Merge pull request #47 from rentpath/dedicated-build-runner-clj

New temporary job to target new dedicated build runners

.github/workflows/clj-build-dedicated.yml

@@ -0,0 +1,132 @@
+name: Clojure Build
+on:
+  workflow_call:
+    inputs:
+      runner:
+        required: false
+        type: string
+        default: self-hosted
+      target_branch:
+        required: false
+        type: string
+        default: main
+jobs:
+  build:
+    name: Build App
+    runs-on: ${{ inputs.runner }}
+      group: "build"
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
+    steps:
+      - name: remove 'ready' label
+        if: ${{ github.event.pull_request && github.event.pull_request.number }}
+        run: |
+          curl -X DELETE \
+               -H "Accept: application/vnd.github.v3+json" \
+               -H "Authorization: bearer ${{ github.token }}" \
+               "https://api.github.com/repos/${{ github.repository}}/issues/${{ github.event.pull_request.number }}/labels/PR%3A%20RE%20Ready"
+
+      - name: check out most recent commit
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref || github.ref }}
+          token: ${{ github.token }}
+
+      - name: set variables
+        id: vars
+        run: |
+          OWNER=$( echo ${{ github.repository }} | sed -E -e 's/\/.+$//' )
+          echo "owner=${OWNER}" >> $GITHUB_OUTPUT
+          REPO=$( echo ${{ github.repository }} | sed -E -e 's/^[^\/]+\///')
+          echo "repo=${REPO}" >> $GITHUB_OUTPUT
+          BRANCH_TAG=$(
+            echo "${{ github.head_ref || github.ref }}" \
+            | sed -E -e 's/refs\/heads\/(.*)/\1/g' \
+            | sed -e 's/[^a-zA-Z0-9]/-/g' \
+            | tr '[:upper:]' '[:lower:]' \
+            | cut -c 1-32 \
+            | sed -e 's/[^a-z0-9]*$//'
+          )
+          echo "branch_tag=${BRANCH_TAG}" >> $GITHUB_OUTPUT
+          RAW_REPO=$(echo "${{ github.repository }}" | cut -d/ -f2)
+          echo "rawrepo=${RAW_REPO}" >> $GITHUB_OUTPUT
+          IMAGE="ghcr.io/${{ github.repository }}"
+          echo "image=${IMAGE}" >> $GITHUB_OUTPUT
+          REF="${{ github.head_ref || github.ref }}"
+          echo "ref=${REF}" >> $GITHUB_OUTPUT
+          SHA="${{ (github.event.pull_request && github.event.pull_request.head && github.event.pull_request.head.sha) || github.sha }}"
+          echo "sha=${SHA}" >> $GITHUB_OUTPUT
+          SHORT_SHA=$( git rev-parse --short HEAD )
+          echo "short_sha=${SHORT_SHA}" >> $GITHUB_OUTPUT
+          VERSION=$( date -u '+%Y%m%d' )-${{ github.run_number || 0 }}-$( git rev-parse --short HEAD )
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+
+      - name: download artifacts
+        uses: actions/download-artifact@v4
+
+      - name: auth with docker
+        run: |
+          echo ${{ secrets.GHCR_USER_PAT }} | docker login ghcr.io -u ${{ secrets.GHCR_USER_NAME }} --password-stdin
+
+      # FIXME: we should only tag `main` builds with the standard Rent. version
+      - name: prepare tags
+        id: prepare
+        run: |
+          TAGS="${{ steps.vars.outputs.image }}:${{ steps.vars.outputs.version }}"
+          # reserve the `latest` tag for the target branch
+          # branch-tags are essentially `latest` per branch
+          if [[ ${{ contains(github.ref, inputs.target_branch) }} = true ]]; then
+            TAGS="${TAGS},${{ steps.vars.outputs.image }}:latest"
+          else
+            TAGS="${TAGS},${{ steps.vars.outputs.image }}:${{ steps.vars.outputs.branch_tag }}"
+          fi
+          echo "tags=${TAGS}" >> $GITHUB_OUTPUT
+
+      # note that VAULT_TOKEN is expected to be inherited from org (calling action)-- double-check GHA docs
+      - uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          cache-from: type=registry,ref=${{ steps.vars.outputs.image }}:${{ steps.vars.outputs.branch_tag }}
+          cache-to: type=inline
+          tags: ${{ steps.prepare.outputs.tags }}
+          secrets: |
+            VAULT_TOKEN=${{ secrets.HASHICORP_VAULT_GH_READER_CI_TOKEN }}
+            RP_PRIVATE_TOKEN=${{ secrets.GPR_TOKEN }}
+          build-args: |
+            BUILD_NUMBER=${{ github.run_number }}
+            BUILD_SHA=${{ steps.vars.outputs.sha }}
+            VERSION=${{ steps.vars.outputs.version }}
+
+      - name: Add build tag check
+        uses: LouisBrunner/[email protected]
+        if: ${{ github.event.pull_request }}
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          name: |
+            Image tag: ${{ steps.vars.outputs.version }}
+          conclusion: ${{ job.status }}
+
+      - name: git tag
+        if: ${{ contains(github.ref, format('{0}{1}', 'refs/heads/', inputs.target_branch)) }}
+        shell: bash {0}
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "rentpath-plateng"
+          git tag -a ${{ steps.vars.outputs.version }} -m "${{ steps.vars.outputs.version }}" && \
+            git push origin refs/tags/${{ steps.vars.outputs.version }}:refs/tags/${{ steps.vars.outputs.version }}
+
+      - name: release
+        if: ${{ contains(github.ref, format('{0}{1}', 'refs/heads/', inputs.target_branch)) }}
+        id: create_release
+        uses: softprops/action-gh-release@v2
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        with:
+          tag_name: ${{ steps.vars.outputs.version }}
+          name: Release ${{ steps.vars.outputs.version }}
+          body: 'Docker Image: [${{ steps.vars.outputs.image }}:${{ steps.vars.outputs.version }}](https://github.com/orgs/rentpath/packages/container/package/${{ steps.vars.outputs.rawrepo }})'
+          draft: false
+          prerelease: false