OPSEXP-2916: Add ACS audit component image build #129
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI from forks | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
env: | |
ACS_DEPLOYMENT_VERSION: 78132d95e29d7126025e127740d10cf958164947 # 8.6.0-alpha.0 with compose healthcheck | |
ARTIFACT_NAME: alfresco-docker-images | |
REGISTRY: localhost | |
REGISTRY_NAMESPACE: alfresco | |
TAG: latest | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
pre-commit: | |
runs-on: ubuntu-latest | |
if: github.event.pull_request.head.repo.fork | |
steps: | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
build: | |
needs: pre-commit | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: Restore packages artifacts | |
uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
id: artifacts-cache | |
with: | |
key: ${{ runner.os }}-packages-community-v2-${{ hashFiles('**/artifacts.json') }} | |
path: artifacts_cache/** | |
- name: Fetch artifacts from nexus | |
run: ./scripts/fetch-artifacts.sh | |
- name: Save packages artifacts | |
if: steps.artifacts-cache.outputs.cache-hit != 'true' | |
uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
key: ${{ steps.artifacts-cache.outputs.cache-primary-key }} | |
path: artifacts_cache/** | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
- name: Bake Docker images | |
env: | |
TARGETARCH: linux/amd64 | |
DOCKER_PUSH: ${{ github.actor != 'dependabot[bot]'}} | |
uses: docker/bake-action@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0 | |
with: | |
targets: community | |
- name: Export all baked images whose name include `alfresco` | |
run: | | |
docker save -o /tmp/${{ env.ARTIFACT_NAME }}.tar $(docker images --format "{{.Repository}}:{{.Tag}}" | grep alfresco) | |
- name: Upload images as artifact | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: /tmp/${{ env.ARTIFACT_NAME }}.tar | |
retention-days: 1 | |
compression-level: 0 | |
compose-test: | |
name: compose-test | |
needs: build | |
runs-on: ubuntu-latest | |
env: | |
MERGED_COMPOSE_PATH: test/merged-compose.yaml | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Download artifacts | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
path: /tmp | |
name: ${{ env.ARTIFACT_NAME }} | |
- name: Load docker images from artifact | |
run: | | |
docker load -i /tmp/${{ env.ARTIFACT_NAME }}.tar | |
docker image ls -a | |
- name: Fetch compose from acs-deployment | |
run: ./scripts/fetch-compose.sh ${{ env.ACS_DEPLOYMENT_VERSION }} | |
- name: Merge Docker Compose files | |
env: | |
UPSTREAM_COMPOSE_PATH: test/community-compose.yaml | |
OVERRIDE_COMPOSE_PATH: test/community-override.yaml | |
run: docker compose -f ${{ env.UPSTREAM_COMPOSE_PATH }} -f ${{ env.OVERRIDE_COMPOSE_PATH }} config > ${{ env.MERGED_COMPOSE_PATH }} | |
- name: Verify docker-compose | |
id: verify_compose | |
uses: Alfresco/alfresco-build-tools/.github/actions/dbp-charts/[email protected] | |
timeout-minutes: 10 | |
with: | |
postman_path: test/postman/docker-compose | |
postman_json: acs-test-docker-compose-collection.json | |
compose_pull: false | |
compose_file_path: ${{ env.MERGED_COMPOSE_PATH }} | |
- name: Save containers logs | |
if: always() && steps.verify_compose.outcome != 'skipped' | |
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
with: | |
output-archive-name: community-logs | |
helm-test: | |
name: helm test | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Download artifacts | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
path: /tmp | |
name: ${{ env.ARTIFACT_NAME }} | |
- name: Setup KinD cluster | |
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
with: | |
ingress-nginx-ref: controller-v1.8.2 | |
metrics: "true" | |
- name: Load Docker images | |
run: | | |
kind load image-archive -n chart-testing /tmp/${{ env.ARTIFACT_NAME }}.tar | |
- uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 | |
with: | |
version: "3.15.2" | |
- name: Create configmaps for adf apps | |
run: | | |
kubectl create configmap acc-config --from-file=app.config.json=test/configs/acc.json | |
kubectl create configmap adw-config --from-file=app.config.json=test/configs/adw.json | |
- name: Checkout acs-deployment sources | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
repository: Alfresco/acs-deployment | |
ref: ${{ env.ACS_DEPLOYMENT_VERSION }} | |
path: acs-deployment | |
- name: Setup helm repository | |
working-directory: acs-deployment/helm/alfresco-content-services | |
run: | | |
helm repo add self https://alfresco.github.io/alfresco-helm-charts/ | |
helm repo add activiti https://activiti.github.io/activiti-cloud-helm-charts | |
helm repo add bitnami https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami/ | |
helm repo add elastic https://helm.elastic.co | |
helm dependency build | |
- name: Helm install | |
id: helm_install | |
run: | | |
helm install acs ./acs-deployment/helm/alfresco-content-services \ | |
--set global.search.sharedSecret="$(openssl rand -hex 24)" \ | |
--set global.known_urls=http://localhost \ | |
--set alfresco-repository.image.repository=localhost/alfresco/alfresco-content-repository-community \ | |
--set share.image.repository=localhost/alfresco/alfresco-share-community \ | |
--values ./acs-deployment/helm/alfresco-content-services/community_values.yaml \ | |
--values ./acs-deployment/test/community-integration-test-values.yaml \ | |
--values test/helm/test-overrides.yaml \ | |
--values test/helm/test-overrides-community.yaml | |
- name: Watch Helm deployment | |
env: | |
HELM_INSTALL_TIMEOUT: 10m | |
run: | | |
kubectl get pods --watch & | |
KWPID=$! | |
kubectl wait --timeout=${{ env.HELM_INSTALL_TIMEOUT }} --all=true --for=condition=Ready pods | |
kill $KWPID | |
- name: Debug cluster status after install | |
if: always() && steps.helm_install.outcome != 'skipped' | |
run: | | |
helm ls --all-namespaces --all | |
kubectl get all --all-namespaces | |
kubectl describe pod | |
- name: Run helm test | |
id: helm_test | |
run: helm test acs | |
- name: Debug cluster status after helm test | |
if: always() && steps.helm_test.outcome != 'skipped' | |
run: | | |
kubectl logs -l app.kubernetes.io/component=dtas --tail=-1 | |
kubectl get all --all-namespaces | |
kubectl describe pod | |
- name: Collect logs from all containers | |
if: always() && steps.helm_install.outcome != 'skipped' | |
run: | | |
mkdir -p logs | |
for pod in $(kubectl get pods -n default -o jsonpath='{.items[*].metadata.name}'); do | |
kubectl logs $pod -n default > logs/${pod}.log | |
done | |
- name: Upload logs as artifact | |
if: always() && steps.helm_install.outcome != 'skipped' | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 #v4.4.3 | |
with: | |
name: k8s-logs-community | |
path: logs |