From 82b8252a2e1a95b898c52aae3e03b00101f20191 Mon Sep 17 00:00:00 2001 From: Rok Garbas Date: Wed, 20 Nov 2024 22:16:12 +0100 Subject: [PATCH] Build container images for each environment and push them to GHCR --- .github/workflows/ci.yml | 96 +++++++++++++++++++++++++++++++--------- 1password/.flox/env.json | 4 +- 2 files changed, 77 insertions(+), 23 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 25681bb..6ba2320 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,8 +17,8 @@ jobs: runs-on: "ubuntu-latest" outputs: - envs_test: "${{ steps.envs.outputs.envs_test }}" - envs_push: "${{ steps.envs.outputs.envs_push }}" + envs_per_system: "${{ steps.envs.outputs.envs_per_system }}" + envs_only: "${{ steps.envs.outputs.envs_only }}" steps: - name: "Checkout" @@ -30,8 +30,8 @@ jobs: - name: "Find environment" id: "envs" run: | - envs_test="[" - envs_push="[" + envs_per_system="[" + envs_only="[" update_all=${{ github.event_name == 'schedule' && 'true' || '' }} BASE_SHA="${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || 'HEAD~1' }}" @@ -55,33 +55,33 @@ jobs: fi readarray systems < <(yq e -o=j -I=0 '.options.systems[]' $manifest_path) - comma_test="" - if [ "$envs_test" != "[" ]; then comma_test=","; fi + comma_per_system="" + if [ "$envs_per_system" != "[" ]; then comma_per_system=","; fi for system in "${systems[@]}"; do system=$(echo $system | xargs) - envs_test="$envs_test$comma_test{\"example\":\"$name\",\"system\":\"$system\",\"start_services\":$start_services}" - comma_test="," + envs_per_system="$envs_per_system$comma_per_system{\"example\":\"$name\",\"system\":\"$system\",\"start_services\":$start_services}" + comma_per_system="," done - comma_push="" + comma_only="" if [ "$name" == "flaim" ]; then continue; fi - if [ "$envs_push" != "[" ]; then comma_push=","; fi - envs_push="$envs_push$comma_push{\"example\":\"$name\"}" + if [ "$envs_only" != "[" ]; then comma_only=","; fi + envs_only="$envs_only$comma_only{\"example\":\"$name\"}" fi done <<< "$(find $PWD -name manifest.toml)" - envs_test="$envs_test]" - envs_push="$envs_push]" + envs_per_system="$envs_per_system]" + envs_only="$envs_only]" - echo "-- ENVS_TEST ---------------" - echo "$envs_test" | jq + echo "-- envs_per_system ---------" + echo "$envs_per_system" | jq echo "----------------------------" - echo "-- ENVS_PUSH ---------------" - echo "$envs_push" | jq + echo "-- envs_only ---------------" + echo "$envs_only" | jq echo "----------------------------" - echo "envs_test=$envs_test" >> "$GITHUB_OUTPUT" - echo "envs_push=$envs_push" >> "$GITHUB_OUTPUT" + echo "envs_per_system=$envs_per_system" >> "$GITHUB_OUTPUT" + echo "envs_only=$envs_only" >> "$GITHUB_OUTPUT" test: name: "Test '${{ matrix.example }}' example on '${{ matrix.system }}'" @@ -96,7 +96,7 @@ jobs: fail-fast: false max-parallel: 8 matrix: - include: ${{ fromJSON(needs.envs.outputs.envs_test ) }} + include: ${{ fromJSON(needs.envs.outputs.envs_per_system ) }} steps: - name: "Setup SSH" @@ -135,6 +135,57 @@ jobs: --option access-tokens "github.com=${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}" \ github:flox/floxenvs/${{ github.sha }}#apps.${{ matrix.system }}.test-${{ matrix.example }} -- ${{ matrix.start_services }} + containarize: + name: "Containarize '${{ matrix.example }}'" + runs-on: "ubuntu-latest" + + if: (github.event_name == 'push' && github.ref_name == 'main') || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' + + needs: + - "envs" + - "test" + + env: + FLOX_BIN: "flox -vvv" + + timeout-minutes: 30 + + permissions: + contents: "read" + packages: "write" + attestations: "write" + id-token: "write" + + strategy: + fail-fast: false + max-parallel: 8 + matrix: + include: ${{ fromJSON(needs.envs.outputs.envs_only ) }} + + steps: + - name: "Checkout" + uses: "actions/checkout@v4" + + - name: "Install flox" + uses: "flox/install-flox-action@main" + + - name: "Login to Github Container Registry" + uses: "docker/login-action@v3" + with: + registry: "ghcr.io" + username: "${{ github.actor }}" + password: "${{ secrets.GITHUB_TOKEN }}" + + - name: "Containarize" + run: | + flox containerize -d ./${{ matrix.example }} + + - name: "Tag & Push" + run: | + docker tag ${{ matrix.example }}:latest ghcr.io/flox/floxenvs:${{ matrix.example }}-latest + docker push ghcr.io/flox/floxenvs:${{ matrix.example }}-latest + + push: name: "Sync '${{ matrix.example }}' manifest" runs-on: "ubuntu-latest" @@ -150,9 +201,11 @@ jobs: FLOX_REMOTE_OWNER: "flox" FLOX_AUTH0_URL: "https://auth.flox.dev" + timeout-minutes: 30 + strategy: matrix: - include: ${{ fromJSON(needs.envs.outputs.envs_push ) }} + include: ${{ fromJSON(needs.envs.outputs.envs_only ) }} steps: - name: "Checkout" @@ -209,6 +262,7 @@ jobs: needs: - "test" - "push" + - "containarize" steps: - name: "Slack Notification" diff --git a/1password/.flox/env.json b/1password/.flox/env.json index 56d8ee9..d687a6e 100644 --- a/1password/.flox/env.json +++ b/1password/.flox/env.json @@ -1,4 +1,4 @@ { - "name": "op-inject-manifest", + "name": "1password", "version": 1 -} \ No newline at end of file +}