Skip to content

Commit

Permalink
Feat/test split (#1)
Browse files Browse the repository at this point in the history
* ♻️ Split actions into composable ones
  • Loading branch information
giom-l committed May 27, 2024
1 parent 48c87d2 commit f3f57d8
Show file tree
Hide file tree
Showing 7 changed files with 373 additions and 373 deletions.
93 changes: 93 additions & 0 deletions .github/workflows/docker_build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
name: "Docker build"

on:
workflow_call:
inputs:
sha:
required: true
type: string
version:
required: true
type: string

permissions:
contents: read
packages: write

jobs:
build:
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
token: ${{ github.token }}

- name: Download maven artifacts
uses: actions/download-artifact@v4
with:
name: kafbat-ui-${{ inputs.version }}
path: api/target

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3

- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ inputs.sha }}
restore-keys: |
${{ runner.os }}-buildx-
# Build multi platform images and loading them at the same time is not possible with default container runtime : https://github.com/docker/buildx/issues/59
# So let's use containerd instead as it supports this option
# Also containerd is one of the option to allow preserving provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
- name: Setup docker with containerd
uses: crazy-max/ghaction-setup-docker@v3
with:
daemon-config: |
{
"features": {
"containerd-snapshotter": true
}
}
- name: debug
run: |
ls -laRh api/target
- name: Build docker image
id: docker_build
uses: docker/build-push-action@v5
with:
builder: ${{ steps.buildx.outputs.name }}
context: api
platforms: linux/amd64,linux/arm64
provenance: mode=min
sbom: true
push: false
load: true
tags: |
kafka-ui:temp
build-args: |
JAR_FILE=api-${{ inputs.version }}.jar
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache

- name: Dump docker image
run: |
docker image save kafka-ui:temp > /tmp/image.tar
- name: Upload docker image
uses: actions/upload-artifact@v4
with:
name: image
path: /tmp/image.tar
retention-days: 1
63 changes: 63 additions & 0 deletions .github/workflows/docker_publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@

name: "Docker publish"

on:
workflow_call:
inputs:
version:
required: true
type: string
generic_tag:
required: true
type: string
jobs:

# load-image:
# runs-on: ubuntu-latest
# steps:
# - name: Download docker image
# uses: actions/download-artifact@v4
# with:
# name: image
# path: /tmp

# # setup containerd to preserve provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
# - name: Setup docker with containerd
# uses: crazy-max/ghaction-setup-docker@v3
# with:
# daemon-config: |
# {
# "features": {
# "containerd-snapshotter": true
# }
# }

# - name: Load docker image into daemon
# run: |
# docker load --input /tmp/image.tar

deploy-ghcr:
permissions:
packages: write
uses: ./.github/workflows/publish_ghcr.yml
secrets: inherit
with:
version: ${{ inputs.version }}
generic_tag: ${{ inputs.generic_tag }}

deploy-dockerhub:
uses: ./.github/workflows/publish_dockerhub.yml
secrets: inherit
with:
version: ${{ inputs.version }}
generic_tag: ${{ inputs.generic_tag }}

deploy-ecr:
uses: ./.github/workflows/publish_ecr.yml
permissions:
contents: read # To read secrets
id-token: write # This is required for requesting the JWT
secrets: inherit
with:
version: ${{ inputs.version }}
generic_tag: ${{ inputs.generic_tag }}
211 changes: 26 additions & 185 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,16 @@ permissions:
contents: read

jobs:
build:
jar-build:
runs-on: ubuntu-latest

permissions:
contents: read
packages: write

outputs:
version: ${{steps.build.outputs.version}}

steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -37,195 +41,32 @@ jobs:
export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
echo "version=${VERSION}" >> $GITHUB_OUTPUT
# docker images

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3

- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
# Build multi platform images and loading them at the same time is not possible with default container runtime : https://github.com/docker/buildx/issues/59
# So let's use containerd instead as it supports this option
# Also containerd is one of the option to allow preserving provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
- name: Setup docker with containerd
uses: crazy-max/ghaction-setup-docker@v3
with:
daemon-config: |
{
"features": {
"containerd-snapshotter": true
}
}
- name: Build docker image
id: docker_build
uses: docker/build-push-action@v5
with:
builder: ${{ steps.buildx.outputs.name }}
context: api
platforms: linux/amd64,linux/arm64
provenance: mode=min
sbom: true
push: false
load: true
tags: |
kafka-ui:temp
build-args: |
JAR_FILE=api-${{ steps.build.outputs.version }}.jar
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache

