From 5e851b4861ee513e0e6116f013e155eba7d16799 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Mon, 8 Jan 2024 16:39:24 -0800 Subject: [PATCH 01/27] trial staged build with github actions tooling --- .github/workflows/main.yml | 411 +++++++++++++++++++++++++++---------- test.sh | 60 +++--- 2 files changed, 333 insertions(+), 138 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b1755cc7..5d9bd256 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -4,42 +4,197 @@ name: CI # events but only for the master branch on: push: - branches: [ master ] - pull_request: - branches: [ master ] + # temporarily run on every push for testing + # branches: [ master ] + # pull_request: + # branches: [ master ] # A workflow run is made up of one or more jobs that can run sequentially or in parallel + + + + + # ┌──────────────────┐ ┌────────────────┐ ┌────────────────┐ + # ┌─────────┐ ┌─────────┬────► Build Latest NJS ├────────►Test Latest NJS ├─────►│Push Latest NJS │ + # │Build OSS├────►│Test OSS │ └──────────────────┘ └────────────────┘ └────────────────┘ + # └─────────┘ └──┬──────┤ + # │ │ ┌──────────────────┐ ┌──────────────────┐ ┌─────────────────┐ + # │ └────►Build Unprivileged├───────►Test Unprivileged ├────►│Push Unprivileged│ + # │ └──────────────────┘ └──────────────────┘ ├────────┬────────┘ + # │ ├────────┤ + # └──────────────────────────────────────────────────────────────►│Push OSS│ + # └────────┘ + + jobs: - build: + build-oss: runs-on: ubuntu-latest if: github.ref != 'refs/heads/master' steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Build and export + uses: docker/build-push-action@v5 + with: + file Dockerfile.oss + context: . + tags: nginx-s3-gateway , nginx-s3-gateway:oss + outputs: type=docker,dest=/tmp/oss.tar + - name: Upload artifact + uses: actions/upload-artifact@v3 + with: + name: oss + path: /tmp/oss.tar - - name: Install dependencies - run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it - - name: Restore cached binaries - id: cache-binaries-restore - uses: actions/cache/restore@v3 + test-oss: + runs-on: ubuntu-latest + needs: build-oss + + if: github.ref != 'refs/heads/master' + steps: + - uses: actions/checkout@v4 + - name: Install dependencies + run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it + - name: Restore cached binaries + id: cache-binaries-restore + uses: actions/cache/restore@v3 + with: + path: .bin + key: ${{ runner.os }}-binaries + - name: Install MinIO Client + run: | + mkdir .bin || exit 0 + cd .bin + curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" + curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - + mv mc.RELEASE.2023-06-19T19-31-19Z mc + chmod +x mc + - name: Save cached binaries + id: cache-binaries-save + uses: actions/cache/save@v3 + with: + path: .bin + key: ${{ steps.cache-binaries-restore.outputs.cache-primary-key }} + - name: Download artifact + uses: actions/download-artifact@v3 + with: + name: oss + path: /tmp + - name: Load image + run: | + docker load --input /tmp/oss.tar + - name: Run tests - stable njs version + run: ./test.sh --type oss + + build-latest-njs: + runs-on: ubuntu-latest + needs: test-oss + + if: github.ref != 'refs/heads/master' + steps: + - uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Download the base artifact + uses: actions/download-artifact@v3 + with: + name: oss + path: /tmp + - name: Load image + run: | + docker load --input /tmp/oss.tar + - name: Build and export + uses: docker/build-push-action@v5 with: - path: .bin - key: ${{ runner.os }}-binaries - - name: Install MinIO Client - run: | - mkdir .bin || exit 0 - cd .bin - curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" - curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - - mv mc.RELEASE.2023-06-19T19-31-19Z mc - chmod +x mc - - name: Save cached binaries - id: cache-binaries-save - uses: actions/cache/save@v3 + file Dockerfile.latest-njs + context: . + tags: nginx-s3-gateway , nginx-s3-gateway:latest-njs-oss + outputs: type=docker,dest=/tmp/latest-njs.tar + - name: Upload artifact + uses: actions/upload-artifact@v3 with: - path: .bin - key: ${{ steps.cache-binaries-restore.outputs.cache-primary-key }} + name: latest-njs + path: /tmp/latest-njs.tar + + test-latest-njs: + runs-on: ubuntu-latest + needs: build-latest-njs: + + if: github.ref != 'refs/heads/master' + steps: + - uses: actions/checkout@v4 + - name: Install dependencies + run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it + - name: Restore cached binaries + id: cache-binaries-restore + uses: actions/cache/restore@v3 + with: + path: .bin + key: ${{ runner.os }}-binaries + - name: Install MinIO Client + run: | + mkdir .bin || exit 0 + cd .bin + curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" + curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - + mv mc.RELEASE.2023-06-19T19-31-19Z mc + chmod +x mc + - name: Save cached binaries + id: cache-binaries-save + uses: actions/cache/save@v3 + with: + path: .bin + key: ${{ steps.cache-binaries-restore.outputs.cache-primary-key }} + - name: Download artifact + uses: actions/download-artifact@v3 + with: + name: latest-njs + path: /tmp + - name: Load image + run: | + docker load --input /tmp/latest-njs.tar + - name: name: Run tests - latest njs version + run: ./test.sh --type oss + + + build-oss-unprivileged: + runs-on: ubuntu-latest + needs: test-oss + + if: github.ref != 'refs/heads/master' + steps: + - uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Download the base artifact + uses: actions/download-artifact@v3 + with: + name: oss + path: /tmp + - name: Load image + run: | + docker load --input /tmp/oss.tar + - name: Build and export + uses: docker/build-push-action@v5 + with: + file Dockerfile.unprivileged + context: . + tags: nginx-s3-gateway , nginx-s3-gateway:unprivileged + outputs: type=docker,dest=/tmp/unprivileged.tar + - name: Upload artifact + uses: actions/upload-artifact@v3 + with: + name: unprivileged + path: /tmp/unprivileged.tar + - name: Run tests - latest njs version run: ./test.sh --latest-njs --type oss - name: Run tests - stable njs version @@ -49,20 +204,13 @@ jobs: - name: Run tests - latest njs version - unprivileged process run: ./test.sh --latest-njs --unprivileged --type oss - build_and_deploy: + test-oss-unprivileged: runs-on: ubuntu-latest + needs: build-oss-unprivileged - if: github.ref == 'refs/heads/master' + if: github.ref != 'refs/heads/master' steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - - name: Get current date - id: date - run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT - - name: Configure Github Package Registry - run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u $GITHUB_ACTOR --password-stdin - + - uses: actions/checkout@v4 - name: Install dependencies run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it - name: Restore cached binaries @@ -75,79 +223,126 @@ jobs: run: | mkdir .bin || exit 0 cd .bin - curl --insecure --retry 6 --fail --silent --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" + curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - mv mc.RELEASE.2023-06-19T19-31-19Z mc chmod +x mc - - # Run tests and builds image - - name: Run tests - latest njs version - run: ./test.sh --latest-njs --type oss - # latest-njs-oss image push [Github] - - name: Tag container image for Push to github [latest-njs-oss date] - run: docker tag nginx-s3-gateway:latest-njs-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} - - name: Tag container image for Push to github [latest-njs-oss] - run: docker tag nginx-s3-gateway:latest-njs-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss - - name: Push container image to github [latest-njs-oss date] - run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} - - name: Push container image to github [latest-njs-oss] - run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss - - # Run tests and builds image + - name: Save cached binaries + id: cache-binaries-save + uses: actions/cache/save@v3 + with: + path: .bin + key: ${{ steps.cache-binaries-restore.outputs.cache-primary-key }} + - name: Download artifact + uses: actions/download-artifact@v3 + with: + name: unprivileged + path: /tmp + - name: Load image + run: | + docker load --input /tmp/unprivileged.tar - name: Run tests - stable njs version - unprivileged process - run: ./test.sh --unprivileged --type oss - # unprivileged-oss image push [Github] - - name: Tag container image for Push to github [unprivileged-oss date] - run: docker tag nginx-s3-gateway:unprivileged-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} - - name: Tag container image for Push to github [unprivileged-oss] - run: docker tag nginx-s3-gateway:unprivileged-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:unprivileged-oss - - name: Push container image to github [unprivileged-oss date] - run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} - - name: Push container image to github [unprivileged-oss] - run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:unprivileged-oss - - # Run tests and builds image - - name: Run tests - stable njs version run: ./test.sh --type oss - # oss image push [Github] - - name: Tag container image for Push to github [oss date] - run: docker tag nginx-s3-gateway:oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }} - - name: Tag container image for Push to github [oss] - run: docker tag nginx-s3-gateway:oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest - - name: Push container image to github [oss date] - run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }} - - name: Push container image to github [oss latest] - run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest - # Login to Docker Hub - - name: Login to Docker Hub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - # latest-njs-oss image push [Docker Hub] - - name: Tag container image for Push to Docker Hub [latest-njs-oss date] - run: docker tag nginx-s3-gateway:latest-njs-oss nginxinc/nginx-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} - - name: Tag container image for Push to Docker Hub [latest-njs-oss] - run: docker tag nginx-s3-gateway:latest-njs-oss nginxinc/nginx-s3-gateway:latest-njs-oss - - name: Push container image to Docker Hub [latest-njs-oss date] - run: docker push nginxinc/nginx-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} - - name: Push container image to Docker Hub [latest-njs-oss] - run: docker push nginxinc/nginx-s3-gateway:latest-njs-oss - # unprivileged-oss image push [Docker Hub] - - name: Tag container image for Push to Docker Hub [unprivileged-oss date] - run: docker tag nginx-s3-gateway:unprivileged-oss nginxinc/nginx-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} - - name: Tag container image for Push to Docker Hub [unprivileged-oss] - run: docker tag nginx-s3-gateway:unprivileged-oss nginxinc/nginx-s3-gateway:unprivileged-oss - - name: Push container image to Docker Hub [unprivileged-oss date] - run: docker push nginxinc/nginx-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} - - name: Push container image to Docker Hub [unprivileged-oss] - run: docker push nginxinc/nginx-s3-gateway:unprivileged-oss - # oss image push [Docker Hub] - - name: Tag container image for Push to Docker Hub [oss date] - run: docker tag nginx-s3-gateway:oss nginxinc/nginx-s3-gateway:latest-${{ steps.date.outputs.date }} - - name: Tag container image for Push to Docker Hub [oss] - run: docker tag nginx-s3-gateway:oss nginxinc/nginx-s3-gateway:latest - - name: Push container image to Docker Hub [oss date] - run: docker push nginxinc/nginx-s3-gateway:latest-${{ steps.date.outputs.date }} - - name: Push container image to Docker Hub [oss latest] - run: docker push nginxinc/nginx-s3-gateway:latest + + # build_and_deploy: + # runs-on: ubuntu-latest + + # if: github.ref == 'refs/heads/master' + # steps: + # # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + # - uses: actions/checkout@v2 + + # - name: Get current date + # id: date + # run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT + # - name: Configure Github Package Registry + # run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u $GITHUB_ACTOR --password-stdin + + # - name: Install dependencies + # run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it + # - name: Restore cached binaries + # id: cache-binaries-restore + # uses: actions/cache/restore@v3 + # with: + # path: .bin + # key: ${{ runner.os }}-binaries + # - name: Install MinIO Client + # run: | + # mkdir .bin || exit 0 + # cd .bin + # curl --insecure --retry 6 --fail --silent --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" + # curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - + # mv mc.RELEASE.2023-06-19T19-31-19Z mc + # chmod +x mc + + # # Run tests and builds image + # - name: Run tests - latest njs version + # run: ./test.sh --latest-njs --type oss + # # latest-njs-oss image push [Github] + # - name: Tag container image for Push to github [latest-njs-oss date] + # run: docker tag nginx-s3-gateway:latest-njs-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} + # - name: Tag container image for Push to github [latest-njs-oss] + # run: docker tag nginx-s3-gateway:latest-njs-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss + # - name: Push container image to github [latest-njs-oss date] + # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} + # - name: Push container image to github [latest-njs-oss] + # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss + + # # Run tests and builds image + # - name: Run tests - stable njs version - unprivileged process + # run: ./test.sh --unprivileged --type oss + # # unprivileged-oss image push [Github] + # - name: Tag container image for Push to github [unprivileged-oss date] + # run: docker tag nginx-s3-gateway:unprivileged-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} + # - name: Tag container image for Push to github [unprivileged-oss] + # run: docker tag nginx-s3-gateway:unprivileged-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:unprivileged-oss + # - name: Push container image to github [unprivileged-oss date] + # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} + # - name: Push container image to github [unprivileged-oss] + # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:unprivileged-oss + + # # Run tests and builds image + # - name: Run tests - stable njs version + # run: ./test.sh --type oss + # # oss image push [Github] + # - name: Tag container image for Push to github [oss date] + # run: docker tag nginx-s3-gateway:oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }} + # - name: Tag container image for Push to github [oss] + # run: docker tag nginx-s3-gateway:oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest + # - name: Push container image to github [oss date] + # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }} + # - name: Push container image to github [oss latest] + # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest + # # Login to Docker Hub + # - name: Login to Docker Hub + # uses: docker/login-action@v1 + # with: + # username: ${{ secrets.DOCKER_HUB_USERNAME }} + # password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + # # latest-njs-oss image push [Docker Hub] + # - name: Tag container image for Push to Docker Hub [latest-njs-oss date] + # run: docker tag nginx-s3-gateway:latest-njs-oss nginxinc/nginx-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} + # - name: Tag container image for Push to Docker Hub [latest-njs-oss] + # run: docker tag nginx-s3-gateway:latest-njs-oss nginxinc/nginx-s3-gateway:latest-njs-oss + # - name: Push container image to Docker Hub [latest-njs-oss date] + # run: docker push nginxinc/nginx-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} + # - name: Push container image to Docker Hub [latest-njs-oss] + # run: docker push nginxinc/nginx-s3-gateway:latest-njs-oss + # # unprivileged-oss image push [Docker Hub] + # - name: Tag container image for Push to Docker Hub [unprivileged-oss date] + # run: docker tag nginx-s3-gateway:unprivileged-oss nginxinc/nginx-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} + # - name: Tag container image for Push to Docker Hub [unprivileged-oss] + # run: docker tag nginx-s3-gateway:unprivileged-oss nginxinc/nginx-s3-gateway:unprivileged-oss + # - name: Push container image to Docker Hub [unprivileged-oss date] + # run: docker push nginxinc/nginx-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} + # - name: Push container image to Docker Hub [unprivileged-oss] + # run: docker push nginxinc/nginx-s3-gateway:unprivileged-oss + # # oss image push [Docker Hub] + # - name: Tag container image for Push to Docker Hub [oss date] + # run: docker tag nginx-s3-gateway:oss nginxinc/nginx-s3-gateway:latest-${{ steps.date.outputs.date }} + # - name: Tag container image for Push to Docker Hub [oss] + # run: docker tag nginx-s3-gateway:oss nginxinc/nginx-s3-gateway:latest + # - name: Push container image to Docker Hub [oss date] + # run: docker push nginxinc/nginx-s3-gateway:latest-${{ steps.date.outputs.date }} + # - name: Push container image to Docker Hub [oss latest] + # run: docker push nginxinc/nginx-s3-gateway:latest diff --git a/test.sh b/test.sh index 7ea8ad27..e8036d07 100755 --- a/test.sh +++ b/test.sh @@ -297,36 +297,36 @@ trap finish EXIT ERR SIGTERM SIGINT ### BUILD -p "Building NGINX S3 gateway Docker image" -if [ "${nginx_type}" = "plus" ]; then - if docker buildx > /dev/null 2>&1; then - p "Building using BuildKit" - export DOCKER_BUILDKIT=1 - docker buildx build -f Dockerfile.buildkit.${nginx_type} \ - --secret id=nginx-crt,src=plus/etc/ssl/nginx/nginx-repo.crt \ - --secret id=nginx-key,src=plus/etc/ssl/nginx/nginx-repo.key \ - --no-cache \ - --tag nginx-s3-gateway --tag nginx-s3-gateway:${nginx_type} . - else - docker build -f Dockerfile.${nginx_type} \ - --tag nginx-s3-gateway --tag nginx-s3-gateway:${nginx_type} . - fi -else - docker build -f Dockerfile.${nginx_type} \ - --tag nginx-s3-gateway --tag nginx-s3-gateway:${nginx_type} . -fi - -if [ ${njs_latest} -eq 1 ]; then - p "Layering in latest NJS build" - docker build -f Dockerfile.latest-njs \ - --tag nginx-s3-gateway --tag nginx-s3-gateway:latest-njs-${nginx_type} . -fi - -if [ ${unprivileged} -eq 1 ]; then - p "Layering in unprivileged build" - docker build -f Dockerfile.unprivileged \ - --tag nginx-s3-gateway --tag nginx-s3-gateway:unprivileged-${nginx_type} . -fi +# p "Building NGINX S3 gateway Docker image" +# if [ "${nginx_type}" = "plus" ]; then +# if docker buildx > /dev/null 2>&1; then +# p "Building using BuildKit" +# export DOCKER_BUILDKIT=1 +# docker buildx build -f Dockerfile.buildkit.${nginx_type} \ +# --secret id=nginx-crt,src=plus/etc/ssl/nginx/nginx-repo.crt \ +# --secret id=nginx-key,src=plus/etc/ssl/nginx/nginx-repo.key \ +# --no-cache \ +# --tag nginx-s3-gateway --tag nginx-s3-gateway:${nginx_type} . +# else +# docker build -f Dockerfile.${nginx_type} \ +# --tag nginx-s3-gateway --tag nginx-s3-gateway:${nginx_type} . +# fi +# else +# docker build -f Dockerfile.${nginx_type} \ +# --tag nginx-s3-gateway --tag nginx-s3-gateway:${nginx_type} . +# fi + +# if [ ${njs_latest} -eq 1 ]; then +# p "Layering in latest NJS build" +# docker build -f Dockerfile.latest-njs \ +# --tag nginx-s3-gateway --tag nginx-s3-gateway:latest-njs-${nginx_type} . +# fi + +# if [ ${unprivileged} -eq 1 ]; then +# p "Layering in unprivileged build" +# docker build -f Dockerfile.unprivileged \ +# --tag nginx-s3-gateway --tag nginx-s3-gateway:unprivileged-${nginx_type} . +# fi ### UNIT TESTS From c9b9a3355932d10ba6f3e3c4b71c6ac972dd7fc7 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Mon, 8 Jan 2024 16:45:32 -0800 Subject: [PATCH 02/27] fix some yaml issues --- .github/workflows/main.yml | 186 ++++++++++++++++++------------------- 1 file changed, 93 insertions(+), 93 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5d9bd256..140c0bb1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -40,7 +40,7 @@ jobs: - name: Build and export uses: docker/build-push-action@v5 with: - file Dockerfile.oss + file: Dockerfile.oss context: . tags: nginx-s3-gateway , nginx-s3-gateway:oss outputs: type=docker,dest=/tmp/oss.tar @@ -50,45 +50,45 @@ jobs: name: oss path: /tmp/oss.tar - test-oss: - runs-on: ubuntu-latest - needs: build-oss + test-oss: + runs-on: ubuntu-latest + needs: build-oss - if: github.ref != 'refs/heads/master' - steps: - - uses: actions/checkout@v4 - - name: Install dependencies - run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it - - name: Restore cached binaries - id: cache-binaries-restore - uses: actions/cache/restore@v3 - with: - path: .bin - key: ${{ runner.os }}-binaries - - name: Install MinIO Client - run: | - mkdir .bin || exit 0 - cd .bin - curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" - curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - - mv mc.RELEASE.2023-06-19T19-31-19Z mc - chmod +x mc - - name: Save cached binaries - id: cache-binaries-save - uses: actions/cache/save@v3 - with: - path: .bin - key: ${{ steps.cache-binaries-restore.outputs.cache-primary-key }} - - name: Download artifact - uses: actions/download-artifact@v3 - with: - name: oss - path: /tmp - - name: Load image - run: | - docker load --input /tmp/oss.tar - - name: Run tests - stable njs version - run: ./test.sh --type oss + if: github.ref != 'refs/heads/master' + steps: + - uses: actions/checkout@v4 + - name: Install dependencies + run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it + - name: Restore cached binaries + id: cache-binaries-restore + uses: actions/cache/restore@v3 + with: + path: .bin + key: ${{ runner.os }}-binaries + - name: Install MinIO Client + run: | + mkdir .bin || exit 0 + cd .bin + curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" + curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - + mv mc.RELEASE.2023-06-19T19-31-19Z mc + chmod +x mc + - name: Save cached binaries + id: cache-binaries-save + uses: actions/cache/save@v3 + with: + path: .bin + key: ${{ steps.cache-binaries-restore.outputs.cache-primary-key }} + - name: Download artifact + uses: actions/download-artifact@v3 + with: + name: oss + path: /tmp + - name: Load image + run: | + docker load --input /tmp/oss.tar + - name: Run tests - stable njs version + run: ./test.sh --type oss build-latest-njs: runs-on: ubuntu-latest @@ -102,17 +102,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Download the base artifact - uses: actions/download-artifact@v3 - with: - name: oss - path: /tmp - - name: Load image - run: | - docker load --input /tmp/oss.tar + uses: actions/download-artifact@v3 + with: + name: oss + path: /tmp + - name: Load image + run: | + docker load --input /tmp/oss.tar - name: Build and export uses: docker/build-push-action@v5 with: - file Dockerfile.latest-njs + file: Dockerfile.latest-njs context: . tags: nginx-s3-gateway , nginx-s3-gateway:latest-njs-oss outputs: type=docker,dest=/tmp/latest-njs.tar @@ -122,45 +122,45 @@ jobs: name: latest-njs path: /tmp/latest-njs.tar - test-latest-njs: - runs-on: ubuntu-latest - needs: build-latest-njs: + test-latest-njs: + runs-on: ubuntu-latest + needs: build-latest-njs - if: github.ref != 'refs/heads/master' - steps: - - uses: actions/checkout@v4 - - name: Install dependencies - run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it - - name: Restore cached binaries - id: cache-binaries-restore - uses: actions/cache/restore@v3 - with: - path: .bin - key: ${{ runner.os }}-binaries - - name: Install MinIO Client - run: | - mkdir .bin || exit 0 - cd .bin - curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" - curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - - mv mc.RELEASE.2023-06-19T19-31-19Z mc - chmod +x mc - - name: Save cached binaries - id: cache-binaries-save - uses: actions/cache/save@v3 - with: - path: .bin - key: ${{ steps.cache-binaries-restore.outputs.cache-primary-key }} - - name: Download artifact - uses: actions/download-artifact@v3 - with: - name: latest-njs - path: /tmp - - name: Load image - run: | - docker load --input /tmp/latest-njs.tar - - name: name: Run tests - latest njs version - run: ./test.sh --type oss + if: github.ref != 'refs/heads/master' + steps: + - uses: actions/checkout@v4 + - name: Install dependencies + run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it + - name: Restore cached binaries + id: cache-binaries-restore + uses: actions/cache/restore@v3 + with: + path: .bin + key: ${{ runner.os }}-binaries + - name: Install MinIO Client + run: | + mkdir .bin || exit 0 + cd .bin + curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" + curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - + mv mc.RELEASE.2023-06-19T19-31-19Z mc + chmod +x mc + - name: Save cached binaries + id: cache-binaries-save + uses: actions/cache/save@v3 + with: + path: .bin + key: ${{ steps.cache-binaries-restore.outputs.cache-primary-key }} + - name: Download artifact + uses: actions/download-artifact@v3 + with: + name: latest-njs + path: /tmp + - name: Load image + run: | + docker load --input /tmp/latest-njs.tar + - name: Run tests - latest njs version + run: ./test.sh --type oss build-oss-unprivileged: @@ -175,17 +175,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Download the base artifact - uses: actions/download-artifact@v3 - with: - name: oss - path: /tmp - - name: Load image - run: | - docker load --input /tmp/oss.tar + uses: actions/download-artifact@v3 + with: + name: oss + path: /tmp + - name: Load image + run: | + docker load --input /tmp/oss.tar - name: Build and export uses: docker/build-push-action@v5 with: - file Dockerfile.unprivileged + file: Dockerfile.unprivileged context: . tags: nginx-s3-gateway , nginx-s3-gateway:unprivileged outputs: type=docker,dest=/tmp/unprivileged.tar From 5f531ed52f2f8805b67898f4274dd2293a3d9fd8 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Mon, 8 Jan 2024 16:49:47 -0800 Subject: [PATCH 03/27] debug image state after loading base image in unprivileged build --- .github/workflows/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 140c0bb1..7b074878 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -181,7 +181,8 @@ jobs: path: /tmp - name: Load image run: | - docker load --input /tmp/oss.tar + docker load --input /tmp/oss.tar + docker image ls -a - name: Build and export uses: docker/build-push-action@v5 with: From 0d84f4ff8cd6e828ffb8539fd2ec8fec6752771b Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Mon, 8 Jan 2024 16:56:24 -0800 Subject: [PATCH 04/27] adjust debug prints --- .github/workflows/main.