From ecb461f18ed1824dd0833aae3302677e6a44c9e0 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Thu, 15 Feb 2024 10:21:10 -0800 Subject: [PATCH 01/29] move CMAKE_POSITION_INDENPENDENT_CODE to python targets' cachevariables list in CMakePresets.json --- CMakePresets.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CMakePresets.json b/CMakePresets.json index c651ef7a..57085208 100644 --- a/CMakePresets.json +++ b/CMakePresets.json @@ -42,7 +42,8 @@ "displayName": "Python x64 Debug", "inherits": "x64-debug", "cacheVariables": { - "PYTHON_MODULE_BUILD": true + "PYTHON_MODULE_BUILD": true, + "CMAKE_POSITION_INDENPENDENT_CODE": true } }, { @@ -58,7 +59,8 @@ "displayName": "Python x64 Release", "inherits": "x64-release", "cacheVariables": { - "PYTHON_MODULE_BUILD": true + "PYTHON_MODULE_BUILD": true, + "CMAKE_POSITION_INDENPENDENT_CODE": true } }, { From a0d6c5fd847d50e1be85d55522dfeb050aa37d19 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Thu, 15 Feb 2024 12:01:31 -0800 Subject: [PATCH 02/29] add DOcker compose file --- compose.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 compose.yml diff --git a/compose.yml b/compose.yml new file mode 100644 index 00000000..0190f8ad --- /dev/null +++ b/compose.yml @@ -0,0 +1,28 @@ +name: odbdesignserver-swaggerui + +services: + + odbdesign-server: + #environment: + # - BRANCH=nam20485 + #image: ghcr.io/nam20485/odbdesign:${BRANCH}-latest + image: ghcr.io/nam20485/odbdesign:nam20485-latest + # build: + # context: . + # dockerfile: Dockerfile + container_name: odbdesign-server + ports: + - 8888:8888 + + + swagger-ui: + # environment: + # - BRANCH=nam20485 + # image: ghcr.io/nam20485/odbdesignserver-swaggerui:${BRANCH}-latest + image: ghcr.io/nam20485/odbdesignserver-swaggerui:nam20485-latest + container_name: swagger-ui + depends_on: + - odbdesign-server + ports: + - 8080:8080 + \ No newline at end of file From baa19b71e96a6b1fe8bdd8773259f903e28d58c0 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Thu, 15 Feb 2024 12:01:52 -0800 Subject: [PATCH 03/29] disable cacheing in github action --- .github/workflows/docker-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 4067538d..82391ae8 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -90,8 +90,8 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max + #cache-from: type=gha + #cache-to: type=gha,mode=max file: Dockerfile build-args: | OWNER=nam20485 From 75b0bc49dcef4028bbd79e90ba64fabe0f7f15aa Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Thu, 15 Feb 2024 12:02:11 -0800 Subject: [PATCH 04/29] add labels for first image --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index c74844b8..6f36a856 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,8 @@ FROM debian:bookworm-20240211@sha256:4482958b4461ff7d9fabc24b3a9ab1e9a2c85ece07b2db1840c7cbc01d053e90 AS build +LABEL org.opencontainers.image.source=https://github.com/nam20485/OdbDesign +LABEL org.opencontainers.image.authors=https://github.com/nam20485 +LABEL org.opencontainers.image.description="The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888." +LABEL org.opencontainers.image.licenses=MIT ARG OWNER=nam20485 ARG GITHUB_TOKEN="PASSWORD" From 86134831808a877569ddcfc1c45e81a7f0714a98 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Thu, 15 Feb 2024 12:39:19 -0800 Subject: [PATCH 05/29] pass in parent enviroinment's variables for username and password --- compose.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index 0190f8ad..0d1165e5 100644 --- a/compose.yml +++ b/compose.yml @@ -3,19 +3,25 @@ name: odbdesignserver-swaggerui services: odbdesign-server: + ## enable for passing in branch name as an environment variable #environment: # - BRANCH=nam20485 #image: ghcr.io/nam20485/odbdesign:${BRANCH}-latest image: ghcr.io/nam20485/odbdesign:nam20485-latest + ## enable for local build via the Dockerfile (and disable "image:" key above) # build: # context: . # dockerfile: Dockerfile container_name: odbdesign-server ports: - 8888:8888 + environment: + - ODBDESIGN_SERVER_REQUEST_USERNAME + - ODBDESIGN_SERVER_REQUEST_PASSWORD - swagger-ui: + swagger-ui: + ## enable for passing in branch name as an environment variable # environment: # - BRANCH=nam20485 # image: ghcr.io/nam20485/odbdesignserver-swaggerui:${BRANCH}-latest From a127ceff1a4e9d18aa3b4e351a5f0d7afd2bf2d9 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Thu, 15 Feb 2024 12:41:59 -0800 Subject: [PATCH 06/29] set env variables for username and password by passing build args --- .github/workflows/docker-publish.yml | 2 ++ Dockerfile | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 82391ae8..376334b2 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -97,6 +97,8 @@ jobs: OWNER=nam20485 GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} VCPKG_BINARY_SOURCES=clear;nuget,GitHub,readwrite + ODBDESIGN_SERVER_REQUEST_USERNAME=${{ secrets.ODBDESIGN_SERVER_REQUEST_USERNAME }} + ODBDESIGN_SERVER_REQUEST_PASSWORD=${{ secrets.ODBDESIGN_SERVER_REQUEST_PASSWORD }} # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker diff --git a/Dockerfile b/Dockerfile index 6f36a856..462f0d96 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,6 +7,8 @@ LABEL org.opencontainers.image.licenses=MIT ARG OWNER=nam20485 ARG GITHUB_TOKEN="PASSWORD" ARG VCPKG_BINARY_SOURCES="" +ARG ODBDESIGN_SERVER_REQUEST_USERNAME="" +ARG ODBDESIGN_SERVER_REQUEST_PASSWORD="" # install dependencies RUN apt-get update && \ @@ -96,5 +98,7 @@ RUN mkdir ./designs # run ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/OdbDesign/bin +ENV ODBDESIGN_SERVER_REQUEST_USERNAME=${ODBDESIGN_SERVER_REQUEST_USERNAME} +ENV ODBDESIGN_SERVER_REQUEST_PASSOWRD=${ODBDESIGN_SERVER_REQUEST_PASSWORD} RUN chmod +x ./OdbDesignServer ENTRYPOINT [ "./OdbDesignServer" ] From 0f539c459956e453593c3b4447856214b2e75a85 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Thu, 15 Feb 2024 12:42:23 -0800 Subject: [PATCH 07/29] re-enable GHA cache --- .github/workflows/docker-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 376334b2..393e2034 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -90,8 +90,8 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - #cache-from: type=gha - #cache-to: type=gha,mode=max + cache-from: type=gha + cache-to: type=gha,mode=max file: Dockerfile build-args: | OWNER=nam20485 From b9049a99dedf94843046dc77377db1946e1f7858 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Thu, 15 Feb 2024 13:35:56 -0800 Subject: [PATCH 08/29] use slim image for build stage and specify all labels on one line with '\'s --- Dockerfile | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 462f0d96..ab96eb5e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,5 @@ -FROM debian:bookworm-20240211@sha256:4482958b4461ff7d9fabc24b3a9ab1e9a2c85ece07b2db1840c7cbc01d053e90 AS build -LABEL org.opencontainers.image.source=https://github.com/nam20485/OdbDesign -LABEL org.opencontainers.image.authors=https://github.com/nam20485 -LABEL org.opencontainers.image.description="The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888." -LABEL org.opencontainers.image.licenses=MIT +#FROM debian:bookworm-20240211@sha256:4482958b4461ff7d9fabc24b3a9ab1e9a2c85ece07b2db1840c7cbc01d053e90 AS build +FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS build ARG OWNER=nam20485 ARG GITHUB_TOKEN="PASSWORD" @@ -72,11 +69,12 @@ RUN cmake --build --preset linux-release # RUN cmake --build --preset linux-debug # much smaller runtime image -FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS run -LABEL org.opencontainers.image.source=https://github.com/nam20485/OdbDesign -LABEL org.opencontainers.image.authors=https://github.com/nam20485 -LABEL org.opencontainers.image.description="The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888." -LABEL org.opencontainers.image.licenses=MIT +#FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS run +FROM debian:bookworm-20240211@sha256:4482958b4461ff7d9fabc24b3a9ab1e9a2c85ece07b2db1840c7cbc01d053e90 as run +LABEL org.opencontainers.image.source=https://github.com/nam20485/OdbDesign \ + org.opencontainers.image.authors=https://github.com/nam20485 \ + org.opencontainers.image.description="The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888." \ + org.opencontainers.image.licenses=MIT EXPOSE 8888 RUN mkdir --parents /OdbDesign/bin From 15bf35d535eff510e1809e351370281b33034ae0 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Thu, 