Bleeding Docker Image CI #1066

Workflow file for this run

.github/workflows/bleeding.yml at 6e6cdb7

	name: Bleeding Docker Image CI

	on:
	push:
	branches:
	- main
	pull_request:
	schedule:
	- cron: 0 4 * * *

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: true

	permissions:
	contents: read

	jobs:
	bleeding:
	runs-on: ubuntu-22.04
	outputs:
	weblate_sha: ${{ steps.get_sha.outputs.sha }}
	weblate_date: ${{ steps.get_date.outputs.date }}
	steps:
	- id: get_sha
	run: echo "::set-output name=sha::$(git ls-remote --quiet https://github.com/WeblateOrg/weblate.git HEAD \| awk '{print $1}')"
	- id: get_date
	run: echo "::set-output name=date::$(date --iso-8601=ns)"
	build:
	runs-on: ubuntu-22.04
	name: Build, bleeding, ${{ matrix.architecture }}
	needs:
	- bleeding
	strategy:
	matrix:
	architecture: [linux/amd64]
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	steps:
	- uses: actions/checkout@v4
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.3.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.14.0
	- name: Cache Docker layers
	uses: actions/cache@v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-bleeding-${{ github.run_id }}-${{ matrix.architecture }}
	- name: Adjust bleeding edge image
	run: .github/bin/bleeding ${{needs.bleeding.outputs.weblate_sha}} ${{needs.bleeding.outputs.weblate_date}}
	- name: Configure Docker build
	run: .github/bin/get-buildx-args
	- name: Build the Docker image
	run: .github/bin/docker-build

	buildx:
	runs-on: ubuntu-22.04
	name: Build, bleeding, ${{ matrix.architecture }}
	needs:
	- bleeding
	strategy:
	matrix:
	architecture:
	- linux/arm64
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	steps:
	- uses: actions/checkout@v4
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3.0.0
	with:
	platforms: ${{ matrix.architecture }}
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.3.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.14.0
	- name: Cache Docker layers
	uses: actions/cache@v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-bleeding-${{ github.run_id }}-${{ matrix.architecture }}
	- name: Adjust bleeding edge image
	run: .github/bin/bleeding ${{needs.bleeding.outputs.weblate_sha}} ${{needs.bleeding.outputs.weblate_date}}
	- name: Configure Docker build
	run: .github/bin/get-buildx-args
	- name: Build the Docker image
	run: .github/bin/docker-build

	test:
	runs-on: ubuntu-22.04
	name: Test, bleeding, ${{ matrix.architecture }}
	needs:
	- bleeding
	- build
	strategy:
	matrix:
	architecture: [linux/amd64]
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	COMPOSE_PROJECT_NAME: wl
	PYTHONUNBUFFERED: 1
	TEST_CONTAINER: weblate/weblate:test
	steps:
	- uses: actions/checkout@v4
	with:
	submodules: recursive
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.3.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.14.0
	- name: Cache Docker layers
	uses: actions/cache@v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-bleeding-${{ github.run_id }}-${{ matrix.architecture }}
	- name: Adjust bleeding edge image
	run: .github/bin/bleeding ${{needs.bleeding.outputs.weblate_sha}} ${{needs.bleeding.outputs.weblate_date}}
	- name: Build the Docker image
	run: .github/bin/docker-build load
	- name: List Docker images
	run: docker image ls --all
	- name: Generate configuration
	run: \|
	cd docker-compose
	./test-generate
	- name: Startup container
	run: \|
	cd docker-compose
	./test-boot
	- name: Run tests
	run: \|
	cd docker-compose
	./test-tests
	- name: Display logs
	if: always()
	run: \|
	cd docker-compose
	./test-logs
	- name: Shutdown service
	run: \|
	cd docker-compose
	./test-stop

