Bump docker/build-push-action from 4 to 5 in /.github/actions/docker-build-push-action #90
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yamllint disable rule:line-length | |
--- | |
name: CI/CD workflow. | |
# Run the workflow on when code or a semver tag is pushed to main branch, | |
# and on pull requests towards main branch | |
on: | |
push: | |
branches: | |
- 'main' | |
tags: | |
# semver, e.g. 1.2.0 (does not match 0.1.2) | |
- '[1-9]+.[0-9]+.[0-9]+' | |
# semver with prerelease info, e.g. 1.0.2-beta.1 or 1.2.3-rc.10 | |
- '[1-9]+.[0-9]+.[0-9]+-[a-z]+.[0-9]+' | |
# do not match prerelease starting w/ 0, e.g. 1.0.2-beta.0 or 1.2.3-rc.01 | |
- '![1-9]+.[0-9]+.[0-9]+-[a-z]+.[0]*' | |
# semver with date info, e.g. 1.0.2-20221125 | |
- '[1-9]+.[0-9]+.[0-9]+-[0-9]+' | |
# do not match date starting w/ 0, e.g. 1.0.2-01232023 | |
- '![1-9]+.[0-9]+.[0-9]+-[0]*' | |
pull_request: | |
branches: | |
- 'main' | |
jobs: | |
# Build and run the test suite | |
build_and_test: | |
name: Build and run test image | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: [armv7hf, aarch64] | |
# Environment variables that are used by the pytest script | |
env: | |
AXIS_TARGET_ADDR_ARMV7HF: "${{ secrets.DEVICE_SRVR_IP }}/camera1" | |
AXIS_TARGET_ADDR_AARCH64: "${{ secrets.DEVICE_SRVR_IP }}/camera2" | |
AXIS_TARGET_USER: ${{ secrets.DEVICE_USER }} | |
AXIS_TARGET_PASS: ${{ secrets.DEVICE_SRVR_PASS }} | |
AXIS_EXTERNAL_POOL: true | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Create test image metadata | |
id: meta_test | |
uses: ./.github/actions/metadata-action | |
with: | |
suffix: -${{ matrix.arch }}-test | |
repository: ${{ vars.REPOSITORY_DOCKER_HUB }} | |
latest: "false" | |
get_version: "true" | |
- name: Update manifest file | |
if: ( github.ref_type == 'tag') | |
uses: ./.github/actions/update-acap-manifest-action | |
with: | |
manifest_file: ./manifest-test.json | |
value: ${{ steps.meta_test.outputs.version }} | |
- name: Build test image | |
uses: ./.github/actions/docker-build-push-action | |
with: | |
dockerfile: Dockerfile.${{ matrix.arch }} | |
tags: ${{ steps.meta_test.outputs.tags }} | |
labels: ${{ steps.meta_test.outputs.labels }} | |
push: true | |
build-args: TEST=true | |
target: runtime-base | |
registry_user: ${{ secrets.ECOSYSTEM_SERVICE_USER_DOCKER_HUB }} | |
registry_token: ${{ secrets.ECOSYSTEM_ACCESS_TOKEN_DOCKER_HUB }} | |
- name: Pull test image | |
shell: bash | |
run: | | |
docker pull ${{ steps.meta_test.outputs.full_name }} | |
- name: Set environment variables for test | |
shell: bash | |
run: | | |
echo "AXIS_TARGET_ARCH=${{ matrix.arch }}" >> $GITHUB_ENV | |
if [ ${{ matrix.arch }} = armv7hf ] | |
then | |
echo "AXIS_TARGET_ADDR=${{ env.AXIS_TARGET_ADDR_ARMV7HF }}" >> $GITHUB_ENV | |
elif [ ${{ matrix.arch }} = aarch64 ] | |
then | |
echo "AXIS_TARGET_ADDR=${{ env.AXIS_TARGET_ADDR_AARCH64 }}" >> $GITHUB_ENV | |
else | |
echo "::error::Non valid architecture '${{ matrix.arch }}' encountered" | |
fi | |
echo "ACAP_DOCKER_IMAGE_NAME=${{ steps.meta_test.outputs.full_name }}" >> $GITHUB_ENV | |
- name: Run the test image | |
uses: ./.github/actions/pytest-action | |
with: | |
testfile: ./.github/test/test_acapruntimetest.py | |
requirements_file: ./.github/test/requirements.txt | |
logfile: test_log_${{ matrix.arch }}.txt | |
# Build base image and extract eap file then use ACAP portal to sign it | |
# This job is skipped if not on main branch or if build_and_test job has failed | |
build_and_sign_acap: | |
name: Build and sign acap | |
runs-on: ubuntu-latest | |
needs: build_and_test | |
if: (github.event_name != 'pull_request') | |
strategy: | |
matrix: | |
arch: [armv7hf, aarch64] | |
outputs: | |
EAP_FILE_ARMV7HF: ${{ steps.save_full_file_name.outputs.EAP_FILE_ARMV7HF }} | |
