blackmoonfank · blackmoonfank · Jun 11, 2023 · Jun 11, 2023
diff --git a/.github/workflows/call-docker-build-vote.yaml b/.github/workflows/call-docker-build-vote.yaml
@@ -0,0 +1,82 @@
+name: Build Vote
+# template source: https://github.com/dockersamples/.github/blob/main/templates/call-docker-build.yaml
+
+on:
+  # we want pull requests so we can build(test) but not push to image registry
+  push:
+    branches:
+      - 'main'
+    # only build when important files change
+    paths:
+      - 'vote/**'
+      - '.github/workflows/call-docker-build-vote.yaml'
+  pull_request:
+    branches:
+      - 'main'
+    # only build when important files change
+    paths:
+      - 'vote/**'
+      - '.github/workflows/call-docker-build-vote.yaml'
+
+jobs:
+  call-docker-build:
+
+    name: Vote Call Docker Build
+
+    uses: ./.github/workflows/reusable-docker-build.yaml@main
+
+    permissions:
+      contents: read
+      packages: write # needed to push docker image to ghcr.io
+      pull-requests: write # needed to create and update comments in PRs
+
+    secrets:
+
+      # Only needed if with:dockerhub-enable is true below
+      dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
+
+      # Only needed if with:dockerhub-enable is true below
+      dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    with:
+
+      ### REQUIRED
+      ### ENABLE ONE OR BOTH REGISTRIES
+      ### tell docker where to push.
+      ### NOTE if Docker Hub is set to true, you must set secrets above and also add account/repo/tags below
+      dockerhub-enable: true
+      ghcr-enable: true
+
+      ### REQUIRED 
+      ### A list of the account/repo names for docker build. List should match what's enabled above
+      ### defaults to:
+      image-names: |
+        ghcr.io/blackmoonfank/vote-app
+        furqon/voteapp_vote
+
+      ### REQUIRED set rules for tagging images, based on special action syntax:
+      ### https://github.com/docker/metadata-action#tags-input
+      ### defaults to:
+      tag-rules: |
+        type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }}
+        type=raw,value=before,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }}
+        type=raw,value=after,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }}
+        type=ref,event=pr
+
+      ### path to where docker should copy files into image
+      ### defaults to root of repository (.)
+      context: vote
+
+      ### Dockerfile alternate name. Default is Dockerfile (relative to context path)
+      # file: Containerfile
+
+      ### build stage to target, defaults to empty, which builds to last stage in Dockerfile
+      # target:
+
+      ### platforms to build for, defaults to linux/amd64
+      ### other options: linux/amd64,linux/arm64,linux/arm/v7
+      platforms: linux/amd64,linux/arm64,linux/arm/v7
+
+      ### Create a PR comment with image tags and labels
+      ### defaults to false
+      # comment-enable: false
diff --git a/.github/workflows/call-docker-build-worker.yaml b/.github/workflows/call-docker-build-worker.yaml
@@ -0,0 +1,82 @@
+name: Build Worker
+# template source: https://github.com/dockersamples/.github/blob/main/templates/call-docker-build.yaml
+
+on:
+  # we want pull requests so we can build(test) but not push to image registry
+  push:
+    branches:
+      - 'main'
+    # only build when important files change
+    paths:
+      - 'worker/**'
+      - '.github/workflows/call-docker-build-worker.yaml'
+  pull_request:
+    branches:
+      - 'main'
+    # only build when important files change
+    paths:
+      - 'worker/**'
+      - '.github/workflows/call-docker-build-worker.yaml'
+
+jobs:
+  call-docker-build:
+
+    name: Worker Call Docker Build
+
+    uses: ./.github/workflows/reusable-docker-build.yaml@main
+
+    permissions:
+      contents: read
+      packages: write # needed to push docker image to ghcr.io
+      pull-requests: write # needed to create and update comments in PRs
+
+    secrets:
+
+      # Only needed if with:dockerhub-enable is true below
+      dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
+
+      # Only needed if with:dockerhub-enable is true below
+      dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    with:
+
+      ### REQUIRED
+      ### ENABLE ONE OR BOTH REGISTRIES
+      ### tell docker where to push.
+      ### NOTE if Docker Hub is set to true, you must set secrets above and also add account/repo/tags below
+      dockerhub-enable: true
+      ghcr-enable: true
+
+      ### REQUIRED 
+      ### A list of the account/repo names for docker build. List should match what's enabled above
+      ### defaults to:
+      image-names: |
+        ghcr.io/blackmoonfank/vote-app-worker
+        furqon/voteapp_worker
+
+      ### REQUIRED set rules for tagging images, based on special action syntax:
+      ### https://github.com/docker/metadata-action#tags-input
+      ### defaults to:
+      tag-rules: |
+        type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }}
+        type=ref,event=pr
+
+      ### path to where docker should copy files into image
+      ### defaults to root of repository (.)
+      context: worker
+
+      ### Dockerfile alternate name. Default is Dockerfile (relative to context path)
+      # file: Containerfile
+
+      ### build stage to target, defaults to empty, which builds to last stage in Dockerfile
+      # target:
+
+      ### platforms to build for, defaults to linux/amd64
+      ### other options: linux/amd64,linux/arm64,linux/arm/v7
+      # FIXME worker arm/v7 support doesn't build in .net core 3.1 with QEMU
+      # a fix would likely run the .net build on amd64 but with a target of arm/v7
+      platforms: linux/amd64,linux/arm64,linux/arm/v7
+
+      ### Create a PR comment with image tags and labels
+      ### defaults to false
+      # comment-enable: false
diff --git a/.github/workflows/reusable-docker-build.yaml b/.github/workflows/reusable-docker-build.yaml
@@ -0,0 +1,198 @@
+---
+name: Docker Build and Push
+# based on https://github.com/BretFisher/docker-build-workflow
+
+on:
+
+# REUSABLE WORKFLOW with INPUTS
+  # to keep this workflow simple, assumptions are made:
+    # - only able to push to Docker Hub and/or GHCR (GHCR by default)
+    # - Builds on PR with tag of `prNUMBER` (same tag each PR push)
+    # - Builds on push to main branch with tag of `latest`
+    # - Builds on tag push with semver
+
+workflow_call:
+  #allow reuse of this workflow in other repos
+  inputs:
+    dockerhub-enable:
+      description: Log into Docker Hub
+      required: false
+      default: false
+      type: boolean
+    ghcr-enable:
+      description: Log into GHCR
+      required: false
+      default: true
+      type: boolean
+    comment-enable:
+      description: Create a PR comment with image tags and labels
+      required: false
+      default: true
+      type: boolean
+    context:
+      description: Docker context (path) to start build from
+      required: false
+      type: string
+      default: .
+    file:
+      description: Dockerfile to build, relative to context path
+      required: false
+      type: string
+    target:
+      description: Build stage to target
+      required: false
+      type: string
+    platforms:
+      description: Platforms to build for
+      required: false
+      type: string
+      # common ones: linux/amd64,linux/arm64,linux/arm/v7
+      default: linux/amd64
+    image-names:
+        description: A list of the account/repo names for docker build
+        required: false
+        type: string
+        default: |
+          ${{ github.repository }}
+          ghcr.io/${{ github.repository }}
+      tag-rules:
+        # https://github.com/marketplace/actions/docker-metadata-action#tags-input
+        description: Use docker-metadata action to create tags from a key-value pair list in CSV format
+        required: false
+        type: string
+        default: |
+          type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }}
+          type=raw,value=stable-{{date 'YYYYMMDDHHmmss'}},enable=${{ endsWith(github.ref, github.event.repository.default_branch) }}
+          type=ref,event=pr
+          type=raw,value=gha-${{ github.run_id }}
+      flavor-rules:
+        # https://github.com/marketplace/actions/docker-metadata-action#flavor-input
+        description: Three rules to (optionally) set for tag-rules, latest, prefix, and suffix
+        required: false
+        type: string
+        default: |
+            latest=false
+
+    secrets:
+      dockerhub-username:
+        description: Docker Hub username
+        required: false
+      dockerhub-token:
+        description: Docker Hub token
+        required: false
+
+    outputs:
+      ghcr-tag:
+        description: "single-use tag for ghcr.io"
+        value: ${{ jobs.build-image.outputs.ghcr-tag }}
+
+permissions:
+  contents: read
+  packages: write # needed to push docker image to ghcr.io
+  pull-requests: write # needed to create and update comments in PRs
+
+jobs:
+  build-image:
+
+    name: Build+Push
+
+    runs-on: ubuntu-latest
+
+    outputs:
+      # only outputs the unique gha- image tag that's unique to each build
+      ghcr-tag: ${{ steps.ghcr-tag.outputs.tag }}
+
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        # we need qemu and buildx so we can build multiple platforms later
+        name: Set up QEMU
+        id: qemu
+        uses: docker/setup-qemu-action@v2
+      -
+        # BuildKit (used with `docker buildx`) is the best way to build images
+        name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Login to DockerHub
+        if: inputs.dockerhub-enable
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.dockerhub-username }}
+          password: ${{ secrets.dockerhub-token }}
+      -
+        name: Login to GHCR
+        if: inputs.ghcr-enable
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Docker meta
+        id: docker_meta
+        uses: docker/metadata-action@v4
+        with:
+          # list of Docker images to use as base name for tags
+          images: ${{ inputs.image-names }}
+          flavor: ${{ inputs.flavor-rules }}
+          tags: ${{ inputs.tag-rules }}
+      -
+        # this will build the images, once per platform,
+        # then push to one or more registries (based on image list above in docker_meta)
+        name: Docker Build and Push
+        id: build_image
+        uses: docker/build-push-action@v3
+        with:
+          platforms: ${{ inputs.platforms }}
+          context: ${{ inputs.context }}
+          file: ${{ inputs.file }}
+          target: ${{ inputs.target }}
+          builder: ${{ steps.buildx.outputs.name }}
+          # it uses github cache API for faster builds:
+          # https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#cache-backend-api
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          push: true
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+      -
+        # If PR, put image tags in the PR comments
+        # from https://github.com/marketplace/actions/create-or-update-comment
+        name: Find comment for image tags
+        uses: peter-evans/find-comment@v2
+        if: github.event_name == 'pull_request' && inputs.comment-enable
+        id: fc
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-author: 'github-actions[bot]'
+          body-includes: Docker image tag(s) pushed
+
+        # If PR, put image tags in the PR comments
+      - name: Create or update comment for image tags
+        uses: peter-evans/create-or-update-comment@v2
+        if: github.event_name == 'pull_request' && inputs.comment-enable
+        with:
+          comment-id: ${{ steps.fc.outputs.comment-id }}
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            Docker image tag(s) pushed:
+            ```text
+            ${{ steps.docker_meta.outputs.tags }}
+            ```
+
+            Labels added to images:
+            ```text
+            ${{ steps.docker_meta.outputs.labels }}
+            ```
+          edit-mode: replace
+
+      - name: Find the gha-run-based image tag we just pushed to ghcr.io
+        id: ghcr-tag
+        run: |
+          echo '::echo::on'
+          # shellcheck disable=SC2086
+          echo "tag=gha-${{ github.run_id }}" >> $GITHUB_OUTPUT