Merge pull request #2272 from fli-iam/develop

Develop to master
fli-iam · Jun 26, 2024 · bf9760b · bf9760b
2 parents c0079ee + f8007d7
commit bf9760b
Show file tree

Hide file tree

Showing 174 changed files with 2,573 additions and 1,471 deletions.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -2,99 +2,145 @@
 name: Publish Docker images
 
 env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ghcr.io/${{ github.repository }}
-  TAG: ${{ github.ref_name }}
+  DOCKER_REPOSITORY: ghcr.io/${{ github.repository }}
+  GIT_REPO_URL: https://github.com/${{ github.repository }}
+
+  # production builds
+  # - triggered by pushing a tag
+  # - builds the current commit
+  # - cache is disabled
+  # development builds
+  # - triggered by workflow_call (in the deploy-qualif workflow)
+  # - builds the commit provided in the 'sha' input variable
+  # - cache is enabled
+  PRODUCTION: ${{ github.event_name == 'push' && '1' || '' }}
+
+  # id of the git commit to be built
+  SHA: ${{ github.event_name == 'push' && github.sha || inputs.sha }}
+
+  # tag of the resulting docker image
+  # - name of the git tag (production builds)
+  # - commit id (develpment builds)
+  IMAGE_TAG: ${{ github.event_name == 'push' && github.ref_name || inputs.sha }}
+
+  # boolean: force rebuilding the docker images from scratch
+  NO_CACHE: ${{ inputs.no_cache && '1' || '' }}
+
 on:
-  workflow_dispatch:
   push:
     tags:
       - '*'
-
+  workflow_call:
+    inputs:
+      sha:
+        description: 'git commit to be built'
+        type: string
+        required: true
+      no_cache:
+        description: 'force rebuilding the docker images from scratch'
+        type: boolean
+        default: false
+
 jobs:
-  push_to_registry:
-    name: Push Docker images to Container registry
+  build_images:
     runs-on: ubuntu-latest
     permissions:
       packages: write
       contents: read
     steps:
 
-      - name: Set up JDK 17
-        uses: actions/setup-java@v1
+      - name: Check out the repo
+        uses: actions/checkout@v4
         with:
-          java-version: 17
+          repository: ${{ env.PRODUCTION && github.repository || 'fli-iam/shanoir-ng' }}
+          ref: ${{ env.IMAGE_TAG }}
 
-      - name: Check out the repo
-        uses: actions/checkout@v3
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 21
+
+      # maven cache only enabled on development builds
+      - name: Set up Maven cache
+        uses: actions/cache@v4
+        if: "${{ ! env.production }}"
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-maven-
+
+      - name: Set up Docker Buildx
+        uses: docker/[email protected]
 
-      - name: Create directory /shanoir-ng-logs
-        run: sudo mkdir -m777 /var/log/shanoir-ng-logs
-
-      - name: Maven build
-        run: mvn -f ./shanoir-ng-parent/pom.xml install -DskipTests
-        env:
-          SHANOIR_URL_HOST: localhost
-          SHANOIR_URL_SCHEME: http
-          SHANOIR_PREFIX: github
-          SHANOIR_ADMIN_EMAIL: [email protected]
-          SHANOIR_KEYCLOAK_USER: admin
-          SHANOIR_KEYCLOAK_PASSWORD: '&a1A&a1A'
-
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3.0.0
         with:
-          registry: ${{ env.REGISTRY }}
+          registry: ${{ env.DOCKER_REPOSITORY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: USERS - Build & push Docker image
-        uses: docker/build-push-action@v2
-        with:
-          context: ./docker-compose/users
-          builder: ${{ steps.buildx.outputs.name }}
-          push: true
-          tags: ${{ env.IMAGE_NAME }}/users:latest, ${{ env.IMAGE_NAME }}/users:${{ env.TAG }}
-
-      - name: STUDIES - Build & push Docker image
-        uses: docker/build-push-action@v2
-        with:
-          context: ./docker-compose/studies
-          builder: ${{ steps.buildx.outputs.name }}
-          push: true
-          tags: ${{ env.IMAGE_NAME }}/studies:latest, ${{ env.IMAGE_NAME }}/studies:${{ env.TAG }}
-
-      - name: IMPORT - Build & push Docker image
-        uses: docker/build-push-action@v2
-        with:
-          context: ./docker-compose/import
-          builder: ${{ steps.buildx.outputs.name }}
-          push: true
-          tags: ${{ env.IMAGE_NAME }}/import:latest, ${{ env.IMAGE_NAME }}/import:${{ env.TAG }}
-
-      - name: DATASETS  - Build & push Docker image
-        uses: docker/build-push-action@v2
-        with:
-          context: ./docker-compose/datasets
-          builder: ${{ steps.buildx.outputs.name }}
-          push: true
-          tags: ${{ env.IMAGE_NAME }}/datasets:latest, ${{ env.IMAGE_NAME }}/datasets:${{ env.TAG }}
 
-      - name: PRECLINICAL - Build & push Docker image
-        uses: docker/build-push-action@v2
-        with:
-          context: ./docker-compose/preclinical
-          builder: ${{ steps.buildx.outputs.name }}
-          push: true
-          tags: ${{ env.IMAGE_NAME }}/preclinical:latest, ${{ env.IMAGE_NAME }}/preclinical:${{ env.TAG }}
-
-      - name:  NGINX - Build & push Docker image
-        uses: docker/build-push-action@v2
+      - name: Generate the docker bake config
+        shell: python
+        run: |
+          import json, os, pathlib, requests, subprocess
+          env = os.environ
+
+          # query the sha of the head of the main branch
+          MAIN_BRANCH = "develop"
+          main_branch_sha = requests.get(
+              f"${{ github.api_url }}/repos/${{ github.repository }}/branches/{MAIN_BRANCH}",
+              headers={"Authorization": "Bearer ${{ github.token }}"},
+            ).json().get("sha")
+
+          # cache configuration
+          #
+          # We do not use 'type=gha' because the github actions cache is not
+          # able to reliably reuse an existing cache for all images in every
+          # build, thus rendering the cache ineffective (this is probably
+          # caused by the size limits).
+          #
+          # Instead we explicitely store the cache in container repository of
+          # the project ('type=registry'), under the tag 'cache'
+          # - we pull the cache (cache_from) before development builds of any
+          #   branch when inputs.no_cache is false
+          # - we push the cache (cache_to) after development builds of the
+          #   main branch only
+          # - we never use the cache on production builds
+          enable_cache_from = not env['PRODUCTION'] and not env['NO_CACHE']
+          enable_cache_to   = not env['PRODUCTION'] and (
+            main_branch_sha == env['IMAGE_TAG'] == env['SHA'])
+          print(f"{enable_cache_from = }\n{enable_cache_to = }\n")
+
+          def cache_arg(enabled: bool, image: str, extra=""):
+            return [f"type=registry,ref={env['DOCKER_REPOSITORY']}/{image}:cache{extra}"
+                   ] if enabled else []
+  
+          # extract the list of images to be built from the docker-compose config
+          images = json.loads(subprocess.check_output(
+                  ["docker", "buildx", "bake", "--print", "-f", "docker-compose.yml"])
+              )["group"]["default"]["targets"]
+
+          # override the bake config (add cache config + set tags & labels)
+          pathlib.Path("docker-bake.json").write_text(json.dumps({
+            #"group": { "default": { "targets": ["database"] }}, # TODO: remove
+            "target": {
+              image: {
+                "cache-from": cache_arg(enable_cache_from, image),
+                "cache-to":   cache_arg(enable_cache_to,   image, ",mode=max"),
+                "tags": [f"{env['DOCKER_REPOSITORY']}/{image}:{env['IMAGE_TAG']}"],
+                "labels": {
+                  "org.opencontainers.image.url":      env['GIT_REPO_URL'],
+                  "org.opencontainers.image.source":   env['GIT_REPO_URL'],
+                  "org.opencontainers.image.version":  env['IMAGE_TAG'],
+                  "org.opencontainers.image.revision": env['SHA'],
+                },
+                } for image in images }}))
+
+      - name: Maven build
+        run: mvn -f ./shanoir-ng-parent/pom.xml install -DskipTests
+
+      - name: Build docker images
+        uses: docker/bake-action@v4
         with:
-          context: ./docker-compose/nginx
-          builder: ${{ steps.buildx.outputs.name }}
           push: true
-          tags: ${{ env.IMAGE_NAME }}/nginx:latest, ${{ env.IMAGE_NAME }}/nginx:${{ env.TAG }}
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -20,10 +20,11 @@ jobs:
       run: git fetch --no-tags --no-recurse-submodules --depth=1 origin +refs/heads/master:refs/remotes/origin/master
     - name: check migration names
       run: cd docker-compose/database && ./check_migration_names.py
-    - name: Set up JDK 17
-      uses: actions/setup-java@v1
+    - name: Set up JDK 21
+      uses: actions/setup-java@v4
       with:
-        java-version: 17
+        distribution: temurin
+        java-version: 21
     - name: Create directory /shanoir-ng-logs
       run: sudo mkdir -m777 /var/log/shanoir-ng-logs
     - name: Maven cache

