From 589636557876b7698dc6b74b46e33e05915ccf62 Mon Sep 17 00:00:00 2001 From: Mijail Rondon Date: Mon, 22 Jan 2024 10:35:20 -0500 Subject: [PATCH] ci(registry): use github public docker registry --- .github/actions/publish-image/action.yml | 41 +++++++ .github/workflows/docker-test.yml | 145 +++++++++++++++++++++++ .github/workflows/publish.yml | 144 ++++++++++++---------- 3 files changed, 265 insertions(+), 65 deletions(-) create mode 100644 .github/actions/publish-image/action.yml create mode 100644 .github/workflows/docker-test.yml diff --git a/.github/actions/publish-image/action.yml b/.github/actions/publish-image/action.yml new file mode 100644 index 0000000000..1bec21194d --- /dev/null +++ b/.github/actions/publish-image/action.yml @@ -0,0 +1,41 @@ +name: Build and publish docker images +description: Builds and publish docker images to github registry +inputs: + github-token: + description: Github secret secrets.GITHUB_TOKEN + required: true + image-name: + description: Image name for example lh-server + required: true + context: + description: Docker build context path + default: . + dockerfile: + description: Relative route of Dockerfile + required: true + +runs: + using: composite + steps: + - name: Log in to github registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ inputs.github-token }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/${{ github.repository }}/${{ input.image-name }} + + - name: Build and push Docker images + uses: docker/build-push-action@v5 + with: + context: ${{ inputs.context }} + file: ${{ inputs.dockerfile }} + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/docker-test.yml b/.github/workflows/docker-test.yml new file mode 100644 index 0000000000..252d52afcd --- /dev/null +++ b/.github/workflows/docker-test.yml @@ -0,0 +1,145 @@ +name: docker-test +run-name: Docker Test +on: + push: + branches: + - feature/public-registry +permissions: + packages: write + contents: read +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Java + uses: actions/setup-java@v3 + with: + distribution: "corretto" + java-version: 17 + - name: Tests + run: ./gradlew server:test + + publish-sdk-java: + runs-on: ubuntu-latest + needs: + - test + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Java + uses: actions/setup-java@v3 + with: + distribution: "corretto" + java-version: "11" + - name: Tests + run: ./gradlew sdk-java:test + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + - name: Generate KeyRing + run: | + gpg --keyring secring.gpg --export-secret-keys --passphrase ${{ secrets.GPG_PASSPHRASE }} --batch --yes --pinentry-mode=loopback > ~/.gnupg/secring.gpg + ls ~/.gnupg/ + - name: Publish + run: | + ./gradlew sdk-java:publish -Psigning.secretKeyRingFile=/home/runner/.gnupg/secring.gpg -Psigning.password=${{ secrets.GPG_PASSPHRASE }} -Psigning.keyId=${{ vars.GPG_KEY_ID }} -PossrhUsername=${{ secrets.OSSRH_USERNAME }} -PossrhPassword=${{ secrets.OSSRH_PASSWORD }} + echo Login at https://s01.oss.sonatype.org/ + + publish-sdk-python: + runs-on: ubuntu-latest + needs: + - test + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: "3.9" + - name: Install Dependencies + run: | + python -m pip install --upgrade pip setuptools wheel + pip install poetry + - name: Tests + working-directory: ./sdk-python + run: | + poetry install + poetry run python -m unittest -v + poetry build + - name: Publish Package + uses: pypa/gh-action-pypi-publish@v1.8.10 + with: + user: __token__ + password: ${{ secrets.PYPI_API_TOKEN }} + packages-dir: ./sdk-python/dist/ + + lh-server-docker-image: + runs-on: ubuntu-latest + needs: + - test + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Build and publish + uses: .github/actions/publish-image + with: + image-name: lh-server + dockerfile: docker/server/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} + + lh-standalone: + runs-on: ubuntu-latest + needs: + - test + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Build and publish + uses: .github/actions/publish-image + with: + image-name: lh-standalone + dockerfile: docker/standalone/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} + + lhctl: + runs-on: ubuntu-latest + needs: + - test + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Build and publish + uses: .github/actions/publish-image + with: + image-name: lhctl + dockerfile: docker/lhctl/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} + + lh-dashboard: + runs-on: ubuntu-latest + needs: + - test + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Build Dashboard + working-directory: ./dashboard + run: | + npm install pnpm --global + pnpm install + pnpm build + + - name: Build and publish + uses: .github/actions/publish-image + with: + image-name: lhctl + dockerfile: docker/lhctl/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 27ca9c6d20..69007ae05a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -2,12 +2,32 @@ name: publish run-name: Publish on: push: + branches: + - master + - feature/public-registry tags: - "[0-9]+.