diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..684c1a7 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,4 @@ +# These users will be the default owners for everything in the repo. +# Unless a later match takes precedence, the following users will be +# requested for review when someone opens a pull request. +@kyle1morel @TimCsaky @wilwong89 @jatindersingh93 @norrisng-bc diff --git a/.github/actions/build-push-container/action.yaml b/.github/actions/build-push-container/action.yaml new file mode 100644 index 0000000..a753a21 --- /dev/null +++ b/.github/actions/build-push-container/action.yaml @@ -0,0 +1,87 @@ +name: Build & Push Container +description: Builds a container from a Dockerfile and pushes to registry + +inputs: + context: + description: Effective Working Directory + required: true + default: "./" + image_name: + description: Image Name + required: true + github_username: + description: Github Container Registry Username + required: true + github_token: + description: Github Container Registry Authorization Token + required: true + dockerhub_username: + description: Dockerhub Container Registry Username + required: false + dockerhub_organization: + description: Dockerhub Container Registry Organization + required: false + default: bcgovimages + dockerhub_token: + description: Dockerhub Container Registry Authorization Token + required: false + +runs: + using: composite + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Parse Input Values + shell: bash + run: | + echo "GH_USERNAME=$(tr '[:upper:]' '[:lower:]' <<< '${{ inputs.github_username }}')" >> $GITHUB_ENV + echo "HAS_DOCKERHUB=${{ fromJson(inputs.dockerhub_username != '' && inputs.dockerhub_token != '') }}" >> $GITHUB_ENV + + - name: Login to Github Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ env.GH_USERNAME }} + password: ${{ inputs.github_token }} + + - name: Login to Dockerhub Container Registry + if: env.HAS_DOCKERHUB == 'true' + uses: docker/login-action@v3 + with: + registry: docker.io + username: ${{ inputs.dockerhub_username }} + password: ${{ inputs.dockerhub_token }} + + - name: Prepare Container Metadata tags + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/${{ env.GH_USERNAME }}/${{ inputs.image_name }} + docker.io/${{ inputs.dockerhub_organization }}/${{ inputs.image_name }},enable=${{ env.HAS_DOCKERHUB }} + # Always updates the 'latest' tag + flavor: | + latest=true + # Creates tags based off of branch names and semver tags + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + + - name: Build and Push to Container Registry + id: builder + uses: docker/build-push-action@v5 + with: + context: ${{ inputs.context }} + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Inspect Docker Image + shell: bash + run: | + docker image inspect ghcr.io/${{ env.GH_USERNAME }}/${{ inputs.image_name }}:latest diff --git a/.github/workflows/docker-image.yaml b/.github/workflows/docker-image.yaml deleted file mode 100644 index 939927e..0000000 --- a/.github/workflows/docker-image.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -name: Docker -on: - - push - - pull_request -jobs: - docker-build: - runs-on: ubuntu-latest - defaults: - run: - working-directory: docker - timeout-minutes: 10 - steps: - - uses: actions/checkout@v2 - - name: Build the Docker image - run: docker build . --file Dockerfile --tag $GITHUB_REPOSITORY:$(date +%s) diff --git a/.github/workflows/on-pr-opened.yaml b/.github/workflows/on-pr-opened.yaml new file mode 100644 index 0000000..ed87609 --- /dev/null +++ b/.github/workflows/on-pr-opened.yaml @@ -0,0 +1,34 @@ +name: Pull Request Opened + +env: + APP_NAME: clamav-mirror + +on: + pull_request: + branches: + - master + types: + - opened + - reopened + - synchronize + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + build: + name: Build & Push + if: "! github.event.pull_request.head.repo.fork" + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Build & Push + uses: ./.github/actions/build-push-container + with: + context: ./docker + image_name: ${{ env.APP_NAME }} + github_username: ${{ github.repository_owner }} + github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/on-push.yaml b/.github/workflows/on-push.yaml new file mode 100644 index 0000000..eaed310 --- /dev/null +++ b/.github/workflows/on-push.yaml @@ -0,0 +1,33 @@ +name: Push + +env: + APP_NAME: clamav-mirror + +on: + push: + branches: + - master + tags: + - v*.*.* + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + build: + name: Build & Push + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Build & Push + uses: ./.github/actions/build-push-container + with: + context: ./docker + image_name: ${{ env.APP_NAME }} + github_username: ${{ github.repository_owner }} + github_token: ${{ secrets.GITHUB_TOKEN }} + dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/docker/Dockerfile b/docker/Dockerfile index 9823fa3..4e80a7c 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/python:3.9-alpine +FROM docker.io/python:3.12-alpine ENV PYTHONUNBUFFERED 1 WORKDIR /opt/app-root/src diff --git a/openshift/app.bc.yaml b/openshift/app.bc.yaml index bf0fd1b..2da14fd 100644 --- a/openshift/app.bc.yaml +++ b/openshift/app.bc.yaml @@ -53,7 +53,7 @@ parameters: description: Base Image to build from displayName: Base Image required: true - value: docker.io/python:3.9-alpine + value: docker.io/python:3.11-alpine - name: REPO_NAME description: Application repository name displayName: Repository Name