Adding the files and workflows to build the docker images

.github/workflows/deploy.yml

@@ -4,31 +4,110 @@ on:
   push:
     tags:
       - "*"
-    workflow_dispatch:
+  workflow_dispatch:
+
 
 jobs:
   deployment:
+    permissions:
+      packages: write
     environment: deploy
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
-    - name: Set up JDK 11
-      uses: actions/setup-java@v1
-      with:
-        java-version: 11
-        server-id: openconext-releases
-        server-username: MAVEN_USERNAME
-        server-password: MAVEN_PASSWORD
-    - name: Set up cache
-      uses: actions/cache@v1
-      with:
-        path: ~/.m2/repository
-        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-        restore-keys: |
-          ${{ runner.os }}-maven-
-    - name: Deploy with Maven
-      run: mvn --batch-mode deploy -DskipTests
-      env:
-        MAVEN_USERNAME: ${{ secrets.BUILD_USERNAME }}
-        MAVEN_PASSWORD: ${{ secrets.BUILD_PASSWORD }}
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 11
+        uses: actions/setup-java@v4
+        with:
+          java-version: 11
+          distribution: "temurin"
+          server-id: openconext-releases
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+
+      - name: Set up cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+
+      - name: Determine the version
+        run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT
+        id: versioncheck
+
+      - name: Exit when workflow_dispatch is triggered, and the version does not contain SNAPSHOT in it's name
+        run: |
+          echo "Only SNAPSHOT releases can be triggered with the workflow_dispatch"
+          exit 1
+        if: github.event_name == 'workflow_dispatch' && ( !endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT'))
+
+      - name: Exit when a production build is triggered, and the github tag is not the same as the version in pom.xml
+        run: |
+          echo "Project version ${{ steps.versioncheck.outputs.version }} does not match git tag ${{ github.ref_name }}"
+          exit 1
+        if: github.event_name != 'workflow_dispatch' && steps.versioncheck.outputs.version != github.ref_name
+
+      - name: Set up JDK 11 for snapshots
+        uses: actions/setup-java@v4
+        with:
+          java-version: "11"
+          distribution: "temurin"
+          cache: "maven"
+          server-id: openconext-snapshots
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+        if: ( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT'))
+
+      - name: Set up JDK 11 for releases
+        uses: actions/setup-java@v4
+        with:
+          java-version: "11"
+          distribution: "temurin"
+          cache: "maven"
+          server-id: openconext-releases
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+        if: ${{!( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT')) }}
+
+      - name: Deploy with Maven
+        run: mvn --batch-mode deploy -DskipTests
+        env:
+          MAVEN_USERNAME: ${{ secrets.BUILD_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.BUILD_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/openconext/openconext-voot/voot
+          flavor: |
+            latest=false
+          tags: |
+            type=ref,event=tag
+            type=raw,event=tag,value=latest
+            type=raw,event=workflow_dispatch,value=snapshot
+            type=semver,pattern={{version}},value=${{ steps.versioncheck.outputs.version }}
+            type=sha
+
+      - name: Build and push the voot server image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: docker/Dockerfile
+          platforms: linux/amd64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

docker/Dockerfile

@@ -0,0 +1,3 @@
+FROM eclipse-temurin:11-jdk-alpine
+COPY target/*.jar app.jar
+ENTRYPOINT ["java","-jar","/app.jar"]

src/main/resources/application-devconf.yml

@@ -0,0 +1,5 @@
+oidcng:
+  checkToken:
+    endpoint_url: "https://connect.dev.openconext.local/oidc/introspect"
+    clientId: "voot.dev.openconext.local"
+    secret: "secretsecret"