From 230bd1f5dbc0a4a2b3d22ff25972bf80a6320b7c Mon Sep 17 00:00:00 2001 From: Luc DUZAN Date: Tue, 13 Feb 2024 12:00:17 +0100 Subject: [PATCH] Publish docker image --- .github/workflows/build-docker.yml | 153 +++++++++++++++++++++++++++++ .github/workflows/ci.yml | 4 +- .github/workflows/release.yml | 146 +++++++++++++++++++++++++++ 3 files changed, 301 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/build-docker.yml create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml new file mode 100644 index 0000000..6f77609 --- /dev/null +++ b/.github/workflows/build-docker.yml @@ -0,0 +1,153 @@ +name: CI Platform / Build Docker Images + +on: + workflow_call: + inputs: + image_tags: + required: true + type: string + description: (string) Image tags to build in docker/metadata-action format + release: + required: false + type: boolean + description: (bool) Whether this is a release or not + default: false + amd64_artifact_name: + description: "(string) AMD64 Artifact name" + type: string + required: true + arm64_artifact_name: + description: "(string) ARM64 Artifact name" + type: string + required: true + outputs: + all_conduktor_tags: + description: (json string) All conduktor ctl image tags built (in format repo/namespace/image:tag) + value: ${{ jobs.build-platform-docker.outputs.all_tags }} + ghcr_conduktor_tags: + description: (json string) All conduktor ctl GHCR image tags (in format ghcr.io/namespace/image:tag) + value: ${{ jobs.build-platform-docker.outputs.ghcr_tags }} + ghcr_conduktor_digest: + description: (string) Only the first conduktor ctl GHCR image digest (in format ghcr.io/namespace/image@sha256:digest) + value: ${{ jobs.build-platform-docker.outputs.ghcr_digest }} + harbor_conduktor_tags: + description: (json string) Only the first conduktor image tags (in format harbor.cdkt.dev/namespace/image:tag) + value: ${{ jobs.build-platform-docker.outputs.harbor_tags }} + harbor_conduktor_digest: + description: (string) Only the first conduktor image digest (in format harbor.cdkt.dev/namespace/image@sha256:digest) + value: ${{ jobs.build-platform-docker.outputs.harbor_digest }} +env: + GHCR_REGISTRY: "ghcr.io" + HARBOR_REGISTRY: "harbor.cdkt.dev" + NAMESPACE: "conduktor" + LABEL_IMAGE_AUTHORS: "Conduktor " + LABEL_IMAGE_DOCUMENTATION: "https://docs.conduktor.io/conduktor" + LABEL_IMAGE_VENDOR: "Conduktor.io" + +jobs: + + build-platform-docker: + name: Build Platform Docker + runs-on: [cdk-standard] + outputs: + all_tags: ${{ toJson(steps.docker_meta.outputs.tags) }} + ghcr_tags: ${{ toJson(steps.output_image_tag.outputs.ghcr_tags) }} + ghcr_digest: ${{ steps.output_image_tag.outputs.ghcr_digest }} + harbor_tags: ${{ toJson(steps.output_image_tag.outputs.harbor_tags) }} + harbor_digest: ${{ steps.output_image_tag.outputs.harbor_digest }} + permissions: + id-token: write + contents: read + env: + PLATFORM_IMAGE: "conduktorctl" + GHCR_IMAGE: "ghcr.io/conduktor/conduktorctl" + HARBOR_IMAGE: "harbor.cdkt.dev/conduktor/conduktorctl" + LABEL_IMAGE_TITLE: "Conduktor ctl" + LABEL_IMAGE_DESCRIPTION: "Conduktor command line tools" + LABEL_IMAGE_URL: "https://hub.docker.com/r/conduktor/conduktorctl" + steps: + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + version: v0.9.1 + install: true + platforms: linux/amd64,linux/arm64 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: linux/amd64,linux/arm64 + + - name: Docker multi registries configuration + id: docker_meta + uses: conduktor/conduktor-actions/docker-multi-registries@v1.1 + with: + image-name: | + ${{ env.PLATFORM_IMAGE }} + conduktor-console + namespace: ${{ env.NAMESPACE }} + tags: ${{ inputs.image_tags }} + labels: | + org.opencontainers.image.title=${{ env.LABEL_IMAGE_TITLE }} + org.opencontainers.image.description=${{ env.LABEL_IMAGE_DESCRIPTION }} + org.opencontainers.image.authors=${{ env.LABEL_IMAGE_AUTHORS }} + org.opencontainers.image.documentation=${{ env.LABEL_IMAGE_DOCUMENTATION }} + org.opencontainers.image.vendor=${{ env.LABEL_IMAGE_VENDOR }} + org.opencontainers.image.url=${{ env.LABEL_IMAGE_URL }} + - name: Buildx builder + id: buildx + shell: bash + run: | + # Purge existing builder before creating a new one to avoid conflicts + docker buildx rm conduktorctl || true + docker buildx create --driver docker-container --name conduktorctl --platform "linux/amd64,linux/arm64" --use + echo "name=conduktorctl" >> "${GITHUB_OUTPUT}" + echo "platforms=linux/amd64,linux/arm64" >> "${GITHUB_OUTPUT}" + + - name: Build ${{ env.PLATFORM_IMAGE }} for ${{ steps.buildx.outputs.platforms }} + id: build + uses: docker/build-push-action@v5 + with: + context: . + platforms: ${{ steps.buildx.outputs.platforms }} + builder: ${{ steps.buildx.outputs.name }} + pull: true + push: true + file: docker/Dockerfile + tags: ${{ steps.docker_meta.outputs.tags }} + labels: ${{ steps.docker_meta.outputs.labels }} + cache-from: type=registry,ref=${{env.HARBOR_IMAGE}}:main + cache-to: type=inline,mode=min + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Output conduktorctl image + id: output_image_tag + shell: bash + run: | + # multi-line output tips https://github.com/orgs/community/discussions/26288#discussioncomment-3876281 + + ghcr_tags=$(echo "${{ steps.docker_meta.outputs.tags }}" | grep "ghcr.io" || true) + if [[ -z "${ghcr_tags}" ]]; then + echo -e "ghcr_tags=" >> "${GITHUB_OUTPUT}" + echo -e "ghcr_digest=" >> "${GITHUB_OUTPUT}" + else + delimiter1="$(openssl rand -hex 8)" + echo -e "ghcr_tags<<${delimiter1}\n${ghcr_tags}\n${delimiter1}" >> "${GITHUB_OUTPUT}" + echo "ghcr_digest=${{env.GHCR_IMAGE}}@${{ steps.build.outputs.digest }}" >> "${GITHUB_OUTPUT}" + fi + + harbor_tags=$(echo "${{ steps.docker_meta.outputs.tags }}" | grep "harbor.cdkt.dev" || true) + if [[ -z "${harbor_tags}" ]]; then + echo -e "harbor_tags=" >> "${GITHUB_OUTPUT}" + echo -e "harbor_digest=" >> "${GITHUB_OUTPUT}" + else + delimiter2="$(openssl rand -hex 8)" + echo -e "harbor_tags<<${delimiter2}\n${harbor_tags}\n${delimiter2}" >> "${GITHUB_OUTPUT}" + echo "harbor_digest=${{env.HARBOR_IMAGE}}@${{ steps.build.outputs.digest }}" >> "${GITHUB_OUTPUT}" + fi + + echo "Outputs ${GITHUB_OUTPUT}" + echo "-------" + cat "${GITHUB_OUTPUT}" + echo "-------" \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 17b1272..6258f28 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,7 +3,7 @@ on: types: [opened, reopened, synchronize, labeled] jobs: unit-test: - runs-on: cdk-large + runs-on: cdk-standard steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v4 @@ -12,7 +12,7 @@ jobs: - name: go test run: go test ./... integration-test: - runs-on: cdk-large + runs-on: cdk-standard steps: - uses: actions/checkout@v3 - name: run test diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..bf3f877 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,146 @@ +name: Release +run-name: ${{ github.event.release.prerelease == true && 'Pre-' || '' }}Release ${{ github.event.release.tag_name }} by ${{ github.actor }} + +on: + release: + types: [published] +jobs: + tags: + name: List tags to be created + runs-on: cdk-standard + outputs: + image_tags: ${{ steps.image_tag.outputs.tags }} + version: ${{ steps.image_tag.outputs.version }} + is_latest: ${{ steps.image_tag.outputs.is_latest }} + is_prerelease: ${{ steps.image_tag.outputs.is_prerelease }} + steps: + - name: Debug tags + shell: bash + run: | + echo "----------------------------" + echo "GITHUB_REF : ${GITHUB_REF}" + echo "GITHUB_REF_NAME: ${GITHUB_REF_NAME}" + echo "GITHUB_REF_TYPE : ${GITHUB_REF_TYPE}" + echo "----------------------------" + echo "Release event : " + echo " name :${{ github.event.release.name }}" + echo " tag_name :${{ github.event.release.tag_name }}" + echo " target_commitish:${{ github.event.release.target_commitish }}" + echo " prerelease:${{ github.event.release.prerelease }}" + echo " draft:${{ github.event.release.draft }}" + + - name: Parse version from tag + id: version + uses: release-kit/semver@v2 + with: + string: '${{ github.event.release.tag_name }}' + + - name: Set release tag + if: ${{ github.event.release }} + shell: bash + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + latest_release_version=$(gh release view -R ${{ github.repository }} --json tagName -q .tagName) + echo "Latest release is ${latest_release}" + is_latest=$(test "${{ github.event.release.tag_name }}" == "${latest_release_version}" && echo true || echo false) + + echo "RELEASE_TAG=${{ steps.version.outputs.full }}" >> $GITHUB_ENV + echo "IS_LATEST=${is_latest}" >> $GITHUB_ENV + + - name: Pre-release check + shell: bash + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "Check consistency between pre-release Github flag and git tag name" + if [[ ${{ github.event.release.prerelease }} == true && "${{ steps.version.outputs.prerelease }}" == "" ]]; then + echo "Empty pre-release tag need a git tag like major.minor.patch-" + exit 1 + fi + if [[ ${{ github.event.release.prerelease }} == false && "${{ steps.version.outputs.prerelease }}" != "" ]]; then + echo "Invalid pre-release tag ${{ steps.version.outputs.full }} not flagged as pre-release on Github Release page" + exit 1 + fi + + - name: Image tag + id: image_tag + shell: bash + run: | + TAGS="" + TAGS="${TAGS}type=raw,value=${{ steps.version.outputs.full }}\n" + TAGS="${TAGS}type=semver,pattern={{version}}\n" + TAGS="${TAGS}type=raw,value=latest,enable=${{ env.IS_LATEST }}\n" + + delimiter="$(openssl rand -hex 8)" + echo -e "tags<<${delimiter}\n${TAGS}\n${delimiter}" >> "${GITHUB_OUTPUT}" + + echo -e "version=${{ steps.version.outputs.full }}" >> "${GITHUB_OUTPUT}" + echo -e "is_latest=${{ env.IS_LATEST }}" >> "${GITHUB_OUTPUT}" + echo -e "is_prerelease=${{ github.event.release.prerelease }}" >> "${GITHUB_OUTPUT}" + + echo "Outputs ${GITHUB_OUTPUT}" + echo "-------" + cat "${GITHUB_OUTPUT}" + echo "-------" + unit-test: + runs-on: cdk-standard + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v4 + with: + go-version: 1.22.0 + - name: go test + run: go test ./... + integration-test: + runs-on: cdk-standard + steps: + - uses: actions/checkout@v3 + - name: run test + run: ./test_final_exec.sh + + build-docker: + name: Build and publish platform images + uses: ./.github/workflows/build-docker.yml + secrets: inherit + needs: [tags, build-cli, e2e] + with: + release: true + image_tags: ${{ needs.tags.outputs.image_tags }} + amd64_artifact_name: ${{ needs.build-cli.outputs.amd64_artifact_name }} + arm64_artifact_name: ${{ needs.build-cli.outputs.arm64_artifact_name }} + + create_maintance_branches: + if: ${{ github.event.release.prerelease == false }} + needs: [ tags, build-docker ] + runs-on: cdk-standard + env: + GITHUB_TOKEN: ${{ secrets.CONDUKTORBOT_GHCR_RW }} + steps: + - name: Parse version from string + id: parsed_version + uses: release-kit/semver@v2 + with: + string: "${{ needs.tags.outputs.version }}" + + - name: Maintenance Branch Name + id: maintenance_branch_name + shell: bash + run: | + maintenance_branch_name="patch/${{ steps.parsed_version.outputs.major }}.${{ steps.parsed_version.outputs.minor }}" + echo "MAINTENANCE_BRANCH_NAME=${maintenance_branch_name}" >> $GITHUB_ENV + echo "MAINTENANCE_TAG_NAME=release-${{ needs.tags.outputs.version }}" >> $GITHUB_ENV + + - uses: actions/checkout@v4 + + - name: Extract dependencies refs + id: dependencies_refs + uses: ./.github/actions/get-dependencies-refs + + - name: Platform-build maintenance branch + uses: ./.github/actions/create-patch-branch + with: + repository: ${{ github.repository }} + remote_ref: ${{ github.ref }} + branch_name: ${{ env.MAINTENANCE_BRANCH_NAME }} + token: ${{ secrets.CONDUKTORBOT_GHCR_RW }} \ No newline at end of file