From 412df03100dc2b255f3d553ccc81280c6bc352cd Mon Sep 17 00:00:00 2001 From: Daniel Schmidt Date: Tue, 28 Oct 2025 15:43:05 -0700 Subject: [PATCH] Adds GitHub Actions workflows --- .github/workflows/build.yml | 188 ++++++++++++++++++++++++++++++++++ .github/workflows/release.yml | 59 +++++++++++ Jenkinsfile | 9 -- docker-compose.ci.yml | 14 +++ docker-compose.yml | 3 +- spec/slack_notifier_spec.rb | 2 +- spec/watcher_spec.rb | 2 +- 7 files changed, 264 insertions(+), 13 deletions(-) create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/release.yml delete mode 100644 Jenkinsfile create mode 100644 docker-compose.ci.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..e86e9b8 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,188 @@ +name: Build / Test / Push + +on: + push: + branches: + - '**' + workflow_dispatch: + +env: + BUILD_SUFFIX: -build-${{ github.run_id }}_${{ github.run_attempt }} + DOCKER_METADATA_SET_OUTPUT_ENV: 'true' + +jobs: + build: + runs-on: ${{ matrix.runner }} + outputs: + image-arm64: ${{ steps.gen-output.outputs.image-arm64 }} + image-x64: ${{ steps.gen-output.outputs.image-x64 }} + strategy: + fail-fast: false + matrix: + runner: + - ubuntu-24.04 + - ubuntu-24.04-arm + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - id: build-meta + name: Docker meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + tags: type=sha,suffix=${{ env.BUILD_SUFFIX }} + + # Build cache is shared among all builds of the same architecture + - id: cache-meta + name: Docker meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + tags: type=raw,value=buildcache-${{ runner.arch }} + + - id: get-registry + name: Get the sanitized registry name + run: | + echo "registry=$(echo '${{ steps.build-meta.outputs.tags }}' | cut -f1 -d:)" | tee -a "$GITHUB_OUTPUT" + + - id: build + name: Build/push the arch-specific image + uses: docker/build-push-action@v6 + with: + cache-from: type=registry,ref=${{ steps.cache-meta.outputs.tags }} + cache-to: type=registry,ref=${{ steps.cache-meta.outputs.tags }},mode=max + labels: ${{ steps.build-meta.outputs.labels }} + provenance: mode=max + sbom: true + tags: ${{ steps.get-registry.outputs.registry }} + outputs: type=image,push-by-digest=true,push=true + + - id: gen-output + name: Write arch-specific image digest to outputs + run: | + echo "image-${RUNNER_ARCH,,}=${{ steps.get-registry.outputs.registry }}@${{ steps.build.outputs.digest }}" | tee -a "$GITHUB_OUTPUT" + + merge: + runs-on: ubuntu-24.04 + needs: build + env: + DOCKER_APP_IMAGE_ARM64: ${{ needs.build.outputs.image-arm64 }} + DOCKER_APP_IMAGE_X64: ${{ needs.build.outputs.image-x64 }} + outputs: + image: ${{ steps.meta.outputs.tags }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - id: meta + name: Generate tag for the app image + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + tags: type=sha,suffix=${{ env.BUILD_SUFFIX }} + + - name: Push the multi-platform app image + run: | + docker buildx imagetools create \ + --tag "$DOCKER_METADATA_OUTPUT_TAGS" \ + "$DOCKER_APP_IMAGE_ARM64" "$DOCKER_APP_IMAGE_X64" + + test: + runs-on: ubuntu-24.04 + needs: merge + env: + COMPOSE_FILE: docker-compose.yml:docker-compose.ci.yml + DOCKER_APP_IMAGE: ${{ needs.merge.outputs.image }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Compose + uses: docker/setup-compose-action@v1 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Setup the stack + run: | + docker compose up --wait + docker swarm init + docker stack deploy -c beekeeper.yml beekeeper + sleep 15 + + - name: Run RSpec + run: | + docker compose run --rm app rspec + + - name: Copy out artifacts + if: ${{ always() }} + run: | + docker compose cp app:/opt/app/artifacts ./ + docker compose logs > artifacts/docker-compose-services.log + docker compose config > artifacts/docker-compose.yml + + - name: Upload the test report + if: ${{ always() }} + uses: actions/upload-artifact@v4 + with: + name: Beekeeper Build Report (${{ github.run_id }}_${{ github.run_attempt }}) + path: artifacts/* + if-no-files-found: error + + push: + runs-on: ubuntu-24.04 + needs: + - merge + - test + env: + DOCKER_APP_IMAGE: ${{ needs.merge.outputs.image }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Produce permanent image tags + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + tags: | + type=sha + type=ref,event=branch + type=raw,value=latest,enable={{is_default_branch}} + + - name: Retag and push the image + run: | + docker pull "$DOCKER_APP_IMAGE" + echo "$DOCKER_METADATA_OUTPUT_TAGS" | tr ' ' '\n' | xargs -n1 docker tag "$DOCKER_APP_IMAGE" + docker push --all-tags "$(echo "$DOCKER_APP_IMAGE" | cut -f1 -d:)" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..5d90890 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,59 @@ +name: Push Release Tags + +on: + push: + tags: + - '**' + workflow_dispatch: + +env: + DOCKER_METADATA_SET_OUTPUT_ENV: 'true' + +jobs: + retag: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Determine the sha-based image tag to retag + id: get-base-image + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + tags: type=sha + + - name: Verify that the image was previously built + env: + BASE_IMAGE: ${{ steps.get-base-image.outputs.tags }} + run: | + docker pull "$BASE_IMAGE" + + - name: Produce release tags + id: tag-meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + flavor: latest=false + tags: | + type=ref,event=tag + type=semver,pattern={{major}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{version}} + + - name: Retag the pulled image + env: + BASE_IMAGE: ${{ steps.get-base-image.outputs.tags }} + run: | + echo "$DOCKER_METADATA_OUTPUT_TAGS" | tr ' ' '\n' | xargs -n1 docker tag "$BASE_IMAGE" + docker push --all-tags "$(echo "$BASE_IMAGE" | cut -f1 -d:)" diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index f8e50d0..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,9 +0,0 @@ -dockerComposePipeline( - commands: ['rspec'], - artifacts: [ - junit: 'artifacts/rspec/specs.xml', - html: [ - 'Code Coverage': 'artifacts/coverage', - ] - ] -) diff --git a/docker-compose.ci.yml b/docker-compose.ci.yml new file mode 100644 index 0000000..928b51b --- /dev/null +++ b/docker-compose.ci.yml @@ -0,0 +1,14 @@ +services: + app: + build: !reset + command: tail -f /dev/null + image: ${DOCKER_APP_IMAGE} + environment: !override + - RSPEC_DOCKER=true + secrets: !reset + volumes: !override + - artifacts:/opt/app/artifacts + - /var/run/docker.sock:/var/run/docker.sock + +volumes: + artifacts: diff --git a/docker-compose.yml b/docker-compose.yml index 099502e..c856e37 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,3 @@ ---- - services: app: build: . @@ -12,6 +10,7 @@ services: secrets: - source: .env target: /opt/app/.env + privileged: true volumes: - ./:/opt/app - /var/run/docker.sock:/var/run/docker.sock diff --git a/spec/slack_notifier_spec.rb b/spec/slack_notifier_spec.rb index c8d84b3..7e9f8a7 100644 --- a/spec/slack_notifier_spec.rb +++ b/spec/slack_notifier_spec.rb @@ -33,7 +33,7 @@ def new_event(exit_code: 1, watchers: nil, service_name: nil) attrs = { 'exitCode' => exit_code.to_s, - 'image' => 'containers.lib.berkeley.edu/lap/beekeeper:rspec-tests', + 'image' => 'ghcr.io/berkeleylibrary/beekeeper:rspec-tests', } attrs['beekeeper.watchers'] = watchers if watchers attrs['com.docker.swarm.service.name'] = service_name if service_name diff --git a/spec/watcher_spec.rb b/spec/watcher_spec.rb index 9bf4f7c..a5db458 100644 --- a/spec/watcher_spec.rb +++ b/spec/watcher_spec.rb @@ -52,7 +52,7 @@ def expect_event_notification(event:, recipients:) def new_event(exit_code: 1, watchers: nil, service_name: nil) attrs = { 'exitCode' => exit_code.to_s, - 'image' => 'containers.lib.berkeley.edu/lap/beekeeper:rspec-tests', + 'image' => 'ghcr.io/berkeleylibrary/beekeeper:rspec-tests', } attrs['beekeeper.watchers'] = watchers.join(',') if watchers attrs['com.docker.swarm.service.name'] = service_name if service_name