	test-basic:
	runs-on: ubuntu-22.04
	name: Test basic, bleeding, ${{ matrix.architecture }}
	needs:
	- bleeding
	- build
	strategy:
	matrix:
	architecture: [linux/amd64]
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	COMPOSE_PROJECT_NAME: wl
	PYTHONUNBUFFERED: 1
	TEST_CONTAINER: weblate/weblate:test
	steps:
	- uses: actions/checkout@v4
	with:
	submodules: recursive
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.3.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.14.0
	- name: Cache Docker layers
	uses: actions/cache@v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-bleeding-${{ github.run_id }}-${{ matrix.architecture }}
	- name: Adjust bleeding edge image
	run: .github/bin/bleeding ${{needs.bleeding.outputs.weblate_sha}} ${{needs.bleeding.outputs.weblate_date}}
	- name: Build the Docker image
	run: .github/bin/docker-build load
	- name: List Docker images
	run: docker image ls --all
	- name: Generate configuration
	run: \|
	cd docker-compose
	./test-generate
	- name: Startup container
	run: \|
	cd docker-compose
	./test-boot
	- name: List Python packages
	run: \|
	cd docker-compose
	./test-pip
	- name: Inspect container
	run: \|
	cd docker-compose
	./test-inspect
	- name: Check service is running
	run: \|
	cd docker-compose
	./test-online
	- name: Check service health status
	run: \|
	cd docker-compose
	./test-health
	- name: Run Django Checks
	run: \|
	cd docker-compose
	./test-checks
	- name: Verify supervisor
	run: \|
	cd docker-compose
	./test-supervisor
	- name: Test admin creation
	run: \|
	cd docker-compose
	./test-admin
	- name: Test commands
	run: \|
	cd docker-compose
	./test-commands
	- name: Display logs
	if: always()
	run: \|
	cd docker-compose
	./test-logs
	- name: Shutdown service
	run: \|
	cd docker-compose
	./test-stop

	test-novolume:
	runs-on: ubuntu-22.04
	name: Test novolume, bleeding, ${{ matrix.architecture }}
	needs:
	- bleeding
	- build
	strategy:
	matrix:
	architecture: [linux/amd64]
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	COMPOSE_PROJECT_NAME: wl
	PYTHONUNBUFFERED: 1
	TEST_CONTAINER: weblate/weblate:test
	steps:
	- uses: actions/checkout@v4
	with:
	submodules: recursive
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.3.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.14.0
	- name: Cache Docker layers
	uses: actions/cache@v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-bleeding-${{ github.run_id }}-${{ matrix.architecture }}
	- name: Adjust bleeding edge image
	run: .github/bin/bleeding ${{needs.bleeding.outputs.weblate_sha}} ${{needs.bleeding.outputs.weblate_date}}
	- name: Build the Docker image
	run: .github/bin/docker-build load
	- name: List Docker images
	run: docker image ls --all
	- name: Generate configuration
	run: \|
	cd docker-compose
	./test-generate 8080 http read-write
	- name: Startup container
	run: \|
	cd docker-compose
	./test-boot
	- name: List Python packages
	run: \|
	cd docker-compose
	./test-pip
	- name: Inspect container
	run: \|
	cd docker-compose
	./test-inspect
	- name: Check service is running
	run: \|
	cd docker-compose
	./test-online
	- name: Check service health status
	run: \|
	cd docker-compose
	./test-health
	- name: Run Django Checks
	run: \|
	cd docker-compose
	./test-checks
	- name: Verify supervisor
	run: \|
	cd docker-compose
	./test-supervisor
	- name: Test admin creation
	run: \|
	cd docker-compose
	./test-admin
	- name: Test commands
	run: \|
	cd docker-compose
	./test-commands
	- name: Display logs
	if: always()
	run: \|
	cd docker-compose
	./test-logs
	- name: Shutdown service
	run: \|
	cd docker-compose
	./test-stop

	test-saml:
	runs-on: ubuntu-22.04
	name: Test SAML, bleeding, ${{ matrix.architecture }}
	needs:
	- bleeding
	- build
	strategy:
	matrix:
	architecture: [linux/amd64]
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	COMPOSE_PROJECT_NAME: wl
	PYTHONUNBUFFERED: 1
	TEST_CONTAINER: weblate/weblate:test
	steps:
	- uses: actions/checkout@v4
	with:
	submodules: recursive
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.3.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.14.0
	- name: Cache Docker layers
	uses: actions/cache@v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-bleeding-${{ github.run_id }}-${{ matrix.architecture }}
	- name: Adjust bleeding edge image
	run: .github/bin/bleeding ${{needs.bleeding.outputs.weblate_sha}} ${{needs.bleeding.outputs.weblate_date}}
	- name: Build the Docker image
	run: .github/bin/docker-build load
	- name: List Docker images
	run: docker image ls --all
	- name: Generate configuration
	env:
	TEST_EXTRA_ENV: 'WEBLATE_SAML_IDP_URL: https://example.com/idp'
	run: \|
	cd docker-compose
	./test-generate
	- name: Startup container
	run: \|
	cd docker-compose
	./test-boot
	- name: List Python packages
	run: \|
	cd docker-compose
	./test-pip
	- name: Inspect container
	run: \|
	cd docker-compose
	./test-inspect
	- name: Check service is running
	run: \|
	cd docker-compose
	./test-online
	- name: Check service health status
	run: \|
	cd docker-compose
	./test-health
	- name: Run Django Checks
	run: \|
	cd docker-compose
	./test-checks
	- name: Verify supervisor
	run: \|
	cd docker-compose
	./test-supervisor
	- name: Test admin creation
	run: \|
	cd docker-compose
	./test-admin
	- name: Verify SAML certificate
	run: \|
	cd docker-compose
	./test-saml
	- name: Display logs
	if: always()
	run: \|
	cd docker-compose
	./test-logs
	- name: Shutdown service
	run: \|
	cd docker-compose
	./test-stop

	test-split:
	runs-on: ubuntu-22.04
	name: Test split, bleeding, ${{ matrix.architecture }}
	needs:
	- bleeding
	- build
	strategy:
	matrix:
	architecture: [linux/amd64]
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	COMPOSE_PROJECT_NAME: wl
	PYTHONUNBUFFERED: 1
	TEST_CONTAINER: weblate/weblate:test
	steps:
	- uses: actions/checkout@v4
	with:
	submodules: recursive
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.3.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.14.0
	- name: Cache Docker layers
	uses: actions/cache@v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-bleeding-${{ github.run_id }}-${{ matrix.architecture }}
	- name: Adjust bleeding edge image
	run: .github/bin/bleeding ${{needs.bleeding.outputs.weblate_sha}} ${{needs.bleeding.outputs.weblate_date}}
	- name: Build the Docker image
	run: .github/bin/docker-build load
	- name: List Docker images
	run: docker image ls --all
	- name: Generate configuration
	run: \|
	cd docker-compose
	./test-generate 8080 http split
	- name: Startup container
	run: \|
	cd docker-compose
	./test-boot
	- name: List Python packages
	run: \|
	cd docker-compose
	./test-pip
	- name: Inspect container
	run: \|
	cd docker-compose
	./test-inspect
	- name: Check service is running
	run: \|
	cd docker-compose
	./test-online
	- name: Check service health status
	run: \|
	cd docker-compose
	./test-health
	- name: Run Django Checks
	run: \|
	cd docker-compose
	./test-checks
	- name: Verify supervisor
	run: \|
	cd docker-compose
	./test-supervisor
	- name: Test admin creation
	run: \|
	cd docker-compose
	./test-admin
	- name: Display logs
	if: always()
	run: \|
	cd docker-compose
	./test-logs
	- name: Shutdown service
	run: \|
	cd docker-compose
	./test-stop