15 Feb 2024 13:55:04 -0800 Subject: [PATCH 09/29] use slim for both stages --- Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index ab96eb5e..780d30c6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,3 @@ -#FROM debian:bookworm-20240211@sha256:4482958b4461ff7d9fabc24b3a9ab1e9a2c85ece07b2db1840c7cbc01d053e90 AS build FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS build ARG OWNER=nam20485 @@ -69,8 +68,7 @@ RUN cmake --build --preset linux-release # RUN cmake --build --preset linux-debug # much smaller runtime image -#FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS run -FROM debian:bookworm-20240211@sha256:4482958b4461ff7d9fabc24b3a9ab1e9a2c85ece07b2db1840c7cbc01d053e90 as run +FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS run LABEL org.opencontainers.image.source=https://github.com/nam20485/OdbDesign \ org.opencontainers.image.authors=https://github.com/nam20485 \ org.opencontainers.image.description="The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888." \ From a2576bb31bf1e5d645a7424e06dfdee77b0e62e8 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Thu, 15 Feb 2024 14:20:33 -0800 Subject: [PATCH 10/29] set platform=linux/amd64 --- .github/workflows/docker-publish.yml | 1 + Dockerfile | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 393e2034..579ad38c 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -92,6 +92,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max + platforms: linux/amd64 file: Dockerfile build-args: | OWNER=nam20485 diff --git a/Dockerfile b/Dockerfile index 780d30c6..ac9536e3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,8 @@ -FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS build +FROM --platform=linux/amd64 debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS build ARG OWNER=nam20485 ARG GITHUB_TOKEN="PASSWORD" ARG VCPKG_BINARY_SOURCES="" -ARG ODBDESIGN_SERVER_REQUEST_USERNAME="" -ARG ODBDESIGN_SERVER_REQUEST_PASSWORD="" # install dependencies RUN apt-get update && \ @@ -68,7 +66,9 @@ RUN cmake --build --preset linux-release # RUN cmake --build --preset linux-debug # much smaller runtime image -FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS run +FROM --platform=linux/amd64 debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS run +ARG ODBDESIGN_SERVER_REQUEST_USERNAME="" +ARG ODBDESIGN_SERVER_REQUEST_PASSWORD="" LABEL org.opencontainers.image.source=https://github.com/nam20485/OdbDesign \ org.opencontainers.image.authors=https://github.com/nam20485 \ org.opencontainers.image.description="The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888." \ From bef26b64a1483c03fc680f3d42277399b1659cb2 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Thu, 15 Feb 2024 14:33:42 -0800 Subject: [PATCH 11/29] revert setting platform --- .github/workflows/docker-publish.yml | 2 +- Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 579ad38c..78406f1d 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -92,7 +92,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - platforms: linux/amd64 + #platforms: linux/amd64 file: Dockerfile build-args: | OWNER=nam20485 diff --git a/Dockerfile b/Dockerfile index ac9536e3..58dbcc94 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS build +FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS build ARG OWNER=nam20485 ARG GITHUB_TOKEN="PASSWORD" @@ -66,7 +66,7 @@ RUN cmake --build --preset linux-release # RUN cmake --build --preset linux-debug # much smaller runtime image -FROM --platform=linux/amd64 debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS run +FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS run ARG ODBDESIGN_SERVER_REQUEST_USERNAME="" ARG ODBDESIGN_SERVER_REQUEST_PASSWORD="" LABEL org.opencontainers.image.source=https://github.com/nam20485/OdbDesign \ From f37a60d3c8cf596638b4d468c0c4fdd3f82a37f3 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Fri, 16 Feb 2024 08:53:02 -0800 Subject: [PATCH 12/29] add annotations to image --- .github/workflows/docker-publish.