Skip to content

OPSEXP-2916: Add ACS audit component image build #129

OPSEXP-2916: Add ACS audit component image build

OPSEXP-2916: Add ACS audit component image build #129

Workflow file for this run

name: CI from forks
on:
pull_request:
branches:
- main
push:
branches:
- main
env:
ACS_DEPLOYMENT_VERSION: 78132d95e29d7126025e127740d10cf958164947 # 8.6.0-alpha.0 with compose healthcheck
ARTIFACT_NAME: alfresco-docker-images
REGISTRY: localhost
REGISTRY_NAMESPACE: alfresco
TAG: latest
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name || github.run_id }}
cancel-in-progress: true
jobs:
pre-commit:
runs-on: ubuntu-latest
if: github.event.pull_request.head.repo.fork
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
build:
needs: pre-commit
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: Restore packages artifacts
uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
id: artifacts-cache
with:
key: ${{ runner.os }}-packages-community-v2-${{ hashFiles('**/artifacts.json') }}
path: artifacts_cache/**
- name: Fetch artifacts from nexus
run: ./scripts/fetch-artifacts.sh
- name: Save packages artifacts
if: steps.artifacts-cache.outputs.cache-hit != 'true'
uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
key: ${{ steps.artifacts-cache.outputs.cache-primary-key }}
path: artifacts_cache/**
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Bake Docker images
env:
TARGETARCH: linux/amd64
DOCKER_PUSH: ${{ github.actor != 'dependabot[bot]'}}
uses: docker/bake-action@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0
with:
targets: community
- name: Export all baked images whose name include `alfresco`
run: |
docker save -o /tmp/${{ env.ARTIFACT_NAME }}.tar $(docker images --format "{{.Repository}}:{{.Tag}}" | grep alfresco)
- name: Upload images as artifact
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: ${{ env.ARTIFACT_NAME }}
path: /tmp/${{ env.ARTIFACT_NAME }}.tar
retention-days: 1
compression-level: 0
compose-test:
name: compose-test
needs: build
runs-on: ubuntu-latest
env:
MERGED_COMPOSE_PATH: test/merged-compose.yaml
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: /tmp
name: ${{ env.ARTIFACT_NAME }}
- name: Load docker images from artifact
run: |
docker load -i /tmp/${{ env.ARTIFACT_NAME }}.tar
docker image ls -a
- name: Fetch compose from acs-deployment
run: ./scripts/fetch-compose.sh ${{ env.ACS_DEPLOYMENT_VERSION }}
- name: Merge Docker Compose files
env:
UPSTREAM_COMPOSE_PATH: test/community-compose.yaml
OVERRIDE_COMPOSE_PATH: test/community-override.yaml
run: docker compose -f ${{ env.UPSTREAM_COMPOSE_PATH }} -f ${{ env.OVERRIDE_COMPOSE_PATH }} config > ${{ env.MERGED_COMPOSE_PATH }}
- name: Verify docker-compose
id: verify_compose
uses: Alfresco/alfresco-build-tools/.github/actions/dbp-charts/[email protected]
timeout-minutes: 10
with:
postman_path: test/postman/docker-compose
postman_json: acs-test-docker-compose-collection.json
compose_pull: false
compose_file_path: ${{ env.MERGED_COMPOSE_PATH }}
- name: Save containers logs
if: always() && steps.verify_compose.outcome != 'skipped'
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
output-archive-name: community-logs
helm-test:
name: helm test
needs: build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: /tmp
name: ${{ env.ARTIFACT_NAME }}
- name: Setup KinD cluster
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
ingress-nginx-ref: controller-v1.8.2
metrics: "true"
- name: Load Docker images
run: |
kind load image-archive -n chart-testing /tmp/${{ env.ARTIFACT_NAME }}.tar
- uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
with:
version: "3.15.2"
- name: Create configmaps for adf apps
run: |
kubectl create configmap acc-config --from-file=app.config.json=test/configs/acc.json
kubectl create configmap adw-config --from-file=app.config.json=test/configs/adw.json
- name: Checkout acs-deployment sources
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: Alfresco/acs-deployment
ref: ${{ env.ACS_DEPLOYMENT_VERSION }}
path: acs-deployment
- name: Setup helm repository
working-directory: acs-deployment/helm/alfresco-content-services
run: |
helm repo add self https://alfresco.github.io/alfresco-helm-charts/
helm repo add activiti https://activiti.github.io/activiti-cloud-helm-charts
helm repo add bitnami https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami/
helm repo add elastic https://helm.elastic.co
helm dependency build
- name: Helm install
id: helm_install
run: |
helm install acs ./acs-deployment/helm/alfresco-content-services \
--set global.search.sharedSecret="$(openssl rand -hex 24)" \
--set global.known_urls=http://localhost \
--set alfresco-repository.image.repository=localhost/alfresco/alfresco-content-repository-community \
--set share.image.repository=localhost/alfresco/alfresco-share-community \
--values ./acs-deployment/helm/alfresco-content-services/community_values.yaml \
--values ./acs-deployment/test/community-integration-test-values.yaml \
--values test/helm/test-overrides.yaml \
--values test/helm/test-overrides-community.yaml
- name: Watch Helm deployment
env:
HELM_INSTALL_TIMEOUT: 10m
run: |
kubectl get pods --watch &
KWPID=$!
kubectl wait --timeout=${{ env.HELM_INSTALL_TIMEOUT }} --all=true --for=condition=Ready pods
kill $KWPID
- name: Debug cluster status after install
if: always() && steps.helm_install.outcome != 'skipped'
run: |
helm ls --all-namespaces --all
kubectl get all --all-namespaces
kubectl describe pod
- name: Run helm test
id: helm_test
run: helm test acs
- name: Debug cluster status after helm test
if: always() && steps.helm_test.outcome != 'skipped'
run: |
kubectl logs -l app.kubernetes.io/component=dtas --tail=-1
kubectl get all --all-namespaces
kubectl describe pod
- name: Collect logs from all containers
if: always() && steps.helm_install.outcome != 'skipped'
run: |
mkdir -p logs
for pod in $(kubectl get pods -n default -o jsonpath='{.items[*].metadata.name}'); do
kubectl logs $pod -n default > logs/${pod}.log
done
- name: Upload logs as artifact
if: always() && steps.helm_install.outcome != 'skipped'
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 #v4.4.3
with:
name: k8s-logs-community
path: logs