	test-ssl:
	runs-on: ubuntu-22.04
	name: Test SSL, bleeding, ${{ matrix.architecture }}
	needs:
	- bleeding
	- build
	strategy:
	matrix:
	architecture: [linux/amd64]
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	COMPOSE_PROJECT_NAME: wl
	PYTHONUNBUFFERED: 1
	TEST_CONTAINER: weblate/weblate:test
	steps:
	- uses: actions/checkout@v4
	with:
	submodules: recursive
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.3.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.14.0
	- name: Cache Docker layers
	uses: actions/cache@v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-bleeding-${{ github.run_id }}-${{ matrix.architecture }}
	- name: Adjust bleeding edge image
	run: .github/bin/bleeding ${{needs.bleeding.outputs.weblate_sha}} ${{needs.bleeding.outputs.weblate_date}}
	- name: Build the Docker image
	run: .github/bin/docker-build load
	- name: List Docker images
	run: docker image ls --all
	- name: Generate configuration
	run: \|
	cd docker-compose
	./test-generate 4443 https
	- name: Generate SSL certificate
	run: \|
	cd docker-compose
	docker-compose up --no-start
	VOLUMEPATH=$(docker volume inspect -f '{{.Mountpoint}}' wl_weblate-data)
	sudo mkdir -p $VOLUMEPATH/ssl
	sudo openssl req -x509 -nodes -days 365 -subj "/CN=localhost" -newkey rsa:2048 -keyout $VOLUMEPATH/ssl/privkey.pem -out $VOLUMEPATH/ssl/fullchain.pem
	sudo chown -R 1000:1000 $VOLUMEPATH/ssl
	- name: Startup container
	run: \|
	cd docker-compose
	./test-boot
	- name: List Python packages
	run: \|
	cd docker-compose
	./test-pip
	- name: Inspect container
	run: \|
	cd docker-compose
	./test-inspect
	- name: Check service is running
	run: \|
	cd docker-compose
	./test-online
	- name: Check service health status
	run: \|
	cd docker-compose
	./test-health
	- name: Run Django Checks
	run: \|
	cd docker-compose
	./test-checks
	- name: Verify supervisor
	run: \|
	cd docker-compose
	./test-supervisor
	- name: Test admin creation
	run: \|
	cd docker-compose
	./test-admin
	- name: Display logs
	if: always()
	run: \|
	cd docker-compose
	./test-logs
	- name: Shutdown service
	run: \|
	cd docker-compose
	./test-stop

	anchore:
	runs-on: ubuntu-22.04
	name: Anchore Container Scan, ${{ matrix.architecture }}
	needs:
	- bleeding
	- build
	permissions:
	security-events: write
	strategy:
	matrix:
	architecture: [linux/amd64]
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	steps:
	- uses: actions/checkout@v4
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.3.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.14.0
	- name: Cache Docker layers
	uses: actions/cache@v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-bleeding-${{ github.run_id }}-${{ matrix.architecture }}
	- name: Adjust bleeding edge image
	run: .github/bin/bleeding ${{needs.bleeding.outputs.weblate_sha}} ${{needs.bleeding.outputs.weblate_date}}
	- name: Build the Docker image
	run: .github/bin/docker-build load
	- name: List Docker images
	run: docker image ls --all
	- name: Checkout the code
	uses: actions/checkout@v4
	- name: Anchore scan action
	uses: anchore/scan-action@v3
	with:
	image: weblate/weblate:test
	fail-build: false
	severity-cutoff: high
	- name: Upload Anchore Scan Report
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: results.sarif
	- uses: actions/upload-artifact@v4
	with:
	name: Anchore scan SARIF
	path: results.sarif

