.helm_install.outcome != 'skipped'
run: |
helm ls --all-namespaces --all
kubectl get all --all-namespaces
kubectl describe pod
- name: Collect logs from all containers
if: always() && steps.helm_install.outcome != 'skipped'
run: |
mkdir -p logs
for pod in $(kubectl get pods -n default -o jsonpath='{.items[*].metadata.name}'); do
kubectl logs $pod -n default > logs/${pod}.log
done
- name: Upload logs as artifact
if: always() && steps.helm_install.outcome != 'skipped'
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 #v4.4.0
with:
name: k8s-logs-${{ matrix.arch }}
path: logs
- name: Run helm test
id: helm_test
run: helm test acs
- name: Debug cluster status after helm test
if: always() && steps.helm_test.outcome != 'skipped'
run: |
kubectl logs -l app.kubernetes.io/component=dtas --tail=-1
kubectl get all --all-namespaces
kubectl describe pod