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 78406f1d..dfc60dc5 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -99,7 +99,12 @@ jobs: GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} VCPKG_BINARY_SOURCES=clear;nuget,GitHub,readwrite ODBDESIGN_SERVER_REQUEST_USERNAME=${{ secrets.ODBDESIGN_SERVER_REQUEST_USERNAME }} - ODBDESIGN_SERVER_REQUEST_PASSWORD=${{ secrets.ODBDESIGN_SERVER_REQUEST_PASSWORD }} + ODBDESIGN_SERVER_REQUEST_PASSWORD=${{ secrets.ODBDESIGN_SERVER_REQUEST_PASSWORD }} + outputs: | + annotation-index.org.opencontainers.image.source=https://github.com/nam20485/OdbDesign + annotation-index.org.opencontainers.image.description="The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888." + annotation-index.org.opencontainers.image.licenses=MIT + annotation-index.org.opencontainers.image.authors=https://github.com/nam20485 # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker From 112152ff2b883329a12598a62d1dd31053a72754 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Fri, 16 Feb 2024 08:58:59 -0800 Subject: [PATCH 13/29] remove quotes from description annotation --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index dfc60dc5..28e5f5d6 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -102,7 +102,7 @@ jobs: ODBDESIGN_SERVER_REQUEST_PASSWORD=${{ secrets.ODBDESIGN_SERVER_REQUEST_PASSWORD }} outputs: | annotation-index.org.opencontainers.image.source=https://github.com/nam20485/OdbDesign - annotation-index.org.opencontainers.image.description="The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888." + annotation-index.org.opencontainers.image.description=The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888. annotation-index.org.opencontainers.image.licenses=MIT annotation-index.org.opencontainers.image.authors=https://github.com/nam20485 From fca6a6311e4f28ad1d053e78f67bcf60a946eaa1 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Fri, 16 Feb 2024 09:10:23 -0800 Subject: [PATCH 14/29] remove comma from value --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 28e5f5d6..d38bf599 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -102,7 +102,7 @@ jobs: ODBDESIGN_SERVER_REQUEST_PASSWORD=${{ secrets.ODBDESIGN_SERVER_REQUEST_PASSWORD }} outputs: | annotation-index.org.opencontainers.image.source=https://github.com/nam20485/OdbDesign - annotation-index.org.opencontainers.image.description=The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888. + annotation-index.org.opencontainers.image.description=The OdbDesign Docker image runs the OdbDesignServer REST API server executable listening on port 8888. annotation-index.org.opencontainers.image.licenses=MIT annotation-index.org.opencontainers.image.authors=https://github.com/nam20485 From 4845c49332df9e276accef9b22691d6a2cc4dc16 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Fri, 16 Feb 2024 13:08:08 -0800 Subject: [PATCH 15/29] set annotations using action inputs/outputs --- .github/workflows/docker-publish.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index d38bf599..8ccfb886 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -78,7 +78,12 @@ jobs: tags: | type=ref,event=pr type=ref,event=branch,suffix=-${{github.run_number}} - type=ref,event=branch,suffix=-latest + type=ref,event=branch,suffix=-latest + annotations: | + annotation-index.org.opencontainers.image.source=https://github.com/nam20485/OdbDesign + annotation-index.org.opencontainers.image.description=The OdbDesign Docker image runs the OdbDesignServer REST API server executable listening on port 8888. + annotation-index.org.opencontainers.image.licenses=MIT + annotation-index.org.opencontainers.image.authors=https://github.com/nam20485 # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action @@ -94,18 +99,14 @@ jobs: cache-to: type=gha,mode=max #platforms: linux/amd64 file: Dockerfile + annotations: ${{ steps.meta.outputs.annotations }} build-args: | OWNER=nam20485 GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} VCPKG_BINARY_SOURCES=clear;nuget,GitHub,readwrite ODBDESIGN_SERVER_REQUEST_USERNAME=${{ secrets.ODBDESIGN_SERVER_REQUEST_USERNAME }} ODBDESIGN_SERVER_REQUEST_PASSWORD=${{ secrets.ODBDESIGN_SERVER_REQUEST_PASSWORD }} - outputs: | - annotation-index.org.opencontainers.image.source=https://github.com/nam20485/OdbDesign - annotation-index.org.opencontainers.image.description=The