chore(ci): Set correct GIT_* on all images (#16705)

* Sameness for all DD_* and GIT_* ARG and ENV * Reorder ARG and ENVS * Ignore explicit versioning warning * more build args * Update buildx action * Debug script * Move docker args to own prepare step * Add more ARG and ENV to output-* layers * Whitespaces * Revert Dockerfile to main * Revert "Revert Dockerfile to main" This reverts commit 645e21d. * Revert image reference hacks to main * Move ARG and ENV to end of output image * Corrected echoing * Better repository url --------- Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
island-is · Nov 7, 2024 · aa1f84e · aa1f84e
1 parent f46c979
commit aa1f84e
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 41 deletions.
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -343,7 +343,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
         with:
           image: '${{ env.DOCKER_BASE_IMAGE_REGISTRY }}/eks-distro-build-tooling/binfmt-misc:qemu-v6.1.0'
       - name: Set up Docker Buildx
@@ -552,7 +552,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
         with:
           image: '${{ env.DOCKER_BASE_IMAGE_REGISTRY }}/eks-distro-build-tooling/binfmt-misc:qemu-v6.1.0'
       - name: Set up Docker Buildx
@@ -561,6 +561,25 @@ jobs:
           driver-opts: |
             image=${{vars.AWS_ECR_REPO_BASE}}/moby/buildkit:buildx-stable-1
 
+      - name: Prepare Docker build arguments
+        id: dockerargs
+        if: steps.gather.outcome == 'success'
+        env:
+          NODE_IMAGE_TAG: ${{ needs.prepare.outputs.NODE_IMAGE_TAG }}
+          SHA: ${{ github.sha }}
+          DOCKER_BASE_IMAGE_REGISTRY: ${{ env.DOCKER_BASE_IMAGE_REGISTRY }}
+        run: |
+          set -x
+          build_args=(
+            --build-arg="DOCKER_IMAGE_REGISTRY=${DOCKER_BASE_IMAGE_REGISTRY}"
+            --build-arg="NODE_IMAGE_TAG=${NODE_IMAGE_TAG}"
+            --build-arg="GIT_BRANCH=${GIT_BRANCH}"
+            --build-arg="GIT_SHA=${SHA}"
+            --build-arg="GIT_REPOSITORY_URL=${{ github.server_url }}/${{ github.repository }}"
+          )
+          export EXTRA_DOCKER_BUILD_ARGS="${build_args[*]}"
+          echo "EXTRA_DOCKER_BUILD_ARGS=${EXTRA_DOCKER_BUILD_ARGS}" >> "${GITHUB_ENV}"
+
       - name: Building Docker images
         continue-on-error: true
         id: dockerbuild
@@ -570,9 +589,11 @@ jobs:
           SHA: ${{ github.sha }}
           DOCKER_BASE_IMAGE_REGISTRY: ${{ env.DOCKER_BASE_IMAGE_REGISTRY }}
         run: |
-          echo "Node image tag is: '$NODE_IMAGE_TAG'"
-          export EXTRA_DOCKER_BUILD_ARGS="--build-arg DOCKER_IMAGE_REGISTRY=$DOCKER_BASE_IMAGE_REGISTRY --build-arg GIT_SHA=$SHA --build-arg NODE_IMAGE_TAG=$NODE_IMAGE_TAG"
-          ./scripts/ci/run-in-parallel.sh "90_$DOCKER_TYPE"
+          set -x
+          echo "Node image tag is: '${NODE_IMAGE_TAG}'"
+          echo "Docker build args are: 'EXTRA_DOCKER_BUILD_ARGS'"
+          export EXTRA_DOCKER_BUILD_ARGS
+          ./scripts/ci/run-in-parallel.sh "90_${DOCKER_TYPE}"
 
       - name: Building Docker images Retry
         if: steps.gather.outcome == 'success' && steps.dockerbuild.outcome == 'failure'
@@ -581,9 +602,11 @@ jobs:
           SHA: ${{ github.sha }}
           DOCKER_BASE_IMAGE_REGISTRY: ${{ env.DOCKER_BASE_IMAGE_REGISTRY }}
         run: |
-          echo "Node image tag is: '$NODE_IMAGE_TAG'"
-          export EXTRA_DOCKER_BUILD_ARGS="--build-arg DOCKER_IMAGE_REGISTRY=$DOCKER_BASE_IMAGE_REGISTRY --build-arg GIT_SHA=$SHA --build-arg NODE_IMAGE_TAG=$NODE_IMAGE_TAG"
-          ./scripts/ci/run-in-parallel.sh "90_$DOCKER_TYPE"
+          set -x
+          echo "Node image tag is: '${NODE_IMAGE_TAG}'"
+          echo "Docker build args are: 'EXTRA_DOCKER_BUILD_ARGS'"
+          export EXTRA_DOCKER_BUILD_ARGS
+          ./scripts/ci/run-in-parallel.sh "90_${DOCKER_TYPE}"
 
