From de2a575675ed1c3e69aa2f8cc23a05bfc8121d03 Mon Sep 17 00:00:00 2001 From: Mijail Rondon Date: Mon, 22 Jan 2024 10:35:20 -0500 Subject: [PATCH] ci(registry): use github public docker registry --- .github/actions/publish-image/action.yml | 47 ++++++ .github/workflows/publish.yml | 185 ++++++++++++++-------- .github/workflows/test-docker.yml | 187 +++++++++++++++++++++++ docker/server/Dockerfile | 7 +- docker/standalone/Dockerfile | 12 +- 5 files changed, 358 insertions(+), 80 deletions(-) create mode 100644 .github/actions/publish-image/action.yml create mode 100644 .github/workflows/test-docker.yml diff --git a/.github/actions/publish-image/action.yml b/.github/actions/publish-image/action.yml new file mode 100644 index 0000000000..f0dd00b4d7 --- /dev/null +++ b/.github/actions/publish-image/action.yml @@ -0,0 +1,47 @@ +name: Build and publish docker images +description: Builds and publish docker images to github registry +inputs: + github-token: + description: Github secret secrets.GITHUB_TOKEN + required: true + image-name: + description: Image name for example lh-server + required: true + context: + description: Docker build context path + default: . + dockerfile: + description: Relative route of Dockerfile + required: true + +runs: + using: composite + steps: + - name: Log in to github registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ inputs.github-token }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/${{ github.repository }}/${{ inputs.image-name }} + + - name: Build and push Docker images + uses: docker/build-push-action@v5 + with: + context: ${{ inputs.context }} + file: ${{ inputs.dockerfile }} + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 27ca9c6d20..2a97511dea 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -4,10 +4,33 @@ on: push: tags: - "[0-9]+.[0-9]+.[0-9]+*" # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet - +permissions: + packages: write + contents: read jobs: - publish-sdk-java: + build-server: runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Java + uses: actions/setup-java@v3 + with: + distribution: "corretto" + java-version: 17 + + - name: Tests and Build + run: ./gradlew server:test server:shadowJar + + - uses: actions/upload-artifact@v4 + with: + name: server-jar + path: server/build/libs/server-*-all.jar + + sdk-java: + runs-on: ubuntu-latest + needs: + - test steps: - name: Checkout uses: actions/checkout@v3 @@ -31,8 +54,11 @@ jobs: run: | ./gradlew sdk-java:publish -Psigning.secretKeyRingFile=/home/runner/.gnupg/secring.gpg -Psigning.password=${{ secrets.GPG_PASSPHRASE }} -Psigning.keyId=${{ vars.GPG_KEY_ID }} -PossrhUsername=${{ secrets.OSSRH_USERNAME }} -PossrhPassword=${{ secrets.OSSRH_PASSWORD }} echo Login at https://s01.oss.sonatype.org/ - publish-sdk-python: + + sdk-python: runs-on: ubuntu-latest + needs: + - test steps: - name: Checkout uses: actions/checkout@v3 @@ -56,79 +82,106 @@ jobs: user: __token__ password: ${{ secrets.PYPI_API_TOKEN }} packages-dir: ./sdk-python/dist/ - publish-docker-image: + + lh-server: runs-on: ubuntu-latest + needs: + - test steps: - name: Checkout uses: actions/checkout@v3 - - name: Setup Java - uses: actions/setup-java@v3 + + - name: Dowload Server Jar artifact + uses: actions/download-artifact@v4 with: - distribution: "corretto" - java-version: 17 + name: server-jar + path: server/build/libs/ + + - name: Build and publish + uses: ./.github/actions/publish-image + with: + image-name: lh-server + dockerfile: docker/server/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} + + lhctl: + runs-on: ubuntu-latest + needs: + - test + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Build and publish + uses: ./.github/actions/publish-image + with: + image-name: lhctl + dockerfile: docker/lhctl/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} + + dashboard-build: + runs-on: ubuntu-latest + needs: + - test + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Build Dashboard working-directory: ./dashboard run: | npm install pnpm --global pnpm install pnpm build - - name: Tests - run: ./gradlew server:test - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v2 + - uses: actions/upload-artifact@v4 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 - role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} - role-duration-seconds: 1200 - - name: Login to Amazon ECR Public - id: login-ecr-public - uses: aws-actions/amazon-ecr-login@v1 + name: nextjs + path: dashboard/apps/web/.next + + lh-dashboard: + runs-on: ubuntu-latest + needs: + - dashboard-build + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Dowload NextJS artifact + uses: actions/download-artifact@v4 with: - mask-password: "true" - registry-type: public - - name: Push Server Image to Amazon ECR - env: - ECR_REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} - ECR_REGISTRY_ALIAS: littlehorse - ECR_REPOSITORY: lh-server - IMAGE_TAG: ${{ github.ref_name }} - run: | - docker build -f docker/server/Dockerfile -t $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG . - docker tag $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest - - name: Push Standalone Image to Amazon ECR - env: - ECR_REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} - ECR_REGISTRY_ALIAS: littlehorse - ECR_REPOSITORY: lh-standalone - IMAGE_TAG: ${{ github.ref_name }} - run: | - docker build -f docker/standalone/Dockerfile -t $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG . - docker tag $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest - - name: Push lhctl CLI Image to Amazon ECR - env: - ECR_REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} - ECR_REGISTRY_ALIAS: littlehorse - ECR_REPOSITORY: lhctl - IMAGE_TAG: ${{ github.ref_name }} - run: | - docker build -f docker/lhctl/Dockerfile -t $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG . - docker tag $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest - - name: Push Dashboard Image to Amazon ECR - env: - ECR_REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} - ECR_REGISTRY_ALIAS: littlehorse - ECR_REPOSITORY: lh-dashboard - IMAGE_TAG: ${{ github.ref_name }} - run: | - docker build -f docker/dashboard/Dockerfile -t $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG . - docker tag $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:latest + name: nextjs + path: dashboard/apps/web/.next + + - name: Build and publish + uses: ./.github/actions/publish-image + with: + image-name: lhctl + dockerfile: docker/lhctl/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} + + lh-standalone: + runs-on: ubuntu-latest + needs: + - dashboard-build + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Dowload NextJS artifact + uses: actions/download-artifact@v4 + with: + name: nextjs + path: dashboard/apps/web/.next + + - name: Dowload Server Jar artifact + uses: actions/download-artifact@v4 + with: + name: server-jar + path: server/build/libs/ + + - name: Build and publish + uses: ./.github/actions/publish-image + with: + image-name: lh-standalone + dockerfile: docker/standalone/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/test-docker.yml b/.github/workflows/test-docker.yml new file mode 100644 index 0000000000..4c343c6bd2 --- /dev/null +++ b/.github/workflows/test-docker.yml @@ -0,0 +1,187 @@ +name: test-docker +run-name: Test Docker +on: + push: + branches: + - feature/public-registry +permissions: + packages: write + contents: read +jobs: + build-server: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Java + uses: actions/setup-java@v3 + with: + distribution: "corretto" + java-version: 17 + + - name: Tests and Build + run: ./gradlew server:test server:shadowJar + + - uses: actions/upload-artifact@v4 + with: + name: server-jar + path: server/build/libs/server-*-all.jar + + # sdk-java: + # runs-on: ubuntu-latest + # needs: + # - test + # steps: + # - name: Checkout + # uses: actions/checkout@v3 + # - name: Setup Java + # uses: actions/setup-java@v3 + # with: + # distribution: "corretto" + # java-version: "11" + # - name: Tests + # run: ./gradlew sdk-java:test + # - name: Import GPG key + # uses: crazy-max/ghaction-import-gpg@v5 + # with: + # gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + # passphrase: ${{ secrets.GPG_PASSPHRASE }} + # - name: Generate KeyRing + # run: | + # gpg --keyring secring.gpg --export-secret-keys --passphrase ${{ secrets.GPG_PASSPHRASE }} --batch --yes --pinentry-mode=loopback > ~/.gnupg/secring.gpg + # ls ~/.gnupg/ + # - name: Publish + # run: | + # ./gradlew sdk-java:publish -Psigning.secretKeyRingFile=/home/runner/.gnupg/secring.gpg -Psigning.password=${{ secrets.GPG_PASSPHRASE }} -Psigning.keyId=${{ vars.GPG_KEY_ID }} -PossrhUsername=${{ secrets.OSSRH_USERNAME }} -PossrhPassword=${{ secrets.OSSRH_PASSWORD }} + # echo