EAP_FILE_AARCH64: ${{ steps.save_full_file_name.outputs.EAP_FILE_AARCH64 }} | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Create base image metadata | |
id: meta | |
uses: ./.github/actions/metadata-action | |
with: | |
suffix: -${{ matrix.arch }} | |
repository: ${{ vars.REPOSITORY_DOCKER_HUB }} | |
get_version: "true" | |
- name: Update manifest file | |
if: ( github.ref_type == 'tag') | |
uses: ./.github/actions/update-acap-manifest-action | |
with: | |
manifest_file: ./manifest-${{ matrix.arch }}.json | |
value: ${{ steps.meta.outputs.version }} | |
- name: Build and push base image | |
uses: ./.github/actions/docker-build-push-action | |
with: | |
dockerfile: Dockerfile.${{ matrix.arch }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
target: runtime-base | |
push: false | |
load: true | |
- name: Set name of EAP-file | |
id: get_eap_file_name | |
run: | | |
docker cp $(docker create "${{ steps.meta.outputs.full_name }}"):/opt/app .build | |
export EAP_FILE=$(find .build -type f -name "*.eap" -printf "%f\n") | |
delimiter="$(openssl rand -hex 8)" | |
echo "EAP_FILE<<${delimiter}" >> ${GITHUB_ENV} | |
echo "${EAP_FILE}" >> ${GITHUB_ENV} | |
echo "${delimiter}" >> ${GITHUB_ENV} | |
- name: Refactor naming of EAP-file for signed output | |
run: | | |
signed_output=$(echo "${{ env.EAP_FILE }}" | sed 's/\.eap/_signed.eap/') | |
echo "SIGNED_EAP_FILE=${signed_output}" >> $GITHUB_ENV | |
- name: Sign eap-file | |
run: | | |
cd .build | |
RESPONSE=$(curl -XPOST -H 'accept: */*' -H 'Content-Type: multipart/form-data' -H 'Authorization: Bearer ${{secrets.ACAP_PORTAL_SIGNING_BEARER_TOKEN}}' \ | |
'${{ vars.ACAP_PORTAL_URL }}/${{secrets.ACAP_PORTAL_SIGNING_ID}}/sign/binary' -F uploadedFile=@"${{ env.EAP_FILE }}" --output ${{ env.SIGNED_EAP_FILE }} \ | |
-w "%{http_code}\n" -o /dev/null) | |
echo "HTTP_RESPONSE=$RESPONSE" >> $GITHUB_ENV | |
- name: Check that acap has been signed | |
run: | | |
if [[ -n "$HTTP_RESPONSE" && "$HTTP_RESPONSE" =~ ^[0-9]+$ ]]; then | |
if [ "$HTTP_RESPONSE" -eq 200 ]; then | |
echo "HTTP response code is 200, signing was successful" | |
else | |
echo "HTTP response code is: $HTTP_RESPONSE, signing was not successful" | |
exit 1 | |
fi | |
else | |
echo "HTTP_RESPONSE is empty or not a valid integer: $HTTP_RESPONSE" | |
fi | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ env.SIGNED_EAP_FILE }} | |
path: .build/${{ env.SIGNED_EAP_FILE }} | |
if-no-files-found: error | |
- name: Save file name | |
id: save_full_file_name | |
run: | | |
if [ ${{ matrix.arch }} = armv7hf ] | |
then | |
echo "EAP_FILE_ARMV7HF=${{ env.SIGNED_EAP_FILE }}" >> $GITHUB_OUTPUT | |
elif [ ${{ matrix.arch }} = aarch64 ] | |
then | |
echo "EAP_FILE_AARCH64=${{ env.SIGNED_EAP_FILE }}" >> $GITHUB_OUTPUT | |
else | |
echo "::error::Non valid architecture '${{ matrix.arch }}' encountered" | |
fi | |
# Build containerized image and push to Docker Hub | |
# This job is skipped if not on main branch or if build_and_test job has failed | |
# It can (and should) run in parallel to the build_and_sign_acap job | |
build_containerized: | |
name: Build and push containerized images | |
runs-on: ubuntu-latest | |
needs: build_and_test | |
if: (github.event_name != 'pull_request') | |
strategy: | |
matrix: | |
arch: [armv7hf, aarch64] | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Create containerized image metadata | |
id: meta_containerized | |
uses: ./.github/actions/metadata-action | |
with: | |
suffix: -${{ matrix.arch }}-containerized | |
repository: ${{ vars.REPOSITORY_DOCKER_HUB }} | |
get_version: "true" | |
- name: Update manifest file | |
if: ( github.ref_type == 'tag') | |
uses: ./.github/actions/update-acap-manifest-action | |
with: | |
manifest_file: ./manifest-${{ matrix.arch }}.json | |
