Add infrastructure to push images to Docker Hub (#4252) #2418
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
branches: | |
- master | |
- release-* | |
tags: | |
- '[0-9]+.[0-9]+.[0-9]+' | |
- '[0-9]+.[0-9]+.[0-9]+-*' | |
pull_request: | |
workflow_dispatch: | |
env: | |
DOTNET_NOLOGO: true | |
jobs: | |
windows: | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
runs-on: windows-2022 | |
steps: | |
- name: Check for secrets | |
env: | |
SECRETS_AVAILABLE: ${{ secrets.SECRETS_AVAILABLE }} | |
shell: pwsh | |
run: exit $(If ($env:SECRETS_AVAILABLE -eq 'true') { 0 } Else { 1 }) | |
- name: Checkout | |
uses: actions/checkout@v4.1.7 | |
with: | |
fetch-depth: 0 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v4.0.0 | |
with: | |
dotnet-version: 8.0.x | |
- name: Download RavenDB Server | |
shell: pwsh | |
run: ./tools/download-ravendb-server.ps1 | |
- name: Build | |
run: dotnet build src --configuration Release -graph --property:WindowsSelfContained=true | |
- name: Validate build version | |
if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }} | |
uses: ./.github/actions/validate-version | |
with: | |
version: ${{ env.MinVerVersion }} | |
- name: Build ServiceControl Management | |
run: dotnet publish src\ServiceControl.Config\ServiceControl.Config.csproj --no-build --output assets --property:WindowsSelfContained=true | |
- name: Create PowerShell module catalog | |
run: New-FileCatalog -Path deploy\PowerShellModules\Particular.ServiceControl.Management -CatalogFilePath deploy\PowerShellModules\Particular.ServiceControl.Management\Particular.ServiceControl.Management.cat -CatalogVersion 2.0 | |
- name: Install AzureSignTool | |
run: dotnet tool install --global azuresigntool | |
- name: Sign ServiceControl Management EXE | |
run: | | |
AzureSignTool sign ` | |
--file-digest sha256 ` | |
--timestamp-rfc3161 http://timestamp.digicert.com ` | |
--azure-key-vault-url https://particularcodesigning.vault.azure.net ` | |
--azure-key-vault-client-id ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }} ` | |
--azure-key-vault-tenant-id ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }} ` | |
--azure-key-vault-client-secret ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }} ` | |
--azure-key-vault-certificate ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }} ` | |
assets\Particular.ServiceControl.exe | |
- name: Rename ServiceControl Management EXE | |
run: Rename-Item -Path assets\Particular.ServiceControl.exe -NewName "Particular.ServiceControl-${{ env.MinVerVersion }}.exe" | |
shell: pwsh | |
- name: Sign PowerShell module | |
run: | | |
AzureSignTool sign ` | |
--file-digest sha256 ` | |
--timestamp-rfc3161 http://timestamp.digicert.com ` | |
--azure-key-vault-url https://particularcodesigning.vault.azure.net ` | |
--azure-key-vault-client-id ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }} ` | |
--azure-key-vault-tenant-id ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }} ` | |
--azure-key-vault-client-secret ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }} ` | |
--azure-key-vault-certificate ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }} ` | |
deploy\PowerShellModules\Particular.ServiceControl.Management\Particular.ServiceControl.Management.cat | |
- name: Zip PowerShell module | |
run: | | |
New-Item assets\PowerShellModules -ItemType Directory | |
Compress-Archive -Path deploy\PowerShellModules\Particular.ServiceControl.Management\* -DestinationPath assets\PowerShellModules\Particular.ServiceControl.Management.zip | |
- name: Publish assets | |
uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: assets | |
path: assets/* | |
retention-days: 1 | |
- name: Publish zips | |
uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: zips | |
path: zip/* | |
retention-days: 1 | |
- name: Build PlatformSample package | |
run: | | |
Remove-Item deploy\Particular.ServiceControl* -recurse | |
dotnet clean src --configuration Release --property:WindowsSelfContained=true | |
dotnet build src\Particular.PlatformSample.ServiceControl\Particular.PlatformSample.ServiceControl.csproj --configuration Release -graph | |
shell: pwsh | |
- name: Sign NuGet packages | |
uses: Particular/sign-nuget-packages-action@v1.0.0 | |
with: | |
client-id: ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }} | |
client-secret: ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }} | |
certificate-name: ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }} | |
- name: Publish NuGet packages | |
uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: nugets | |
path: nugets/* | |
retention-days: 1 | |
- name : Verify release artifact counts | |
shell: pwsh | |
run: | | |
$assetsCount = (Get-ChildItem -Recurse -File assets).Count | |
$nugetsCount = (Get-ChildItem -Recurse -File nugets).Count | |
$zipCount = (Get-ChildItem -Recurse -File zip).Count | |
$expectedAssetsCount = 2 # SCMU & PowerShell module | |
$expectedNugetsCount = 1 # PlatformSample | |
$expectedZipCount = 5 # ServiceControl, Audit, & Monitoring + Transports & RavenDBServer | |
if ($assetsCount -ne $expectedAssetsCount) | |
{ | |
Write-Host Assets: Expected $expectedAssetsCount but found $assetsCount | |
exit -1 | |
} | |
if ($nugetsCount -ne $expectedNugetsCount) | |
{ | |