   helm-docker-build:
     needs:

diff --git a/scripts/ci/Dockerfile b/scripts/ci/Dockerfile
@@ -2,6 +2,7 @@
 ARG PLAYWRIGHT_VERSION
 ARG DOCKER_IMAGE_REGISTRY=public.ecr.aws
 ARG NODE_IMAGE_TAG
+
 FROM ${DOCKER_IMAGE_REGISTRY}/docker/library/node:${NODE_IMAGE_TAG} AS deps
 
 # hadolint ignore=DL3018
@@ -35,14 +36,8 @@ ENV NODE_OPTIONS="--max-old-space-size=8192"
 
 RUN yarn run build ${APP} --prod
 
+# This is base image for containers that are to be deployed
 FROM ${DOCKER_IMAGE_REGISTRY}/docker/library/node:${NODE_IMAGE_TAG} AS output-base
-# this is base image for containers that are to be deployed
-ARG GIT_BRANCH
-ARG GIT_SHA
-LABEL branch=${GIT_BRANCH}
-LABEL commit=${GIT_SHA}
-ENV GIT_BRANCH=${GIT_BRANCH}
-ENV GIT_SHA=${GIT_SHA}
 ARG APP
 ARG APP_HOME
 ARG APP_DIST_HOME
@@ -65,40 +60,36 @@ RUN npm install -g \
 USER runner
 
 FROM output-base-with-pg AS output-express
-ARG GIT_SHA
-ENV DD_GIT_COMMIT_SHA="${GIT_SHA}"
-ENV DD_GIT_REPOSITORY_URL="github.com/island-is/island.is"
 
 COPY --from=builder /build/${APP_DIST_HOME} /webapp/
 
+ARG GIT_BRANCH GIT_SHA GIT_REPOSITORY_URL
+ENV GIT_BRANCH=${GIT_BRANCH} GIT_SHA=${GIT_SHA} GIT_REPOSITORY_URL=${GIT_REPOSITORY_URL}
+ENV DD_GIT_BRANCH=${GIT_BRANCH} DD_GIT_SHA=${GIT_SHA} DD_GIT_REPOSITORY_URL=${GIT_REPOSITORY_URL}
+LABEL branch=${GIT_BRANCH}
+LABEL commit=${GIT_SHA}
 ENTRYPOINT []
 CMD [ "node", "--no-experimental-fetch", "main.js" ]
 
 FROM output-base-with-pg AS output-next
-ARG GIT_SHA
-ENV DD_GIT_COMMIT_SHA="${GIT_SHA}"
-ENV DD_GIT_REPOSITORY_URL="github.com/island-is/island.is"
 ENV PORT=4200
 
 # TODO: smallify
 COPY --from=deps /build/node_modules /webapp/node_modules
 COPY --from=builder /build/${APP_DIST_HOME} /webapp/
 
+ARG GIT_BRANCH GIT_SHA GIT_REPOSITORY_URL
+ENV GIT_BRANCH=${GIT_BRANCH} GIT_SHA=${GIT_SHA} GIT_REPOSITORY_URL=${GIT_REPOSITORY_URL}
+ENV DD_GIT_BRANCH=${GIT_BRANCH} DD_GIT_SHA=${GIT_SHA} DD_GIT_REPOSITORY_URL=${GIT_REPOSITORY_URL}
+LABEL branch=${GIT_BRANCH}
+LABEL commit=${GIT_SHA}
 ENTRYPOINT [ "node", "main.js" ]
 
-FROM $DOCKER_IMAGE_REGISTRY/nginx/nginx:1.21-alpine AS output-static
+FROM ${DOCKER_IMAGE_REGISTRY}/nginx/nginx:1.21-alpine AS output-static
 ARG APP
 ARG APP_DIST_HOME
-ARG GIT_BRANCH
-ARG GIT_SHA
-LABEL branch=${GIT_BRANCH}
-LABEL commit=${GIT_SHA}
-ENV GIT_BRANCH=${GIT_BRANCH}
-ENV GIT_SHA=${GIT_SHA}
 ENV APP=${APP}
 ENV BASEPATH=/
-ENV DD_GIT_COMMIT_SHA="${GIT_SHA}"
-ENV DD_GIT_REPOSITORY_URL="github.com/island-is/island.is"
 
