From 61f6b11183d823fcbb16ff03cd65e716002b2cf3 Mon Sep 17 00:00:00 2001 From: chgl Date: Sat, 28 Oct 2023 21:58:55 +0200 Subject: [PATCH] Updated ci deps and test pushing image to ghcr.io --- .github/workflows/build-images.yaml | 42 +++++++++++++++++--------- .github/workflows/chart-release.yaml | 8 ++++- .github/workflows/chart-test.yaml | 4 ++- .github/workflows/maven.yml | 10 +++---- .github/workflows/smoke-tests.yml | 44 ++++++++++++++-------------- 5 files changed, 65 insertions(+), 43 deletions(-) diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml index 625bd340d1b..94b2e285740 100644 --- a/.github/workflows/build-images.yaml +++ b/.github/workflows/build-images.yaml @@ -10,27 +10,33 @@ on: branches: [master] paths-ignore: - "charts/**" + +permissions: read-all + env: - IMAGES: docker.io/hapiproject/hapi + IMAGES: | + ghcr.io/${{ github.repository }} + # docker.io/hapiproject/hapi PLATFORMS: linux/amd64,linux/arm64/v8 jobs: build: name: Build runs-on: ubuntu-22.04 + permissions: + packages: write steps: - name: Container meta for default (distroless) image id: docker_meta - uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5 + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 with: images: ${{ env.IMAGES }} tags: | type=match,pattern=image-(.*),group=1,enable=${{github.event_name != 'pull_request'}} - - name: Container meta for tomcat image id: docker_tomcat_meta - uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5 + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 with: images: ${{ env.IMAGES }} tags: | @@ -39,20 +45,28 @@ jobs: suffix=-tomcat,onlatest=true - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3 + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3 + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + # - name: Login to DockerHub + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + # if: github.event_name != 'pull_request' + # with: + # username: ${{ secrets.DOCKERHUB_USERNAME }} + # password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to DockerHub - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3 - if: github.event_name != 'pull_request' + - name: Login to GitHub Container Registry + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + if: ${{ github.event_name != 'pull_request' }} with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ github.token }} - name: Cache Docker layers - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.sha }} @@ -61,7 +75,7 @@ jobs: - name: Build and push default (distroless) image id: docker_build - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5 + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 with: cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache @@ -73,7 +87,7 @@ jobs: - name: Build and push tomcat image id: docker_build_tomcat - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5 + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 with: cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml index b0f36f440e0..83906a756ae 100644 --- a/.github/workflows/chart-release.yaml +++ b/.github/workflows/chart-release.yaml @@ -7,16 +7,22 @@ on: paths: - "charts/**" +permissions: read-all + jobs: release: runs-on: ubuntu-22.04 + permissions: + contents: write + # if we deice to push the chart to ghcr.io as well, uncomment the following: + # packages: write steps: - name: Add workspace as safe directory run: | git config --global --add safe.directory /__w/hapi-fhir-jpaserver-starter/hapi-fhir-jpaserver-starter - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 90e5cf955cc..f33cb16414e 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -7,6 +7,8 @@ on: paths: - "charts/**" +permissions: read-all + jobs: lint: runs-on: ubuntu-22.04 @@ -27,7 +29,7 @@ jobs: git config --global --add safe.directory /__w/hapi-fhir-jpaserver-starter/hapi-fhir-jpaserver-starter - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 38458e619e8..2f00f8919e0 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -14,15 +14,15 @@ on: paths-ignore: - "charts/**" +permissions: read-all + jobs: build: - - runs-on: ubuntu-latest - + runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up JDK 17 - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: distribution: temurin java-version: 17 diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index ec71f3314ea..1c7d250f8c3 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -6,34 +6,34 @@ name: Smoke Tests on: push: branches: - - '**' + - "**" paths-ignore: - "charts/**" pull_request: - branches: [ master ] + branches: [master] paths-ignore: - "charts/**" +permissions: read-all + jobs: build_and_smoke_test: - - runs-on: ubuntu-latest - + runs-on: ubuntu-22.04 steps: - - name: Checkout project - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - - name: Set up JDK 17 - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 - with: - distribution: temurin - java-version: 17 - - name: Build with Maven - run: mvn -B package --file pom.xml -Dmaven.test.skip=true - - name: Docker Pull HTTP client - run: docker pull jetbrains/intellij-http-client - - name: Start server with jetty - run: | - mvn jetty:run & export JPA_PROCESS=$! - sleep 80 - - name: Execute smoke tests - run: docker run --rm -v $PWD:/workdir --add-host host.docker.internal:host-gateway jetbrains/intellij-http-client -D src/test/smoketest/plain_server.http --env-file src/test/smoketest/http-client.env.json --env default + - name: Checkout project + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Set up JDK 17 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + with: + distribution: temurin + java-version: 17 + - name: Build with Maven + run: mvn -B package --file pom.xml -Dmaven.test.skip=true + - name: Docker Pull HTTP client + run: docker pull jetbrains/intellij-http-client + - name: Start server with jetty + run: | + mvn jetty:run & export JPA_PROCESS=$! + sleep 80 + - name: Execute smoke tests + run: docker run --rm -v $PWD:/workdir --add-host host.docker.internal:host-gateway jetbrains/intellij-http-client -D src/test/smoketest/plain_server.http --env-file src/test/smoketest/http-client.env.json --env default