From d01ee472ce77322a892dfe6898273eb0b9e190aa Mon Sep 17 00:00:00 2001 From: Nurul Furqon R Date: Sun, 11 Jun 2023 04:51:53 +0000 Subject: [PATCH] add github workflows --- .github/workflows/call-docker-build-vote.yaml | 82 ++++++++ .../workflows/call-docker-build-worker.yaml | 82 ++++++++ .github/workflows/reusable-docker-build.yaml | 198 ++++++++++++++++++ 3 files changed, 362 insertions(+) create mode 100644 .github/workflows/call-docker-build-vote.yaml create mode 100644 .github/workflows/call-docker-build-worker.yaml create mode 100644 .github/workflows/reusable-docker-build.yaml diff --git a/.github/workflows/call-docker-build-vote.yaml b/.github/workflows/call-docker-build-vote.yaml new file mode 100644 index 0000000..fba3499 --- /dev/null +++ b/.github/workflows/call-docker-build-vote.yaml @@ -0,0 +1,82 @@ +name: Build Vote +# template source: https://github.com/dockersamples/.github/blob/main/templates/call-docker-build.yaml + +on: + # we want pull requests so we can build(test) but not push to image registry + push: + branches: + - 'main' + # only build when important files change + paths: + - 'vote/**' + - '.github/workflows/call-docker-build-vote.yaml' + pull_request: + branches: + - 'main' + # only build when important files change + paths: + - 'vote/**' + - '.github/workflows/call-docker-build-vote.yaml' + +jobs: + call-docker-build: + + name: Vote Call Docker Build + + uses: ./.github/workflows/reusable-docker-build.yaml@main + + permissions: + contents: read + packages: write # needed to push docker image to ghcr.io + pull-requests: write # needed to create and update comments in PRs + + secrets: + + # Only needed if with:dockerhub-enable is true below + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + + # Only needed if with:dockerhub-enable is true below + dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} + + with: + + ### REQUIRED + ### ENABLE ONE OR BOTH REGISTRIES + ### tell docker where to push. + ### NOTE if Docker Hub is set to true, you must set secrets above and also add account/repo/tags below + dockerhub-enable: true + ghcr-enable: true + + ### REQUIRED + ### A list of the account/repo names for docker build. List should match what's enabled above + ### defaults to: + image-names: | + ghcr.io/blackmoonfank/vote-app + furqon/voteapp_vote + + ### REQUIRED set rules for tagging images, based on special action syntax: + ### https://github.com/docker/metadata-action#tags-input + ### defaults to: + tag-rules: | + type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }} + type=raw,value=before,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }} + type=raw,value=after,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }} + type=ref,event=pr + + ### path to where docker should copy files into image + ### defaults to root of repository (.) + context: vote + + ### Dockerfile alternate name. Default is Dockerfile (relative to context path) + # file: Containerfile + + ### build stage to target, defaults to empty, which builds to last stage in Dockerfile + # target: + + ### platforms to build for, defaults to linux/amd64 + ### other options: linux/amd64,linux/arm64,linux/arm/v7 + platforms: linux/amd64,linux/arm64,linux/arm/v7 + + ### Create a PR comment with image tags and labels + ### defaults to false + # comment-enable: false \ No newline at end of file diff --git a/.github/workflows/call-docker-build-worker.yaml b/.github/workflows/call-docker-build-worker.yaml new file mode 100644 index 0000000..3e864d2 --- /dev/null +++ b/.github/workflows/call-docker-build-worker.yaml @@ -0,0 +1,82 @@ +name: Build Worker +# template source: https://github.com/dockersamples/.github/blob/main/templates/call-docker-build.yaml + +on: + # we want pull requests so we can build(test) but not push to image registry + push: + branches: + - 'main' + # only build when important files change + paths: + - 'worker/**' + - '.github/workflows/call-docker-build-worker.yaml' + pull_request: + branches: + - 'main' + # only build when important files change + paths: + - 'worker/**' + - '.github/workflows/call-docker-build-worker.yaml' + +jobs: + call-docker-build: + + name: Worker Call Docker Build + + uses: ./.github/workflows/reusable-docker-build.yaml@main + + permissions: + contents: read + packages: write # needed to push docker image to ghcr.io + pull-requests: write # needed to create and update comments in PRs + + secrets: + + # Only needed if with:dockerhub-enable is true below + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + + # Only needed if with:dockerhub-enable is true below + dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }} + + with: + + ### REQUIRED + ### ENABLE ONE OR BOTH REGISTRIES + ### tell docker where to push. + ### NOTE if Docker Hub is set to true, you must set secrets above and also add account/repo/tags below + dockerhub-enable: true + ghcr-enable: true + + ### REQUIRED + ### A list of the account/repo names for docker build. List should match what's enabled above + ### defaults to: + image-names: | + ghcr.io/blackmoonfank/vote-app-worker + furqon/voteapp_worker + + ### REQUIRED set rules for tagging images, based on special action syntax: + ### https://github.com/docker/metadata-action#tags-input + ### defaults to: + tag-rules: | + type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }} + type=ref,event=pr + + ### path to where docker should copy files into image + ### defaults to root of repository (.) + context: worker + + ### Dockerfile alternate name. Default is Dockerfile (relative to context path) + # file: Containerfile + + ### build stage to target, defaults to empty, which builds to last stage in Dockerfile + # target: + + ### platforms to build for, defaults to linux/amd64 + ### other options: linux/amd64,linux/arm64,linux/arm/v7 + # FIXME worker arm/v7 support doesn't build in .net core 3.1 with QEMU + # a fix would likely run the .net build on amd64 but with a target of