diff --git a/.gitignore b/.gitignore
@@ -44,8 +44,6 @@ shanoir-ng-front/.angular
 .env.bak
 /docker-compose/nginx/webapp/
 /docker-compose/*/shanoir-ng-*.jar
-/docker-compose/*/entrypoint_common
-/docker-compose/*/oneshot
 /tmp
 shanoir-ng-tests/tests/.Python
 shanoir-ng-tests/tests/include/

diff --git a/README.md b/README.md
@@ -57,8 +57,10 @@ Then the shanoir-downloader project can be simply managed as a normal git repo (
     - Delete, if needed, %appData%/Docker/settings.json (Docker will create another one, see https://forums.docker.com/t/solved-docker-failed-to-start-docker-desktop-for-windows/106976/6)
 
 * Install Java 17
-    - Download and install : https://www.oracle.com/fr/java/technologies/javase/jdk11-archive-downloads.html
-    - Add enviromnent variable : JAVA_HOME = C:\Program Files\Java\jdk-11.0.16
+    - Download and install : https://www.oracle.com/java/technologies/javase/jdk17-archive-downloads.html
+    - Add enviromnent variable :
+      		On Windows (as environment variable): JAVA_HOME = C:\Program Files\Java\jdk-17.0.10
+      		On Mac (in your .bashrc or .zshrc file): export JAVA_HOME=$(/usr/libexec/java_home)
 
 * Install Maven
     - Download : https://maven.apache.org/download.cgi

diff --git a/bootstrap.sh b/bootstrap.sh
@@ -90,12 +90,8 @@ if [ -n "$build" ] ; then
 
 	# 1. build a docker image with the java toolchain
 	DEV_IMG=shanoir-ng-dev
-	docker build -t "$DEV_IMG" - <<EOF
-FROM debian:bookworm
-# NOTE: using bookworm-proposed-updates because of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039472
-RUN echo "deb http://deb.debian.org/debian bookworm-proposed-updates main" >> /etc/apt/sources.list \
-    && apt-get update -qq && apt-get install -qqy --no-install-recommends openjdk-17-jdk-headless maven bzip2 git
-EOF
+	docker build -t "$DEV_IMG" --target=jdk docker-compose
+
 	# 2. run the maven build
 	mkdir -p /tmp/home
 	docker run --rm -t -i -v "$PWD:/src" -u "`id -u`:`id -g`" -e HOME="/src/tmp/home" \

diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
@@ -21,7 +21,9 @@ services:
 
   front-dev:
     container_name: front-dev
-    build: ./docker-compose/front-dev
+    build:
+      context: docker-compose
+      target: front-dev
     volumes:
       - "./shanoir-ng-front:/app/"
     command: ng serve --host 0.0.0.0 --disable-host-check