- name: Dump docker image
run: |
docker image save kafka-ui:temp > /tmp/image.tar
- name: Upload docker image
- name: Upload jar
uses: actions/upload-artifact@v4
with:
name: image
path: /tmp/image.tar
retention-days: 1
name: kafbat-ui-${{ steps.build.outputs.version }}
path: api/target/api-${{ steps.build.outputs.version }}.jar
retention-days: 7

deploy-ghcr:
runs-on: ubuntu-latest
needs: build
docker-build:
needs: jar-build
permissions:
contents: read
packages: write

steps:
- name: Download docker image
uses: actions/download-artifact@v4
with:
name: image
path: /tmp

# setup containerd to preserve provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
- name: Setup docker with containerd
uses: crazy-max/ghaction-setup-docker@v3
with:
daemon-config: |
{
"features": {
"containerd-snapshotter": true
}
}
- name: Load docker image into daemon
run: |
docker load --input /tmp/image.tar
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: "${{ github.actor }}"
password: ${{ secrets.GITHUB_TOKEN }}

- name: Push images to GHCR
run: |
docker tag kafka-ui:temp ghcr.io/kafbat/kafka-ui:main
docker tag kafka-ui:temp ghcr.io/kafbat/kafka-ui:${{ needs.build.outputs.version }}
docker push ghcr.io/kafbat/kafka-ui:main
docker push ghcr.io/kafbat/kafka-ui:${{ needs.build.outputs.version }}
deploy-dockerhub:
runs-on: ubuntu-latest
needs: build

steps:
- name: Download docker image
uses: actions/download-artifact@v4
with:
name: image
path: /tmp

# setup containerd to preserve provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
- name: Setup docker with containerd
uses: crazy-max/ghaction-setup-docker@v3
with:
daemon-config: |
{
"features": {
"containerd-snapshotter": true
}
}
- name: Load docker image into daemon
run: |
docker load --input /tmp/image.tar
- name: Login to Dockerhub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Push images to dockerhub
run: |
docker tag kafka-ui:temp docker.io/kafbat/kafka-ui:main
docker tag kafka-ui:temp docker.io/kafbat/kafka-ui:${{ needs.build.outputs.version }}
docker push docker.io/kafbat/kafka-ui:main
docker push docker.io/kafbat/kafka-ui:${{ needs.build.outputs.version }}
deploy-ecr:
runs-on: ubuntu-latest
needs: build
uses: ./.github/workflows/docker_build.yml
secrets: inherit
with:
sha: ${{ github.sha }}
version: ${{ needs.jar-build.outputs.version }}

docker-deploy:
needs: [jar-build, docker-build]
permissions:
contents: read # To read secrets
id-token: write # This is required for requesting the JWT

steps:
- name: Download docker image
uses: actions/download-artifact@v4
with:
name: image
path: /tmp

# setup containerd to preserve provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
- name: Setup docker with containerd
uses: crazy-max/ghaction-setup-docker@v3
with:
daemon-config: |
{
"features": {
"containerd-snapshotter": true
}
}
- name: Load docker image into daemon
run: |
docker load --input /tmp/image.tar
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1 # This region only for public ECR
role-to-assume: ${{ secrets.AWS_ROLE }}

- name: Login to public ECR
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public

- name: Push to ECR
env:
REGISTRY: ${{steps.login-ecr-public.outputs.registry }}
REGISTRY_ALIAS: j4u0y1h1
REPOSITORY: kafka-ui
run: |
docker tag kafka-ui:temp $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:main
docker tag kafka-ui:temp $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:${{ needs.build.outputs.version }}
docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:main
docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:${{ needs.build.outputs.version }}
packages: write
uses: ./.github/workflows/docker_publish.yml
secrets: inherit
with:
version: ${{ needs.jar-build.outputs.version }}
generic_tag: main
Loading

0 comments on commit f3f57d8

Please sign in to comment.