Merge pull request #1 from epics-containers/gha

Gha
epics-containers · Jul 26, 2024 · 0305519 · 0305519
2 parents 4f9c8ab + 98d69aa
commit 0305519
Show file tree

Hide file tree

Showing 3 changed files with 118 additions and 14 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+# Look for updates to python and docker dependencies.
+
+version: 2
+updates:
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,89 @@
+name: Build and publish image to ghcr.io/epics-containers
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  build:
+    # pull requests are a duplicate of a branch push if within the same repo.
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        epics-target: [linux-x86_64] # , linux-aarch64]
+        include:
+          - os: ubuntu-latest # everyone is on ubuntu-latest
+          - epics-target: linux-x86_64
+            platform: linux/amd64
+
+          # # a temporary name until multi-arch is supported
+          # - epics-target: linux-aarch64
+          #     extension: -native-aarch64
+          #     platform: linux/arm64
+
+    runs-on: ${{ matrix.os }}
+    env:
+      TAG: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
+    steps:
+
+      - name: Log in to GitHub Docker Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io/${{ github.repository_owner }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build image
+        uses: docker/build-push-action@v6
+        with:
+          platforms: ${{ matrix.platform }}
+          target: final
+          cache-from: type=gha,scope=${{ matrix.epics-target }}
+          cache-to: type=gha,mode=max,scope=${{ matrix.epics-target }}
+          tags: ci_test
+          load: true
+
+      - name: Test image
+        # Opportunity to run tests using docker run 'ci_test'
+        if: ${{ matrix.epics-target == 'linux-x86_64' }}
+        run: if [ -f tests/run-tests.sh ]; then tests/run-tests.sh ci_test; fi
+
+      - name: Push final image
+        if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }}
+        uses: docker/build-push-action@v6
+        with:
+          platforms: ${{ matrix.platform }}
+          target: final
+          tags: ${{ env.TAG }}:${{ github.ref_name }}
+          push: true
+
+      - name: Push debug image
+        if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }}
+        uses: docker/build-push-action@v6
+        with:
+          platforms: ${{ matrix.platform }}
+          target: dockerizer
+          tags: ${{ env.TAG }}-debug:${{ github.ref_name }}
+          push: true
+
+  release:
+    # Release on tag push
+    needs: [build]
+    if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }}
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Github Release
+        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
+        with:
+          generate_release_notes: true
diff --git a/Dockerfile b/Dockerfile
@@ -3,41 +3,46 @@
 FROM alpine AS download-extract
 
 RUN apk update && apk add git
-RUN git clone --branch R2-1-2-0 --depth 1 -c advice.detachedHead=false \
+RUN git clone --branch R2-1-3-0 --depth 1 -c advice.detachedHead=false \
       https://github.com/epics-extensions/ca-gateway.git /ca-gateway
-RUN rm -rf /ca-gateway/.git
+RUN git clone --branch v4.13.3 --depth 1 -c advice.detachedHead=false \
+      https://github.com/epics-modules/pcas.git /epics/support/pcas
+
+RUN rm -rf /ca-gateway/.git; rm -rf /epics/support/pcas/.git
 
 
 ## ===============================
 #  2nd stage: build the CA Gateway
-FROM pklaus/epics_base:7.0.4_debian AS builder
-
-# The scs user already exists in base image.
-# We set it here explicitly to clarify file ownership.
-USER scs
+FROM ghcr.io/epics-containers/epics-base-developer:7.0.8ec2 AS builder
 
 # Download the EPICS CA Gateway
-COPY --chown=scs:users --from=download-extract /ca-gateway /epics/src/ca-gateway
+COPY --from=download-extract /ca-gateway /epics/src/ca-gateway
+COPY --from=download-extract /epics/support/pcas /epics/support/pcas
+
+RUN cd /epics/support/pcas \
+ && echo "EPICS_BASE=/epics/epics-base" > configure/RELEASE.local \
+ && make -j$(nproc)
 RUN cd /epics/src/ca-gateway \
- && echo "EPICS_BASE=/epics/base" > configure/RELEASE.local \
- && echo "PCAS=/epics/base/modules/pcas" >> configure/RELEASE.local \
+ && echo "EPICS_BASE=/epics/epics-base" > configure/RELEASE.local \
+ && echo "PCAS=/epics/support/pcas" >> configure/RELEASE.local \
  && echo "INSTALL_LOCATION=/epics/ca-gateway" > configure/CONFIG_SITE.local \
  && make -j$(nproc)
 
+# Install debugging tools to use this target as a debug container
+RUN apt update && apt install -y net-tools tcpdump iproute2 iputils-ping vim
 
 ## ======================================
 # 3rd stage: "dockerize" the application - copy executable, lib dependencies
 #            to a new root folder. For more information, read
 #            https://blog.oddbit.com/post/2015-02-05-creating-minimal-docker-images/
 FROM builder AS dockerizer
-USER root
 
-# Install Python and a Python2 compatible version of larsks/dockerize
-RUN apt-get update && apt-get install -yq python python-pip rsync \
- && pip install https://github.com/larsks/dockerize/archive/a903419.zip
+# Install the latest commit of dockerize (2021/07/06)
+RUN pip install git+https://github.com/larsks/dockerize@024b1a2
 
 # Move the executable "gateway" to a more prominent location
 RUN mv /epics/ca-gateway/bin/*/gateway /epics/
+RUN useradd scs
 
 # Dockerize
 RUN dockerize -L preserve -n -u scs -o /ca-gateway_root --verbose /epics/gateway \
@@ -46,12 +51,14 @@ RUN dockerize -L preserve -n -u scs -o /ca-gateway_root --verbose /epics/gateway
  # /epics is owned by scs in this image and should also be in later one:
  && chown -R scs:users /ca-gateway_root/epics
 
+ENTRYPOINT ["/epics/gateway"]
 
 ## =========================================
 #  4th stage: Finally put together our image
 #             from scratch for minimal size.
 FROM scratch AS final
 
+# User scs gives us a non-root user to run the gateway
 USER scs
 
 COPY --from=dockerizer /ca-gateway_root /