OdbDesign Docker image runs the OdbDesignServer REST API server executable listening on port 8888. - annotation-index.org.opencontainers.image.licenses=MIT - annotation-index.org.opencontainers.image.authors=https://github.com/nam20485 - + # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker # repository is public to avoid leaking data. If you would like to publish From 6d0749166756dee307e3f63bdd704572e94bce30 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Fri, 16 Feb 2024 14:23:54 -0800 Subject: [PATCH 16/29] remove "annotation-index." from the beginning of each annotation --- .github/workflows/docker-publish.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 8ccfb886..70c02621 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -80,10 +80,10 @@ jobs: type=ref,event=branch,suffix=-${{github.run_number}} type=ref,event=branch,suffix=-latest annotations: | - annotation-index.org.opencontainers.image.source=https://github.com/nam20485/OdbDesign - annotation-index.org.opencontainers.image.description=The OdbDesign Docker image runs the OdbDesignServer REST API server executable listening on port 8888. - annotation-index.org.opencontainers.image.licenses=MIT - annotation-index.org.opencontainers.image.authors=https://github.com/nam20485 + org.opencontainers.image.source=https://github.com/nam20485/OdbDesign + org.opencontainers.image.description=The OdbDesign Docker image runs the OdbDesignServer REST API server executable listening on port 8888. + org.opencontainers.image.licenses=MIT + org.opencontainers.image.authors=https://github.com/nam20485 # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action From 6de684f4ba49273afcd8e5d12f2e1710d3598876 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Fri, 16 Feb 2024 14:30:21 -0800 Subject: [PATCH 17/29] fix password env variable in Docker image --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 58dbcc94..bde321f4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -95,6 +95,6 @@ RUN mkdir ./designs # run ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/OdbDesign/bin ENV ODBDESIGN_SERVER_REQUEST_USERNAME=${ODBDESIGN_SERVER_REQUEST_USERNAME} -ENV ODBDESIGN_SERVER_REQUEST_PASSOWRD=${ODBDESIGN_SERVER_REQUEST_PASSWORD} +ENV ODBDESIGN_SERVER_REQUEST_PASSWORD=${ODBDESIGN_SERVER_REQUEST_PASSWORD} RUN chmod +x ./OdbDesignServer ENTRYPOINT [ "./OdbDesignServer" ] From cae48773f83e962493ed7ee8489658b065a8802f Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Sun, 18 Feb 2024 09:02:37 -0800 Subject: [PATCH 18/29] set annotations on manifests and index --- .github/workflows/docker-publish.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 70c02621..55b4568e 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -73,6 +73,8 @@ jobs: - name: Extract Docker metadata id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | From 47804b1e07d788ea53fb917eb21c2482a9beafda Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Sun, 18 Feb 2024 10:06:54 -0800 Subject: [PATCH 19/29] change description annotation --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 55b4568e..6cf5b364 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -83,7 +83,7 @@ jobs: type=ref,event=branch,suffix=-latest annotations: | org.opencontainers.image.source=https://github.com/nam20485/OdbDesign - org.opencontainers.image.description=The OdbDesign Docker image runs the OdbDesignServer REST API server executable listening on port 8888. + org.opencontainers.image.description=A free open source cross-platform C++ library for parsing ODB++ Design archives and accessing their data. Exposed via a REST API and packaged inside of a Docker image. The OdbDesign Docker image runs the OdbDesignServer REST API server executable listening on port 8888. org.opencontainers.image.licenses=MIT org.opencontainers.image.authors=https://github.com/nam20485 From d9a65c26b3b01a700916a83ba039e3d0b5ae7e43 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Sun, 18 Feb 2024 10:25:21 -0800 Subject: [PATCH 20/29] add --platform=$BUILDPLATFORM to force platform image is built in --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index bde321f4..93b51e2f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS build +FROM --platform=$BUILDPLATFORM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS build ARG OWNER=nam20485 ARG GITHUB_TOKEN="PASSWORD" @@ -66,7 +66,7 @@ RUN cmake --build --preset linux-release # RUN cmake --build --preset linux-debug # much smaller runtime image -FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS run +FROM --platform=$BUILDPLATFORM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS run ARG ODBDESIGN_SERVER_REQUEST_USERNAME="" ARG ODBDESIGN_SERVER_REQUEST_PASSWORD="" LABEL org.opencontainers.image.source=https://github.com/nam20485/OdbDesign \ From 3762389de42936858d806ad7e3a9f4e9d87d9cef Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Sun, 18 Feb 2024 10:25:37 -0800 Subject: [PATCH 21/29] change description annotation --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 93b51e2f..5ffc314f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -71,7 +71,7 @@ ARG ODBDESIGN_SERVER_REQUEST_USERNAME="" ARG ODBDESIGN_SERVER_REQUEST_PASSWORD="" LABEL org.opencontainers.image.source=https://github.com/nam20485/OdbDesign \ org.opencontainers.image.authors=https://github.com/nam20485 \ - org.opencontainers.image.description="The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888." \ + org.opencontainers.image.description="A free open source cross-platform C++ library for parsing ODB++ Design archives and accessing their data. Exposed via a REST API and packaged inside of a Docker image. The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888." \ org.opencontainers.image.licenses=MIT EXPOSE 8888 From b491d2a8e4746d01404a7cce8f8b676a5b61d539 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Sun, 18 Feb 2024 10:27:33 -0800 Subject: [PATCH 22/29] move deploy workflow into disabled folder to disable until deploy platform is chosen and then it can be implemented correctly --- .github/workflows/{ => disabled}/deploy-eks.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{ => disabled}/deploy-eks.yml (100%) diff --git a/.github/workflows/deploy-eks.yml b/.github/workflows/disabled/deploy-eks.yml similarity index 100% rename from .github/workflows/deploy-eks.yml rename to .github/workflows/disabled/deploy-eks.yml From 16379d59ffe7e4594979f723314f261e144dbe4e Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Sun, 18 Feb 2024 11:18:32 -0800 Subject: [PATCH 23/29] stop setting username and password at build-time (must set at docker run-time) --- .github/workflows/docker-publish.yml | 4 ++-- Dockerfile | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 6cf5b364..b6b79563 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -106,8 +106,8 @@ jobs: OWNER=nam20485 GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} VCPKG_BINARY_SOURCES=clear;nuget,GitHub,readwrite - ODBDESIGN_SERVER_REQUEST_USERNAME=${{ secrets.ODBDESIGN_SERVER_REQUEST_USERNAME }} - ODBDESIGN_SERVER_REQUEST_PASSWORD=${{ secrets.ODBDESIGN_SERVER_REQUEST_PASSWORD }} + # ODBDESIGN_SERVER_REQUEST_USERNAME=${{ secrets.ODBDESIGN_SERVER_REQUEST_USERNAME }} + # ODBDESIGN_SERVER_REQUEST_PASSWORD=${{ secrets.ODBDESIGN_SERVER_REQUEST_PASSWORD }} # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker diff --git a/Dockerfile b/Dockerfile index 5ffc314f..ce025df0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -67,8 +67,8 @@ RUN cmake --build --preset linux-release # much smaller runtime image FROM --platform=$BUILDPLATFORM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS run -ARG ODBDESIGN_SERVER_REQUEST_USERNAME="" -ARG ODBDESIGN_SERVER_REQUEST_PASSWORD="" +# ARG ODBDESIGN_SERVER_REQUEST_USERNAME="" +# ARG ODBDESIGN_SERVER_REQUEST_PASSWORD="" LABEL org.opencontainers.image.source=https://github.com/nam20485/OdbDesign \ org.opencontainers.image.authors=https://github.com/nam20485 \ org.opencontainers.image.description="A free open source cross-platform C++ library for parsing ODB++ Design archives and accessing their data. Exposed via a REST API and packaged inside of a Docker image. The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888." \ @@ -94,7 +94,7 @@ RUN mkdir ./designs # run ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/OdbDesign/bin -ENV ODBDESIGN_SERVER_REQUEST_USERNAME=${ODBDESIGN_SERVER_REQUEST_USERNAME} -ENV