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7b074878..06813390 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -108,7 +108,10 @@ jobs: path: /tmp - name: Load image run: | - docker load --input /tmp/oss.tar + docker load --input /tmp/oss.tar + echo "Images:" + docker image ls -a + echo "--------" - name: Build and export uses: docker/build-push-action@v5 with: @@ -182,7 +185,9 @@ jobs: - name: Load image run: | docker load --input /tmp/oss.tar + echo "Images:" docker image ls -a + echo "--------" - name: Build and export uses: docker/build-push-action@v5 with: From 391f08d387ecf308663cc42cfe116301212c57a2 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Mon, 8 Jan 2024 22:14:50 -0800 Subject: [PATCH 05/27] move to a registry strategy to share base images due to buildx --- .github/workflows/main.yml | 133 ++++++++++++++++++------------------- 1 file changed, 64 insertions(+), 69 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 06813390..33926ecb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -29,6 +29,13 @@ on: jobs: build-oss: runs-on: ubuntu-latest + services: + registry: + image: registry:2 + ports: + - 5000:5000 + # Note that uploading the artifact won't work. We will need to build and push it to a local registry. + # See here https://docs.docker.com/build/ci/github-actions/named-contexts/#using-with-a-container-builder if: github.ref != 'refs/heads/master' steps: @@ -37,22 +44,25 @@ jobs: uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + with: + # network=host driver-opt needed to push to local registry + driver-opts: network=host - name: Build and export uses: docker/build-push-action@v5 with: file: Dockerfile.oss context: . tags: nginx-s3-gateway , nginx-s3-gateway:oss - outputs: type=docker,dest=/tmp/oss.tar - - name: Upload artifact - uses: actions/upload-artifact@v3 - with: - name: oss - path: /tmp/oss.tar + push: true test-oss: runs-on: ubuntu-latest needs: build-oss + services: + registry: + image: registry:2 + ports: + - 5000:5000 if: github.ref != 'refs/heads/master' steps: @@ -79,20 +89,21 @@ jobs: with: path: .bin key: ${{ steps.cache-binaries-restore.outputs.cache-primary-key }} - - name: Download artifact - uses: actions/download-artifact@v3 - with: - name: oss - path: /tmp - name: Load image run: | - docker load --input /tmp/oss.tar + docker pull localhost:5000/nginx-s3-gateway:oss + docker tag nginx-s3-gateway:oss nginx-s3-gateway - name: Run tests - stable njs version run: ./test.sh --type oss build-latest-njs: runs-on: ubuntu-latest needs: test-oss + services: + registry: + image: registry:2 + ports: + - 5000:5000 if: github.ref != 'refs/heads/master' steps: @@ -101,33 +112,27 @@ jobs: uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Download the base artifact - uses: actions/download-artifact@v3 with: - name: oss - path: /tmp - - name: Load image - run: | - docker load --input /tmp/oss.tar - echo "Images:" - docker image ls -a - echo "--------" + # network=host driver-opt needed to push to local registry + driver-opts: network=host - name: Build and export uses: docker/build-push-action@v5 with: file: Dockerfile.latest-njs context: . - tags: nginx-s3-gateway , nginx-s3-gateway:latest-njs-oss - outputs: type=docker,dest=/tmp/latest-njs.tar - - name: Upload artifact - uses: actions/upload-artifact@v3 - with: - name: latest-njs - path: /tmp/latest-njs.tar + tags: nginx-s3-gateway:latest-njs-oss + push: true + build-contexts: | + nginx-s3-gateway=docker-image://localhost:5000/nginx-s3-gateway:oss test-latest-njs: runs-on: ubuntu-latest needs: build-latest-njs + services: + registry: + image: registry:2 + ports: + - 5000:5000 if: github.ref != 'refs/heads/master' steps: @@ -154,21 +159,21 @@ jobs: with: path: .bin key: ${{ steps.cache-binaries-restore.outputs.cache-primary-key }} - - name: Download artifact - uses: actions/download-artifact@v3 - with: - name: latest-njs - path: /tmp - name: Load image run: | - docker load --input /tmp/latest-njs.tar + docker pull localhost:5000/nginx-s3-gateway:latest-njs-oss + docker tag nginx-s3-gateway:latest-njs-oss nginx-s3-gateway - name: Run tests - latest njs version - run: ./test.sh --type oss - + run: ./test.sh --latest-njs --type oss build-oss-unprivileged: runs-on: ubuntu-latest needs: test-oss + services: + registry: + image: registry:2 + ports: + - 5000:5000 if: github.ref != 'refs/heads/master' steps: @@ -177,42 +182,36 @@ jobs: uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Download the base artifact - uses: actions/download-artifact@v3 with: - name: oss - path: /tmp - - name: Load image - run: | - docker load --input /tmp/oss.tar - echo "Images:" - docker image ls -a - echo "--------" + # network=host driver-opt needed to push to local registry + driver-opts: network=host - name: Build and export uses: docker/build-push-action@v5 with: file: Dockerfile.unprivileged context: . - tags: nginx-s3-gateway , nginx-s3-gateway:unprivileged - outputs: type=docker,dest=/tmp/unprivileged.tar - - name: Upload artifact - uses: actions/upload-artifact@v3 - with: - name: unprivileged - path: /tmp/unprivileged.tar + tags: nginx-s3-gateway:unprivileged + push: true + build-contexts: | + nginx-s3-gateway=docker-image://localhost:5000/nginx-s3-gateway:oss - - name: Run tests - latest njs version - run: ./test.sh --latest-njs --type oss - - name: Run tests - stable njs version - run: ./test.sh --type oss - - name: Run tests - stable njs version - unprivileged process - run: ./test.sh --unprivileged --type oss - - name: Run tests - latest njs version - unprivileged process - run: ./test.sh --latest-njs --unprivileged --type oss + # - name: Run tests - latest njs version + # run: ./test.sh --latest-njs --type oss + # - name: Run tests - stable njs version + # run: ./test.sh --type oss + # - name: Run tests - stable njs version - unprivileged process + # run: ./test.sh --unprivileged --type oss + # - name: Run tests - latest njs version - unprivileged process + # run: ./test.sh --latest-njs --unprivileged --type oss test-oss-unprivileged: runs-on: ubuntu-latest needs: build-oss-unprivileged + services: + registry: + image: registry:2 + ports: + - 5000:5000 if: github.ref != 'refs/heads/master' steps: @@ -239,16 +238,12 @@ jobs: with: path: .bin key: ${{ steps.cache-binaries-restore.outputs.cache-primary-key }} - - name: Download artifact - uses: actions/download-artifact@v3 - with: - name: unprivileged - path: /tmp - name: Load image run: | - docker load --input /tmp/unprivileged.tar + docker pull localhost:5000/nginx-s3-gateway:unprivileged + docker tag nginx-s3-gateway:unprivileged nginx-s3-gateway - name: Run tests - stable njs version - unprivileged process - run: ./test.sh --type oss + run: ./test.sh --unprivileged --type oss # build_and_deploy: # runs-on: ubuntu-latest From 994420927a8575820bd423576a4c0ff0a5623228 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Tue, 9 Jan 2024 17:15:02 -0800 Subject: [PATCH 06/27] attempt a different build strategy to share base image --- .github/workflows/main.yml | 212 ++++++++++--------------------------- 1 file changed, 58 insertions(+), 154 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 33926ecb..168616be 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -27,7 +27,7 @@ on: jobs: - build-oss: + build: runs-on: ubuntu-latest services: registry: @@ -36,7 +36,11 @@ jobs: - 5000:5000 # Note that uploading the artifact won't work. We will need to build and push it to a local registry. # See here https://docs.docker.com/build/ci/github-actions/named-contexts/#using-with-a-container-builder - + # This person has my problem: https://stackoverflow.com/questions/75831482/how-to-use-a-local-docker-registry2-from-one-job-as-a-container-for-another-job + # The issue is that the docker container that is the registery does not persist between jobs. + # So I"d need to do something dumb like use the artifact upload and download to get to to the next + # step then do it there. + # Time to cut my losses and do it mostly in one run. if: github.ref != 'refs/heads/master' steps: - uses: actions/checkout@v4 @@ -47,175 +51,60 @@ jobs: with: # network=host driver-opt needed to push to local registry driver-opts: network=host - - name: Build and export + - name: Build and export oss image uses: docker/build-push-action@v5 with: file: Dockerfile.oss context: . - tags: nginx-s3-gateway , nginx-s3-gateway:oss + tags: localhost:5000/nginx-s3-gateway , localhost:5000/nginx-s3-gateway:oss push: true - - test-oss: - runs-on: ubuntu-latest - needs: build-oss - services: - registry: - image: registry:2 - ports: - - 5000:5000 - - if: github.ref != 'refs/heads/master' - steps: - - uses: actions/checkout@v4 - - name: Install dependencies - run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it - - name: Restore cached binaries - id: cache-binaries-restore - uses: actions/cache/restore@v3 - with: - path: .bin - key: ${{ runner.os }}-binaries - - name: Install MinIO Client + - name: save image for upload run: | - mkdir .bin || exit 0 - cd .bin - curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" - curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - - mv mc.RELEASE.2023-06-19T19-31-19Z mc - chmod +x mc - - name: Save cached binaries - id: cache-binaries-save - uses: actions/cache/save@v3 + docker save localhost:5000/nginx-s3-gateway > oss.tar + - name: Upload artifact - oss + uses: actions/upload-artifact@v3 with: - path: .bin - key: ${{ steps.cache-binaries-restore.outputs.cache-primary-key }} - - name: Load image - run: | - docker pull localhost:5000/nginx-s3-gateway:oss - docker tag nginx-s3-gateway:oss nginx-s3-gateway - - name: Run tests - stable njs version - run: ./test.sh --type oss - - build-latest-njs: - runs-on: ubuntu-latest - needs: test-oss - services: - registry: - image: registry:2 - ports: - - 5000:5000 + name: oss + path: /tmp/oss.tar - if: github.ref != 'refs/heads/master' - steps: - - uses: actions/checkout@v4 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - # network=host driver-opt needed to push to local registry - driver-opts: network=host - - name: Build and export + - name: Build and export latest-njs image uses: docker/build-push-action@v5 with: file: Dockerfile.latest-njs context: . - tags: nginx-s3-gateway:latest-njs-oss - push: true + tags: localhost:5000/nginx-s3-gateway:latest-njs-oss + push: false + outputs: type=docker,dest=/tmp/latest-njs.tar build-contexts: | nginx-s3-gateway=docker-image://localhost:5000/nginx-s3-gateway:oss - - test-latest-njs: - runs-on: ubuntu-latest - needs: build-latest-njs - services: - registry: - image: registry:2 - ports: - - 5000:5000 - - if: github.ref != 'refs/heads/master' - steps: - - uses: actions/checkout@v4 - - name: Install dependencies - run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it - - name: Restore cached binaries - id: cache-binaries-restore - uses: actions/cache/restore@v3 - with: - path: .bin - key: ${{ runner.os }}-binaries - - name: Install MinIO Client - run: | - mkdir .bin || exit 0 - cd .bin - curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" - curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - - mv mc.RELEASE.2023-06-19T19-31-19Z mc - chmod +x mc - - name: Save cached binaries - id: cache-binaries-save - uses: actions/cache/save@v3 + - name: Upload artifact - latest-njs + uses: actions/upload-artifact@v3 with: - path: .bin - key: ${{ steps.cache-binaries-restore.outputs.cache-primary-key }} - - name: Load image - run: | - docker pull localhost:5000/nginx-s3-gateway:latest-njs-oss - docker tag nginx-s3-gateway:latest-njs-oss nginx-s3-gateway - - name: Run tests - latest njs version - run: ./test.sh --latest-njs --type oss + name: latest-njs + path: /tmp/latest-njs.tar - build-oss-unprivileged: - runs-on: ubuntu-latest - needs: test-oss - services: - registry: - image: registry:2 - ports: - - 5000:5000 - - if: github.ref != 'refs/heads/master' - steps: - - uses: actions/checkout@v4 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - # network=host driver-opt needed to push to local registry - driver-opts: network=host - - name: Build and export + - name: Build and export - unprivileged uses: docker/build-push-action@v5 with: file: Dockerfile.unprivileged context: . - tags: nginx-s3-gateway:unprivileged - push: true + tags: localhost:5000/nginx-s3-gateway:unprivileged + push: false + outputs: type=docker,dest=/tmp/unprivileged.tar build-contexts: | nginx-s3-gateway=docker-image://localhost:5000/nginx-s3-gateway:oss - - # - name: Run tests - latest njs version - # run: ./test.sh --latest-njs --type oss - # - name: Run tests - stable njs version - # run: ./test.sh --type oss - # - name: Run tests - stable njs version - unprivileged process - # run: ./test.sh --unprivileged --type oss - # - name: Run tests - latest njs version - unprivileged process - # run: ./test.sh --latest-njs --unprivileged --type oss - - test-oss-unprivileged: + - name: Upload artifact - unprivileged + uses: actions/upload-artifact@v3 + with: + name: unprivileged + path: /tmp/unprivileged.tar + test: runs-on: ubuntu-latest - needs: build-oss-unprivileged - services: - registry: - image: registry:2 - ports: - - 5000:5000 - if: github.ref != 'refs/heads/master' steps: - uses: actions/checkout@v4 + ## Start tests. Keep things here because we can't keep the registry between jobs + ## TODO: Try saving the artifact after all are built? What happens to the other archs? - name: Install dependencies run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it - name: Restore cached binaries @@ -232,18 +121,33 @@ jobs: curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - mv mc.RELEASE.2023-06-19T19-31-19Z mc chmod +x mc - - name: Save cached binaries - id: cache-binaries-save - uses: actions/cache/save@v3 + + ## OSS Test. No retagging needed + - name: Download artifact + uses: actions/download-artifact@v3 with: - path: .bin - key: ${{ steps.cache-binaries-restore.outputs.cache-primary-key }} + name: oss + path: /tmp - name: Load image run: | - docker pull localhost:5000/nginx-s3-gateway:unprivileged - docker tag nginx-s3-gateway:unprivileged nginx-s3-gateway - - name: Run tests - stable njs version - unprivileged process - run: ./test.sh --unprivileged --type oss + docker load --input /tmp/oss.tar + - name: Run tests - stable njs version + run: ./test.sh --type oss + + # ## Latest NJS test. Requires that we retag the latest njs one as the primary for now + # - name: Load image latest-oss + # run: | + # docker pull localhost:5000/nginx-s3-gateway:latest-njs-oss + # docker tag nginx-s3-gateway:latest-njs-oss nginx-s3-gateway + # - name: Run tests - latest njs version + # run: ./test.sh --latest-njs --type oss + + # - name: Load image - unprivilegedp + # run: | + # docker pull localhost:5000/nginx-s3-gateway:unprivileged + # docker tag nginx-s3-gateway:unprivileged nginx-s3-gateway + # - name: Run tests - stable njs version - unprivileged process + # run: ./test.sh --unprivileged --type oss # build_and_deploy: # runs-on: ubuntu-latest From 4cc8a938277092f10b7cffd871d76b12bb9e7e85 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Tue, 9 Jan 2024 17:22:04 -0800 Subject: [PATCH 07/27] try building the base image, pushing, and saving --- .github/workflows/main.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 168616be..ace17c4b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -58,9 +58,15 @@ jobs: context: . tags: localhost:5000/nginx-s3-gateway , localhost:5000/nginx-s3-gateway:oss push: true + # Since the above build pushes to the registry only now we load it locally so we can save it + # It's not possible with push and save in one go. + - name: Load image oss + run: | + docker pull localhost:5000/nginx-s3-gateway + docker tag localhost:5000/nginx-s3-gateway nginx-s3-gateway - name: save image for upload run: | - docker save localhost:5000/nginx-s3-gateway > oss.tar + docker save nginx-s3-gateway > oss.tar - name: Upload artifact - oss uses: actions/upload-artifact@v3 with: From 6d1b798ff48e378e590bed282241c9dc00491b05 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Tue, 9 Jan 2024 17:26:28 -0800 Subject: [PATCH 08/27] wait for build to run before we start testing --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ace17c4b..8c009c67 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -107,6 +107,7 @@ jobs: test: runs-on: ubuntu-latest if: github.ref != 'refs/heads/master' + needs: build steps: - uses: actions/checkout@v4 ## Start tests. Keep things here because we can't keep the registry between jobs From d0b303e54fe65b38b347bf2eaec1e46a401fba43 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Tue, 9 Jan 2024 17:49:19 -0800 Subject: [PATCH 09/27] fix file path for oss image upload --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8c009c67..dee604dc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -66,7 +66,7 @@ jobs: docker tag localhost:5000/nginx-s3-gateway nginx-s3-gateway - name: save image for upload run: | - docker save nginx-s3-gateway > oss.tar + docker save nginx-s3-gateway > /tmp/oss.tar - name: Upload artifact - oss uses: actions/upload-artifact@v3 with: From 205fc95ba3f8683b729390a9016b2dda35dae754 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Tue, 9 Jan 2024 21:30:11 -0800 Subject: [PATCH 10/27] add all tests --- .github/workflows/main.yml | 85 +++++++++++++++++++++++++++++++------- 1 file changed, 71 insertions(+), 14 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index dee604dc..2da0aeef 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -104,7 +104,7 @@ jobs: with: name: unprivileged path: /tmp/unprivileged.tar - test: + test-oss: runs-on: ubuntu-latest if: github.ref != 'refs/heads/master' needs: build @@ -141,20 +141,77 @@ jobs: - name: Run tests - stable njs version run: ./test.sh --type oss - # ## Latest NJS test. Requires that we retag the latest njs one as the primary for now - # - name: Load image latest-oss - # run: | - # docker pull localhost:5000/nginx-s3-gateway:latest-njs-oss - # docker tag nginx-s3-gateway:latest-njs-oss nginx-s3-gateway - # - name: Run tests - latest njs version - # run: ./test.sh --latest-njs --type oss + test-latest-njs: + runs-on: ubuntu-latest + if: github.ref != 'refs/heads/master' + needs: test-oss + steps: + - uses: actions/checkout@v4 + ## Start tests. Keep things here because we can't keep the registry between jobs + ## TODO: Try saving the artifact after all are built? What happens to the other archs? + - name: Install dependencies + run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it + - name: Restore cached binaries + id: cache-binaries-restore + uses: actions/cache/restore@v3 + with: + path: .bin + key: ${{ runner.os }}-binaries + - name: Install MinIO Client + run: | + mkdir .bin || exit 0 + cd .bin + curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" + curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - + mv mc.RELEASE.2023-06-19T19-31-19Z mc + chmod +x mc + - name: Download artifact + uses: actions/download-artifact@v3 + with: + name: latest-njs + path: /tmp + - name: Load image + run: | + docker load --input /tmp/latest-njs.tar + docker tag nginx-s3-gateway:latest-njs-oss nginx-s3-gateway + - name: Run tests - latest njs version + run: ./test.sh --latest-njs --type oss - # - name: Load image - unprivilegedp - # run: | - # docker pull localhost:5000/nginx-s3-gateway:unprivileged - # docker tag nginx-s3-gateway:unprivileged nginx-s3-gateway - # - name: Run tests - stable njs version - unprivileged process - # run: ./test.sh --unprivileged --type oss + test-unprivileged: + runs-on: ubuntu-latest + if: github.ref != 'refs/heads/master' + needs: test-oss + steps: + - uses: actions/checkout@v4 + ## Start tests. Keep things here because we can't keep the registry between jobs + ## TODO: Try saving the artifact after all are built? What happens to the other archs? + - name: Install dependencies + run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it + - name: Restore cached binaries + id: cache-binaries-restore + uses: actions/cache/restore@v3 + with: + path: .bin + key: ${{ runner.os }}-binaries + - name: Install MinIO Client + run: | + mkdir .bin || exit 0 + cd .bin + curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" + curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - + mv mc.RELEASE.2023-06-19T19-31-19Z mc + chmod +x mc + - name: Download artifact + uses: actions/download-artifact@v3 + with: + name: unprivileged + path: /tmp + - name: Load image + run: | + docker load --input /tmp/unprivileged.tar + docker tag nginx-s3-gateway:unprivileged nginx-s3-gateway + - name: Run tests - stable njs version - unprivileged process + run: ./test.sh --unprivileged --type oss # build_and_deploy: # runs-on: ubuntu-latest From e0862118d37306e138cc1864e1341953fd17dc6f Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Tue, 9 Jan 2024 21:38:27 -0800 Subject: [PATCH 11/27] correct image name in later tests --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2da0aeef..acbaf0e8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -173,7 +173,7 @@ jobs: - name: Load image run: | docker load --input /tmp/latest-njs.tar - docker tag nginx-s3-gateway:latest-njs-oss nginx-s3-gateway + docker tag localhost:5000/nginx-s3-gateway:latest-njs-oss nginx-s3-gateway - name: Run tests - latest njs version run: ./test.sh --latest-njs --type oss @@ -209,7 +209,7 @@ jobs: - name: Load image run: | docker load --input /tmp/unprivileged.tar - docker tag nginx-s3-gateway:unprivileged nginx-s3-gateway + docker tag localhost:5000/nginx-s3-gateway:unprivileged nginx-s3-gateway - name: Run tests - stable njs version - unprivileged process run: ./test.sh --unprivileged --type oss From 1e32e13b2e11c468acf30965e807d3a1ad534e81 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Wed, 10 Jan 2024 12:03:26 -0800 Subject: [PATCH 12/27] add platforms to all build config --- .github/workflows/main.yml | 57 +++++++++++++++++++++++++++++++++++--- 1 file changed, 53 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index acbaf0e8..5547a7ec 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -51,6 +51,7 @@ jobs: with: # network=host driver-opt needed to push to local registry driver-opts: network=host + platforms: linux/amd64,linux/arm64 - name: Build and export oss image uses: docker/build-push-action@v5 with: @@ -58,6 +59,7 @@ jobs: context: . tags: localhost:5000/nginx-s3-gateway , localhost:5000/nginx-s3-gateway:oss push: true + platforms: linux/amd64,linux/arm64 # Since the above build pushes to the registry only now we load it locally so we can save it # It's not possible with push and save in one go. - name: Load image oss @@ -81,6 +83,7 @@ jobs: tags: localhost:5000/nginx-s3-gateway:latest-njs-oss push: false outputs: type=docker,dest=/tmp/latest-njs.tar + platforms: linux/amd64,linux/arm64 build-contexts: | nginx-s3-gateway=docker-image://localhost:5000/nginx-s3-gateway:oss - name: Upload artifact - latest-njs @@ -97,6 +100,7 @@ jobs: tags: localhost:5000/nginx-s3-gateway:unprivileged push: false outputs: type=docker,dest=/tmp/unprivileged.tar + platforms: linux/amd64,linux/arm64 build-contexts: | nginx-s3-gateway=docker-image://localhost:5000/nginx-s3-gateway:oss - name: Upload artifact - unprivileged @@ -213,11 +217,56 @@ jobs: - name: Run tests - stable njs version - unprivileged process run: ./test.sh --unprivileged --type oss - # build_and_deploy: - # runs-on: ubuntu-latest + tag-and-push: + runs-on: ubuntu-latest + needs: [test-oss, test-latest-njs, test-unprivileged] + + if: | + github.ref == 'refs/heads/master' || + github.ref == 'refs/heads/main' + steps: + - name: Get current date + id: date + run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT + - name: Configure Github Package Registry + run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u $GITHUB_ACTOR --password-stdin + + - name: Download artifact - oss + uses: actions/download-artifact@v3 + with: + name: oss + path: /tmp + - name: Download artifact - latest-njs + uses: actions/download-artifact@v3 + with: + name: latest-njs + path: /tmp + - name: Download artifact - unprivileged + uses: actions/download-artifact@v3 + with: + name: unprivileged + path: /tmp + + - name: Load and retag oss image [oss] + run: | + docker load --input /tmp/oss.tar + docker tag localhost:5000/nginx-s3-gateway docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test + docker tag localhost:5000/nginx-s3-gateway docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-new-build-test + - name: Push container image to github [oss date] + run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test + - name: Push container image to github [oss latest] + run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-new-build-test + - name: Load and retag oss image [latest-njs-oss] + run: | + docker load --input /tmp/latest-njs.tar + docker tag localhost:5000/nginx-s3-gateway::latest-njs-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }}-new-build-test + docker tag localhost:5000/nginx-s3-gateway::latest-njs-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-new-build-test + - name: Push container image to github [latest-njs-oss date] + run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }}-new-build-test + - name: Push container image to github [latest-njs-oss] + run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-new-build-test + - # if: github.ref == 'refs/heads/master' - # steps: # # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it # - uses: actions/checkout@v2 From 4a022b2227484b93fc4b7cfbf8533eb327bc2e11 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Wed, 10 Jan 2024 14:02:47 -0800 Subject: [PATCH 13/27] redo build for base image, try the oci exporter --- .github/workflows/main.yml | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5547a7ec..661bf0d0 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -52,7 +52,9 @@ jobs: # network=host driver-opt needed to push to local registry driver-opts: network=host platforms: linux/amd64,linux/arm64 - - name: Build and export oss image + # Since we can't push and save at the same time we push to the local registry so that + # other builds can have access to the image (loading it does not work with buildx) + - name: Build and push oss image to local registry uses: docker/build-push-action@v5 with: file: Dockerfile.oss @@ -60,15 +62,16 @@ jobs: tags: localhost:5000/nginx-s3-gateway , localhost:5000/nginx-s3-gateway:oss push: true platforms: linux/amd64,linux/arm64 - # Since the above build pushes to the registry only now we load it locally so we can save it - # It's not possible with push and save in one go. - - name: Load image oss - run: | - docker pull localhost:5000/nginx-s3-gateway - docker tag localhost:5000/nginx-s3-gateway nginx-s3-gateway - - name: save image for upload - run: | - docker save nginx-s3-gateway > /tmp/oss.tar + # Build again to export the file locally so we can save all arch versions. + - name: Build and export oss image + uses: docker/build-push-action@v5 + with: + file: Dockerfile.oss + context: . + tags: localhost:5000/nginx-s3-gateway , localhost:5000/nginx-s3-gateway:oss + push: false + outputs: type=oci,dest=/tmp/oss.tar + platforms: linux/amd64,linux/arm64 - name: Upload artifact - oss uses: actions/upload-artifact@v3 with: @@ -82,7 +85,7 @@ jobs: context: . tags: localhost:5000/nginx-s3-gateway:latest-njs-oss push: false - outputs: type=docker,dest=/tmp/latest-njs.tar + outputs: type=oci,dest=/tmp/latest-njs.tar platforms: linux/amd64,linux/arm64 build-contexts: | nginx-s3-gateway=docker-image://localhost:5000/nginx-s3-gateway:oss @@ -99,7 +102,7 @@ jobs: context: . tags: localhost:5000/nginx-s3-gateway:unprivileged push: false - outputs: type=docker,dest=/tmp/unprivileged.tar + outputs: type=oci,dest=/tmp/unprivileged.tar platforms: linux/amd64,linux/arm64 build-contexts: | nginx-s3-gateway=docker-image://localhost:5000/nginx-s3-gateway:oss From 793640f22dcdc59c2a2a73439962911a70ba0045 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Wed, 10 Jan 2024 15:38:09 -0800 Subject: [PATCH 14/27] simplify to just build for test initial stages --- .github/workflows/main.yml | 378 ++++++++++++++++++++++--------------- 1 file changed, 228 insertions(+), 150 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 661bf0d0..c1bbc2b8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -27,98 +27,55 @@ on: jobs: - build: + build-oss-for-test: runs-on: ubuntu-latest - services: - registry: - image: registry:2 - ports: - - 5000:5000 - # Note that uploading the artifact won't work. We will need to build and push it to a local registry. - # See here https://docs.docker.com/build/ci/github-actions/named-contexts/#using-with-a-container-builder - # This person has my problem: https://stackoverflow.com/questions/75831482/how-to-use-a-local-docker-registry2-from-one-job-as-a-container-for-another-job - # The issue is that the docker container that is the registery does not persist between jobs. - # So I"d need to do something dumb like use the artifact upload and download to get to to the next - # step then do it there. - # Time to cut my losses and do it mostly in one run. - if: github.ref != 'refs/heads/master' steps: - uses: actions/checkout@v4 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - with: - # network=host driver-opt needed to push to local registry - driver-opts: network=host - platforms: linux/amd64,linux/arm64 - # Since we can't push and save at the same time we push to the local registry so that - # other builds can have access to the image (loading it does not work with buildx) - - name: Build and push oss image to local registry - uses: docker/build-push-action@v5 - with: - file: Dockerfile.oss - context: . - tags: localhost:5000/nginx-s3-gateway , localhost:5000/nginx-s3-gateway:oss - push: true - platforms: linux/amd64,linux/arm64 - # Build again to export the file locally so we can save all arch versions. - - name: Build and export oss image + - name: Build and export uses: docker/build-push-action@v5 with: file: Dockerfile.oss context: . - tags: localhost:5000/nginx-s3-gateway , localhost:5000/nginx-s3-gateway:oss - push: false - outputs: type=oci,dest=/tmp/oss.tar - platforms: linux/amd64,linux/arm64 - - name: Upload artifact - oss + tags: nginx-s3-gateway , nginx-s3-gateway:oss + outputs: type=docker,dest=/tmp/oss.tar + - name: Upload artifact uses: actions/upload-artifact@v3 with: name: oss path: /tmp/oss.tar - - name: Build and export latest-njs image - uses: docker/build-push-action@v5 - with: - file: Dockerfile.latest-njs - context: . - tags: localhost:5000/nginx-s3-gateway:latest-njs-oss - push: false - outputs: type=oci,dest=/tmp/latest-njs.tar - platforms: linux/amd64,linux/arm64 - build-contexts: | - nginx-s3-gateway=docker-image://localhost:5000/nginx-s3-gateway:oss - - name: Upload artifact - latest-njs - uses: actions/upload-artifact@v3 - with: - name: latest-njs - path: /tmp/latest-njs.tar + # steps: + # - uses: actions/checkout@v4 + # # Build again to export the file locally so we can save all arch versions. + # - name: Build and export oss image + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@v3 + # with: + # driver: docker + # uses: docker/build-push-action@v5 + # with: + # file: Dockerfile.oss + # context: . + # tags: nginx-s3-gateway , nginx-s3-gateway:oss + # load: true + # - name: save image for upload + # run: | + # run: | + # docker save nginx-s3-gateway > oss.tar + # - name: Upload artifact - oss + # uses: actions/upload-artifact@v3 + # with: + # name: oss + # path: /tmp/oss.tar - - name: Build and export - unprivileged - uses: docker/build-push-action@v5 - with: - file: Dockerfile.unprivileged - context: . - tags: localhost:5000/nginx-s3-gateway:unprivileged - push: false - outputs: type=oci,dest=/tmp/unprivileged.tar - platforms: linux/amd64,linux/arm64 - build-contexts: | - nginx-s3-gateway=docker-image://localhost:5000/nginx-s3-gateway:oss - - name: Upload artifact - unprivileged - uses: actions/upload-artifact@v3 - with: - name: unprivileged - path: /tmp/unprivileged.tar test-oss: runs-on: ubuntu-latest if: github.ref != 'refs/heads/master' - needs: build + needs: build-oss-for-test steps: - uses: actions/checkout@v4 - ## Start tests. Keep things here because we can't keep the registry between jobs - ## TODO: Try saving the artifact after all are built? What happens to the other archs? - name: Install dependencies run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it - name: Restore cached binaries @@ -148,50 +105,45 @@ jobs: - name: Run tests - stable njs version run: ./test.sh --type oss - test-latest-njs: + build-latest-njs-for-test: runs-on: ubuntu-latest - if: github.ref != 'refs/heads/master' needs: test-oss steps: - uses: actions/checkout@v4 - ## Start tests. Keep things here because we can't keep the registry between jobs - ## TODO: Try saving the artifact after all are built? What happens to the other archs? - - name: Install dependencies - run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it - - name: Restore cached binaries - id: cache-binaries-restore - uses: actions/cache/restore@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 with: - path: .bin - key: ${{ runner.os }}-binaries - - name: Install MinIO Client - run: | - mkdir .bin || exit 0 - cd .bin - curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" - curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - - mv mc.RELEASE.2023-06-19T19-31-19Z mc - chmod +x mc + driver: docker - name: Download artifact uses: actions/download-artifact@v3 with: - name: latest-njs + name: oss path: /tmp - name: Load image run: | - docker load --input /tmp/latest-njs.tar - docker tag localhost:5000/nginx-s3-gateway:latest-njs-oss nginx-s3-gateway - - name: Run tests - latest njs version - run: ./test.sh --latest-njs --type oss + docker load --input /tmp/oss.tar + - name: Build and load oss image + uses: docker/build-push-action@v5 + with: + file: Dockerfile.latest-njs + context: . + tags: nginx-s3-gateway:latest-njs-oss + load: true + - name: save image + run: | + docker save nginx-s3-gateway:latest-njs-oss > /tmp/latest-njs.tar + - name: Upload artifact - latest-njs + uses: actions/upload-artifact@v3 + with: + name: latest-njs + path: /tmp/latest-njs.tar - test-unprivileged: + test-latest-njs: runs-on: ubuntu-latest if: github.ref != 'refs/heads/master' - needs: test-oss + needs: build-latest-njs-for-test steps: - uses: actions/checkout@v4 - ## Start tests. Keep things here because we can't keep the registry between jobs - ## TODO: Try saving the artifact after all are built? What happens to the other archs? - name: Install dependencies run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it - name: Restore cached binaries @@ -211,63 +163,189 @@ jobs: - name: Download artifact uses: actions/download-artifact@v3 with: - name: unprivileged + name: latest-njs path: /tmp - name: Load image run: | - docker load --input /tmp/unprivileged.tar - docker tag localhost:5000/nginx-s3-gateway:unprivileged nginx-s3-gateway - - name: Run tests - stable njs version - unprivileged process - run: ./test.sh --unprivileged --type oss + docker load --input /tmp/latest-njs.tar + docker tag nginx-s3-gateway:latest-njs-oss nginx-s3-gateway + - name: Run tests - latest njs version + run: ./test.sh --latest-njs --type oss - tag-and-push: - runs-on: ubuntu-latest - needs: [test-oss, test-latest-njs, test-unprivileged] - if: | - github.ref == 'refs/heads/master' || - github.ref == 'refs/heads/main' - steps: - - name: Get current date - id: date - run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT - - name: Configure Github Package Registry - run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u $GITHUB_ACTOR --password-stdin + # - name: Build and export - unprivileged + # uses: docker/build-push-action@v5 + # with: + # file: Dockerfile.unprivileged + # context: . + # tags: localhost:5000/nginx-s3-gateway:unprivileged + # push: false + # outputs: type=oci,dest=/tmp/unprivileged.tar + # platforms: linux/amd64,linux/arm64 + # build-contexts: | + # nginx-s3-gateway=docker-image://localhost:5000/nginx-s3-gateway:oss + # - name: Upload artifact - unprivileged + # uses: actions/upload-artifact@v3 + # with: + # name: unprivileged + # path: /tmp/unprivileged.tar + # test-oss: + # runs-on: ubuntu-latest + # if: github.ref != 'refs/heads/master' + # needs: build + # steps: + # - uses: actions/checkout@v4 + # ## Start tests. Keep things here because we can't keep the registry between jobs + # ## TODO: Try saving the artifact after all are built? What happens to the other archs? + # - name: Install dependencies + # run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it + # - name: Restore cached binaries + # id: cache-binaries-restore + # uses: actions/cache/restore@v3 + # with: + # path: .bin + # key: ${{ runner.os }}-binaries + # - name: Install MinIO Client + # run: | + # mkdir .bin || exit 0 + # cd .bin + # curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" + # curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - + # mv mc.RELEASE.2023-06-19T19-31-19Z mc + # chmod +x mc + + # ## OSS Test. No retagging needed + # - name: Download artifact + # uses: actions/download-artifact@v3 + # with: + # name: oss + # path: /tmp + # - name: Load image + # run: | + # docker load --input /tmp/oss.tar + # - name: Run tests - stable njs version + # run: ./test.sh --type oss + + # test-latest-njs: + # runs-on: ubuntu-latest + # if: github.ref != 'refs/heads/master' + # needs: test-oss + # steps: + # - uses: actions/checkout@v4 + # ## Start tests. Keep things here because we can't keep the registry between jobs + # ## TODO: Try saving the artifact after all are built? What happens to the other archs? + # - name: Install dependencies + # run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it + # - name: Restore cached binaries + # id: cache-binaries-restore + # uses: actions/cache/restore@v3 + # with: + # path: .bin + # key: ${{ runner.os }}-binaries + # - name: Install MinIO Client + # run: | + # mkdir .bin || exit 0 + # cd .bin + # curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" + # curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - + # mv mc.RELEASE.2023-06-19T19-31-19Z mc + # chmod +x mc + # - name: Download artifact + # uses: actions/download-artifact@v3 + # with: + # name: latest-njs + # path: /tmp + # - name: Load image + # run: | + # docker load --input /tmp/latest-njs.tar + # docker tag localhost:5000/nginx-s3-gateway:latest-njs-oss nginx-s3-gateway + # - name: Run tests - latest njs version + # run: ./test.sh --latest-njs --type oss + + # test-unprivileged: + # runs-on: ubuntu-latest + # if: github.ref != 'refs/heads/master' + # needs: test-oss + # steps: + # - uses: actions/checkout@v4 + # ## Start tests. Keep things here because we can't keep the registry between jobs + # ## TODO: Try saving the artifact after all are built? What happens to the other archs? + # - name: Install dependencies + # run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it + # - name: Restore cached binaries + # id: cache-binaries-restore + # uses: actions/cache/restore@v3 + # with: + # path: .bin + # key: ${{ runner.os }}-binaries + # - name: Install MinIO Client + # run: | + # mkdir .bin || exit 0 + # cd .bin + # curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" + # curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - + # mv mc.RELEASE.2023-06-19T19-31-19Z mc + # chmod +x mc + # - name: Download artifact + # uses: actions/download-artifact@v3 + # with: + # name: unprivileged + # path: /tmp + # - name: Load image + # run: | + # docker load --input /tmp/unprivileged.tar + # docker tag localhost:5000/nginx-s3-gateway:unprivileged nginx-s3-gateway + # - name: Run tests - stable njs version - unprivileged process + # run: ./test.sh --unprivileged --type oss + + # tag-and-push: + # runs-on: ubuntu-latest + # needs: [test-oss, test-latest-njs, test-unprivileged] + + # if: | + # github.ref == 'refs/heads/master' || + # github.ref == 'refs/heads/main' + # steps: + # - name: Get current date + # id: date + # run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT + # - name: Configure Github Package Registry + # run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u $GITHUB_ACTOR --password-stdin - - name: Download artifact - oss - uses: actions/download-artifact@v3 - with: - name: oss - path: /tmp - - name: Download artifact - latest-njs - uses: actions/download-artifact@v3 - with: - name: latest-njs - path: /tmp - - name: Download artifact - unprivileged - uses: actions/download-artifact@v3 - with: - name: unprivileged - path: /tmp + # - name: Download artifact - oss + # uses: actions/download-artifact@v3 + # with: + # name: oss + # path: /tmp + # - name: Download artifact - latest-njs + # uses: actions/download-artifact@v3 + # with: + # name: latest-njs + # path: /tmp + # - name: Download artifact - unprivileged + # uses: actions/download-artifact@v3 + # with: + # name: unprivileged + # path: /tmp - - name: Load and retag oss image [oss] - run: | - docker load --input /tmp/oss.tar - docker tag localhost:5000/nginx-s3-gateway docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test - docker tag localhost:5000/nginx-s3-gateway docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-new-build-test - - name: Push container image to github [oss date] - run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test - - name: Push container image to github [oss latest] - run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-new-build-test - - name: Load and retag oss image [latest-njs-oss] - run: | - docker load --input /tmp/latest-njs.tar - docker tag localhost:5000/nginx-s3-gateway::latest-njs-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }}-new-build-test - docker tag localhost:5000/nginx-s3-gateway::latest-njs-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-new-build-test - - name: Push container image to github [latest-njs-oss date] - run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }}-new-build-test - - name: Push container image to github [latest-njs-oss] - run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-new-build-test + # - name: Load and retag oss image [oss] + # run: | + # docker load --input /tmp/oss.tar + # docker tag localhost:5000/nginx-s3-gateway docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test + # docker tag localhost:5000/nginx-s3-gateway docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-new-build-test + # - name: Push container image to github [oss date] + # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test + # - name: Push container image to github [oss latest] + # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-new-build-test + # - name: Load and retag oss image [latest-njs-oss] + # run: | + # docker load --input /tmp/latest-njs.tar + # docker tag localhost:5000/nginx-s3-gateway::latest-njs-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }}-new-build-test + # docker tag localhost:5000/nginx-s3-gateway::latest-njs-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-new-build-test + # - name: Push container image to github [latest-njs-oss date] + # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }}-new-build-test + # - name: Push container image to github [latest-njs-oss] + # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-new-build-test # # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it From c296ad5736a59fbd14af721ed27bfbe67bb13f8f Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Wed, 10 Jan 2024 15:54:36 -0800 Subject: [PATCH 15/27] add unprivileged --- .github/workflows/main.yml | 192 +++++++++++++------------------------ 1 file changed, 68 insertions(+), 124 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c1bbc2b8..8ccd1d0a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -172,132 +172,76 @@ jobs: - name: Run tests - latest njs version run: ./test.sh --latest-njs --type oss + build-unprivileged-for-test: + runs-on: ubuntu-latest + needs: test-oss + steps: + - uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver: docker + - name: Download artifact + uses: actions/download-artifact@v3 + with: + name: oss + path: /tmp + - name: Load image + run: | + docker load --input /tmp/oss.tar + - name: Build and load oss image + uses: docker/build-push-action@v5 + with: + file: Dockerfile.unprivileged + context: . + tags: nginx-s3-gateway:unprivileged-oss + load: true + # Save manually here since we need to use the `docker` buildx `driver` but that can't output + # a file that upload-artifact likes. + - name: save image + run: | + docker save nginx-s3-gateway:unprivileged-oss > /tmp/unprivileged.tar + - name: Upload artifact - unprivileged + uses: actions/upload-artifact@v3 + with: + name: unprivileged + path: /tmp/unprivileged.tar - # - name: Build and export - unprivileged - # uses: docker/build-push-action@v5 - # with: - # file: Dockerfile.unprivileged - # context: . - # tags: localhost:5000/nginx-s3-gateway:unprivileged - # push: false - # outputs: type=oci,dest=/tmp/unprivileged.tar - # platforms: linux/amd64,linux/arm64 - # build-contexts: | - # nginx-s3-gateway=docker-image://localhost:5000/nginx-s3-gateway:oss - # - name: Upload artifact - unprivileged - # uses: actions/upload-artifact@v3 - # with: - # name: unprivileged - # path: /tmp/unprivileged.tar - # test-oss: - # runs-on: ubuntu-latest - # if: github.ref != 'refs/heads/master' - # needs: build - # steps: - # - uses: actions/checkout@v4 - # ## Start tests. Keep things here because we can't keep the registry between jobs - # ## TODO: Try saving the artifact after all are built? What happens to the other archs? - # - name: Install dependencies - # run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it - # - name: Restore cached binaries - # id: cache-binaries-restore - # uses: actions/cache/restore@v3 - # with: - # path: .bin - # key: ${{ runner.os }}-binaries - # - name: Install MinIO Client - # run: | - # mkdir .bin || exit 0 - # cd .bin - # curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" - # curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - - # mv mc.RELEASE.2023-06-19T19-31-19Z mc - # chmod +x mc - - # ## OSS Test. No retagging needed - # - name: Download artifact - # uses: actions/download-artifact@v3 - # with: - # name: oss - # path: /tmp - # - name: Load image - # run: | - # docker load --input /tmp/oss.tar - # - name: Run tests - stable njs version - # run: ./test.sh --type oss - - # test-latest-njs: - # runs-on: ubuntu-latest - # if: github.ref != 'refs/heads/master' - # needs: test-oss - # steps: - # - uses: actions/checkout@v4 - # ## Start tests. Keep things here because we can't keep the registry between jobs - # ## TODO: Try saving the artifact after all are built? What happens to the other archs? - # - name: Install dependencies - # run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it - # - name: Restore cached binaries - # id: cache-binaries-restore - # uses: actions/cache/restore@v3 - # with: - # path: .bin - # key: ${{ runner.os }}-binaries - # - name: Install MinIO Client - # run: | - # mkdir .bin || exit 0 - # cd .bin - # curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" - # curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - - # mv mc.RELEASE.2023-06-19T19-31-19Z mc - # chmod +x mc - # - name: Download artifact - # uses: actions/download-artifact@v3 - # with: - # name: latest-njs - # path: /tmp - # - name: Load image - # run: | - # docker load --input /tmp/latest-njs.tar - # docker tag localhost:5000/nginx-s3-gateway:latest-njs-oss nginx-s3-gateway - # - name: Run tests - latest njs version - # run: ./test.sh --latest-njs --type oss - - # test-unprivileged: - # runs-on: ubuntu-latest - # if: github.ref != 'refs/heads/master' - # needs: test-oss - # steps: - # - uses: actions/checkout@v4 - # ## Start tests. Keep things here because we can't keep the registry between jobs - # ## TODO: Try saving the artifact after all are built? What happens to the other archs? - # - name: Install dependencies - # run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it - # - name: Restore cached binaries - # id: cache-binaries-restore - # uses: actions/cache/restore@v3 - # with: - # path: .bin - # key: ${{ runner.os }}-binaries - # - name: Install MinIO Client - # run: | - # mkdir .bin || exit 0 - # cd .bin - # curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" - # curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - - # mv mc.RELEASE.2023-06-19T19-31-19Z mc - # chmod +x mc - # - name: Download artifact - # uses: actions/download-artifact@v3 - # with: - # name: unprivileged - # path: /tmp - # - name: Load image - # run: | - # docker load --input /tmp/unprivileged.tar - # docker tag localhost:5000/nginx-s3-gateway:unprivileged nginx-s3-gateway - # - name: Run tests - stable njs version - unprivileged process - # run: ./test.sh --unprivileged --type oss + test-unprivileged: + runs-on: ubuntu-latest + if: github.ref != 'refs/heads/master' + needs: build-unprivileged-for-test + steps: + - uses: actions/checkout@v4 + - name: Install dependencies + run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it + - name: Restore cached binaries + id: cache-binaries-restore + uses: actions/cache/restore@v3 + with: + path: .bin + key: ${{ runner.os }}-binaries + - name: Install MinIO Client + run: | + mkdir .bin || exit 0 + cd .bin + curl --insecure --retry 6 --fail --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" + curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - + mv mc.RELEASE.2023-06-19T19-31-19Z mc + chmod +x mc + - name: Download artifact + uses: actions/download-artifact@v3 + with: + name: unprivileged + path: /tmp + - name: Load image + run: | + docker load --input /tmp/unprivileged.tar + docker tag nginx-s3-gateway:unprivileged-oss nginx-s3-gateway + - name: Run tests - unprivileged + run: ./test.sh --unprivileged --type oss +# After the tests are done, build multiarch and push to both github packages and dockerhub if we are on master/main # tag-and-push: # runs-on: ubuntu-latest # needs: [test-oss, test-latest-njs, test-unprivileged] From c5aa0c094a6e045058ef4bd91e733a5bd9f7f134 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Thu, 11 Jan 2024 11:57:06 -0800 Subject: [PATCH 16/27] add push job --- .github/workflows/main.yml | 60 +++++++++++++++++++++++++------------- 1 file changed, 39 insertions(+), 21 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8ccd1d0a..00d6f70b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -242,29 +242,47 @@ jobs: run: ./test.sh --unprivileged --type oss # After the tests are done, build multiarch and push to both github packages and dockerhub if we are on master/main - # tag-and-push: - # runs-on: ubuntu-latest - # needs: [test-oss, test-latest-njs, test-unprivileged] + tag-and-push: + runs-on: ubuntu-latest + needs: [test-oss, test-latest-njs, test-unprivileged] - # if: | - # github.ref == 'refs/heads/master' || - # github.ref == 'refs/heads/main' - # steps: - # - name: Get current date - # id: date - # run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT - # - name: Configure Github Package Registry - # run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u $GITHUB_ACTOR --password-stdin + # if: | + # github.ref == 'refs/heads/master' || + # github.ref == 'refs/heads/main' + steps: + - uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + platforms: linux/amd64,linux/arm64 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push oss image to local registry + uses: docker/build-push-action@v5 + with: + file: Dockerfile.oss + context: . + push: true + platforms: linux/amd64,linux/arm64 + tags: | + # nginxinc/nginx-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test + # nginxinc/nginx-s3-gateway:latest-new-build-test + ghcr.io/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test + ghcr.io/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-new-build-test - # - name: Download artifact - oss - # uses: actions/download-artifact@v3 - # with: - # name: oss - # path: /tmp - # - name: Download artifact - latest-njs - # uses: actions/download-artifact@v3 - # with: - # name: latest-njs + # path: /tmp # - name: Download artifact - unprivileged # uses: actions/download-artifact@v3 From d79d4bdd39b7c232bf57547a760703fb5ac2aa7f Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Thu, 11 Jan 2024 12:18:55 -0800 Subject: [PATCH 17/27] fix bad comments --- .github/workflows/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 00d6f70b..f3cb45ac 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -277,11 +277,12 @@ jobs: push: true platforms: linux/amd64,linux/arm64 tags: | - # nginxinc/nginx-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test - # nginxinc/nginx-s3-gateway:latest-new-build-test ghcr.io/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test ghcr.io/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-new-build-test + # Dockerhub tags + # nginxinc/nginx-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test + # nginxinc/nginx-s3-gateway:latest-new-build-test # path: /tmp # - name: Download artifact - unprivileged From fc657e75767fceb7a2408f36f6777b6a55d8d754 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Thu, 11 Jan 2024 12:27:01 -0800 Subject: [PATCH 18/27] fix missing date --- .github/workflows/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f3cb45ac..d87df340 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -251,6 +251,9 @@ jobs: # github.ref == 'refs/heads/main' steps: - uses: actions/checkout@v4 + - name: Get current date + id: date + run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx From 62813ca5894933cad165dcda99423c3fac9b1eb5 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Thu, 11 Jan 2024 13:02:24 -0800 Subject: [PATCH 19/27] get interpolation right in docker tag --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d87df340..248f7bb5 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -280,8 +280,8 @@ jobs: push: true platforms: linux/amd64,linux/arm64 tags: | - ghcr.io/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test - ghcr.io/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-new-build-test + ghcr.io/${{ GITHUB_REPOSITORY }}/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test + ghcr.io/${{ GITHUB_REPOSITORY }}/nginx-oss-s3-gateway:latest-new-build-test # Dockerhub tags # nginxinc/nginx-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test From 2569856da62d1cca20313354f19de70bf520acf1 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Thu, 11 Jan 2024 13:25:51 -0800 Subject: [PATCH 20/27] try moving to github.repository --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 248f7bb5..a6249edb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -280,8 +280,8 @@ jobs: push: true platforms: linux/amd64,linux/arm64 tags: | - ghcr.io/${{ GITHUB_REPOSITORY }}/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test - ghcr.io/${{ GITHUB_REPOSITORY }}/nginx-oss-s3-gateway:latest-new-build-test + ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test + ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:latest-new-build-test # Dockerhub tags # nginxinc/nginx-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test From 452d23bed6695e6cac05408617a623dd54e78272 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Thu, 11 Jan 2024 14:21:27 -0800 Subject: [PATCH 21/27] clean up test script --- .github/workflows/main.yml | 229 +++++++++---------------------------- test.sh | 64 ++++++----- 2 files changed, 90 insertions(+), 203 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a6249edb..19aae0e6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -4,27 +4,31 @@ name: CI # events but only for the master branch on: push: - # temporarily run on every push for testing - # branches: [ master ] - # pull_request: - # branches: [ master ] + temporarily run on every push for testing + branches: [ master ] + pull_request: + branches: [ master ] -# A workflow run is made up of one or more jobs that can run sequentially or in parallel +env: + CI: true +# Job progression. We make sure that the base image [oss] builds and passes tests before kicking off the other builds - # ┌──────────────────┐ ┌────────────────┐ ┌────────────────┐ - # ┌─────────┐ ┌─────────┬────► Build Latest NJS ├────────►Test Latest NJS ├─────►│Push Latest NJS │ - # │Build OSS├────►│Test OSS │ └──────────────────┘ └────────────────┘ └────────────────┘ - # └─────────┘ └──┬──────┤ - # │ │ ┌──────────────────┐ ┌──────────────────┐ ┌─────────────────┐ - # │ └────►Build Unprivileged├───────►Test Unprivileged ├────►│Push Unprivileged│ - # │ └──────────────────┘ └──────────────────┘ ├────────┬────────┘ - # │ ├────────┤ - # └──────────────────────────────────────────────────────────────►│Push OSS│ - # └────────┘ + # ┌──────────────────┐ ┌────────────────┐ ┌────────────────┐ + # ┌─────────┐ ┌─────────┬────► Build Latest NJS ├────────►Test Latest NJS ├─────►│Push Latest NJS │ + # │Build OSS├────►│Test OSS │ └──────────────────┘ └────────────────┘ └────────────────┘ + # └─────────┘ └──┬──────┤ + # │ │ ┌──────────────────┐ ┌──────────────────┐ ┌─────────────────┐ + # │ └────►Build Unprivileged├───────►Test Unprivileged ├────►│Push Unprivileged│ + # │ └──────────────────┘ └──────────────────┘ ├────────┬────────┘ + # │ ├────────┤ + # └──────────────────────────────────────────────────────────────►│Push OSS│ + # └────────┘ +# As a last step, if we are on the main/master branch, multi-architecture images will be built and pushed to github packages +# and docker hub jobs: build-oss-for-test: @@ -46,30 +50,6 @@ jobs: name: oss path: /tmp/oss.tar - # steps: - # - uses: actions/checkout@v4 - # # Build again to export the file locally so we can save all arch versions. - # - name: Build and export oss image - # - name: Set up Docker Buildx - # uses: docker/setup-buildx-action@v3 - # with: - # driver: docker - # uses: docker/build-push-action@v5 - # with: - # file: Dockerfile.oss - # context: . - # tags: nginx-s3-gateway , nginx-s3-gateway:oss - # load: true - # - name: save image for upload - # run: | - # run: | - # docker save nginx-s3-gateway > oss.tar - # - name: Upload artifact - oss - # uses: actions/upload-artifact@v3 - # with: - # name: oss - # path: /tmp/oss.tar - test-oss: runs-on: ubuntu-latest if: github.ref != 'refs/heads/master' @@ -93,7 +73,6 @@ jobs: mv mc.RELEASE.2023-06-19T19-31-19Z mc chmod +x mc - ## OSS Test. No retagging needed - name: Download artifact uses: actions/download-artifact@v3 with: @@ -129,6 +108,8 @@ jobs: context: . tags: nginx-s3-gateway:latest-njs-oss load: true + # Save manually here since we need to use the `docker` buildx `driver` but that can't output + # a file that upload-artifact likes. - name: save image run: | docker save nginx-s3-gateway:latest-njs-oss > /tmp/latest-njs.tar @@ -246,9 +227,9 @@ jobs: runs-on: ubuntu-latest needs: [test-oss, test-latest-njs, test-unprivileged] - # if: | - # github.ref == 'refs/heads/master' || - # github.ref == 'refs/heads/main' + if: | + github.ref == 'refs/heads/master' || + github.ref == 'refs/heads/main' steps: - uses: actions/checkout@v4 - name: Get current date @@ -272,142 +253,44 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push oss image to local registry + - name: Build and push image [oss] uses: docker/build-push-action@v5 with: file: Dockerfile.oss context: . push: true platforms: linux/amd64,linux/arm64 + provenance: false tags: | - ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test - ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:latest-new-build-test - - # Dockerhub tags - # nginxinc/nginx-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test - # nginxinc/nginx-s3-gateway:latest-new-build-test - - # path: /tmp - # - name: Download artifact - unprivileged - # uses: actions/download-artifact@v3 - # with: - # name: unprivileged - # path: /tmp - - # - name: Load and retag oss image [oss] - # run: | - # docker load --input /tmp/oss.tar - # docker tag localhost:5000/nginx-s3-gateway docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test - # docker tag localhost:5000/nginx-s3-gateway docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-new-build-test - # - name: Push container image to github [oss date] - # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }}-new-build-test - # - name: Push container image to github [oss latest] - # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-new-build-test - # - name: Load and retag oss image [latest-njs-oss] - # run: | - # docker load --input /tmp/latest-njs.tar - # docker tag localhost:5000/nginx-s3-gateway::latest-njs-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }}-new-build-test - # docker tag localhost:5000/nginx-s3-gateway::latest-njs-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-new-build-test - # - name: Push container image to github [latest-njs-oss date] - # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }}-new-build-test - # - name: Push container image to github [latest-njs-oss] - # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-new-build-test - - - # # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - # - uses: actions/checkout@v2 - - # - name: Get current date - # id: date - # run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT - # - name: Configure Github Package Registry - # run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u $GITHUB_ACTOR --password-stdin + ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }} + ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:latest + nginxinc/nginx-s3-gateway:latest-${{ steps.date.outputs.date }} + nginxinc/nginx-s3-gateway:latest - # - name: Install dependencies - # run: sudo apt-get update -qq && sudo apt-get install -y curl wait-for-it - # - name: Restore cached binaries - # id: cache-binaries-restore - # uses: actions/cache/restore@v3 - # with: - # path: .bin - # key: ${{ runner.os }}-binaries - # - name: Install MinIO Client - # run: | - # mkdir .bin || exit 0 - # cd .bin - # curl --insecure --retry 6 --fail --silent --location --output mc.RELEASE.2023-06-19T19-31-19Z "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z" - # curl --insecure --retry 6 --fail --silent --location "https://dl.min.io/client/mc/release/linux-$(dpkg --print-architecture)/archive/mc.RELEASE.2023-06-19T19-31-19Z.sha256sum" | sha256sum --check - - # mv mc.RELEASE.2023-06-19T19-31-19Z mc - # chmod +x mc - - # # Run tests and builds image - # - name: Run tests - latest njs version - # run: ./test.sh --latest-njs --type oss - # # latest-njs-oss image push [Github] - # - name: Tag container image for Push to github [latest-njs-oss date] - # run: docker tag nginx-s3-gateway:latest-njs-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} - # - name: Tag container image for Push to github [latest-njs-oss] - # run: docker tag nginx-s3-gateway:latest-njs-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss - # - name: Push container image to github [latest-njs-oss date] - # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} - # - name: Push container image to github [latest-njs-oss] - # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-njs-oss - - # # Run tests and builds image - # - name: Run tests - stable njs version - unprivileged process - # run: ./test.sh --unprivileged --type oss - # # unprivileged-oss image push [Github] - # - name: Tag container image for Push to github [unprivileged-oss date] - # run: docker tag nginx-s3-gateway:unprivileged-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} - # - name: Tag container image for Push to github [unprivileged-oss] - # run: docker tag nginx-s3-gateway:unprivileged-oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:unprivileged-oss - # - name: Push container image to github [unprivileged-oss date] - # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} - # - name: Push container image to github [unprivileged-oss] - # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:unprivileged-oss + - name: Build and push image [latest-njs] + uses: docker/build-push-action@v5 + with: + file: Dockerfile.latest-njs + context: . + push: true + platforms: linux/amd64,linux/arm64 + provenance: false + tags: | + ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} + ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:latest-njs-oss + nginxinc/nginx-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} + nginxinc/nginx-s3-gateway:latest-njs-oss - # # Run tests and builds image - # - name: Run tests - stable njs version - # run: ./test.sh --type oss - # # oss image push [Github] - # - name: Tag container image for Push to github [oss date] - # run: docker tag nginx-s3-gateway:oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }} - # - name: Tag container image for Push to github [oss] - # run: docker tag nginx-s3-gateway:oss docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest - # - name: Push container image to github [oss date] - # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest-${{ steps.date.outputs.date }} - # - name: Push container image to github [oss latest] - # run: docker push docker.pkg.github.com/$GITHUB_REPOSITORY/nginx-oss-s3-gateway:latest - # # Login to Docker Hub - # - name: Login to Docker Hub - # uses: docker/login-action@v1 - # with: - # username: ${{ secrets.DOCKER_HUB_USERNAME }} - # password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - # # latest-njs-oss image push [Docker Hub] - # - name: Tag container image for Push to Docker Hub [latest-njs-oss date] - # run: docker tag nginx-s3-gateway:latest-njs-oss nginxinc/nginx-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} - # - name: Tag container image for Push to Docker Hub [latest-njs-oss] - # run: docker tag nginx-s3-gateway:latest-njs-oss nginxinc/nginx-s3-gateway:latest-njs-oss - # - name: Push container image to Docker Hub [latest-njs-oss date] - # run: docker push nginxinc/nginx-s3-gateway:latest-njs-oss-${{ steps.date.outputs.date }} - # - name: Push container image to Docker Hub [latest-njs-oss] - # run: docker push nginxinc/nginx-s3-gateway:latest-njs-oss - # # unprivileged-oss image push [Docker Hub] - # - name: Tag container image for Push to Docker Hub [unprivileged-oss date] - # run: docker tag nginx-s3-gateway:unprivileged-oss nginxinc/nginx-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} - # - name: Tag container image for Push to Docker Hub [unprivileged-oss] - # run: docker tag nginx-s3-gateway:unprivileged-oss nginxinc/nginx-s3-gateway:unprivileged-oss - # - name: Push container image to Docker Hub [unprivileged-oss date] - # run: docker push nginxinc/nginx-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} - # - name: Push container image to Docker Hub [unprivileged-oss] - # run: docker push nginxinc/nginx-s3-gateway:unprivileged-oss - # # oss image push [Docker Hub] - # - name: Tag container image for Push to Docker Hub [oss date] - # run: docker tag nginx-s3-gateway:oss nginxinc/nginx-s3-gateway:latest-${{ steps.date.outputs.date }} - # - name: Tag container image for Push to Docker Hub [oss] - # run: docker tag nginx-s3-gateway:oss nginxinc/nginx-s3-gateway:latest - # - name: Push container image to Docker Hub [oss date] - # run: docker push nginxinc/nginx-s3-gateway:latest-${{ steps.date.outputs.date }} - # - name: Push container image to Docker Hub [oss latest] - # run: docker push nginxinc/nginx-s3-gateway:latest + - name: Build and push image [unprivileged] + uses: docker/build-push-action@v5 + with: + file: Dockerfile.unprivileged + context: . + push: true + platforms: linux/amd64,linux/arm64 + provenance: false + tags: | + ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} + ghcr.io/${{ github.repository }}/nginx-oss-s3-gateway:unprivileged-oss + nginxinc/nginx-s3-gateway:unprivileged-oss-${{ steps.date.outputs.date }} + nginxinc/nginx-s3-gateway:unprivileged-oss diff --git a/test.sh b/test.sh index e8036d07..24fdf8e8 100755 --- a/test.sh +++ b/test.sh @@ -297,36 +297,40 @@ trap finish EXIT ERR SIGTERM SIGINT ### BUILD -# p "Building NGINX S3 gateway Docker image" -# if [ "${nginx_type}" = "plus" ]; then -# if docker buildx > /dev/null 2>&1; then -# p "Building using BuildKit" -# export DOCKER_BUILDKIT=1 -# docker buildx build -f Dockerfile.buildkit.${nginx_type} \ -# --secret id=nginx-crt,src=plus/etc/ssl/nginx/nginx-repo.crt \ -# --secret id=nginx-key,src=plus/etc/ssl/nginx/nginx-repo.key \ -# --no-cache \ -# --tag nginx-s3-gateway --tag nginx-s3-gateway:${nginx_type} . -# else -# docker build -f Dockerfile.${nginx_type} \ -# --tag nginx-s3-gateway --tag nginx-s3-gateway:${nginx_type} . -# fi -# else -# docker build -f Dockerfile.${nginx_type} \ -# --tag nginx-s3-gateway --tag nginx-s3-gateway:${nginx_type} . -# fi - -# if [ ${njs_latest} -eq 1 ]; then -# p "Layering in latest NJS build" -# docker build -f Dockerfile.latest-njs \ -# --tag nginx-s3-gateway --tag nginx-s3-gateway:latest-njs-${nginx_type} . -# fi - -# if [ ${unprivileged} -eq 1 ]; then -# p "Layering in unprivileged build" -# docker build -f Dockerfile.unprivileged \ -# --tag nginx-s3-gateway --tag nginx-s3-gateway:unprivileged-${nginx_type} . -# fi +if [ "$CI" = "true" ]; then + echo "Skipping docker image build due to CI=true" +else + p "Building NGINX S3 gateway Docker image" + if [ "${nginx_type}" = "plus" ]; then + if docker buildx > /dev/null 2>&1; then + p "Building using BuildKit" + export DOCKER_BUILDKIT=1 + docker buildx build -f Dockerfile.buildkit.${nginx_type} \ + --secret id=nginx-crt,src=plus/etc/ssl/nginx/nginx-repo.crt \ + --secret id=nginx-key,src=plus/etc/ssl/nginx/nginx-repo.key \ + --no-cache \ + --tag nginx-s3-gateway --tag nginx-s3-gateway:${nginx_type} . + else + docker build -f Dockerfile.${nginx_type} \ + --tag nginx-s3-gateway --tag nginx-s3-gateway:${nginx_type} . + fi + else + docker build -f Dockerfile.${nginx_type} \ + --tag nginx-s3-gateway --tag nginx-s3-gateway:${nginx_type} . + fi + + if [ ${njs_latest} -eq 1 ]; then + p "Layering in latest NJS build" + docker build -f Dockerfile.latest-njs \ + --tag nginx-s3-gateway --tag nginx-s3-gateway:latest-njs-${nginx_type} . + fi + + if [ ${unprivileged} -eq 1 ]; then + p "Layering in unprivileged build" + docker build -f Dockerfile.unprivileged \ + --tag nginx-s3-gateway --tag nginx-s3-gateway:unprivileged-${nginx_type} . + fi +fi ### UNIT TESTS From 15fb908c2c02b30b28725f0973686f96f0bf00bf Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Thu, 11 Jan 2024 14:34:47 -0800 Subject: [PATCH 22/27] remove syntax error --- .github/workflows/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 19aae0e6..515eaf2c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -4,7 +4,6 @@ name: CI # events but only for the master branch on: push: - temporarily run on every push for testing branches: [ master ] pull_request: branches: [ master ] From fc4dd27c903a28c76bfd4ec393f2205b89dd2d58 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Thu, 11 Jan 2024 14:42:58 -0800 Subject: [PATCH 23/27] remove branch restrictions on test jobs. They should run always --- .github/workflows/main.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 515eaf2c..6e329c59 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -51,7 +51,6 @@ jobs: test-oss: runs-on: ubuntu-latest - if: github.ref != 'refs/heads/master' needs: build-oss-for-test steps: - uses: actions/checkout@v4 @@ -120,7 +119,6 @@ jobs: test-latest-njs: runs-on: ubuntu-latest - if: github.ref != 'refs/heads/master' needs: build-latest-njs-for-test steps: - uses: actions/checkout@v4 @@ -189,7 +187,6 @@ jobs: test-unprivileged: runs-on: ubuntu-latest - if: github.ref != 'refs/heads/master' needs: build-unprivileged-for-test steps: - uses: actions/checkout@v4 From 590c3e46a2c62b1d647eaa4a4ba49f1d5015d711 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Fri, 12 Jan 2024 12:17:29 -0800 Subject: [PATCH 24/27] ensure runner version, set explicit artifact retention period --- .github/workflows/main.yml | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6e329c59..0a45c5c4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -31,7 +31,7 @@ env: jobs: build-oss-for-test: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - name: Set up Docker Buildx @@ -47,10 +47,12 @@ jobs: uses: actions/upload-artifact@v3 with: name: oss - path: /tmp/oss.tar + path: $TMPDIR/oss.tar + retention-days: 1 + if-no-files-found: error test-oss: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: build-oss-for-test steps: - uses: actions/checkout@v4 @@ -83,7 +85,7 @@ jobs: run: ./test.sh --type oss build-latest-njs-for-test: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: test-oss steps: - uses: actions/checkout@v4 @@ -116,9 +118,11 @@ jobs: with: name: latest-njs path: /tmp/latest-njs.tar + retention-days: 1 + if-no-files-found: error test-latest-njs: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: build-latest-njs-for-test steps: - uses: actions/checkout@v4 @@ -151,7 +155,7 @@ jobs: run: ./test.sh --latest-njs --type oss build-unprivileged-for-test: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: test-oss steps: - uses: actions/checkout@v4 @@ -184,9 +188,11 @@ jobs: with: name: unprivileged path: /tmp/unprivileged.tar + retention-days: 1 + if-no-files-found: error test-unprivileged: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: build-unprivileged-for-test steps: - uses: actions/checkout@v4 @@ -220,7 +226,7 @@ jobs: # After the tests are done, build multiarch and push to both github packages and dockerhub if we are on master/main tag-and-push: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: [test-oss, test-latest-njs, test-unprivileged] if: | From 8182945cbe703e47e3019b92d68704723c4808b9 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Fri, 12 Jan 2024 12:20:30 -0800 Subject: [PATCH 25/27] fix temp dir --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0a45c5c4..a4bdc91c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -47,7 +47,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: oss - path: $TMPDIR/oss.tar + path: /tmp/oss.tar retention-days: 1 if-no-files-found: error From fa22c864695bc37b358a253d854523b413a55bae Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Fri, 12 Jan 2024 12:35:13 -0800 Subject: [PATCH 26/27] try using the runner temp for file upload and download --- .github/workflows/main.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a4bdc91c..f9a84111 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -47,7 +47,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: oss - path: /tmp/oss.tar + path: ${{ runner.temp }}/oss.tar retention-days: 1 if-no-files-found: error @@ -77,7 +77,7 @@ jobs: uses: actions/download-artifact@v3 with: name: oss - path: /tmp + path: ${{ runner.temp }} - name: Load image run: | docker load --input /tmp/oss.tar @@ -97,7 +97,7 @@ jobs: uses: actions/download-artifact@v3 with: name: oss - path: /tmp + path: ${{ runner.temp }} - name: Load image run: | docker load --input /tmp/oss.tar @@ -117,7 +117,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: latest-njs - path: /tmp/latest-njs.tar + path: ${{ runner.temp }}/latest-njs.tar retention-days: 1 if-no-files-found: error @@ -146,7 +146,7 @@ jobs: uses: actions/download-artifact@v3 with: name: latest-njs - path: /tmp + path: ${{ runner.temp }} - name: Load image run: | docker load --input /tmp/latest-njs.tar @@ -167,7 +167,7 @@ jobs: uses: actions/download-artifact@v3 with: name: oss - path: /tmp + path: ${{ runner.temp }} - name: Load image run: | docker load --input /tmp/oss.tar @@ -187,7 +187,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: unprivileged - path: /tmp/unprivileged.tar + path: ${{ runner.temp }}/unprivileged.tar retention-days: 1 if-no-files-found: error @@ -216,7 +216,7 @@ jobs: uses: actions/download-artifact@v3 with: name: unprivileged - path: /tmp + path: ${{ runner.temp }} - name: Load image run: | docker load --input /tmp/unprivileged.tar From bb364c0e0583d03eb822fea5ba646b84c5372173 Mon Sep 17 00:00:00 2001 From: Javier Evans Date: Fri, 12 Jan 2024 12:37:38 -0800 Subject: [PATCH 27/27] use the temp variable all the places --- .github/workflows/main.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f9a84111..6cd9263c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,7 +42,7 @@ jobs: file: Dockerfile.oss context: . tags: nginx-s3-gateway , nginx-s3-gateway:oss - outputs: type=docker,dest=/tmp/oss.tar + outputs: type=docker,dest=${{ runner.temp }}/oss.tar - name: Upload artifact uses: actions/upload-artifact@v3 with: @@ -80,7 +80,7 @@ jobs: path: ${{ runner.temp }} - name: Load image run: | - docker load --input /tmp/oss.tar + docker load --input ${{ runner.temp }}/oss.tar - name: Run tests - stable njs version run: ./test.sh --type oss @@ -100,7 +100,7 @@ jobs: path: ${{ runner.temp }} - name: Load image run: | - docker load --input /tmp/oss.tar + docker load --input ${{ runner.temp }}/oss.tar - name: Build and load oss image uses: docker/build-push-action@v5 with: @@ -112,7 +112,7 @@ jobs: # a file that upload-artifact likes. - name: save image run: | - docker save nginx-s3-gateway:latest-njs-oss > /tmp/latest-njs.tar + docker save nginx-s3-gateway:latest-njs-oss > ${{ runner.temp }}/latest-njs.tar - name: Upload artifact - latest-njs uses: actions/upload-artifact@v3 with: @@ -149,7 +149,7 @@ jobs: path: ${{ runner.temp }} - name: Load image run: | - docker load --input /tmp/latest-njs.tar + docker load --input ${{ runner.temp }}/latest-njs.tar docker tag nginx-s3-gateway:latest-njs-oss nginx-s3-gateway - name: Run tests - latest njs version run: ./test.sh --latest-njs --type oss @@ -170,7 +170,7 @@ jobs: path: ${{ runner.temp }} - name: Load image run: | - docker load --input /tmp/oss.tar + docker load --input ${{ runner.temp }}/oss.tar - name: Build and load oss image uses: docker/build-push-action@v5 with: @@ -182,7 +182,7 @@ jobs: # a file that upload-artifact likes. - name: save image run: | - docker save nginx-s3-gateway:unprivileged-oss > /tmp/unprivileged.tar + docker save nginx-s3-gateway:unprivileged-oss > ${{ runner.temp }}/unprivileged.tar - name: Upload artifact - unprivileged uses: actions/upload-artifact@v3 with: @@ -219,7 +219,7 @@ jobs: path: ${{ runner.temp }} - name: Load image run: | - docker load --input /tmp/unprivileged.tar + docker load --input ${{ runner.temp }}/unprivileged.tar docker tag nginx-s3-gateway:unprivileged-oss nginx-s3-gateway - name: Run tests - unprivileged run: ./test.sh --unprivileged --type oss