This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and publish to Docker Hub | |
on: push | |
# release: | |
# # job will automatically run after a new "release" is create on github. | |
# types: [created] | |
# Allows you to run this workflow manually from the Actions tab | |
# workflow_dispatch: | |
# inputs: | |
# dry_run: | |
# description: 'If true, will not push the built images to docker hub.' | |
# required: false | |
# default: 'false' | |
jobs: | |
# this job will build, test and (potentially) push the docker images to docker hub | |
# | |
# BUILD PHASE: | |
# - will auto tag the image according to the release tag / `git describe`. | |
# | |
# TEST PHASE: | |
# - will run an e2e test with a modified docker compose. | |
# - queries OPA data to check its state matches an expected value. | |
# - state will match only if OPAL client successfully synced to OPAL server. | |
# - outputs the docker compose logs to more easily investigate errors. | |
# | |
# PUSH PHASE: | |
# - Runs only if test phase completes with no errors. | |
# - Pushes images (built at BUILD PHASE) to docker hub. | |
docker_build_and_publish: | |
runs-on: ubuntu-latest | |
environment: | |
name: pypi | |
url: https://pypi.org/p/permit | |
permissions: | |
id-token: write | |
contents: write # 'write' access to repository contents | |
pull-requests: write # 'write' access to pull requests | |
steps: | |
# BUILD PHASE | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
# - name: Set up QEMU | |
# uses: docker/setup-qemu-action@v2 | |
# - name: Set up Docker Buildx | |
# uses: docker/setup-buildx-action@v2 | |
# - name: Login to DockerHub | |
# if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }} | |
# uses: docker/login-action@v2 | |
# with: | |
# username: ${{ secrets.DOCKERHUB_USERNAME }} | |
# password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# - name: Get version tag from github release | |
# if: github.event_name == 'release' && github.event.action == 'created' | |
# run: | | |
# echo "opal_version_tag=${{ github.event.release.tag_name }}" >> $GITHUB_ENV | |
# - name: Get version tag from git history | |
# if: ${{ !(github.event_name == 'release' && github.event.action == 'created') }} | |
# run: | | |
# echo "opal_version_tag=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV | |
# - name: Echo version tag | |
# run: | | |
# echo "The version tag that will be published to docker hub is: ${{ env.opal_version_tag }}" | |
# - name: Build client for testing | |
# id: build_client | |
# uses: docker/build-push-action@v4 | |
# with: | |
# file: docker/Dockerfile | |
# push: false | |
# target: client | |
# cache-from: type=registry,ref=permitio/opal-client:latest | |
# cache-to: type=inline | |
# load: true | |
# tags: | | |
# permitio/opal-client:test | |
# - name: Build server for testing | |
# id: build_server | |
# uses: docker/build-push-action@v4 | |
# with: | |
# file: docker/Dockerfile | |
# push: false | |
# target: server | |
# cache-from: type=registry,ref=permitio/opal-server:latest | |
# cache-to: type=inline | |
# load: true | |
# tags: | | |
# permitio/opal-server:test | |
# # TEST PHASE | |
# - name: Create modified docker compose file | |
# run: sed 's/:latest/:test/g' docker/docker-compose-example.yml > docker/docker-compose-test.yml | |
# - name: Bring up stack | |
# run: docker-compose -f docker/docker-compose-test.yml up -d | |
# - name: Check if OPA is healthy | |
# run: ./scripts/wait-for.sh -t 60 http://localhost:8181/v1/data/users -- sleep 10 && curl -s "http://localhost:8181/v1/data/users" | jq '.result.bob.location.country == "US"' | |
# - name: Output container logs | |
# run: docker-compose -f docker/docker-compose-test.yml logs | |
# # PUSH PHASE | |
# - name: Output local docker images | |
# run: docker image ls --digests | grep opal | |
# # pushes the *same* docker images that were previously tested as part of e2e sanity test. | |
# # each image is pushed with the versioned tag