[0-9]+.[0-9]+*" # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet - +permissions: + packages: write + contents: read jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Java + uses: actions/setup-java@v3 + with: + distribution: "corretto" + java-version: 17 + - name: Tests + run: ./gradlew server:test + publish-sdk-java: runs-on: ubuntu-latest + needs: + - test steps: - name: Checkout uses: actions/checkout@v3 @@ -31,8 +51,11 @@ jobs: run: | ./gradlew sdk-java:publish -Psigning.secretKeyRingFile=/home/runner/.gnupg/secring.gpg -Psigning.password=${{ secrets.GPG_PASSPHRASE }} -Psigning.keyId=${{ vars.GPG_KEY_ID }} -PossrhUsername=${{ secrets.OSSRH_USERNAME }} -PossrhPassword=${{ secrets.OSSRH_PASSWORD }} echo Login at https://s01.oss.sonatype.org/ + publish-sdk-python: runs-on: ubuntu-latest + needs: + - test steps: - name: Checkout uses: actions/checkout@v3 @@ -56,79 +79,70 @@ jobs: user: __token__ password: ${{ secrets.PYPI_API_TOKEN }} packages-dir: ./sdk-python/dist/ - publish-docker-image: + + lh-server-docker-image: runs-on: ubuntu-latest + needs: + - test steps: - name: Checkout uses: actions/checkout@v3 - - name: Setup Java - uses: actions/setup-java@v3 + + - name: Build and publish + uses: .github/actions/publish-image with: - distribution: "corretto" - java-version: 17 + image-name: lh-server + dockerfile: docker/server/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} + + lh-standalone: + runs-on: ubuntu-latest + needs: + - test + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Build and publish + uses: .github/actions/publish-image + with: + image-name: lh-standalone + dockerfile: docker/standalone/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} + + lhctl: + runs-on: ubuntu-latest + needs: + - test + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Build and publish + uses: .github/actions/publish-image + with: + image-name: lhctl + dockerfile: docker/lhctl/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} + + lh-dashboard: + runs-on: ubuntu-latest + needs: + - test + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Build Dashboard working-directory: ./dashboard run: | npm install pnpm --global pnpm install pnpm build - - name: Tests - run: ./gradlew server:test - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 - role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} - role-duration-seconds: 1200 - - name: Login to Amazon ECR Public - id: login-ecr-public - uses: aws-actions/amazon-ecr-login@v1 + + - name: Build and publish + uses: .github/actions/publish-image with: - mask-password: "true" - registry-type: public - - name: Push Server Image to Amazon ECR - env: - ECR_REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} - ECR_REGISTRY_ALIAS: littlehorse - ECR_REPOSITORY: lh-server - IMAGE_TAG: ${{ github.ref_name }} - run: | - docker build -f docker/server/Dockerfile -t $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG . - docker tag $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest - - name: Push Standalone Image to Amazon ECR - env: - ECR_REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} - ECR_REGISTRY_ALIAS: littlehorse - ECR_REPOSITORY: lh-standalone - IMAGE_TAG: ${{ github.ref_name }} - run: | - docker build -f docker/standalone/Dockerfile -t $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG . - docker tag $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest - - name: Push lhctl CLI Image to Amazon ECR - env: - ECR_REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} - ECR_REGISTRY_ALIAS: littlehorse - ECR_REPOSITORY: lhctl - IMAGE_TAG: ${{ github.ref_name }} - run: | - docker build -f docker/lhctl/Dockerfile -t $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG . - docker tag $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest - - name: Push Dashboard Image to Amazon ECR - env: - ECR_REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} - ECR_REGISTRY_ALIAS: littlehorse - ECR_REPOSITORY: lh-dashboard - IMAGE_TAG: ${{ github.ref_name }} - run: | - docker build -f docker/dashboard/Dockerfile -t $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG . - docker tag $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest + image-name: lhctl + dockerfile: docker/lhctl/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }}