From 769506b7f53218083b2a796bde841a7ca458b0c6 Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Tue, 30 Jan 2024 19:33:20 +0100 Subject: [PATCH 1/4] GHA: Build docker images of the SP and IdP --- .github/workflows/deploy.yml | 140 ++++++++++++++++++++++++++++++----- mujina-idp/docker/Dockerfile | 3 + mujina-sp/docker/Dockerfile | 3 + 3 files changed, 126 insertions(+), 20 deletions(-) create mode 100644 mujina-idp/docker/Dockerfile create mode 100644 mujina-sp/docker/Dockerfile diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 96aba358..1c0d9f8f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -4,30 +4,130 @@ on: push: tags: - "*" + workflow_dispatch: jobs: deployment: + permissions: + packages: write environment: deploy runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Set up JDK 11 - uses: actions/setup-java@v1 - with: - java-version: 11 - server-id: openconext-releases - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - - name: Set up cache - uses: actions/cache@v1 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - name: Deploy with Maven - run: mvn --batch-mode deploy -DskipTests - env: - MAVEN_USERNAME: ${{ secrets.BUILD_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.BUILD_PASSWORD }} + - uses: actions/checkout@v2 + + - uses: actions/setup-node@v2 + with: + node-version: "16" + + - uses: actions/setup-java@v1 + with: + java-version: 11 + server-id: openconext-releases + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + + - uses: actions/cache@v1 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + + - name: Determine the version + run: echo ::set-output name=version::$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec) + id: versioncheck + + - name: Exit when workflow_dispatch is triggered, and the version does not contain SNAPSHOT in it's name + run: | + echo "Only SNAPSHOT releases can be triggered with the workflow_dispatch" + exit 1 + if: github.event_name == 'workflow_dispatch' && ( !endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT')) + + - name: Exit when a production build is triggered, and the github tag is not the same as the version in pom.xml + run: | + echo "Project version ${{ steps.versioncheck.outputs.version }} does not match git tag ${{ github.ref_name }}" + exit 1 + if: github.event_name != 'workflow_dispatch' && steps.versioncheck.outputs.version != github.ref_name + + - name: Set up JDK 11 for snapshots + uses: actions/setup-java@v3 + with: + java-version: "11" + distribution: "temurin" + cache: "maven" + server-id: openconext-snapshots + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + if: ( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT')) + + - name: Set up JDK 11 for releases + uses: actions/setup-java@v3 + with: + java-version: "11" + distribution: "temurin" + cache: "maven" + server-id: openconext-releases + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + if: ${{!( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT')) }} + + - name: Deploy with Maven + run: mvn --batch-mode deploy -DskipTests + env: + MAVEN_USERNAME: ${{ secrets.BUILD_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.BUILD_PASSWORD }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker IDP + id: meta_idp + uses: docker/metadata-action@v5 + with: + images: ghcr.io/openconext/mujina/mujina-idp + flavor: | + latest=false + tags: | + type=ref,event=tag + type=semver,pattern={{version}},value=${{ steps.versioncheck.outputs.version }} + type=sha + + - name: Extract metadata (tags, labels) for Docker SP + id: meta_sp + uses: docker/metadata-action@v5 + with: + images: ghcr.io/openconext/mujina/mujina-sp + flavor: | + latest=false + tags: | + type=ref,event=tag + type=semver,pattern={{version}},value=${{ steps.versioncheck.outputs.version }} + type=sha + + - name: Build and push the mujina idp image + uses: docker/build-push-action@v4 + with: + context: mujina-idp + file: mujina-idp/docker/Dockerfile + platforms: linux/amd64 + push: true + tags: ${{ steps.meta_idp.outputs.tags }} + labels: ${{ steps.meta_idp.outputs.labels }} + + - name: Build and push the mujina sp image + uses: docker/build-push-action@v4 + with: + context: mujina-sp + file: mujina-sp/docker/Dockerfile + platforms: linux/amd64 + push: true + tags: ${{ steps.meta_sp.outputs.tags }} + labels: ${{ steps.meta_sp.outputs.labels }} diff --git a/mujina-idp/docker/Dockerfile b/mujina-idp/docker/Dockerfile new file mode 100644 index 00000000..6db5b001 --- /dev/null +++ b/mujina-idp/docker/Dockerfile @@ -0,0 +1,3 @@ +FROM eclipse-temurin:11-jdk-alpine +COPY target/*.jar app.jar +ENTRYPOINT ["java","-jar","/app.jar"] diff --git a/mujina-sp/docker/Dockerfile b/mujina-sp/docker/Dockerfile new file mode 100644 index 00000000..6db5b001 --- /dev/null +++ b/mujina-sp/docker/Dockerfile @@ -0,0 +1,3 @@ +FROM eclipse-temurin:11-jdk-alpine +COPY target/*.jar app.jar +ENTRYPOINT ["java","-jar","/app.jar"] From 8d8b52151de83cce19a1d814972a1428f0646853 Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Tue, 30 Jan 2024 19:33:43 +0100 Subject: [PATCH 2/4] New SNAPSHOT cycle --- mujina-common/pom.xml | 2 +- mujina-idp/pom.xml | 2 +- mujina-sp/pom.xml | 2 +- pom.xml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mujina-common/pom.xml b/mujina-common/pom.xml index 7fa07aac..eaa4b609 100644 --- a/mujina-common/pom.xml +++ b/mujina-common/pom.xml @@ -21,7 +21,7 @@ org.openconext mujina - 8.0.9 + 8.0.10-SNAPSHOT ../pom.xml diff --git a/mujina-idp/pom.xml b/mujina-idp/pom.xml index 61f5363d..4d03b77c 100644 --- a/mujina-idp/pom.xml +++ b/mujina-idp/pom.xml @@ -21,7 +21,7 @@ org.openconext mujina - 8.0.9 + 8.0.10-SNAPSHOT ../pom.xml diff --git a/mujina-sp/pom.xml b/mujina-sp/pom.xml index a86f3ea9..8cd4cb3e 100644 --- a/mujina-sp/pom.xml +++ b/mujina-sp/pom.xml @@ -21,7 +21,7 @@ org.openconext mujina - 8.0.9 + 8.0.10-SNAPSHOT ../pom.xml diff --git a/pom.xml b/pom.xml index 177bdfd2..613f0f56 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ org.openconext mujina - 8.0.9 + 8.0.10-SNAPSHOT pom From 46a7cf7c3c4ea8739246a515d43347b4dac7cca8 Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Wed, 21 Feb 2024 09:16:30 +0100 Subject: [PATCH 3/4] GHA: Version updates for the docker build action --- .github/workflows/deploy.yml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 1c0d9f8f..97e12af2 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -14,20 +14,21 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - - uses: actions/setup-node@v2 + - uses: actions/setup-node@v4 with: node-version: "16" - - uses: actions/setup-java@v1 + - uses: actions/setup-java@v4 with: java-version: 11 + distribution: "temurin" server-id: openconext-releases server-username: MAVEN_USERNAME server-password: MAVEN_PASSWORD - - uses: actions/cache@v1 + - uses: actions/cache@v4 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} @@ -35,7 +36,7 @@ jobs: ${{ runner.os }}-maven- - name: Determine the version - run: echo ::set-output name=version::$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec) + run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT id: versioncheck - name: Exit when workflow_dispatch is triggered, and the version does not contain SNAPSHOT in it's name @@ -51,7 +52,7 @@ jobs: if: github.event_name != 'workflow_dispatch' && steps.versioncheck.outputs.version != github.ref_name - name: Set up JDK 11 for snapshots - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: "11" distribution: "temurin" @@ -62,7 +63,7 @@ jobs: if: ( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT')) - name: Set up JDK 11 for releases - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: "11" distribution: "temurin" @@ -79,10 +80,10 @@ jobs: MAVEN_PASSWORD: ${{ secrets.BUILD_PASSWORD }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -113,7 +114,7 @@ jobs: type=sha - name: Build and push the mujina idp image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: mujina-idp file: mujina-idp/docker/Dockerfile @@ -123,7 +124,7 @@ jobs: labels: ${{ steps.meta_idp.outputs.labels }} - name: Build and push the mujina sp image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: mujina-sp file: mujina-sp/docker/Dockerfile From 419c35f06fc608f7a9a86b3bc5ad68cefe373258 Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Tue, 12 Mar 2024 11:05:17 +0100 Subject: [PATCH 4/4] Docker: Add :latest tag to production builds and :snapshot for snapshots --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 97e12af2..e45c02a4 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -112,6 +112,8 @@ jobs: type=ref,event=tag type=semver,pattern={{version}},value=${{ steps.versioncheck.outputs.version }} type=sha + type=raw,event=tag,value=latest + type=raw,event=workflow_dispatch,value=snapshot - name: Build and push the mujina idp image uses: docker/build-push-action@v5