Login at https://s01.oss.sonatype.org/ + + # sdk-python: + # runs-on: ubuntu-latest + # needs: + # - test + # steps: + # - name: Checkout + # uses: actions/checkout@v3 + # - name: Set up Python + # uses: actions/setup-python@v4 + # with: + # python-version: "3.9" + # - name: Install Dependencies + # run: | + # python -m pip install --upgrade pip setuptools wheel + # pip install poetry + # - name: Tests + # working-directory: ./sdk-python + # run: | + # poetry install + # poetry run python -m unittest -v + # poetry build + # - name: Publish Package + # uses: pypa/gh-action-pypi-publish@v1.8.10 + # with: + # user: __token__ + # password: ${{ secrets.PYPI_API_TOKEN }} + # packages-dir: ./sdk-python/dist/ + + lh-server: + runs-on: ubuntu-latest + needs: + - test + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Dowload Server Jar artifact + uses: actions/download-artifact@v4 + with: + name: server-jar + path: server/build/libs/ + + - name: Build and publish + uses: ./.github/actions/publish-image + with: + image-name: lh-server + dockerfile: docker/server/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} + + lhctl: + runs-on: ubuntu-latest + needs: + - test + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Build and publish + uses: ./.github/actions/publish-image + with: + image-name: lhctl + dockerfile: docker/lhctl/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} + + dashboard-build: + runs-on: ubuntu-latest + needs: + - test + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Build Dashboard + working-directory: ./dashboard + run: | + npm install pnpm --global + pnpm install + pnpm build + - uses: actions/upload-artifact@v4 + with: + name: nextjs + path: dashboard/apps/web/.next + + lh-dashboard: + runs-on: ubuntu-latest + needs: + - dashboard-build + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Dowload NextJS artifact + uses: actions/download-artifact@v4 + with: + name: nextjs + path: dashboard/apps/web/.next + + - name: Build and publish + uses: ./.github/actions/publish-image + with: + image-name: lhctl + dockerfile: docker/lhctl/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} + + lh-standalone: + runs-on: ubuntu-latest + needs: + - dashboard-build + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Dowload NextJS artifact + uses: actions/download-artifact@v4 + with: + name: nextjs + path: dashboard/apps/web/.next + + - name: Dowload Server Jar artifact + uses: actions/download-artifact@v4 + with: + name: server-jar + path: server/build/libs/ + + - name: Build and publish + uses: ./.github/actions/publish-image + with: + image-name: lh-standalone + dockerfile: docker/standalone/Dockerfile + github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/docker/server/Dockerfile b/docker/server/Dockerfile index e37bb91503..57e354320a 100644 --- a/docker/server/Dockerfile +++ b/docker/server/Dockerfile @@ -1,12 +1,7 @@ -FROM gradle:8 as builder -WORKDIR /lh -COPY . /lh -RUN gradle server:shadowJar -x test - FROM amazoncorretto:17 RUN mkdir /lh COPY ./docker/server/docker-entrypoint.sh /lh COPY ./docker/server/log4j2.properties /lh -COPY --from=builder /lh/server/build/libs/server-*-all.jar /lh/server.jar +COPY ./server/build/libs/server-*-all.jar /lh/server.jar ENTRYPOINT ["/lh/docker-entrypoint.sh"] CMD ["server"] diff --git a/docker/standalone/Dockerfile b/docker/standalone/Dockerfile index 8c2304fc9a..894ea009e5 100644 --- a/docker/standalone/Dockerfile +++ b/docker/standalone/Dockerfile @@ -1,8 +1,3 @@ -FROM gradle:8 as builder -WORKDIR /lh -COPY . /lh -RUN gradle server:shadowJar -x test - FROM ubuntu:22.04 LABEL maintainer="engineering@littlehorse.io" @@ -26,7 +21,6 @@ COPY ./docker/standalone/dashboard-entrypoint.sh /lh COPY ./docker/standalone/docker-entrypoint.sh /lh COPY ./docker/standalone/log4j2.properties /lh -COPY ./dashboard /lh/dashboard WORKDIR /lh/dashboard ENV NODE_ENV=production EXPOSE 8080 @@ -34,10 +28,12 @@ EXPOSE 8080 COPY ./dashboard/apps/web/.next/standalone ./ COPY ./dashboard/apps/web/.next/static ./apps/web/.next/static COPY ./dashboard/apps/web/public ./apps/web/public -COPY ./docker/dashboard/docker-entrypoint.sh ./ WORKDIR / -COPY --from=builder /lh/server/build/libs/server-*-all.jar /lh/server.jar +COPY ./server/build/libs/server-*-all.jar /lh/server.jar + +ENV LHD_API_HOST=localhost +ENV LHD_API_PORT=2023 ENTRYPOINT ["/lh/docker-entrypoint.sh"]