	trivy:
	runs-on: ubuntu-22.04
	name: Trivy Container Scan, ${{ matrix.architecture }}
	needs:
	- bleeding
	- build
	permissions:
	security-events: write
	strategy:
	matrix:
	architecture: [linux/amd64]
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	steps:
	- uses: actions/checkout@v4
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.3.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.14.0
	- name: Cache Docker layers
	uses: actions/cache@v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-bleeding-${{ github.run_id }}-${{ matrix.architecture }}
	- name: Adjust bleeding edge image
	run: .github/bin/bleeding ${{needs.bleeding.outputs.weblate_sha}} ${{needs.bleeding.outputs.weblate_date}}
	- name: Build the Docker image
	run: .github/bin/docker-build load
	- name: List Docker images
	run: docker image ls --all
	- name: Checkout the code
	uses: actions/checkout@v4
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@0.19.0
	with:
	image-ref: weblate/weblate:test
	format: template
	template: '@/contrib/sarif.tpl'
	output: trivy-results.sarif
	severity: CRITICAL,HIGH

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: trivy-results.sarif
	- uses: actions/upload-artifact@v4
	with:
	name: Trivy scan SARIF
	path: trivy-results.sarif

	push_dockerhub:
	runs-on: ubuntu-22.04
	name: Publish to Docker Hub, stable
	needs:
	- test
	- test-basic
	- test-saml
	- test-split
	- test-ssl
	- buildx
	- anchore
	- trivy
	- bleeding
	if: ${{ (startsWith(github.ref, 'refs/tags/') \|\| (github.ref == 'refs/heads/main')) && github.repository == 'WeblateOrg/docker' }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3.0.0
	with:
	platforms: all
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.3.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.14.0
	- name: Cache Docker layers
	uses: actions/cache@v4
	id: cache-arm64
	with:
	path: /tmp/.buildx-cache/linux/arm64
	key: ${{ runner.os }}-bleeding-${{ github.run_id }}-linux/arm64
	- name: Cache Docker layers
	uses: actions/cache@v4
	id: cache-amd64
	with:
	path: /tmp/.buildx-cache/linux/amd64
	key: ${{ runner.os }}-bleeding-${{ github.run_id }}-linux/amd64
	- name: DockerHub login
	run: echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" \| docker login --username "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
	- name: Adjust bleeding edge image
	run: .github/bin/bleeding ${{needs.bleeding.outputs.weblate_sha}} ${{needs.bleeding.outputs.weblate_date}}
	- name: Configure Docker build
	run: .github/bin/get-buildx-args publish-bleeding
	- name: Publish the Docker images
	run: .github/bin/docker-build publish-bleeding

	push_github:
	runs-on: ubuntu-22.04
	name: Publish to GitHub, stable
	permissions:
	packages: write
	needs:
	- test
	- test-basic
	- test-saml
	- test-split
	- test-ssl
	- buildx
	- anchore
	- trivy
	- bleeding
	if: ${{ (startsWith(github.ref, 'refs/tags/') \|\| (github.ref == 'refs/heads/main')) && github.repository == 'WeblateOrg/docker' }}
	env:
	DOCKER_IMAGE: ghcr.io/weblateorg/weblate
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3.0.0
	with:
	platforms: all
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.3.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.14.0
	- name: Cache Docker layers
	uses: actions/cache@v4
	id: cache-arm64
	with:
	path: /tmp/.buildx-cache/linux/arm64
	key: ${{ runner.os }}-bleeding-${{ github.run_id }}-linux/arm64
	- name: Cache Docker layers
	uses: actions/cache@v4
	id: cache-amd64
	with:
	path: /tmp/.buildx-cache/linux/amd64
	key: ${{ runner.os }}-bleeding-${{ github.run_id }}-linux/amd64
	- name: Login to GitHub Container Registry
	if: ${{ github.event_name != 'pull_request'}}
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Adjust bleeding edge image
	run: .github/bin/bleeding ${{needs.bleeding.outputs.weblate_sha}} ${{needs.bleeding.outputs.weblate_date}}
	- name: Configure Docker build
	run: .github/bin/get-buildx-args publish-bleeding
	- name: Publish the Docker images
	run: .github/bin/docker-build publish-bleeding

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bleeding Docker Image CI #1066

Workflow file

Bleeding Docker Image CI #1066

Jobs

Run details

Workflow file for this run