value: ${{ steps.meta_containerized.outputs.version }} | |
- name: Build and push containerized image | |
uses: ./.github/actions/docker-build-push-action | |
with: | |
dockerfile: Dockerfile.${{ matrix.arch }} | |
tags: ${{ steps.meta_containerized.outputs.tags }} | |
labels: ${{ steps.meta_containerized.outputs.labels }} | |
push: true | |
build-args: | | |
ARCH=${{ matrix.arch }} | |
RUNTIME_VERSION=${{ steps.meta.outputs.version }} | |
use_qemu: "true" | |
registry_user: ${{ secrets.ECOSYSTEM_SERVICE_USER_DOCKER_HUB }} | |
registry_token: ${{ secrets.ECOSYSTEM_ACCESS_TOKEN_DOCKER_HUB }} | |
# Create a pre-release and upload | |
# This job is skipped if not a tag or if the build_and_sign_acap and | |
# build_containerized jobs have not completed successfully. | |
create_prerelease: | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
needs: [build_and_sign_acap, build_containerized] | |
if: (github.ref_type == 'tag') | |
outputs: | |
RELEASE_ID: ${{ steps.prerelease.outputs.RELEASE_ID }} | |
steps: | |
- name: Set TAG | |
id: vars | |
run: echo "TAG=${GITHUB_REF#refs/*/}" >> ${GITHUB_ENV} | |
- name: Create prerelease | |
uses: actions/github-script@v6 | |
id: prerelease | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
script: | | |
try { | |
const response = await github.rest.repos.createRelease({ | |
draft: false, | |
generate_release_notes: true, | |
name: '${{ env.TAG }}', | |
owner: context.repo.owner, | |
prerelease: true, | |
repo: context.repo.repo, | |
tag_name: '${{ env.TAG }}', | |
}); | |
core.setOutput('RELEASE_ID', response.data.id); | |
} catch (error) { | |
core.setFailed(error.message); | |
} | |
# Get the signed ACAP artifacts and copy them to the pre-release | |
# This job is skipped if create_prerelease or build_and_sign_acap jobs have | |
# not completed successfully. | |
download-and-upload-artifacts: | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
needs: [create_prerelease, build_and_sign_acap] | |
strategy: | |
matrix: | |
arch: [armv7hf, aarch64] | |
env: | |
RELEASE_ID: ${{ needs.create_prerelease.outputs.RELEASE_ID }} | |
EAP_FILE_AARCH64: ${{ needs.build_and_sign_acap.outputs.EAP_FILE_AARCH64 }} | |
EAP_FILE_ARMV7HF: ${{ needs.build_and_sign_acap.outputs.EAP_FILE_ARMV7HF }} | |
steps: | |
- name: Get EAP file name | |
id: full_eap_name | |
run: | | |
if [ ${{ matrix.arch }} = armv7hf ] | |
then | |
echo "EAP_FILE=${{ needs.build_and_sign_acap.outputs.EAP_FILE_ARMV7HF }}" >> $GITHUB_ENV | |
elif [ ${{ matrix.arch }} = aarch64 ] | |
then | |
echo "EAP_FILE=${{ needs.build_and_sign_acap.outputs.EAP_FILE_AARCH64 }}" >> $GITHUB_ENV | |
else | |
echo "::error::Non valid architecture '${{ matrix.arch }}' encountered" | |
fi | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ env.EAP_FILE }} | |
path: ./ | |
- name: Upload file to GitHub release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
RESPONSE=$(curl -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
-H "Accept: application/vnd.github.manifold-preview" \ | |
-H "Content-Type: application/zip" \ | |
--data-binary @${{ env.EAP_FILE }} \ | |
"https://uploads.github.com/repos/$GITHUB_REPOSITORY/releases/${{env.RELEASE_ID}}/assets?name=${{ env.EAP_FILE }}" \ | |
-w "%{http_code}\n" -o /dev/null) | |
echo "HTTP_RESPONSE=$RESPONSE" >> $GITHUB_ENV | |
- name: Check that asset has been uploaded correctly | |
run: | | |
if [[ -n "$HTTP_RESPONSE" && "$HTTP_RESPONSE" =~ ^[0-9]+$ ]]; then | |
if [ "$HTTP_RESPONSE" -eq 201 ]; then | |
echo "HTTP response code is 201, upload was successful" | |
else | |
echo "HTTP response code is: $HTTP_RESPONSE, upload was not successful" | |
exit 1 | |
fi | |
else | |
echo "HTTP_RESPONSE is empty or not a valid integer: $HTTP_RESPONSE" | |
fi |