Skip to content
Build and publish to Docker Hub

Build and publish to Docker Hub #92

Sign in to view logs

Build and publish to Docker Hub

Build and publish to Docker Hub #92

Workflow file for this run

.github/workflows/on_release.yml at 93bb21e
name: Build and publish to Docker Hub
on:
release:
# job will automatically run after a new "release" is create on github.
types: [published]
jobs:
# this job will build, test and (potentially) push the docker images to docker hub
#
# BUILD PHASE:
# - will auto tag the image according to the release tag / `git describe`.
#
# TEST PHASE:
# - will run an e2e test with a modified docker compose.
# - queries OPA data to check its state matches an expected value.
# - state will match only if OPAL client successfully synced to OPAL server.
# - outputs the docker compose logs to more easily investigate errors.
#
# PUSH PHASE:
# - Runs only if test phase completes with no errors.
# - Pushes images (built at BUILD PHASE) to docker hub.
docker_build_and_publish:
runs-on: ubuntu-latest
env:
github_token: ${{ secrets.TOKEN_GITHUB }}
permissions:
id-token: write
contents: write # 'write' access to repository contents
pull-requests: write # 'write' access to pull requests
steps:
# BUILD PHASE
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Docker Compose install
run: |
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
- name: Echo version tag
run: |
echo "The version tag that will be published to docker hub is: ${{ github.event.release.tag_name }}"
- name: Build client for testing
id: build_client
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
push: false
target: client
cache-from: type=registry,ref=permitio/opal-client:latest
cache-to: type=inline
load: true
tags: |
permitio/opal-client:test
- name: Build server for testing
id: build_server
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
push: false
target: server
cache-from: type=registry,ref=permitio/opal-server:latest
cache-to: type=inline
load: true
tags: |
permitio/opal-server:test
# TEST PHASE
- name: Create modified docker compose file
run: sed 's/:latest/:test/g' docker/docker-compose-example.yml > docker/docker-compose-test.yml
- name: Bring up stack
run: docker-compose -f docker/docker-compose-test.yml up -d
- name: Check if OPA is healthy
run: ./scripts/wait-for.sh -t 60 http://localhost:8181/v1/data/users -- sleep 10 && curl -s "http://localhost:8181/v1/data/users" | jq '.result.bob.location.country == "US"'
- name: Output container logs
run: docker-compose -f docker/docker-compose-test.yml logs
# PUSH PHASE
- name: Output local docker images
run: docker image ls --digests | grep opal
# pushes the *same* docker images that were previously tested as part of e2e sanity test.
# each image is pushed with the versioned tag first, if it succeeds the image is pushed with the latest tag as well.
- name: Build & Push client
id: build_push_client
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
target: client
cache-from: type=registry,ref=permitio/opal-client:latest
cache-to: type=inline
tags: |
permitio/opal-client:latest
permitio/opal-client:${{ github.event.release.tag_name }}
- name: Build client-standalone
id: build_push_client_standalone
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
target: client-standalone
cache-from: type=registry,ref=permitio/opal-client-standalone:latest
cache-to: type=inline
tags: |
permitio/opal-client-standalone:latest
permitio/opal-client-standalone:${{ github.event.release.tag_name }}
- name: Build server
id: build_push_server
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
target: server
cache-from: type=registry,ref=permitio/opal-server:latest
cache-to: type=inline
tags: |
permitio/opal-server:latest
permitio/opal-server:${{ github.event.release.tag_name }}
- name: Build & Push client cedar
id: build_push_client_cedar
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
target: client-cedar
cache-from: type=registry,ref=permitio/opal-client-cedar:latest
cache-to: type=inline
tags: |
permitio/opal-client-cedar:latest
permitio/opal-client-cedar:${{ github.event.release.tag_name }}
- name: Python setup
uses: actions/setup-python@v5
with:
python-version: '3.11.8'
# This is the root file representing the package for all the sub-packages.
- name: Bump version - packaging__.py
run: |
version_tag=${{ github.event.release.tag_name }}
version_tag=${version_tag#v} # Remove the leading 'v'
version_tuple=$(echo $version_tag | sed 's/\./, /g')
sed -i "s/VERSION = (.*/VERSION = (${version_tuple})/" packages/__packaging__.py
cat packages/__packaging__.py
- name: Cleanup setup.py and Build every sub-packages
run: |
pip install wheel
cd packages/opal-common/ ; rm -rf *.egg-info build/ dist/
python setup.py sdist bdist_wheel
cd ../..
cd packages/opal-client/ ; rm -rf *.egg-info build/ dist/
python setup.py sdist bdist_wheel
cd ../..
cd packages/opal-server/ ; rm -rf *.egg-info build/ dist/
python setup.py sdist bdist_wheel
cd ../..
# Upload package distributions to the release - All assets in one step
- name: Upload assets to release
uses: shogo82148/[email protected]
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: |
packages/opal-common/dist/*
packages/opal-client/dist/*
packages/opal-server/dist/*
# Publish package distributions to PyPI
- name: Publish package distributions to PyPI - Opal-Common
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_TOKEN }}
packages-dir: packages/opal-common/dist/
# For Test only !
# password: ${{ secrets.TEST_PYPI_TOKEN }}
# repository-url: https://test.pypi.org/legacy/
env:
name: pypi
url: https://pypi.org/p/opal-common/
- name: Publish package distributions to PyPI - Opal-Client
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_TOKEN }}
packages-dir: packages/opal-client/dist/
# For Test only !
# password: ${{ secrets.TEST_PYPI_TOKEN }}
# repository-url: https://test.pypi.org/legacy/
env:
name: pypi
url: https://pypi.org/p/opal-client/
- name: Publish package distributions to PyPI - Opal-Server
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_TOKEN }}
packages-dir: packages/opal-server/dist/
# For Test only !
# password: ${{ secrets.TEST_PYPI_TOKEN }}
# repository-url: https://test.pypi.org/legacy/
env:
name: pypi
url: https://pypi.org/p/opal-server/