From d5f6bc1926ae4123dd285f4fcd459fb4001b01a4 Mon Sep 17 00:00:00 2001 From: Denys Vuika Date: Thu, 16 Mar 2023 14:15:54 +0000 Subject: [PATCH 1/3] rework docker publishing actions --- .github/actions/get-image-tag/action.yml | 21 ++++++++++++++ .github/actions/publish-image/action.yml | 37 ++++++++++++++++-------- .github/workflows/release.yml | 5 ++-- scripts/gh/docker-publish.sh | 26 ----------------- 4 files changed, 48 insertions(+), 41 deletions(-) create mode 100644 .github/actions/get-image-tag/action.yml delete mode 100755 scripts/gh/docker-publish.sh diff --git a/.github/actions/get-image-tag/action.yml b/.github/actions/get-image-tag/action.yml new file mode 100644 index 0000000000..d3b8f6aaa8 --- /dev/null +++ b/.github/actions/get-image-tag/action.yml @@ -0,0 +1,21 @@ +name: "Get Image Tag" +description: "Generates a tag for Docker image" + +inputs: + branch_name: + description: 'Name of the branch the workflow runs on' + required: true + type: string + +runs: + using: "composite" + steps: + - name: Get docker image tag name + shell: bash + run: | + if [[ "${{ inputs.branch_name }}" == "master" ]]; then + TAG_VERSION="$(jq -cr '.version' < package.json)" + else + TAG_VERSION="${{ inputs.branch_name }}-${{ github.run_id }},{{ inputs.branch_name }}" + fi + echo "TAG_VERSION=$TAG_VERSION" >> $GITHUB_ENV diff --git a/.github/actions/publish-image/action.yml b/.github/actions/publish-image/action.yml index 143ae936d9..bacd001bdd 100644 --- a/.github/actions/publish-image/action.yml +++ b/.github/actions/publish-image/action.yml @@ -1,9 +1,9 @@ name: "Publish Docker Images" -description: "Publish Docker image to quay.io or dockerhub or another domain - only publish the version on master - elsewhere version and branch" +description: "Publish Docker Image to the provided registry" inputs: - domain: - description: 'domain to publish image to' + registry: + description: 'Docker registry' required: true type: string username: @@ -26,15 +26,28 @@ inputs: runs: using: "composite" steps: - - name: Get docker image tag name + - name: Login to Docker Registry + uses: docker/login-action@v2 + with: + registry: ${{ inputs.registry }} + username: ${{ inputs.username }} + password: ${{ inputs.password }} + + - name: Get Tag + uses: ./.github/actions/get-image-tag + with: + branch_name: ${{ inputs.branch_name }} + + - name: Publish shell: bash run: | - if [[ "${{ inputs.branch_name }}" == "master" ]]; then - TAG_VERSION=$(jq -cr '.version' < package.json) - else - TAG_VERSION=${{ inputs.branch_name }}-${{ github.run_id }} + if [[ "${{ inputs.dry-run }}" != "true" ]]; then + npm ci && npm run build.release + echo "Running the docker with tag $TAG_VERSION" + + npx @alfresco/adf-cli docker-publish \ + --dockerRepo "${{ inputs.registry }}/alfresco/alfresco-content-app" \ + --buildArgs "PROJECT_NAME=content-ce" \ + --dockerTags "$TAG_VERSION" \ + --pathProject "$(pwd)" fi - echo "TAG_VERSION=$TAG_VERSION" >> $GITHUB_ENV - - name: Publish image - shell: bash - run: ./scripts/gh/docker-publish.sh "${{ inputs.domain }}" "$REPO_SLUG" "${{ inputs.username }}" "${{ inputs.password }}" "$TAG_VERSION" "${{ inputs.branch_name }}" "${{ inputs.dry-run }}" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c7764119bd..379bd9aacd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -34,7 +34,6 @@ env: APP_CONFIG_OAUTH2_REDIRECT_LOGOUT: / APP_CONFIG_OAUTH2_REDIRECT_LOGIN: / APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/assets/silent-refresh.html" - REPO_SLUG: "alfresco/alfresco-content-app" NPM_REGISTRY_ADDRESS: ${{ secrets.NPM_REGISTRY_ADDRESS }} @@ -57,7 +56,7 @@ jobs: uses: ./.github/actions/publish-image with: branch_name: ${{ env.BRANCH_NAME }} - domain: quay.io + registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_PASSWORD }} dry-run: ${{ inputs.dry-run-release }} @@ -80,7 +79,7 @@ jobs: uses: ./.github/actions/publish-image with: branch_name: ${{ env.BRANCH_NAME }} - domain: docker.io + registry: docker.io username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} dry-run: ${{ inputs.dry-run-release }} diff --git a/scripts/gh/docker-publish.sh b/scripts/gh/docker-publish.sh deleted file mode 100755 index 49d03d6144..0000000000 --- a/scripts/gh/docker-publish.