apollographql · jonathanrainer · Aug 29, 2024 · Aug 20, 2024 · Aug 20, 2024 · Aug 20, 2024
@@ -0,0 +1,128 @@
+name: Build & Publish Docker Images
+
+on:
+  push:
+    branches: [ 'main' ]
+  pull_request:
+env:
+  REGISTRY: ghcr.io
+  NAMESPACED_REGISTRY: ghcr.io/apollographql/ci-utility-docker-images
+
+jobs:
+  calculate-images-to-build:
+    name: Calculate Images To Build
+    runs-on: ubuntu-latest
+    outputs:
+      changed_dirs: ${{ steps.filter_config_directories.outputs.changed_dirs }}
+    steps:
+      - name: "Checkout repository"
+        uses: actions/checkout@v4
+      - name: "Calculate changed files directories"
+        id: calculate_changed_files
+        uses: tj-actions/changed-files@v44
+        with:
+          dir_names: true
+          dir_names_exclude_current_dir: true
+          json: true
+      - name: "Filter out config directories"
+        id: filter_config_directories
+        run: |
+          CHANGED_DIRS=$(echo "${{ steps.calculate_changed_files.outputs.all_changed_files }}" | jq -c '[.[] | select(. |  contains(".") | not)'])
+          echo "changed_dirs=$CHANGED_DIRS" >> "$GITHUB_OUTPUT"
+  build-and-push-images:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+    needs:
+      - calculate-images-to-build
+    strategy:
+      matrix:
+        changed_dir: ${{ fromJSON(needs.calculate-images-to-build.outputs.changed_dirs ) }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Log in to the Container Registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Extract Details From config.yml
+        id: extract_from_config_yaml
+        run: |
+          echo "desired_version=$(cat ${{ github.workspace }}/${{ matrix.changed_dir }}/config.yml | yq '.version')" >> "$GITHUB_OUTPUT"
+          echo "platforms=$(cat ${{ github.workspace }}/${{ matrix.changed_dir }}/config.yml | yq '.platforms | join(",")')" >> "$GITHUB_OUTPUT"
+          echo "description=$(cat ${{ github.workspace }}/${{ matrix.changed_dir }}/config.yml | yq '.description')" >> "$GITHUB_OUTPUT"
+      - name: Check Image to Build Does Not Already Exist
+        run: |
+          if docker manifest inspect ${{ env.NAMESPACED_REGISTRY }}/${{ matrix.changed_dir }}:${{ steps.extract_from_config_yaml.outputs.desired_version }} > /dev/null; then
+            echo "The tag "${{ env.NAMESPACED_REGISTRY }}/${{ matrix.changed_dir }}:${{ steps.extract_from_config_yaml.outputs.desired_version }}" already exists in the repository. Do you need to bump the version in the config.yml?"
+            exit 1
+          fi
+      - name: Calculate Version
+        id: calculate_version
+        run: |
+          VERSION=${{ github.event_name == 'pull_request' && format('{0}-PR{1}.{2}', steps.extract_from_config_yaml.outputs.desired_version, github.event.number, github.event.pull_request.head.sha) || steps.extract_from_config_yaml.outputs.desired_version}}
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Get Docker Metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        env:
+          DOCKER_METADATA_PR_HEAD_SHA: true
+        with:
+          images: ${{ env.NAMESPACED_REGISTRY }}/${{ matrix.changed_dir }}
+          tags: |
+            type=semver,pattern={{version}},value=v${{ steps.calculate_version.outputs.version }}
+            type=sha,prefix=
+          labels: |
+            org.opencontainers.image.title=${{ matrix.changed_dir }}
+            org.opencontainers.image.description=${{ steps.extract_from_config_yaml.outputs.description }}
+            org.opencontainers.image.vendor=Apollo GraphQL
+            org.opencontainers.image.licenses=MIT
+          annotations: |
+            org.opencontainers.image.title=${{ matrix.changed_dir }}
+            org.opencontainers.image.description=${{ steps.extract_from_config_yaml.outputs.description }}
+            org.opencontainers.image.vendor=Apollo GraphQL
+            org.opencontainers.image.licenses=MIT
+      - name: Build and Push Docker image
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ github.workspace }}/${{ matrix.changed_dir }}
+          file: ${{ github.workspace }}/${{ matrix.changed_dir }}/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ steps.extract_from_config_yaml.outputs.platforms }}
+      - name: Create Git Tag
+        uses: mathieudutour/[email protected]
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          default_bump: false
+          default_prerelease_bump: false
+          custom_tag: ${{ matrix.changed_dir }}/v${{ steps.calculate_version.outputs.version }}
+          dry_run: ${{ github.event_name == 'pull_request' }}
+          tag_prefix: ""
+      - name: Create GitHub Release
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: comnoco/[email protected]
+        with:
+          tag_name: ${{ matrix.changed_dir }}/v${{ steps.calculate_version.outputs.version }}
+          release_name: ${{ matrix.changed_dir }} - v${{ steps.calculate_version.outputs.version }}
+  check-builds-all-completes:
+    name: Docker Images Built & Pushed
+    if: ${{ always() }}
+    runs-on: ubuntu-latest
+    needs:
+      - build-and-push-images
+    steps:
+      - run: |
+          exit ${{ (contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped')) && 1 || 0 }}
+
+
@@ -1,5 +1,4 @@
-node_modules
-package-lock.json
 .DS_Store
 .dist
 *.swp
+.idea/**
@@ -1,4 +1 @@
-# This file was automatically generated by the Apollo SecOps team
-# Please customize this file as needed prior to merging.
-
-* @abernix
+* @apollographql/betelgeuse
@@ -1,32 +1,9 @@
-# Spec Template
+# CI Utility Docker Images
 
-## Getting Started
+This repo allows building of images that are used in other apollographl repos for **CI only**
 
-1. Click the "Use this template" button on this repository to create a copy of it and name the new repository `specs-{{spec_name}}`, per convention.
-1. Search for usages of `%%SPEC-.*?%%` tokens within this repository and replace them with appropriate names (e.g., `%%SPEC-NAME%%`, `%%SPEC-TITLE%%` and `%%SPEC-VERSION%%`).
-1. Setup the new repository with Netlify (estimated about 5 minutes)
-    1. Go to [Netlify App](https://app.netlify.com/teams/apollo/sites)
-    1. Click “New Site From Git” button
-    1. Choose GitHub
-    1. Authorize
-    1. Choose `apollographql` org
-    1. Search for `specs-{{spec_name}}`
-      1. It probably won’t come up
-    1. Choose “Configure Netlify on GitHub”
-    1. On the “Install Netlify” screen choose `apollographql`
-    1. Scroll to the bottom of the App page to where you see the option for “Only select repositories” inside “Repository access”
-    1. Click “Select repositories”
-    1. Type `specs-{{spec_name}}` again, then click the matching name.
-    1. Click on “Save”
-    1. Then, back on Netlify, click on “specs-tag” in the “Continuous Deployment: GitHub App” box.
-    1. Leave all the defaults as they are and press “Deploy site”
-    1. Click on “Site Settings”
-    1. Press “Change Site Name”
-    1. Type `apollo-specs-{{spec_name}}` as the name and press “Save”
-    1. The site should now work at `https://apollo-specs-{{spec_name}}.netlify.app/`
-    1. Click on “Build and Deploy” on the left menu
-    1. Under “Branches” press “Edit Settings”
-    1. Change the “Branch deploys” option to “All” and press “Save”
-1. Setup proxying redirects to the new sub-spec site [on the `specs` repo](https://github.com/apollographql/specs/blob/main/_redirects).  This will make it available at `https://specs.apollo.dev/{{spec_name}}`.
-1. Run `npm run dev` to watch and rebuild.  Just use a browser to view `.dist/index.html` to see the rendered page.
-1. Write the actual specifications.  _Use other specifications (like [the `core` specification](https://github.com/apollographql/specs-core)) as your guide._
+## Adding a new image
+
+To add a new image, the easiest method is to copy an existing folder at the top level of the repo.
+Then you can change its name and update the Dockerfile to allow it to build your new image. The automated
+CI checks should take care of everything else.
@@ -0,0 +1,39 @@
+# The SHA below is rockylinux:8.9.20231119, fixing to a specific SHA
+# rather than a mutable tag, stops rebuilds completely changing the
+# contents of the container without us realising.
+FROM rockylinux@sha256:9794037624aaa6212aeada1d28861ef5e0a935adaf93e4ef79837119f2a2d04c
+
+ARG RUST_VERSION=1.80.1
+ARG NODE_VERSION=20.15.1
+
+# Add .cargo/bin to PATH
+ENV VOLTA_HOME=/root/.volta
+ENV PATH="$VOLTA_HOME/bin:/root/.cargo/bin:${PATH}"
+
+# First update all the installed packages
+RUN yum -y update
+
+# Add the Development Tools
+RUN yum groupinstall -y "Development Tools"
+
+# Add some extra utilities for building in Rust
+RUN yum install -y perl-core openssl-devel cmake
+
+# Install RustUp and add specific target
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain=$RUST_VERSION
+
+RUN case $TARGETPLATFORM in \
+        linux/amd64) \
+            rustup add target x86_64-unknown-linux-gnu \
+            ;; \
+        linux/arm64) \
+            rustup add target aarch64-unknown-linux-gnu \
+            ;; \
+        *) \
+            echo "TARGETPLATFORM $TARGETPLATFORM not recognised, not installing a target" \
+            ;; \
+    esac
+
+# Install Volta (and Node)
+RUN curl https://get.volta.sh | bash
+RUN volta install node@$NODE_VERSION
@@ -0,0 +1,11 @@
+# Binary Builder (`glibc`)
+
+The image contained herein is an image that should be used
+to _build_ Rust binaries at Apollo.
+
+It contains RockyLinux (https://rockylinux.org/) at version
+8.9, which specifically contains `glibc` 2.28.
+
+Using images like this ensures compatability with the broadest
+range of Linux distributions that are currently under an LTS policy,
+and ensures compliance with our new standards for Rust binary building.
@@ -0,0 +1,5 @@
+version: 0.1.0
+description: Builder image for Rust binaries that must be built with glibc 2.28
+platforms:
+  - linux/arm64
+  - linux/amd64
@@ -0,0 +1,23 @@
+# The SHA below is rust:1.80.1-alpine3.19, fixing to a specific SHA
+# rather than a mutable tag, stops rebuilds completely changing the
+# contents of the container without us realising.
+FROM rust@sha256:b3ac1f65cf33390407c9b90558eb41e7a8311c47d836fca5800960f1aa2d11d5
+
+# Update packages and package manager to keep us current
+RUN apk update && apk upgrade
+
+# Add tools to enable `musl` compilation and other utilities when building in Rust
+RUN apk add musl-dev curl cmake openssl gcc nodejs
+
+# Add the specific `musl` target to make sure we don't build for `glibc` by accident
+RUN case $TARGETPLATFORM in \
+        linux/amd64) \
+            rustup add target x86_64-unknown-linux-musl \
+            ;; \
+        linux/arm64) \
+            rustup add target aarch64-unknown-linux-musl \
+            ;; \
+        *) \
+            echo "TARGETPLATFORM $TARGETPLATFORM not recognised, not installing a target" \
+            ;; \
+    esac
@@ -0,0 +1,8 @@
+# Binary Builder (`musl`)
+
+The image contained herein is an image that should be used
+to _build_ Rust binaries at Apollo.
+
+It contains Alpine 3.19, and Rust at version 1.80.1 and is based on the published rust images.
+
+Using images like this ensures compliance with our new standards for Rust binary building.
@@ -0,0 +1,5 @@
+version: 0.1.0
+description: Builder image for Rust binaries that must be built with musl
+platforms:
+  - linux/arm64
+  - linux/amd64