Skip to content

Build and publish to Docker Hub #68

Build and publish to Docker Hub

Build and publish to Docker Hub #68

Workflow file for this run

name: Build and publish to Docker Hub
on:
release:
# job will automatically run after a new "release" is create on github.
types: [created]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
dry_run:
description: 'If true, will not push the built images to docker hub.'
required: false
default: 'false'
jobs:
# this job will build, test and (potentially) push the docker images to docker hub
#
# BUILD PHASE:
# - will auto tag the image according to the release tag / `git describe`.
#
# TEST PHASE:
# - will run an e2e test with a modified docker compose.
# - queries OPA data to check its state matches an expected value.
# - state will match only if OPAL client successfully synced to OPAL server.
# - outputs the docker compose logs to more easily investigate errors.
#
# PUSH PHASE:
# - Runs only if test phase completes with no errors.
# - Pushes images (built at BUILD PHASE) to docker hub.
docker_build_and_publish:
runs-on: ubuntu-latest
steps:
# BUILD PHASE
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub
if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Get version tag from github release
if: github.event_name == 'release' && github.event.action == 'created'
run: |
echo "opal_version_tag=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
- name: Get version tag from git history
if: ${{ !(github.event_name == 'release' && github.event.action == 'created') }}
run: |
echo "opal_version_tag=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV
- name: Echo version tag
run: |
echo "The version tag that will be published to docker hub is: ${{ env.opal_version_tag }}"
- name: Build client for testing
id: build_client
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
push: false
target: client
cache-from: type=registry,ref=permitio/opal-client:latest
cache-to: type=inline
load: true
tags: |
permitio/opal-client:test
- name: Build server for testing
id: build_server
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
push: false
target: server
cache-from: type=registry,ref=permitio/opal-server:latest
cache-to: type=inline
load: true
tags: |
permitio/opal-server:test
# TEST PHASE
- name: Create modified docker compose file
run: sed 's/:latest/:test/g' docker/docker-compose-example.yml > docker/docker-compose-test.yml
- name: Bring up stack
run: docker-compose -f docker/docker-compose-test.yml up -d
- name: Check if OPA is healthy
run: ./scripts/wait-for.sh -t 60 http://localhost:8181/v1/data/users -- sleep 10 && curl -s "http://localhost:8181/v1/data/users" | jq '.result.bob.location.country == "US"'
- name: Output container logs
run: docker-compose -f docker/docker-compose-test.yml logs
# PUSH PHASE
- name: Output local docker images
run: docker image ls --digests | grep opal
# pushes the *same* docker images that were previously tested as part of e2e sanity test.
# each image is pushed with the versioned tag first, if it succeeds the image is pushed with the latest tag as well.
- name: Build & Push client
id: build_push_client
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
target: client
cache-from: type=registry,ref=permitio/opal-client:latest
cache-to: type=inline
tags: |
permitio/opal-client:latest
permitio/opal-client:${{ env.opal_version_tag }}
- name: Build client-standalone
id: build_push_client_standalone
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
target: client-standalone
cache-from: type=registry,ref=permitio/opal-client-standalone:latest
cache-to: type=inline
tags: |
permitio/opal-client-standalone:latest
permitio/opal-client-standalone:${{ env.opal_version_tag }}
- name: Build server
id: build_push_server
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
target: server
cache-from: type=registry,ref=permitio/opal-server:latest
cache-to: type=inline
tags: |
permitio/opal-server:latest
permitio/opal-server:${{ env.opal_version_tag }}
- name: Build & Push client cedar
id: build_push_client_cedar
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
target: client-cedar
cache-from: type=registry,ref=permitio/opal-client-cedar:latest
cache-to: type=inline
tags: |
permitio/opal-client-cedar:latest
permitio/opal-client-cedar:${{ env.opal_version_tag }}