Merge pull request #36 from clementguillot/18-add-oci-image-build-to-…

…pipeline 18 add oci image build to pipeline
clementguillot · Feb 23, 2024 · 1565609 · 1565609
2 parents 8167c10 + e6adfd8
commit 1565609
Show file tree

Hide file tree

Showing 8 changed files with 641 additions and 49 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,111 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+
+# Cancel in progress workflows on pull_requests.
+# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+# Needed for nx-set-shas when run on the main branch
+permissions:
+  actions: read
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: ./.github/actions/nx-affected-target
+        with:
+          target: build
+
+  build-oci-images:
+    needs:
+      - build
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: ./.github/actions/nx-affected-target
+        with:
+          target: container
+        env:
+          INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: ./.github/actions/nx-affected-target
+        with:
+          target: test
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: ./.github/actions/nx-affected-target
+        with:
+          target: lint
+
+  push-oci-images:
+    needs:
+      - build
+      - test
+      - lint
+    if: github.event_name != 'pull_request'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: ./.github/actions/nx-affected-target
+        with:
+          target: container
+        env:
+          INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          INPUT_PUSH: true
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
diff --git a/apps/api/.dockerignore b/apps/api/.dockerignore
@@ -3,3 +3,4 @@
 !build/*-runner.jar
 !build/lib/*
 !build/quarkus-app/*
+!build/native-sources/*
diff --git a/apps/api/project.json b/apps/api/project.json
@@ -13,6 +13,38 @@
         "task": "quarkusBuild"
       }
     },
+    "build-native-sources": {
+      "executor": "@jnxplus/nx-gradle:run-task",
+      "options": {
+        "task": ["build", "-Dquarkus.package.type=native-sources"]
+      },
+      "outputs": ["{projectRoot}/build/native-sources"]
+    },
+    "patch-native-sources": {
+      "executor": "nx:run-commands",
+      "dependsOn": ["build-native-sources"],
+      "options": {
+        "command": "sed -i -e 's/--link-at-build-time//g' apps/api/build/native-sources/native-image.args"
+      },
+      "outputs": ["{projectRoot}/build/native-sources"]
+    },
+    "container": {
+      "executor": "@nx-tools/nx-container:build",
+      "dependsOn": ["patch-native-sources"],
+      "options": {
+        "engine": "docker",
+        "context": "apps/api",
+        "file": "apps/api/src/main/docker/Dockerfile.mandrel-builder",
+        "metadata": {
+          "images": ["ghcr.io/clementguillot/nx-cloud-ce-api"],
+          "tags": [
+            "type=schedule",
+            "type=sha,prefix=",
+            "latest"
+          ]
+        }
+      }
+    },
     "build-image": {
       "executor": "@jnxplus/nx-gradle:quarkus-build-image"
     },

diff --git a/apps/api/src/main/docker/Dockerfile.mandrel-builder b/apps/api/src/main/docker/Dockerfile.mandrel-builder
@@ -0,0 +1,19 @@
+FROM quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21 AS build
+
+COPY --chown=quarkus:quarkus build/native-sources /code/native-sources
+USER quarkus
+WORKDIR /code/native-sources
+RUN native-image $(cat native-image.args)
+
+FROM quay.io/quarkus/quarkus-micro-image:2.0
+
+WORKDIR /work/
+RUN chown 1001 /work \
+    && chmod "g+rwX" /work \
+    && chown 1001:root /work
+COPY --from=build --chown=1001:root /code/native-sources/*-runner /work/application
+
+EXPOSE 8080
+USER 1001
+
+ENTRYPOINT ["./application", "-Dquarkus.http.host=0.0.0.0"]
diff --git a/compose.yaml b/compose.yaml
@@ -21,7 +21,7 @@ services:
   mongo-express:
     image: mongo-express
     ports:
-      - 9500:9500
+      - '9500:9500'
     environment:
       ME_CONFIG_MONGODB_URL: mongodb://mongo:27017/
       PORT: 9500