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -e - -DOMAIN="$1" -REPO_SLUG="$2" -USERNAME="$3" -PASSWORD="$4" -TAG_VERSION="$5" -BRANCH_NAME="$6" -DRY_RUN="$7" - -npm ci && npm run build.release - -echo "Running the docker with tag" $TAG_VERSION -DOCKER_PROJECT_ARGS="PROJECT_NAME=content-ce" -DOCKER_REPOSITORY="$DOMAIN/$REPO_SLUG" - -# Publish Image to quay.io or dockerhub or another domain - only publish the version on master - elsewhere version and branch -if [[ "$BRANCH_NAME" == "master" ]]; then - if [[ "$DRY_RUN" != "true" ]]; then - npx @alfresco/adf-cli docker-publish --loginCheck --loginUsername "$USERNAME" --loginPassword "$PASSWORD" --loginRepo "$DOMAIN" --dockerRepo "$DOCKER_REPOSITORY" --buildArgs "$DOCKER_PROJECT_ARGS" --dockerTags "$TAG_VERSION" --pathProject "$(pwd)" - fi; -else - if [[ "$DRY_RUN" != "true" ]]; then - npx @alfresco/adf-cli docker-publish --loginCheck --loginUsername "$USERNAME" --loginPassword "$PASSWORD" --loginRepo "$DOMAIN" --dockerRepo "$DOCKER_REPOSITORY" --buildArgs "$DOCKER_PROJECT_ARGS" --dockerTags "$TAG_VERSION,$BRANCH_NAME" --pathProject "$(pwd)" - fi; -fi; From 7d699985ad86f7c926fe71d4d489486e97d9f74a Mon Sep 17 00:00:00 2001 From: Denys Vuika Date: Thu, 16 Mar 2023 14:44:09 +0000 Subject: [PATCH 2/3] simplify steps --- .github/actions/publish-image/action.yml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/.github/actions/publish-image/action.yml b/.github/actions/publish-image/action.yml index bacd001bdd..a78f54ea59 100644 --- a/.github/actions/publish-image/action.yml +++ b/.github/actions/publish-image/action.yml @@ -39,15 +39,14 @@ runs: branch_name: ${{ inputs.branch_name }} - name: Publish + if: ${{ github.event.inputs.dry-run != 'true' }} shell: bash run: | - if [[ "${{ inputs.dry-run }}" != "true" ]]; then - npm ci && npm run build.release - echo "Running the docker with tag $TAG_VERSION" + npm ci && npm run build.release + echo "Running the docker with tag $TAG_VERSION" - npx @alfresco/adf-cli docker-publish \ - --dockerRepo "${{ inputs.registry }}/alfresco/alfresco-content-app" \ - --buildArgs "PROJECT_NAME=content-ce" \ - --dockerTags "$TAG_VERSION" \ - --pathProject "$(pwd)" - fi + npx @alfresco/adf-cli docker-publish \ + --dockerRepo "${{ inputs.registry }}/alfresco/alfresco-content-app" \ + --buildArgs "PROJECT_NAME=content-ce" \ + --dockerTags "$TAG_VERSION" \ + --pathProject "$(pwd)" From 160852e58c76d89f92844e6081a3761aa0d72bc9 Mon Sep 17 00:00:00 2001 From: Denys Vuika Date: Thu, 16 Mar 2023 17:04:29 +0000 Subject: [PATCH 3/3] rollback AWS credentials --- .github/actions/download-job-artifact/action.yml | 2 +- .github/actions/upload-job-artifact/action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/download-job-artifact/action.yml b/.github/actions/download-job-artifact/action.yml index 232fb260ab..c5c299dd5c 100644 --- a/.github/actions/download-job-artifact/action.yml +++ b/.github/actions/download-job-artifact/action.yml @@ -27,7 +27,7 @@ runs: using: "composite" steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id: ${{ inputs.aws-access-key-id }} aws-secret-access-key: ${{ inputs.aws-secret-access-key }} diff --git a/.github/actions/upload-job-artifact/action.yml b/.github/actions/upload-job-artifact/action.yml index 045e981c03..008ee83f61 100644 --- a/.github/actions/upload-job-artifact/action.yml +++ b/.github/actions/upload-job-artifact/action.yml @@ -27,7 +27,7 @@ runs: using: "composite" steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id: ${{ inputs.aws-access-key-id }} aws-secret-access-key: ${{ inputs.aws-secret-access-key }}