BI-5142: add build to release (#180)

* (BI-5142) feat: add debian_docker build * (BI-5142) feat: add build to release * (BI-5142) feat: add build to release
datalens-tech · Dec 19, 2023 · daddeb1 · daddeb1
1 parent 0960c1c
commit daddeb1
Show file tree

Hide file tree

Showing 9 changed files with 175 additions and 87 deletions.
diff --git a/.github/workflows/build_action_runner_image_base.yml b/.github/workflows/build_action_runner_image_base.yml
diff --git a/.github/workflows/build_apps.yaml b/.github/workflows/build_apps.yaml
diff --git a/.github/workflows/build_debian_docker.yml b/.github/workflows/build_debian_docker.yml
@@ -0,0 +1,34 @@
+name: "🐳 Build Debian Docker image"
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "04 05 * * 6" # every Saturday at 05:04
+
+jobs:
+  build:
+    runs-on: [ self-hosted, linux ]
+    permissions:
+      packages: write
+    env:
+      CR_TAG_BASE: "ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}"
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.CR_TAG_BASE }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: docker_build/debian_docker
+          push: true
+          tags: "${{ env.CR_TAG_BASE }}/debian_docker:latest"
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -16,15 +16,61 @@ on:
         default: false
 
 jobs:
+  push_images:
+    name: "Pull candidate images and push to release"
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    strategy:
+      matrix:
+        image_name:
+        - "dl-control-api"
+        - "dl-data-api"
+    env:
+      cr_url: "ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}"
+      image_url_base: "${{ env.cr_url }}/${{ matrix.image_name }}"
+      image_url_release: "${{ env.image_url_base }}:${{ github.event.inputs.version }}"
+      image_url_rc: "${{ env.image_url_base }}:${{ github.event.inputs.version }}rc1"
+      image_url_latest: "${{ env.image_url_base }}:latest"
+
+    steps:
+    - name: Log in to the Container registry
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ env.CR_TAG_BASE }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Pull release candidate image
+      id: pull_image
+      run: |
+        echo "Pulling release candidate image"
+        docker pull ${image_url_rc}
+
+    - name: Push release tag
+      id: push_image
+      run: |
+        echo "Pushing release image"
+        docker tag ${{ env.image_url_rc }} ${{ env.image_url_release }}
+        docker push ${{ env.image_url_release }}
+
+    - name: Push latest tag
+      if: ${{ github.event.inputs.make_latest == 'true' }}
+      run: |
+        echo "Pushing latest image"
+        docker tag ${{ env.image_url_rc }} ${{ env.image_url_latest }}
+        docker push ${{ env.image_url_latest }}
+
   release:
     name: "Create release"
+    needs: [push_images]
     runs-on: ubuntu-latest
     permissions:
       contents: write
     env:
       branch: "release/${{ github.event.inputs.version }}"
-    steps:
 
+    steps:
     - name: Checkout code
       id: checkout
       uses: actions/checkout@v2

diff --git a/.github/workflows/release_prerelease.yaml b/.github/workflows/release_prerelease.yaml
@@ -24,8 +24,51 @@ on:
         default: false
 
 jobs:
+  build_images:
+    name: "Build images"
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    strategy:
+      matrix:
+        image_name:
+        - "dl-control-api"
+        - "dl-data-api"
+    env:
+      cr_url: "ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}"
+      image_url_base: "${{ env.cr_url }}/${{ matrix.image_name }}"
+      image_url_rc: "${{ env.image_url_base }}:${{ github.event.inputs.version }}rc1"
+      image_url_release: "${{ env.image_url_base }}:${{ github.event.inputs.version }}"
+
+    steps:
+    - name: Log in to the Container registry
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ env.CR_TAG_BASE }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Checkout code
+      id: checkout
+      uses: actions/checkout@v2
+      with:
+        ref: "${{ env.branch }}"
+        fetch-depth: 0
+
+    - name: Build image
+      working-directory: docker_build
+      run: |
+        image_name="${{ matrix.image_name }}"
+        bake_target="${image_name/-/_}" # replace - with _
+        
+        ./run-project-bake "${bake_target}" \
+          --push \
+          --set "${bake_target}.tags=${{ env.image_url_rc }}"
+          ${{ github.event.inputs.with_release == 'true' && '--set "${bake_target}.tags=${{ env.image_url_release }}"' || '' }}
+
   release:
     name: "Create prerelease"
+    needs: [build_images]
     runs-on: ubuntu-latest
     permissions:
       contents: write

diff --git a/docker_build/debian_docker/Dockerfile b/docker_build/debian_docker/Dockerfile
@@ -0,0 +1,9 @@
+FROM debian:bookworm
+
+# run all scripts in ./scripts in alphabetical order
+RUN COPY ./scripts /tmp/scripts
+RUN chmod a+x /tmp/scripts/*.sh && \
+    run-parts --regex '.*sh$' \
+    --exit-on-error \
+    /tmp/scripts && \
+    rm -rf /tmp/scripts
diff --git a/docker_build/debian_docker/scripts/000-apt-update.sh b/docker_build/debian_docker/scripts/000-apt-update.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+set -eu
+export DEBIAN_FRONTEND=noninteractive
+
+echo 'Updating apt-get...'
+
+apt-get update
diff --git a/docker_build/debian_docker/scripts/100-docker.sh b/docker_build/debian_docker/scripts/100-docker.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+set -eu
+export DEBIAN_FRONTEND=noninteractive
+
+echo 'Installing docker packages...'
+
+echo '  Installing docker source list...'
+apt-get install --yes \
+  curl \
+  gpg \
+  ca-certificates
+
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+chmod a+r /etc/apt/keyrings/docker.gpg
+echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian/ bookworm stable" > /etc/apt/sources.list.d/docker.list
+
+apt-get update
+
+echo '  Installing packages...'
+
+apt-get install --yes \
+    docker-ce \
+    docker-ce-cli \
+    containerd.io \
+    docker-buildx-plugin \
+    docker-compose-plugin
diff --git a/docker_build/debian_docker/scripts/900-apt-cleanup.sh b/docker_build/debian_docker/scripts/900-apt-cleanup.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -eu
+export DEBIAN_FRONTEND=noninteractive
+
+echo 'Cleaning up apt...'
+
+apt-get clean
+rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*