 RUN mkdir -p /etc/nginx/templates
 # hadolint ignore=DL3018
@@ -111,6 +102,12 @@ COPY scripts/dockerfile-assets/bash/extract-environment.sh /docker-entrypoint.d
 COPY scripts/dockerfile-assets/bash/extract-environment.js /docker-entrypoint.d
 COPY --from=builder /build/${APP_DIST_HOME} /usr/share/nginx/html
 
+ARG GIT_BRANCH GIT_SHA GIT_REPOSITORY_URL
+ENV GIT_BRANCH=${GIT_BRANCH} GIT_SHA=${GIT_SHA} GIT_REPOSITORY_URL=${GIT_REPOSITORY_URL}
+ENV DD_GIT_BRANCH=${GIT_BRANCH} DD_GIT_SHA=${GIT_SHA} DD_GIT_REPOSITORY_URL=${GIT_REPOSITORY_URL}
+LABEL branch=${GIT_BRANCH}
+LABEL commit=${GIT_SHA}
+
 FROM output-base AS output-jest
 
 RUN echo 'module.exports = {};' > jest.config.js
@@ -122,24 +119,19 @@ COPY --from=builder /build/${APP_DIST_HOME} /webapp/
 
 USER runner
 
+ARG GIT_BRANCH GIT_SHA GIT_REPOSITORY_URL
+ENV GIT_BRANCH=${GIT_BRANCH} GIT_SHA=${GIT_SHA} GIT_REPOSITORY_URL=${GIT_REPOSITORY_URL}
+ENV DD_GIT_BRANCH=${GIT_BRANCH} DD_GIT_SHA=${GIT_SHA} DD_GIT_REPOSITORY_URL=${GIT_REPOSITORY_URL}
+LABEL branch=${GIT_BRANCH}
+LABEL commit=${GIT_SHA}
 CMD [ "jest", "main.spec.js" ]
 
 
 
 FROM mcr.microsoft.com/playwright:v${PLAYWRIGHT_VERSION}-focal AS playwright-base
 
-
-
-
-
-
 FROM playwright-base AS output-playwright
-ARG GIT_BRANCH
-ARG GIT_SHA
-LABEL branch=${GIT_BRANCH}
-LABEL commit=${GIT_SHA}
-ENV GIT_BRANCH=${GIT_BRANCH}
-ENV GIT_SHA=${GIT_SHA}
+
 # TODO: remove awscli dependency (157 MB extra)
 
 # hadolint ignore=DL3008
@@ -165,6 +157,11 @@ RUN yarn playwright install ${PLAYWRIGHT_BROWSER}
 
 COPY --chown=pwuser:pwuser --chmod=0755 ${APP_HOME}/entrypoint.sh .
 
+ARG GIT_BRANCH GIT_SHA GIT_REPOSITORY_URL
+ENV GIT_BRANCH=${GIT_BRANCH} GIT_SHA=${GIT_SHA} GIT_REPOSITORY_URL=${GIT_REPOSITORY_URL}
+ENV DD_GIT_BRANCH=${GIT_BRANCH} DD_GIT_SHA=${GIT_SHA} DD_GIT_REPOSITORY_URL=${GIT_REPOSITORY_URL}
+LABEL branch=${GIT_BRANCH}
+LABEL commit=${GIT_SHA}
 ENTRYPOINT ["./entrypoint.sh"]
 
 
@@ -183,6 +180,11 @@ COPY --chown=pwuser:pwuser --chmod=0755 ${APP_HOME}/entrypoint.sh .
 
 USER pwuser
 
+ARG GIT_BRANCH GIT_SHA GIT_REPOSITORY_URL
+ENV GIT_BRANCH=${GIT_BRANCH} GIT_SHA=${GIT_SHA} GIT_REPOSITORY_URL=${GIT_REPOSITORY_URL}
+ENV DD_GIT_BRANCH=${GIT_BRANCH} DD_GIT_SHA=${GIT_SHA} DD_GIT_REPOSITORY_URL=${GIT_REPOSITORY_URL}
+LABEL branch=${GIT_BRANCH}
+LABEL commit=${GIT_SHA}
 ENTRYPOINT ["./entrypoint.sh"]
 
 FROM output-base AS output-native