style(ct): add common cache download to base image #445
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Base Container Image | |
on: | |
push: | |
tags: | |
- 'v[6-9].**' | |
branches: | |
- 'develop' | |
- '10478-version-base-img' | |
paths: | |
- 'modules/container-base/**' | |
- 'modules/dataverse-parent/pom.xml' | |
- '.github/workflows/container_base_push.yml' | |
schedule: | |
- cron: '23 3 * * 0' # Run for 'develop' every Sunday at 03:23 UTC | |
env: | |
PLATFORMS: linux/amd64,linux/arm64 | |
NUM_PAST_RELEASES: 3 | |
jobs: | |
discover: | |
name: Discover Release Matrix | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: read | |
# Only run in upstream repo - avoid unnecessary runs in forks and only for scheduled | |
if: ${{ github.repository_owner == 'IQSS' }} | |
outputs: | |
branches: ${{ steps.matrix.outputs.branches }} | |
steps: | |
- name: Build branch matrix options | |
id: matrix | |
# TODO: remove the feature branch and re-enable the if/else! | |
run: | | |
# Get last three releases and include develop branch as matrix elements | |
#if [[ "${{ github.event_name }}" == "schedule" ]]; then | |
echo "branches=$(curl -f -sS https://api.github.com/repos/IQSS/dataverse/releases | \ | |
jq '[ .[0:${{ env.NUM_PAST_RELEASES }}] | .[].tag_name, "develop", "10478-version-base-img" ]')" | tr -d "\n" | tr -s " " | \ | |
tee -a "$GITHUB_OUTPUT" | |
#else | |
# # Note: github.ref_name will be the name of the branch or the tag pushed | |
# echo "branches=['${{ github.ref_name }}']" | tee -a "$GITHUB_OUTPUT" | |
#fi | |
build: | |
name: Build image | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: read | |
needs: discover | |
strategy: | |
fail-fast: false | |
matrix: | |
branch: ${{ fromJson(needs.discover.outputs.branches) }} | |
# Only run in upstream repo - avoid unnecessary runs in forks | |
if: ${{ github.repository_owner == 'IQSS' }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ matrix.branch }} | |
- name: Determine Java version from Parent POM | |
run: | | |
echo "JAVA_VERSION=$(grep '<target.java.version>' modules/dataverse-parent/pom.xml | cut -f2 -d'>' | cut -f1 -d'<')" >> ${GITHUB_ENV} | |
- name: Set up JDK ${{ env.JAVA_VERSION }} | |
id: setup-java | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ env.JAVA_VERSION }} | |
distribution: 'temurin' | |
cache: 'maven' | |
cache-dependency-path: | | |
modules/container-base/pom.xml | |
- name: Download common cache on branch cache miss | |
if: ${{ steps.setup-java.outputs.cache-hit != 'true' }} | |
uses: actions/cache/restore@v4 | |
with: | |
key: dataverse-maven-cache | |
# Note: Accessing, pushing tags etc. to DockerHub will only succeed in upstream and | |
# on events in context of upstream because secrets. PRs run in context of forks by default! | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# In case of scheduled maintenance, we don't care about buildtime: use QEMU for AMD64 + ARM64 | |
- name: Set up QEMU for multi-arch builds | |
if: ${{ github.event_name == 'schedule' }} | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: ${{ env.PLATFORMS }} | |
# In case this is a push to develop, we care about buildtime. | |
# Configure a remote ARM64 build host in addition to the local AMD64 in two steps. | |
- name: Setup SSH agent | |
if: ${{ github.event_name != 'schedule' }} | |
uses: webfactory/[email protected] | |
with: | |
ssh-private-key: ${{ secrets.BUILDER_ARM64_SSH_PRIVATE_KEY }} | |
- name: Provide the known hosts key and the builder config | |
if: ${{ github.event_name != 'schedule' }} | |
run: | | |
echo "${{ secrets.BUILDER_ARM64_SSH_HOST_KEY }}" > ~/.ssh/known_hosts | |
mkdir -p modules/container-base/target/buildx-state/buildx/instances | |
cat > modules/container-base/target/buildx-state/buildx/instances/maven << EOF | |
{ "Name": "maven", | |
"Driver": "docker-container", | |
"Dynamic": false, | |
"Nodes": [{"Name": "maven0", | |
"Endpoint": "unix:///var/run/docker.sock", | |
"Platforms": [{"os": "linux", "architecture": "amd64"}], | |
"DriverOpts": null, | |
"Flags": ["--allow-insecure-entitlement=network.host"], | |
"Files": null}, | |
{"Name": "maven1", | |
"Endpoint": "ssh://${{ secrets.BUILDER_ARM64_SSH_CONNECTION }}", | |
"Platforms": [{"os": "linux", "architecture": "arm64"}], | |
"DriverOpts": null, | |
"Flags": ["--allow-insecure-entitlement=network.host"], | |
"Files": null}]} | |
EOF | |
- name: Add additional tags as options | |
# TODO: remove the feature branch | |
run: | | |
# For the development branch, update the latest tag in addition | |
if [[ "${{ matrix.branch }}" == "develop" || "${{ matrix.branch }}" == "10478-version-base-img" ]]; then | |
echo "DOCKER_TAGS=-Ddocker.imagePropertyConfiguration=override -Ddocker.tags.develop=latest" | tee -a "${GITHUB_ENV}" | |
# In case of releases <=6.2, we still need to provide backward compatible names "alpha" and "unstable" | |
elif [[ "${{ matrix.branch }}" == "v6.2" ]]; then | |
echo "DOCKER_TAGS=-Ddocker.imagePropertyConfiguration=override -Ddocker.tags.additional=alpha" | tee -a "${GITHUB_ENV}" | |
fi | |
- name: Deploy multi-arch base container image to Docker Hub | |
id: build | |
# Do not build for v6.0 and v6.1. We can simply reuse the one from v6.2. | |
if: ${{ matrix.branch != 'v6.0' && matrix.branch != 'v6.1' }} | |
run: mvn -f modules/container-base -Pct deploy -Ddocker.noCache ${DOCKER_TAGS} -Ddocker.platforms=${{ env.PLATFORMS }} | |
- if: ${{ github.event_name == 'push' && github.ref_name == 'develop' }} | |
name: Push description to DockerHub | |
uses: peter-evans/dockerhub-description@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
repository: gdcc/base | |
short-description: "Dataverse Base Container image providing Payara application server and optimized configuration" | |
readme-filepath: ./modules/container-base/README.md | |
# - if: always() | |
# name: Save status (workaround for matrix outputs) | |
# run: | | |
# # steps.build.outcome is the status BEFORE continue-on-error | |
# echo "STATUS_$( echo "${{ matrix.branch }}" | tr ".:;,-/ " "_" )=${{ steps.build.outcome }}" | tee -a "${GITHUB_ENV}" | |
push-app-img: | |
name: "Rebase & Publish App Image" | |
permissions: | |
contents: read | |
packages: write | |
pull-requests: write | |
secrets: inherit | |
needs: | |
- discover | |
- build | |
strategy: | |
fail-fast: false | |
matrix: | |
branch: ${{ fromJson(needs.discover.outputs.branches) }} | |
uses: ./.github/workflows/container_app_push.yml | |
with: | |
branch: ${{ matrix.branch }} | |