ODBDESIGN_SERVER_REQUEST_PASSWORD=${ODBDESIGN_SERVER_REQUEST_PASSWORD} +# ENV ODBDESIGN_SERVER_REQUEST_USERNAME=${ODBDESIGN_SERVER_REQUEST_USERNAME} +# ENV ODBDESIGN_SERVER_REQUEST_PASSWORD=${ODBDESIGN_SERVER_REQUEST_PASSWORD} RUN chmod +x ./OdbDesignServer ENTRYPOINT [ "./OdbDesignServer" ] From 5a8bf4e777555da87f32f6be4884107e8052fb80 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Sun, 18 Feb 2024 11:18:56 -0800 Subject: [PATCH 24/29] set designs and templates dirs via command line arguments --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ce025df0..3290020b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -97,4 +97,4 @@ ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/OdbDesign/bin # ENV ODBDESIGN_SERVER_REQUEST_USERNAME=${ODBDESIGN_SERVER_REQUEST_USERNAME} # ENV ODBDESIGN_SERVER_REQUEST_PASSWORD=${ODBDESIGN_SERVER_REQUEST_PASSWORD} RUN chmod +x ./OdbDesignServer -ENTRYPOINT [ "./OdbDesignServer" ] +ENTRYPOINT [ "./OdbDesignServer", "--designs-dir", "./designs", "--templates-dir", "./templates" ] From d611a8ebad794909d7396b8a9185f8c5c8270d59 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Sun, 18 Feb 2024 11:19:04 -0800 Subject: [PATCH 25/29] ignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 0bc7f5f5..4770b091 100644 --- a/.gitignore +++ b/.gitignore @@ -45,3 +45,4 @@ OdbDesignServer/db.sqlite3 OdbDesignServer/PyOdbDesignLib/_PyOdbDesignLib.pyd /TEST_DATA.zip deploy/kubeconfig +Dockerfile.commentedOut From 17ec030b02302594eb7a175ecc18fe5624e43f2e Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Sun, 18 Feb 2024 14:16:23 -0800 Subject: [PATCH 26/29] add test-runtime workflow WIP to disabled workflows dir --- .github/workflows/disabled/test-runtime.yml | 70 +++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 .github/workflows/disabled/test-runtime.yml diff --git a/.github/workflows/disabled/test-runtime.yml b/.github/workflows/disabled/test-runtime.yml new file mode 100644 index 00000000..6fa9ddec --- /dev/null +++ b/.github/workflows/disabled/test-runtime.yml @@ -0,0 +1,70 @@ +# +# run the executable and make an authenticated call in each of the platforms: +# +# Windows +# Ubuntu +# MacOS +# Docker + +name: Test Runtime + +on: + push: + branches: [ "nam20485" ] + pull_request: + branches: [ "development", "main", "release", "nam20485" ] + +permissions: + contents: read + +env: + ARTIFACTS_DIR: ${{ github.workspace }}/artifacts + ARTIFACTS_DIR_WIN: ${{ github.workspace }}\artifacts + +jobs: + build: + name: Test Runtime Executables + runs-on: ${{ matrix.os }} + permissions: + contents: write + checks: write + + strategy: + # Set fail-fast to false to ensure that feedback is delivered for all matrix combinations. Consider changing this to true when your workflow is stable. + fail-fast: false + + matrix: + include: + # Windows x64 Release + - os: windows-2022 + preset: x64-release + # Linux x64 Release + - os: ubuntu-22.04 + preset: linux-release + # MacOS x64 Release + - os: macos-12 + preset: macos-release + # Linux mingw x64 Release + # - os: ubuntu-22.04 + # preset: linux-mingw-w64-release + # # Linux Python Release + # - os: ubuntu-22.04 + # preset: python-linux-release + + steps: + + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - name: Checkout Repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + # add problem matchers by compiler + - name: Add Problem Matchers + uses: ammaraskar/msvc-problem-matcher@1ebcb382869bfdc2cc645e8a2a43b6d319ea1cc0 # master + if: matrix.os == 'windows-2022' + - name: Add Problem Matchers + uses: ammaraskar/gcc-problem-matcher@0f9c86f9e693db67dacf53986e1674de5f2e5f28 # master + if: matrix.os != 'windows-2022' \ No newline at end of file From fa8ed34a45cb11668862840695c635f9580babce Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Sun, 18 Feb 2024 14:16:47 -0800 Subject: [PATCH 27/29] set several more docker image annotations --- .github/workflows/docker-publish.yml | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index b6b79563..676dd9a8 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -68,6 +68,16 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create CURRENT_DATETIME Environment Variable + run: | + echo "CURRENT_DATETIME=$(date +"%Y-%m-%d %H:%M:%S")" >> $GITHUB_ENV + + - name: Echo CURRENT_DATETIME Environment Variable + env: + CURRENT_DATETIME: ${{ env.CURRENT_DATETIME }} + run: echo ${{ env.CURRENT_DATETIME }} + # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action - name: Extract Docker metadata @@ -75,6 +85,7 @@ jobs: uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 env: DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index + CURRENT_DATETIME: ${{ env.CURRENT_DATETIME }} with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | @@ -83,9 +94,15 @@ jobs: type=ref,event=branch,suffix=-latest annotations: | org.opencontainers.image.source=https://github.com/nam20485/OdbDesign - org.opencontainers.image.description=A free open source cross-platform C++ library for parsing ODB++ Design archives and accessing their data. Exposed via a REST API and packaged inside of a Docker image. The OdbDesign Docker image runs the OdbDesignServer REST API server executable listening on port 8888. + org.opencontainers.image.description=A free open source cross-platform C++ library for parsing ODB++ Design archives and accessing their data. Exposed via a REST API and packaged inside of a Docker image. The OdbDesign Docker image runs the OdbDesign Server REST API server executable listening on port 8888. org.opencontainers.image.licenses=MIT - org.opencontainers.image.authors=https://github.com/nam20485 + org.opencontainers.image.authors=https://github.com/nam20485 + org.opencontainers.image.url=https://nam20485.github.io/OdbDesign + org.opencontainers.image.documentation=https://github.com/nam20485/OdbDesign?tab=readme-ov-file + org.opencontainers.image.version=${{ github.ref_name }}-${{github.run_number}} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.created=${CURRENT_DATETIME} + org.opencontainers.image.title=OdbDesign Server # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action @@ -126,4 +143,9 @@ jobs: with: repository: ${{ github.repository }} event-type: trigger_deploy_release_event - client-payload: '{"ref_name": "${{ github.ref_name }}", "dispatch_id": "${{ secrets.DISPATCH_ID }}"}' + client-payload: | + '{ + "ref_name": "${{ github.ref_name }}", + "run_number": "${{ github.run_number }}", + "dispatch_id": "${{ secrets.DISPATCH_ID }}" + }' From 1f35d8ed9080cc7e4533329ab3dadf27531d43e4 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Sun, 18 Feb 2024 16:15:52 -0800 Subject: [PATCH 28/29] use context variable for created annotation --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 676dd9a8..6ffb0f1e 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -101,7 +101,7 @@ jobs: org.opencontainers.image.documentation=https://github.com/nam20485/OdbDesign?tab=readme-ov-file org.opencontainers.image.version=${{ github.ref_name }}-${{github.run_number}} org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.created=${CURRENT_DATETIME} + org.opencontainers.image.created=${{ env.CURRENT_DATETIME }} org.opencontainers.image.title=OdbDesign Server # Build and push Docker image with Buildx (don't push on PR) From a307bdf409cda92f69ddc3724371cd5dfd6f3cb5 Mon Sep 17 00:00:00 2001 From: Nathan Miller Date: Sun, 18 Feb 2024 16:36:59 -0800 Subject: [PATCH 29/29] fix release version to use run_number from the dispatch event payload --- .github/workflows/create-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 37ba240a..5f196ca9 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -82,7 +82,7 @@ jobs: - name: Create Release Variables run: | - export RELEASE_VERSION="${{vars.RELEASE_VERSION_PREFIX}}.${{github.run_number}}" + export RELEASE_VERSION="${{vars.RELEASE_VERSION_PREFIX}}.${{ github.event.client_payload.run_number }} echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV export RELEASE_TAG="v${RELEASE_VERSION}" echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV @@ -103,7 +103,7 @@ jobs: repo: context.repo.repo, tag_name: process.env.RELEASE_TAG, body: require('fs').readFileSync('${{ github.workspace }}/release/release-body.md', 'utf8'), - target_commitish: '${{ github.ref_name }}' + target_commitish: '${{ github.event.client_payload.ref_name }}' }); const files =