Write-Host Nugets: Expected $expectedNugetsCount but found $nugetsCount | |
exit -1 | |
} | |
if ($expectedZipCount -ne $zipCount) | |
{ | |
Write-Host Zips: Expected $expectedZipCount but found $zipCount | |
exit -1 | |
} | |
- name: Deploy | |
if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }} | |
# Does not follow standard practice of targeting explicit versions because configuration is tightly coupled to Octopus Deploy configuration | |
uses: Particular/push-octopus-package-action@main | |
with: | |
octopus-deploy-api-key: ${{ secrets.OCTOPUS_DEPLOY_API_KEY }} | |
containers: | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
runs-on: ubuntu-22.04 | |
name: container-${{ matrix.name }} | |
defaults: | |
run: | |
shell: bash | |
strategy: | |
matrix: | |
include: | |
- name: servicecontrol | |
project: ServiceControl | |
description: ServiceControl error instance | |
- name: servicecontrol-audit | |
project: ServiceControl.Audit | |
description: ServiceControl audit instance | |
- name: servicecontrol-monitoring | |
project: ServiceControl.Monitoring | |
description: ServiceControl monitoring instance | |
fail-fast: false | |
steps: | |
- name: Check for secrets | |
env: | |
SECRETS_AVAILABLE: ${{ secrets.SECRETS_AVAILABLE }} | |
shell: pwsh | |
run: exit $(If ($env:SECRETS_AVAILABLE -eq 'true') { 0 } Else { 1 }) | |
- name: Checkout | |
uses: actions/checkout@v4.1.7 | |
with: | |
fetch-depth: 0 | |
- name: Install MinVer CLI | |
run: dotnet tool install --global minver-cli | |
- name: Determine versions | |
run: echo "MinVerVersion=$(minver)" >> $GITHUB_ENV | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3.3.0 | |
- name: Log in to GitHub container registry | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
- name: Build & inspect image | |
env: | |
TAG_NAME: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || env.MinVerVersion }} | |
run: | | |
docker buildx build --push --tag ghcr.io/particular/${{ matrix.name }}:${{ env.TAG_NAME }} \ | |
--file src/${{ matrix.project }}/Dockerfile \ | |
--build-arg VERSION=${{ env.MinVerVersion }} \ | |
--annotation "index:org.opencontainers.image.title=${{ matrix.name }}" \ | |
--annotation "index:org.opencontainers.image.description=${{ matrix.description }}" \ | |
--annotation "index:org.opencontainers.image.created=$(date '+%FT%TZ')" \ | |
--annotation "index:org.opencontainers.image.revision=${{ github.sha }}" \ | |
--annotation "index:org.opencontainers.image.authors=Particular Software" \ | |
--annotation "index:org.opencontainers.image.vendor=Particular Software" \ | |
--annotation "index:org.opencontainers.image.version=${{ env.MinVerVersion }}" \ | |
--annotation "index:org.opencontainers.image.source=https://github.com/${{ github.repository }}/tree/${{ github.sha }}" \ | |
--annotation "index:org.opencontainers.image.url=https://hub.docker.com/r/particular/${{ matrix.name }}" \ | |
--annotation "index:org.opencontainers.image.documentation=https://docs.particular.net/servicecontrol/" \ | |
--annotation "index:org.opencontainers.image.base.name=mcr.microsoft.com/dotnet/aspnet:8.0" \ | |
--platform linux/arm64,linux/arm,linux/amd64 . | |
docker buildx imagetools inspect ghcr.io/particular/${{ matrix.name }}:${{ env.TAG_NAME }} | |
db-containers: | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
runs-on: ubuntu-22.04 | |
name: db-containers | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- name: Check for secrets | |
env: | |
SECRETS_AVAILABLE: ${{ secrets.SECRETS_AVAILABLE }} | |
shell: pwsh | |
run: exit $(If ($env:SECRETS_AVAILABLE -eq 'true') { 0 } Else { 1 }) | |
- name: Checkout | |
uses: actions/checkout@v4.1.7 | |
with: | |
fetch-depth: 0 | |
- name: Install MinVer CLI | |
run: dotnet tool install --global minver-cli | |
- name: Determine versions | |
run: echo "MinVerVersion=$(minver)" >> $GITHUB_ENV | |
- name: Log in to GitHub container registry | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
- name: Build images | |
env: | |
TAG_NAME: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || env.MinVerVersion }} | |
shell: pwsh | |
run: | | |
Write-Output "Determining RavenDB version from Directory.Packages.props file" | |
[xml]$packagesFile = Get-Content src/Directory.Packages.props | |
$RavenVersion = $packagesFile.selectNodes("//Project/ItemGroup/PackageVersion[@Include='RavenDB.Embedded']").Version | |
if (-not $RavenVersion) { throw "Unable to determine RavenDB server version from Directory.Packages.props" } | |
Write-Output "Determining container variants to build" | |
$containers = cat src/ServiceControl.RavenDB/containers.json | ConvertFrom-Json | |
$containers | ForEach-Object -Process { | |
$FULLTAG="${{ env.TAG_NAME }}-$($_.tag)" | |
$BASETAG="$($RavenVersion)-ubuntu.22.04-$($_.tag)" | |
Write-Output "::group::Building $FULLTAG for architecture $($_.arch) from $BASETAG" | |
docker build -t ghcr.io/particular/servicecontrol-ravendb:$FULLTAG --file src/ServiceControl.RavenDB/Dockerfile --build-arg VERSION=${{ env.MinVerVersion }} --build-arg BASETAG=$BASETAG --platform linux/$($_.arch) . | |
Write-Output "::endgroup::" | |
} | |
- name: List local images | |
run: docker images | |
- name: Push images to GitHub Container registry | |
run: docker image push --all-tags ghcr.io/particular/servicecontrol-ravendb |