From 5726dcb321665bbcc95bf1dbed5c8c927713e70f Mon Sep 17 00:00:00 2001 From: Lindsay Gaines Date: Thu, 21 Nov 2024 14:52:06 +1100 Subject: [PATCH] Update updated build_docker workflow from openmethane/openmethane --- .github/workflows/build_docker.yaml | 115 ++++++++++++++++------------ docs/development.md | 31 ++++++++ 2 files changed, 98 insertions(+), 48 deletions(-) create mode 100644 docs/development.md diff --git a/.github/workflows/build_docker.yaml b/.github/workflows/build_docker.yaml index 5cffcb9..7e13a41 100644 --- a/.github/workflows/build_docker.yaml +++ b/.github/workflows/build_docker.yaml @@ -1,4 +1,4 @@ -name: build_docker +name: Build docker image on: workflow_dispatch: @@ -29,6 +29,7 @@ jobs: outputs: digest: ${{ steps.build.outputs.digest }} + registry-image-id: ${{ steps.remote-image-id.outputs.REMOTE_ID }} # Builds and pushes the image # Tags the image with the PR that it is linked to @@ -43,6 +44,7 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v5 @@ -63,6 +65,10 @@ jobs: pull: false cache-from: type=gha cache-to: type=gha,mode=max + - name: Construct remote image id + id: remote-image-id + run: | + echo "REMOTE_ID=${{ env.IMAGE }}@${{ steps.build.outputs.digest }}" >> $GITHUB_OUTPUT test-unit: # Simple test suite to verify that the docker container works as expected @@ -87,43 +93,64 @@ jobs: CDSAPI_KEY: ${{ secrets.CDSAPI_ADS_KEY }} CDSAPI_URL: https://ads.atmosphere.copernicus.eu/api - # Tag the latest image if running on the main branch - # TODO: Handle tagged builds - tag-latest-image: + # Determine additional tags to apply to the image + image-tags: runs-on: ubuntu-latest needs: [ test-unit ] - if: github.ref == 'refs/heads/main' - permissions: - contents: read - packages: write + outputs: + tags: ${{ steps.meta.outputs.tags }} steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - name: Checkout code uses: actions/checkout@v4 - - name: Login to Container registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + + # check if the triggering ref is a vX.Y.Z tag and NOT vX.Y.Za0 (prerelease) + - name: Check for stable release + id: check-stable + if: startsWith(github.event.ref, 'refs/tags/v') + run: | + if [[ "${{ github.event.ref }}" =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "STABLE_RELEASE=true" >> $GITHUB_OUTPUT + fi + - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v5 with: images: "${{ env.IMAGE }}" tags: | - type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main'}} - - name: Push latest image - uses: docker/build-push-action@v5 - id: build + type=ref,event=pr + type=pep440,pattern={{version}} + type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.event.ref, 'refs/tags/v') }} + type=raw,value=stable,enable=${{ steps.check-stable.outputs.STABLE_RELEASE == 'true' }} + + tag-image-ghcr: + runs-on: ubuntu-latest + needs: [ build, image-tags ] + if: ${{ needs.image-tags.outputs.tags }} + permissions: + contents: read + packages: write + steps: + - name: Login to Container registry + uses: docker/login-action@v3 with: - labels: ${{ steps.meta.outputs.labels }} - tags: ${{ steps.meta.outputs.tags }} - cache-from: type=gha - cache-to: type=gha,mode=max - push: true - load: true + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Pull built docker image + run: | + docker pull ${{ needs.build.outputs.registry-image-id }} + - name: Tag and push docker image + run: | + TAGS="${{ needs.image-tags.outputs.tags }}" + + IFS=$'\n' + for tag in $TAGS; do + echo "Tagging ${{ needs.build.outputs.registry-image-id }} as $tag" + docker tag "${{ needs.build.outputs.registry-image-id }}" "$tag" + docker push "$tag" + done # Push the image to ECR as well push-ecr: @@ -140,18 +167,15 @@ jobs: - account_id: "058264429703" aws_access_key_secret: "AWS_ACCESS_KEY_ID_PROD" aws_secret_access_key_secret: "AWS_SECRET_ACCESS_KEY_PROD" - needs: [test-unit, build ] + + needs: [ build, image-tags ] + if: ${{ needs.image-tags.outputs.tags }} permissions: contents: read packages: read env: - GHCR_IMAGE_ID: ghcr.io/openmethane/openmethane-prior@${{ needs.build.outputs.digest }} - ECR_IMAGE: ${{ matrix.account_id }}.dkr.ecr.ap-southeast-2.amazonaws.com/openmethane/openmethane-prior + ECR_IMAGE: ${{ matrix.account_id }}.dkr.ecr.ap-southeast-2.amazonaws.com/openmethane/openmethane steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Checkout code - uses: actions/checkout@v4 - name: Login to Container registry uses: docker/login-action@v3 with: @@ -167,25 +191,20 @@ jobs: aws-region: ap-southeast-2 - name: Login to Amazon ECR uses: aws-actions/amazon-ecr-login@v2 + - name: Pull built docker image run: | - docker pull ${{ env.GHCR_IMAGE_ID }} - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v5 - with: - images: "${{ env.ECR_IMAGE }}" - tags: | - type=schedule - type=ref,event=pr - type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main'}} + docker pull "${{ needs.build.outputs.registry-image-id }}" - name: Tag and push docker image to Amazon ECR + # Replace the ghcr.io portion of the tags with the ECR URL so the tags + # are pushed to the right registry run: | - TAGS="${{ steps.meta.outputs.tags }}" + TAGS="${{ needs.image-tags.outputs.tags }}" IFS=$'\n' for tag in $TAGS; do - echo "Tagging ${{ env.GHCR_IMAGE_ID }} as $tag" - docker tag "${{ env.GHCR_IMAGE_ID }}" "$tag" - docker push "$tag" - done \ No newline at end of file + ECR_TAG=${tag/"${{ env.IMAGE }}"/"${{ env.ECR_IMAGE }}"} + echo "Tagging ${{ needs.build.outputs.registry-image-id }} as $ECR_TAG" + docker tag "${{ needs.build.outputs.registry-image-id }}" "$ECR_TAG" + docker push "$ECR_TAG" + done diff --git a/docs/development.md b/docs/development.md new file mode 100644 index 0000000..b006e4d --- /dev/null +++ b/docs/development.md @@ -0,0 +1,31 @@ + +# Development + +## Docker images + +A docker image will be built and made available through the GitHub Container +Registry for every push to `main` branch, as well as each PR. + +See https://github.com/orgs/openmethane/packages for a list of available +packages. + +## Preparing a release + +When changes have been merged into `main` which should be used in prod or +released to the public, we follow a simple release process. + +Visit the openmethane [Actions](https://github.com/openmethane/openmethane/actions) +and select the +[Bump version](https://github.com/openmethane/openmethane/actions/workflows/bump.yaml) +action. Click the Run workflow button, leaving `main` as the selected branch. + +Based on the content of the `changelog` folder in `main`, determine whether +this is a patch, minor or major release. Select that value in the workflow +dialogue, and click Run workflow. + +This workflow will: +- update the project version to the next semver version +- tag the repo with a `vX.Y.Z` tag +- update `docs/changelog.md` with the contents of the changes +- prepare a GitHub Release with the changelog content +- build and push a container image with the same version tag