diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 2041a78..277c51f 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -14,11 +14,26 @@ jobs: matrix: image-variant: [prd,dev] - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Create Dockerfile + run: | + make Dockerfile + + - name: Setup Bats and bats libs + id: setup-bats + uses: bats-core/bats-action@3.0.0 + with: + bats-install: true + bats-version: 1.10.0 + support-install: false + assert-install: false + detik-install: false + file-install: false + - name: Fill GitHub Environment Variables uses: FranzDiebold/github-env-vars-action@v2 @@ -50,18 +65,6 @@ jobs: id: buildx uses: docker/setup-buildx-action@v3 - - name: Cache Docker layers - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Create Dockerfile - run: | - make Dockerfile - - name: Build "${{ steps.prep.outputs.docker-image-name }}" Docker Image id: build uses: docker/build-push-action@v6 @@ -81,6 +84,8 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} outputs: type=docker,dest=/tmp/image.tar + cache-from: type=gha + cache-to: type=gha,mode=max - name: Load Docker Image run: | diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index 0a5ac64..fbb6ee6 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -11,12 +11,12 @@ jobs: init: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest outputs: - version-patch: ${{ steps.prep.outputs.version-patch }} - version-minor: ${{ steps.prep.outputs.version-minor }} - version-major: ${{ steps.prep.outputs.version-major }} + tag-patch: ${{ steps.prep.outputs.tag-patch }} + tag-minor: ${{ steps.prep.outputs.tag-minor }} + tag-major: ${{ steps.prep.outputs.tag-major }} build-date: ${{ steps.prep.outputs.build-date }} docker-image-name: ${{ steps.prep.outputs.docker-image-name }} github-ci-run-id: ${{ steps.prep.outputs.github-ci-run-id }} @@ -30,7 +30,7 @@ jobs: - name: Fill GitHub Environment Variables uses: FranzDiebold/github-env-vars-action@v2 - - name: Fill PHP Version Environment Variable + - name: Fill Image Build Environment Variable uses: c-py/action-dotenv-to-setenv@v5 with: env-file: .build.env @@ -42,9 +42,9 @@ jobs: VERSION_MAJOR_MINOR=${VERSION_MAJOR_MINOR_PATCH%.*} VERSION_MAJOR=${VERSION_MAJOR_MINOR%.*} echo "docker-image-name=${DOCKER_IMAGE_NAME}" >> $GITHUB_OUTPUT - echo "version-patch=${VERSION_MAJOR_MINOR_PATCH}" >> $GITHUB_OUTPUT - echo "version-minor=${VERSION_MAJOR_MINOR}" >> $GITHUB_OUTPUT - echo "version-major=${VERSION_MAJOR}" >> $GITHUB_OUTPUT + echo "tag-patch=${VERSION_MAJOR_MINOR_PATCH}" >> $GITHUB_OUTPUT + echo "tag-minor=${VERSION_MAJOR_MINOR}" >> $GITHUB_OUTPUT + echo "tag-major=${VERSION_MAJOR}" >> $GITHUB_OUTPUT echo "build-date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT echo "github-ci-sha-short=${CI_SHA_SHORT}" >> $GITHUB_OUTPUT echo "github-ci-sha=${CI_SHA}" >> $GITHUB_OUTPUT @@ -56,7 +56,7 @@ jobs: matrix: image-variant: [prd,dev] - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest needs: init steps: - uses: actions/checkout@v4 @@ -65,14 +65,6 @@ jobs: id: buildx uses: docker/setup-buildx-action@v3 - - name: Cache Docker layers - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - name: Fill "${{ needs.init.outputs.docker-image-name }}" Docker Image metadata id: meta uses: docker/metadata-action@v5 @@ -81,9 +73,9 @@ jobs: images: "${{ needs.init.outputs.docker-image-name }}" tags: | type=raw,value=${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} - type=raw,value=${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }} - type=raw,value=${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }} - type=raw,value=${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }} + type=raw,value=${{ needs.init.outputs.tag-patch }}-${{ matrix.image-variant }} + type=raw,value=${{ needs.init.outputs.tag-minor }}-${{ matrix.image-variant }} + type=raw,value=${{ needs.init.outputs.tag-major }}-${{ matrix.image-variant }} - name: Create Dockerfile run: | @@ -98,7 +90,7 @@ jobs: file: Dockerfile target: ${{ matrix.image-variant }} build-args: | - VERSION_ARG=${{ needs.init.outputs.version-patch }} + VERSION_ARG=${{ needs.init.outputs.tag-patch }} RELEASE_ARG=${{ needs.init.outputs.github-ci-run-id }} VCS_REF_ARG=${{ needs.init.outputs.github-ci-sha }} BUILD_DATE_ARG=${{ needs.init.outputs.build-date }} @@ -106,6 +98,8 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} outputs: type=docker,dest=/tmp/builded.tar + cache-from: type=gha + cache-to: type=gha,mode=max - name: Upload "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact uses: actions/upload-artifact@v4 @@ -119,18 +113,21 @@ jobs: matrix: image-variant: [prd,dev] - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest needs: [init,build] steps: - uses: actions/checkout@v4 - - name: Setup BATS testing framework - uses: zebby76/setup-bats@v2 + - name: Setup Bats and bats libs + id: setup-bats + uses: bats-core/bats-action@3.0.0 with: - bats-version: 1.2.1 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + bats-install: true + bats-version: 1.10.0 + support-install: false + assert-install: false + detik-install: false + file-install: false - name: Download "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact uses: actions/download-artifact@v4 @@ -188,35 +185,27 @@ jobs: # limit-access-to-actor: true - name: Test "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker Image + shell: bash env: DOCKER_IMAGE_NAME: ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} - EMS_VERSION: ${{ needs.init.outputs.version-patch }} + EMS_VERSION: ${{ needs.init.outputs.tag-patch }} CONTAINER_ENGINE: docker + BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }} + TERM: xterm run: | docker network create docker_default docker pull docker.io/curlimages/curl:8.11.1 bats -r test/tests.bats - sign-dev: + push-dev: strategy: - max-parallel: 1 matrix: image-variant: [dev] - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest needs: [init,tests] - steps: - - - name: Install Dependencies - run: | - sudo apt update - sudo apt install -y notary - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Download "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact uses: actions/download-artifact@v4 with: @@ -235,65 +224,23 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" - uses: sudo-bot/action-docker-sign@latest - with: - image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" - private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" - private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} - private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} - - - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}" - uses: sudo-bot/action-docker-sign@latest - with: - image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}" - private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" - private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} - private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} - - - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}" - uses: sudo-bot/action-docker-sign@latest - with: - image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}" - private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" - private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} - private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} - - - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }}" - uses: sudo-bot/action-docker-sign@latest - with: - image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }}" - private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" - private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} - private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} - - - name: Check Docker Images pull's + - name: Push docker images" + id: image-push run: | - docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} - docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }} - docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }} - docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }} + docker push ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} + docker push ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-patch }}-${{ matrix.image-variant }} + docker push ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-minor }}-${{ matrix.image-variant }} + docker push ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-major }}-${{ matrix.image-variant }} - sign-prd: + push-prd: strategy: - max-parallel: 1 matrix: image-variant: [prd] - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest needs: [init,tests] - steps: - - - name: Install Dependencies - run: | - sudo apt update - sudo apt install -y notary - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Download "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact uses: actions/download-artifact@v4 with: @@ -313,91 +260,28 @@ jobs: password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Tag docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} for release" - id: prep-sign-tagging + id: image-tag run: | docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} \ ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }} - docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }} \ - ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }} - docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }} \ - ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }} - docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }} \ - ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }} - - - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" - uses: sudo-bot/action-docker-sign@latest - with: - image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" - private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" - private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} - private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} - - - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}" - uses: sudo-bot/action-docker-sign@latest - with: - image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}" - private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" - private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} - private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} - - - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}" - uses: sudo-bot/action-docker-sign@latest - with: - image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}" - private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" - private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} - private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} - - - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}" - uses: sudo-bot/action-docker-sign@latest - with: - image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}" - private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" - private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} - private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} - - - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}" - uses: sudo-bot/action-docker-sign@latest - with: - image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}" - private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" - private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} - private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} - - - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}" - uses: sudo-bot/action-docker-sign@latest - with: - image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}" - private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" - private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} - private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} - - - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }}" - uses: sudo-bot/action-docker-sign@latest - with: - image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }}" - private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" - private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} - private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} - - - name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}" - uses: sudo-bot/action-docker-sign@latest - with: - image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}" - private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}" - private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} - private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} - - - name: Check Docker Images pull's + docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-patch }}-${{ matrix.image-variant }} \ + ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-patch }} + docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-minor }}-${{ matrix.image-variant }} \ + ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-minor }} + docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-major }}-${{ matrix.image-variant }} \ + ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-major }} + + - name: Push docker images + id: image-push run: | - docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} - docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }} - docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }} - docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }} - docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }} - docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }} - docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }} - docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }} + docker push ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} + docker push ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-patch }}-${{ matrix.image-variant }} + docker push ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-minor }}-${{ matrix.image-variant }} + docker push ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-major }}-${{ matrix.image-variant }} + docker push ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }} + docker push ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-patch }} + docker push ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-minor }} + docker push ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.tag-major }} cleanup: @@ -405,8 +289,8 @@ jobs: matrix: image-variant: [prd,dev] - runs-on: ubuntu-20.04 - needs: [sign-prd,sign-dev] + runs-on: ubuntu-latest + needs: [push-prd,push-dev] steps: - uses: geekyeggo/delete-artifact@v5 with: