From 3b51e5ab3b98d90c608cf119ac6f1241bdd5275a Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Tue, 12 Nov 2024 17:26:47 -0800 Subject: [PATCH 01/22] feat(container): added build-stages for skaha based on eclipse-temurin@jdk11 and cadc-tomcat:1.3 additionally locked all packages and containers to a specific version --- skaha/Dockerfile | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/skaha/Dockerfile b/skaha/Dockerfile index fa9c987f..9ff0b501 100644 --- a/skaha/Dockerfile +++ b/skaha/Dockerfile @@ -1,12 +1,23 @@ -FROM images.opencadc.org/library/cadc-tomcat:1 +FROM eclipse-temurin:11-alpine@sha256:7f5e733cd9356305ce19f333cb362e5f542c44a9a68a3ae6b141b515d59bac13 AS base -RUN dnf -y install dnf-plugins-core \ - && dnf -y config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo \ - && dnf -y install acl attr containerd.io docker-ce docker-ce-cli kubernetes-client which \ - && dnf -y clean all +FROM base AS builder +COPY . /skaha +WORKDIR /skaha +RUN ./gradlew clean spotlessCheck build --no-daemon -RUN kubectl version --client +FROM images.opencadc.org/library/cadc-tomcat@sha256:3f0b603542de3ec6b492af565b05a0f1af78b518a5e95ec9f10fc0656d0f3741 AS production -COPY build/libs/skaha.war /usr/share/tomcat/webapps/ +RUN set -eux \ + && dnf install --nodocs --assumeyes --setopt=install_weak_deps=False dnf-plugins-core-4.9.0-1.fc40 \ + && dnf -y config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo \ + && dnf -y install --nodocs --assumeyes --setopt=install_weak_deps=False \ + acl-2.3.2-1.fc40 attr-2.5.2-3.fc40 \ + containerd.io-1.7.22-3.1.fc40 \ + docker-ce-3:27.3.1-1.fc40 \ + docker-ce-cli-1:27.3.1-1.fc40 \ + kubernetes-client-1.29.9-2.fc40 \ + # Clean up dnf cache and other unneeded files to reduce image size + && dnf clean all -COPY src/scripts/* /usr/local/bin/ \ No newline at end of file +COPY --from=builder /skaha/build/libs/skaha.war /usr/share/tomcat/webapps/ +COPY --from=builder /skaha/src/scripts/* /usr/local/bin/ \ No newline at end of file From ffb9e5088f4e6ce781f08bac1a826f0e00c0f106 Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Wed, 13 Nov 2024 18:03:38 -0800 Subject: [PATCH 02/22] feat(gradle): added doc generation plugins, added gradle.properties file to manage project settings added dokka support, which uses kotlin tools to generate github markdown compatible documentation output in addition HTML --- skaha/build.gradle | 35 ++++++++++++++++++++++++++++++++++- skaha/gradle.properties | 9 +++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 skaha/gradle.properties diff --git a/skaha/build.gradle b/skaha/build.gradle index 917ab422..e7004934 100644 --- a/skaha/build.gradle +++ b/skaha/build.gradle @@ -4,6 +4,7 @@ plugins { id 'com.diffplug.spotless' version '6.25.0' id 'java' id 'jacoco' + id 'org.jetbrains.dokka' version '1.6.0' } repositories { @@ -54,6 +55,7 @@ dependencies { testImplementation 'junit:junit:[4.13,)' testImplementation 'org.json:json:20231013' testImplementation 'org.mockito:mockito-core:5.12.0' + } spotless { @@ -77,12 +79,43 @@ spotless { endWithNewline() } } +check.dependsOn spotlessCheck +// Create Java Code Coverage Reports jacocoTestReport { reports { xml.enabled true html.enabled true } } - check.dependsOn jacocoTestReport + +// Create JavaDoc +javadoc { + destinationDir = file("${buildDir}/docs/javadoc") +} + +// Create Java Documentation using Dokka for Github Markdown and HTML +tasks.dokkaGfm.configure { + outputDirectory.set(file("${buildDir}/docs/dokka/gfm")) + dokkaSourceSets { + register("main") { + sourceRoots.from(file("src/main/java")) + } + } +} +tasks.dokkaHtml.configure { + outputDirectory.set(file("${buildDir}/docs/dokka/html")) + dokkaSourceSets { + register("main") { + sourceRoots.from(file("src/main/java")) + } + configureEach { + jdkVersion.set(11) + sourceLink { + localDirectory.set(file("src/main/java")) + remoteUrl.set("https://github.com/opencadc/science-platform/tree/main/skaha/src/main/java") + } + } + } +} diff --git a/skaha/gradle.properties b/skaha/gradle.properties new file mode 100644 index 00000000..92135679 --- /dev/null +++ b/skaha/gradle.properties @@ -0,0 +1,9 @@ +# Gradle properties +org.gradle.parallel=true +org.gradle.caching=true +org.gradle.jvmargs=-Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 +org.gradle.daemon=true +org.gradle.configureondemand=true + +# Project properties +version=0.23.0 \ No newline at end of file From 97b28913cb2fe18598f9b885bf95c66986c84a8c Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Thu, 14 Nov 2024 15:37:21 -0800 Subject: [PATCH 03/22] fix(build): split release version into major,minor,patch --- .gitignore | 4 ++-- skaha/gradle.properties | 10 +++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index b66175fc..0c32b3c9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ /**/dependencies /**/.idea -/**/.gradle +/**/.gradle /**/build /**/bin .vscode @@ -10,4 +10,4 @@ *_key *.crt deployment/helm/skaha/token-tool-secret/skaha-private.pem -deployment/helm/skaha/token-tool-secret/skaha-public.pem \ No newline at end of file +deployment/helm/skaha/token-tool-secret/skaha-public.pem diff --git a/skaha/gradle.properties b/skaha/gradle.properties index 92135679..7305b6f8 100644 --- a/skaha/gradle.properties +++ b/skaha/gradle.properties @@ -6,4 +6,12 @@ org.gradle.daemon=true org.gradle.configureondemand=true # Project properties -version=0.23.0 \ No newline at end of file +# x-release-please-start-major +majorVersion = 0 +# x-release-please-end +# x-release-please-start-minor +minorVersion = 23 +# x-release-please-end +# x-release-please-start-patch +patchVersion = 1 +# x-release-please-end \ No newline at end of file From 73c217fcf36585546829f4b99be82b6906e0ca3f Mon Sep 17 00:00:00 2001 From: "Shiny." Date: Thu, 14 Nov 2024 15:41:42 -0800 Subject: [PATCH 04/22] chore: bootstrap releases for path: skaha --- .release-please-manifest.json | 3 +++ release-please-config.json | 17 +++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 .release-please-manifest.json create mode 100644 release-please-config.json diff --git a/.release-please-manifest.json b/.release-please-manifest.json new file mode 100644 index 00000000..5e367e6d --- /dev/null +++ b/.release-please-manifest.json @@ -0,0 +1,3 @@ +{ + "skaha": "0.23.1" +} \ No newline at end of file diff --git a/release-please-config.json b/release-please-config.json new file mode 100644 index 00000000..5935e7f8 --- /dev/null +++ b/release-please-config.json @@ -0,0 +1,17 @@ +{ + "packages": { + "skaha": { + "package-name": "skaha", + "changelog-path": "skaha/CHANGELOG.md", + "release-type": "simple", + "bump-minor-pre-major": false, + "bump-patch-for-minor-pre-major": false, + "draft": false, + "prerelease": false, + "extra-files": [ + "skaha/gradle.properties" + ] + } + }, + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json" +} \ No newline at end of file From 89403561254124f98c869008bf92cb92d6459d1a Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Thu, 14 Nov 2024 15:49:29 -0800 Subject: [PATCH 05/22] style(github-actions): lint --- .github/workflows/ci.linting.yml | 1 - .github/workflows/ci.testing.yml | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.linting.yml b/.github/workflows/ci.linting.yml index 4ec839bc..8f771ef4 100644 --- a/.github/workflows/ci.linting.yml +++ b/.github/workflows/ci.linting.yml @@ -27,4 +27,3 @@ jobs: run: | cd skaha ./gradlew clean spotlessCheck - diff --git a/.github/workflows/ci.testing.yml b/.github/workflows/ci.testing.yml index 0d224a16..e10e0ec7 100644 --- a/.github/workflows/ci.testing.yml +++ b/.github/workflows/ci.testing.yml @@ -34,14 +34,14 @@ jobs: if-no-files-found: error retention-days: 1 overwrite: true - + codecov: runs-on: ubuntu-latest needs: tests permissions: id-token: write steps: - - + - name: Download coverage artifacts uses: actions/download-artifact@v4.1.8 with: @@ -60,4 +60,4 @@ jobs: flags: skaha-unittests-coverage name: skaha-unittests-coverage fail_ci_if_error: true - verbose: true \ No newline at end of file + verbose: true From 704993d390641bde1744ed102c025f7fa9d4a621 Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Thu, 14 Nov 2024 16:30:25 -0800 Subject: [PATCH 06/22] feat(release): added release please trigger and build for edge builds --- .github/workflows/cd.build.yml | 65 ++++++++++++++++++++++++++++++++ .github/workflows/cd.release.yml | 33 ++++++++++++++++ 2 files changed, 98 insertions(+) create mode 100644 .github/workflows/cd.build.yml create mode 100644 .github/workflows/cd.release.yml diff --git a/.github/workflows/cd.build.yml b/.github/workflows/cd.build.yml new file mode 100644 index 00000000..ea57c6fe --- /dev/null +++ b/.github/workflows/cd.build.yml @@ -0,0 +1,65 @@ +name: "CD: Edge Build" + +on: + repository_dispatch: + types: [edge-build] + +env: + REGISTRY: ${{ secrets.CONTAINER_REGISTRY}} + IMAGE: platform/science-platform + TAG: edge + +jobs: + edge-build: + runs-on: ubuntu-latest + permissions: + attestations: write + id-token: write + steps: + - + name: Client Payload + id: client-payload + run: | + echo "Client Payload: ${{ toJson(github.event.client_payload) }}" + - + name: Checkout + uses: actions/checkout@v3 + - + name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3.7.1 + with: + install: true + - + name: Perform Container Registry Login + uses: docker/login-action@v3.3.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_TOKEN }} + - + name: Build and Push Docker Image + id: build + uses: docker/build-push-action@v6.9.0 + with: + context: skaha/ + target: production + file: skaha/Dockerfile + platforms: linux/amd64,linux/arm64 + cache-from: type=gha + cache-to: type=gha,mode=max + provenance: mode=max + sbom: true + push: true + tags: ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} + labels: | + org.opencontainers.image.title=Science Platform + org.opencontainers.image.licenses=AGPL-3.0 + org.opencontainers.image.url=https://github.com/shinybrar/science-platform + - + name: Attest Container Image + id: attest + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} + subject-digest: ${{ steps.build.outputs.digest }} + push-to-registry: true \ No newline at end of file diff --git a/.github/workflows/cd.release.yml b/.github/workflows/cd.release.yml new file mode 100644 index 00000000..dcfc4d43 --- /dev/null +++ b/.github/workflows/cd.release.yml @@ -0,0 +1,33 @@ +# Release Please Actions +name: "CD: Release Please" + +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + release-please: + runs-on: ubuntu-latest + steps: + - + name: Create release + id: release-please + uses: googleapis/release-please-action@v4.1.3 + with: + config-file: release-please-config.json + manifest-file: release-please-manifest.json + - + # This action will fail from forks, since GITHUB_TOKEN will not have write access + # for opencadc/science-platform repository. + # !TODO: Add a check to see if the PR is from a fork, and if so, skip this step on origin + name: Dispatch Edge Build + if: always() + uses: peter-evans/repository-dispatch@v3.0.0 + with: + repository: shinybrar/science-platform + event-type: edge-build + token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From f13fdd8ac0f39a2ee00471826964b9334dee2376 Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Thu, 14 Nov 2024 16:34:00 -0800 Subject: [PATCH 07/22] fix(release-please): fix for manifest file location and edge trigger build requies release please action to succeed --- .github/workflows/cd.release.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.release.yml b/.github/workflows/cd.release.yml index dcfc4d43..2c18a937 100644 --- a/.github/workflows/cd.release.yml +++ b/.github/workflows/cd.release.yml @@ -19,13 +19,14 @@ jobs: uses: googleapis/release-please-action@v4.1.3 with: config-file: release-please-config.json - manifest-file: release-please-manifest.json + manifest-file: .release-please-manifest.json - # This action will fail from forks, since GITHUB_TOKEN will not have write access # for opencadc/science-platform repository. # !TODO: Add a check to see if the PR is from a fork, and if so, skip this step on origin name: Dispatch Edge Build - if: always() + # Run this step only if the release-please completes successfully + if: steps.release-please.outcome == 'success' uses: peter-evans/repository-dispatch@v3.0.0 with: repository: shinybrar/science-platform From f554886498f4e46d629488fcd3bffff196860f76 Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Thu, 14 Nov 2024 16:39:45 -0800 Subject: [PATCH 08/22] fix(build): restricted ci to only build for x86 platforms for now since cadc-tomcat does not have arm builds --- .github/workflows/cd.build.yml | 2 +- skaha/Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cd.build.yml b/.github/workflows/cd.build.yml index ea57c6fe..e6cf55da 100644 --- a/.github/workflows/cd.build.yml +++ b/.github/workflows/cd.build.yml @@ -44,7 +44,7 @@ jobs: context: skaha/ target: production file: skaha/Dockerfile - platforms: linux/amd64,linux/arm64 + platforms: linux/amd64 cache-from: type=gha cache-to: type=gha,mode=max provenance: mode=max diff --git a/skaha/Dockerfile b/skaha/Dockerfile index 9ff0b501..540474fa 100644 --- a/skaha/Dockerfile +++ b/skaha/Dockerfile @@ -1,11 +1,11 @@ -FROM eclipse-temurin:11-alpine@sha256:7f5e733cd9356305ce19f333cb362e5f542c44a9a68a3ae6b141b515d59bac13 AS base +FROM eclipse-temurin:11-alpine AS base FROM base AS builder COPY . /skaha WORKDIR /skaha RUN ./gradlew clean spotlessCheck build --no-daemon -FROM images.opencadc.org/library/cadc-tomcat@sha256:3f0b603542de3ec6b492af565b05a0f1af78b518a5e95ec9f10fc0656d0f3741 AS production +FROM images.opencadc.org/library/cadc-tomcat:1.3 AS production RUN set -eux \ && dnf install --nodocs --assumeyes --setopt=install_weak_deps=False dnf-plugins-core-4.9.0-1.fc40 \ From 127f7b0110668f762063ce52cce92606f81df20e Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Thu, 14 Nov 2024 16:52:55 -0800 Subject: [PATCH 09/22] fix(build): updated to fix attestations to harbor --- .github/workflows/cd.build.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cd.build.yml b/.github/workflows/cd.build.yml index e6cf55da..758462c3 100644 --- a/.github/workflows/cd.build.yml +++ b/.github/workflows/cd.build.yml @@ -56,10 +56,13 @@ jobs: org.opencontainers.image.licenses=AGPL-3.0 org.opencontainers.image.url=https://github.com/shinybrar/science-platform - + # See https://github.com/marketplace/actions/attest-build-provenance#container-image + # for more information on the attest-build-provenance action name: Attest Container Image id: attest - uses: actions/attest-build-provenance@v1 + uses: actions/attest-build-provenance@v1.4.4 with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE }} subject-digest: ${{ steps.build.outputs.digest }} - push-to-registry: true \ No newline at end of file + push-to-registry: true + show-summary: true \ No newline at end of file From b5afe92211b20d5d7c958ed1472a0966b7982a07 Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Fri, 15 Nov 2024 15:02:20 -0800 Subject: [PATCH 10/22] fix(github-actions): fix for release please action config to properly edit gradle.properties file --- release-please-config.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/release-please-config.json b/release-please-config.json index 5935e7f8..cb74fbf4 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -9,7 +9,10 @@ "draft": false, "prerelease": false, "extra-files": [ - "skaha/gradle.properties" + { + "type": "generic", + "path": "skaha/gradle.properties", + } ] } }, From e2c65df9031761235573a1a9d4a960e3961c562d Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Fri, 15 Nov 2024 15:05:09 -0800 Subject: [PATCH 11/22] style(config): lint for release-please config --- release-please-config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release-please-config.json b/release-please-config.json index cb74fbf4..8b1dc437 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -11,7 +11,7 @@ "extra-files": [ { "type": "generic", - "path": "skaha/gradle.properties", + "path": "skaha/gradle.properties" } ] } From 2128c32a53c35140419d86122bb187fe5335e634 Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Fri, 15 Nov 2024 15:12:08 -0800 Subject: [PATCH 12/22] fix(gha): release please fix for monorepo packages --- release-please-config.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/release-please-config.json b/release-please-config.json index 8b1dc437..8b989a92 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -1,6 +1,7 @@ { "packages": { "skaha": { + "path": "skaha", "package-name": "skaha", "changelog-path": "skaha/CHANGELOG.md", "release-type": "simple", @@ -11,7 +12,7 @@ "extra-files": [ { "type": "generic", - "path": "skaha/gradle.properties" + "path": "gradle.properties" } ] } From 63007f80369c125cedd9fe71db31b264a23223bc Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Fri, 15 Nov 2024 15:27:11 -0800 Subject: [PATCH 13/22] test(release-please): added a test for checking release please version updates for generic files --- release-please-config.json | 6 +++++- skaha/version.yaml | 4 ++++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 skaha/version.yaml diff --git a/release-please-config.json b/release-please-config.json index 8b989a92..2429cf30 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -12,7 +12,11 @@ "extra-files": [ { "type": "generic", - "path": "gradle.properties" + "path": "skaha/gradle.properties" + }, + { + "tyoe": "yaml", + "path": "skaha/version.yaml" } ] } diff --git a/skaha/version.yaml b/skaha/version.yaml new file mode 100644 index 00000000..db4aa168 --- /dev/null +++ b/skaha/version.yaml @@ -0,0 +1,4 @@ +version: "0.23.0" # x-release-please-version +major: "0" # x-release-please-major +minor: "23" # x-release-please-minor +patch: "0" # x-release-please-patch From 06388c2f6af909e4ab607e11ce5025b94a6defc8 Mon Sep 17 00:00:00 2001 From: "Shiny." Date: Sat, 16 Nov 2024 00:03:14 -0800 Subject: [PATCH 14/22] fix(gha): typo --- release-please-config.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/release-please-config.json b/release-please-config.json index 2429cf30..89a2ab35 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -15,11 +15,11 @@ "path": "skaha/gradle.properties" }, { - "tyoe": "yaml", + "type": "yaml", "path": "skaha/version.yaml" } ] } }, "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json" -} \ No newline at end of file +} From 0a542ea5950814753a09fd8ac46391f6f041746f Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Sun, 17 Nov 2024 14:47:00 -0800 Subject: [PATCH 15/22] fix(release-please): fix for generic release on a yaml file --- release-please-config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release-please-config.json b/release-please-config.json index 89a2ab35..4b1bdc62 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -15,7 +15,7 @@ "path": "skaha/gradle.properties" }, { - "type": "yaml", + "type": "generic", "path": "skaha/version.yaml" } ] From 39b38f48bf4eab3934857c35206d2650bf78fb41 Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Sun, 17 Nov 2024 14:53:09 -0800 Subject: [PATCH 16/22] fix(github-actions): fix for relative path for version files --- release-please-config.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/release-please-config.json b/release-please-config.json index 4b1bdc62..387afc5e 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -12,11 +12,11 @@ "extra-files": [ { "type": "generic", - "path": "skaha/gradle.properties" + "path": "gradle.properties" }, { "type": "generic", - "path": "skaha/version.yaml" + "path": "version.yaml" } ] } From b26b54449f454ae3e5eb6bf065cc11853f6d4e1c Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Sun, 17 Nov 2024 21:02:56 -0800 Subject: [PATCH 17/22] fix(release-please): added better permissions for the workflow action, fixed path for changelog --- .github/workflows/cd.release.yml | 3 +++ release-please-config.json | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cd.release.yml b/.github/workflows/cd.release.yml index 2c18a937..feff17e8 100644 --- a/.github/workflows/cd.release.yml +++ b/.github/workflows/cd.release.yml @@ -12,6 +12,9 @@ on: jobs: release-please: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write steps: - name: Create release diff --git a/release-please-config.json b/release-please-config.json index 387afc5e..500b495f 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -3,7 +3,7 @@ "skaha": { "path": "skaha", "package-name": "skaha", - "changelog-path": "skaha/CHANGELOG.md", + "changelog-path": "CHANGELOG.md", "release-type": "simple", "bump-minor-pre-major": false, "bump-patch-for-minor-pre-major": false, From 2c39cc1ab2ba3b3c83b592920e5e36e1b343461e Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Mon, 18 Nov 2024 11:07:29 -0800 Subject: [PATCH 18/22] feat(cosign): added cosign verification for container image --- .github/workflows/cd.build.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.build.yml b/.github/workflows/cd.build.yml index 758462c3..53c13288 100644 --- a/.github/workflows/cd.build.yml +++ b/.github/workflows/cd.build.yml @@ -64,5 +64,15 @@ jobs: with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE }} subject-digest: ${{ steps.build.outputs.digest }} - push-to-registry: true - show-summary: true \ No newline at end of file + # push-to-registry: true + show-summary: true + - + name: Install Cosign + id: install-cosign + uses: sigstore/cosign-installer@v3.7.0 + - + name: CoSign Container Image + id: cosign + run: | + cosign version + cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} --upload \ No newline at end of file From 07b50417a4e5df046ba87b1a7c0269cde9e8e21b Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Mon, 18 Nov 2024 11:14:25 -0800 Subject: [PATCH 19/22] fix(cosign): updated to use v2.4.1 --- .github/workflows/cd.build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cd.build.yml b/.github/workflows/cd.build.yml index 53c13288..77c006ac 100644 --- a/.github/workflows/cd.build.yml +++ b/.github/workflows/cd.build.yml @@ -70,8 +70,10 @@ jobs: name: Install Cosign id: install-cosign uses: sigstore/cosign-installer@v3.7.0 + with: + cosign-release: 'v2.4.1' - - name: CoSign Container Image + name: Cosign Container Image id: cosign run: | cosign version From 1a05a4764de340661cd5d6481d9f25e05f7ab23f Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Mon, 18 Nov 2024 12:42:05 -0800 Subject: [PATCH 20/22] feat(ci-cd): added prod builds for platform/skaha --- .../{cd.build.yml => cd.edge.build.yml} | 13 +-- .github/workflows/cd.release.build.yml | 89 +++++++++++++++++++ .github/workflows/cd.release.yml | 29 ++++-- 3 files changed, 120 insertions(+), 11 deletions(-) rename .github/workflows/{cd.build.yml => cd.edge.build.yml} (85%) create mode 100644 .github/workflows/cd.release.build.yml diff --git a/.github/workflows/cd.build.yml b/.github/workflows/cd.edge.build.yml similarity index 85% rename from .github/workflows/cd.build.yml rename to .github/workflows/cd.edge.build.yml index 77c006ac..f2d64246 100644 --- a/.github/workflows/cd.build.yml +++ b/.github/workflows/cd.edge.build.yml @@ -5,12 +5,13 @@ on: types: [edge-build] env: - REGISTRY: ${{ secrets.CONTAINER_REGISTRY}} - IMAGE: platform/science-platform + REGISTRY: images.opencadc.org + IMAGE: platform/skaha TAG: edge jobs: edge-build: + if: github.repository == 'opencadc/science-platform' runs-on: ubuntu-latest permissions: attestations: write @@ -33,9 +34,9 @@ jobs: name: Perform Container Registry Login uses: docker/login-action@v3.3.0 with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_TOKEN }} + registry: images.opencadc.org + username: ${{ secrets.SKAHA_REGISTRY_USERNAME }} + password: ${{ secrets.SKAHA_REGISTRY_TOKEN }} - name: Build and Push Docker Image id: build @@ -54,7 +55,7 @@ jobs: labels: | org.opencontainers.image.title=Science Platform org.opencontainers.image.licenses=AGPL-3.0 - org.opencontainers.image.url=https://github.com/shinybrar/science-platform + org.opencontainers.image.url=https://github.com/opencadc/science-platform - # See https://github.com/marketplace/actions/attest-build-provenance#container-image # for more information on the attest-build-provenance action diff --git a/.github/workflows/cd.release.build.yml b/.github/workflows/cd.release.build.yml new file mode 100644 index 00000000..9c4e9105 --- /dev/null +++ b/.github/workflows/cd.release.build.yml @@ -0,0 +1,89 @@ +name: "CD: Release Build" + +on: + repository_dispatch: + types: [release-build] + +env: + REGISTRY: images.opencadc.org + IMAGE: platform/skaha + TAG: latest + TAG_RELEASE: ${{ github.event.client_payload.tag_name }} + +jobs: + release-build: + if: github.repository == 'opencadc/science-platform' + runs-on: ubuntu-latest + permissions: + attestations: write + id-token: write + steps: + - + name: Client Payload + id: client-payload + run: | + echo "Client Payload: ${{ toJson(github.event.client_payload) }}" + - + name: Checkout + uses: actions/checkout@v3 + - + name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3.7.1 + with: + install: true + - + name: Perform Container Registry Login + uses: docker/login-action@v3.3.0 + with: + registry: images.opencadc.org + username: ${{ secrets.SKAHA_REGISTRY_USERNAME }} + password: ${{ secrets.SKAHA_REGISTRY_TOKEN }} + - + name: Build and Push Docker Image + id: build + uses: docker/build-push-action@v6.9.0 + with: + context: skaha/ + target: production + file: skaha/Dockerfile + platforms: linux/amd64 + cache-from: type=gha + cache-to: type=gha,mode=max + provenance: mode=max + sbom: true + push: true + tags: | + ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} + ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG_RELEASE }} + labels: | + org.opencontainers.image.title=skaha + org.opencontainers.image.version=${{ env.TAG_RELEASE }} + org.opencontainers.image.description="Science Platform Backend" + org.opencontainers.image.licenses=AGPL-3.0 + org.opencontainers.image.url=https://github.com/opencadc/science-platform + - + # See https://github.com/marketplace/actions/attest-build-provenance#container-image + # for more information on the attest-build-provenance action + name: Attest Container Image + id: attest + uses: actions/attest-build-provenance@v1.4.4 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE }} + subject-digest: ${{ steps.build.outputs.digest }} + # Currently not pushing attestations to Harbor Registry + # push-to-registry: true + show-summary: true + - + name: Install Cosign + id: install-cosign + uses: sigstore/cosign-installer@v3.7.0 + with: + cosign-release: 'v2.4.1' + - + name: Cosign Container Image + id: cosign + run: | + cosign version + cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} --upload + cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG_RELEASE }} --upload + cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ steps.build.outputs.digest }} --upload \ No newline at end of file diff --git a/.github/workflows/cd.release.yml b/.github/workflows/cd.release.yml index feff17e8..3d0fc3be 100644 --- a/.github/workflows/cd.release.yml +++ b/.github/workflows/cd.release.yml @@ -15,6 +15,7 @@ jobs: permissions: contents: write pull-requests: write + if: github.repository == 'opencadc/science-platform' steps: - name: Create release @@ -24,14 +25,32 @@ jobs: config-file: release-please-config.json manifest-file: .release-please-manifest.json - - # This action will fail from forks, since GITHUB_TOKEN will not have write access - # for opencadc/science-platform repository. - # !TODO: Add a check to see if the PR is from a fork, and if so, skip this step on origin name: Dispatch Edge Build # Run this step only if the release-please completes successfully if: steps.release-please.outcome == 'success' uses: peter-evans/repository-dispatch@v3.0.0 with: - repository: shinybrar/science-platform + repository: opencadc/science-platform event-type: edge-build - token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + token: ${{ secrets.GITHUB_TOKEN }} + client-payload: |- + { + "releases_created": "${{ steps.release-please.outputs.releases_created }}", + "tag_name": "${{ steps.release-please.outputs.tag_name }}", + "sha": "${{ steps.release-please.outputs.sha }}" + } + - + name: Dispatch Release Build + # Run this step only if the release-please completes successfully + if: ${{ steps.release-please.outputs.release_created }} + uses: peter-evans/repository-dispatch@v3.0.0 + with: + repository: opencadc/science-platform + event-type: release-build + token: ${{ secrets.GITHUB_TOKEN }} + client-payload: |- + { + "releases_created": "${{ steps.release-please.outputs.releases_created }}", + "tag_name": "${{ steps.release-please.outputs.tag_name }}", + "sha": "${{ steps.release-please.outputs.sha }}" + } \ No newline at end of file From 0e32c8b52ddbc3cd52d63789e23f07d3d32465d5 Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Mon, 18 Nov 2024 12:44:30 -0800 Subject: [PATCH 21/22] style(lint): fixed basic syle errors --- .github/workflows/cd.edge.build.yml | 4 ++-- .github/workflows/cd.release.build.yml | 4 ++-- .github/workflows/cd.release.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cd.edge.build.yml b/.github/workflows/cd.edge.build.yml index f2d64246..3f99b30c 100644 --- a/.github/workflows/cd.edge.build.yml +++ b/.github/workflows/cd.edge.build.yml @@ -22,7 +22,7 @@ jobs: id: client-payload run: | echo "Client Payload: ${{ toJson(github.event.client_payload) }}" - - + - name: Checkout uses: actions/checkout@v3 - @@ -78,4 +78,4 @@ jobs: id: cosign run: | cosign version - cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} --upload \ No newline at end of file + cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} --upload diff --git a/.github/workflows/cd.release.build.yml b/.github/workflows/cd.release.build.yml index 9c4e9105..f626157a 100644 --- a/.github/workflows/cd.release.build.yml +++ b/.github/workflows/cd.release.build.yml @@ -23,7 +23,7 @@ jobs: id: client-payload run: | echo "Client Payload: ${{ toJson(github.event.client_payload) }}" - - + - name: Checkout uses: actions/checkout@v3 - @@ -86,4 +86,4 @@ jobs: cosign version cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} --upload cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG_RELEASE }} --upload - cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ steps.build.outputs.digest }} --upload \ No newline at end of file + cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ steps.build.outputs.digest }} --upload diff --git a/.github/workflows/cd.release.yml b/.github/workflows/cd.release.yml index 3d0fc3be..b4505cf6 100644 --- a/.github/workflows/cd.release.yml +++ b/.github/workflows/cd.release.yml @@ -53,4 +53,4 @@ jobs: "releases_created": "${{ steps.release-please.outputs.releases_created }}", "tag_name": "${{ steps.release-please.outputs.tag_name }}", "sha": "${{ steps.release-please.outputs.sha }}" - } \ No newline at end of file + } From a2db9054c8e6cef4b04d169e5bf0a050769c25fa Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Tue, 19 Nov 2024 13:26:52 -0800 Subject: [PATCH 22/22] fix(release-please): removed test file version.yaml used for release-please testing --- skaha/version.yaml | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 skaha/version.yaml diff --git a/skaha/version.yaml b/skaha/version.yaml deleted file mode 100644 index db4aa168..00000000 --- a/skaha/version.yaml +++ /dev/null @@ -1,4 +0,0 @@ -version: "0.23.0" # x-release-please-version -major: "0" # x-release-please-major -minor: "23" # x-release-please-minor -patch: "0" # x-release-please-patch