arm/v7 + platforms: linux/amd64,linux/arm64,linux/arm/v7 + + ### Create a PR comment with image tags and labels + ### defaults to false + # comment-enable: false diff --git a/.github/workflows/reusable-docker-build.yaml b/.github/workflows/reusable-docker-build.yaml new file mode 100644 index 0000000..b66c1ad --- /dev/null +++ b/.github/workflows/reusable-docker-build.yaml @@ -0,0 +1,198 @@ +--- +name: Docker Build and Push +# based on https://github.com/BretFisher/docker-build-workflow + +on: + +# REUSABLE WORKFLOW with INPUTS + # to keep this workflow simple, assumptions are made: + # - only able to push to Docker Hub and/or GHCR (GHCR by default) + # - Builds on PR with tag of `prNUMBER` (same tag each PR push) + # - Builds on push to main branch with tag of `latest` + # - Builds on tag push with semver + +workflow_call: + #allow reuse of this workflow in other repos + inputs: + dockerhub-enable: + description: Log into Docker Hub + required: false + default: false + type: boolean + ghcr-enable: + description: Log into GHCR + required: false + default: true + type: boolean + comment-enable: + description: Create a PR comment with image tags and labels + required: false + default: true + type: boolean + context: + description: Docker context (path) to start build from + required: false + type: string + default: . + file: + description: Dockerfile to build, relative to context path + required: false + type: string + target: + description: Build stage to target + required: false + type: string + platforms: + description: Platforms to build for + required: false + type: string + # common ones: linux/amd64,linux/arm64,linux/arm/v7 + default: linux/amd64 + image-names: + description: A list of the account/repo names for docker build + required: false + type: string + default: | + ${{ github.repository }} + ghcr.io/${{ github.repository }} + tag-rules: + # https://github.com/marketplace/actions/docker-metadata-action#tags-input + description: Use docker-metadata action to create tags from a key-value pair list in CSV format + required: false + type: string + default: | + type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }} + type=raw,value=stable-{{date 'YYYYMMDDHHmmss'}},enable=${{ endsWith(github.ref, github.event.repository.default_branch) }} + type=ref,event=pr + type=raw,value=gha-${{ github.run_id }} + flavor-rules: + # https://github.com/marketplace/actions/docker-metadata-action#flavor-input + description: Three rules to (optionally) set for tag-rules, latest, prefix, and suffix + required: false + type: string + default: | + latest=false + + secrets: + dockerhub-username: + description: Docker Hub username + required: false + dockerhub-token: + description: Docker Hub token + required: false + + outputs: + ghcr-tag: + description: "single-use tag for ghcr.io" + value: ${{ jobs.build-image.outputs.ghcr-tag }} + +permissions: + contents: read + packages: write # needed to push docker image to ghcr.io + pull-requests: write # needed to create and update comments in PRs + +jobs: + build-image: + + name: Build+Push + + runs-on: ubuntu-latest + + outputs: + # only outputs the unique gha- image tag that's unique to each build + ghcr-tag: ${{ steps.ghcr-tag.outputs.tag }} + + steps: + - + name: Checkout + uses: actions/checkout@v3 + - + # we need qemu and buildx so we can build multiple platforms later + name: Set up QEMU + id: qemu + uses: docker/setup-qemu-action@v2 + - + # BuildKit (used with `docker buildx`) is the best way to build images + name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v2 + - + name: Login to DockerHub + if: inputs.dockerhub-enable + uses: docker/login-action@v2 + with: + username: ${{ secrets.dockerhub-username }} + password: ${{ secrets.dockerhub-token }} + - + name: Login to GHCR + if: inputs.ghcr-enable + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - + name: Docker meta + id: docker_meta + uses: docker/metadata-action@v4 + with: + # list of Docker images to use as base name for tags + images: ${{ inputs.image-names }} + flavor: ${{ inputs.flavor-rules }} + tags: ${{ inputs.tag-rules }} + - + # this will build the images, once per platform, + # then push to one or more registries (based on image list above in docker_meta) + name: Docker Build and Push + id: build_image + uses: docker/build-push-action@v3 + with: + platforms: ${{ inputs.platforms }} + context: ${{ inputs.context }} + file: ${{ inputs.file }} + target: ${{ inputs.target }} + builder: ${{ steps.buildx.outputs.name }} + # it uses github cache API for faster builds: + # https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#cache-backend-api + cache-from: type=gha + cache-to: type=gha,mode=max + push: true + tags: ${{ steps.docker_meta.outputs.tags }} + labels: ${{ steps.docker_meta.outputs.labels }} + - + # If PR, put image tags in the PR comments + # from https://github.com/marketplace/actions/create-or-update-comment + name: Find comment for image tags + uses: peter-evans/find-comment@v2 + if: github.event_name == 'pull_request' && inputs.comment-enable + id: fc + with: + issue-number: ${{ github.event.pull_request.number }} + comment-author: 'github-actions[bot]' + body-includes: Docker image tag(s) pushed + + # If PR, put image tags in the PR comments + - name: Create or update comment for image tags + uses: peter-evans/create-or-update-comment@v2 + if: github.event_name == 'pull_request' && inputs.comment-enable + with: + comment-id: ${{ steps.fc.outputs.comment-id }} + issue-number: ${{ github.event.pull_request.number }} + body: | + Docker image tag(s) pushed: + ```text + ${{ steps.docker_meta.outputs.tags }} + ``` + + Labels added to images: + ```text + ${{ steps.docker_meta.outputs.labels }} + ``` + edit-mode: replace + + - name: Find the gha-run-based image tag we just pushed to ghcr.io + id: ghcr-tag + run: | + echo '::echo::on' + # shellcheck disable=SC2086 + echo "tag=gha-${{ github.run_id }}" >> $GITHUB_OUTPUT