first, if it succeeds the image is pushed with the latest tag as well. | |
# - name: Build & Push client | |
# if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }} | |
# id: build_push_client | |
# uses: docker/build-push-action@v4 | |
# with: | |
# file: docker/Dockerfile | |
# platforms: linux/amd64,linux/arm64 | |
# push: true | |
# target: client | |
# cache-from: type=registry,ref=permitio/opal-client:latest | |
# cache-to: type=inline | |
# tags: | | |
# permitio/opal-client:latest | |
# permitio/opal-client:${{ env.opal_version_tag }} | |
# # - name: Build & Push client cedar | |
# # if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }} | |
# # id: build_push_client_cedar | |
# # uses: docker/build-push-action@v4 | |
# # with: | |
# # file: docker/Dockerfile | |
# # platforms: linux/amd64,linux/arm64 | |
# # push: true | |
# # target: client-cedar | |
# # cache-from: type=registry,ref=permitio/opal-client-cedar:latest | |
# # cache-to: type=inline | |
# # tags: | | |
# # permitio/opal-client-cedar:latest | |
# # permitio/opal-client-cedar:${{ env.opal_version_tag }} | |
# - name: Build client-standalone | |
# if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }} | |
# id: build_push_client_standalone | |
# uses: docker/build-push-action@v4 | |
# with: | |
# file: docker/Dockerfile | |
# platforms: linux/amd64,linux/arm64 | |
# push: true | |
# target: client-standalone | |
# cache-from: type=registry,ref=permitio/opal-client-standalone:latest | |
# cache-to: type=inline | |
# tags: | | |
# permitio/opal-client-standalone:latest | |
# permitio/opal-client-standalone:${{ env.opal_version_tag }} | |
# - name: Build server | |
# if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }} | |
# id: build_push_server | |
# uses: docker/build-push-action@v4 | |
# with: | |
# file: docker/Dockerfile | |
# platforms: linux/amd64,linux/arm64 | |
# push: true | |
# target: server | |
# cache-from: type=registry,ref=permitio/opal-server:latest | |
# cache-to: type=inline | |
# tags: | | |
# permitio/opal-server:latest | |
# permitio/opal-server:${{ env.opal_version_tag }} | |
- name: Python setup | |
#if: github.event_name == 'release' && github.event.action == 'created' | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11.8' | |
# This is the root file representing the package for all the sub-packages. | |
- name: Bump version - packaging__.py | |
#if: github.event_name == 'release' && github.event.action == 'created' | |
run: | | |
#version_tag=${{ github.event.release.tag_name }} | |
version_tag=3.5.1 | |
sed -i "s/__version__ = \".*\"/__version__ = \"${version_tag}\"/" packages/opal-client/__packaging__.py | |
cat packages/opal-client/__packaging__.py | |
# git config --local user.email "[email protected]" | |
# git config --local user.name "elimoshkovich" | |
# git add packages/opal-client/__packaging__.py | |
# git commit -m "Bump version to ${version_tag}" | |
- name: Cleanup setup.py and Build every sub-packages | |
#if: github.event_name == 'release' && github.event.action == 'created' | |
run: | | |
pip install wheel | |
cd packages/opal-common/ ; rm -rf *.egg-info build/ dist/ | |
python setup.py sdist bdist_wheel | |
cd ../.. | |
cd packages/opal-client/ ; rm -rf *.egg-info build/ dist/ | |
python setup.py sdist bdist_wheel | |
cd ../.. | |
cd packages/opal-server/ ; rm -rf *.egg-info build/ dist/ | |
python setup.py sdist bdist_wheel | |
cd ../.. | |
# - name: Publish package distributions to PyPI - Opal-Common | |
# if: github.event_name == 'release' && github.event.action == 'created' | |
# uses: pypa/gh-action-pypi-publish@release/v1 | |
# with: | |
# password: ${{ secrets.PYPI_TOKEN }} | |
# packages-dir: packages/opal-common/ | |
# - name: Publish package distributions to PyPI - Opal-Client | |
# if: github.event_name == 'release' && github.event.action == 'created' | |
# uses: pypa/gh-action-pypi-publish@release/v1 | |
# with: | |
# password: ${{ secrets.PYPI_TOKEN }} | |
# packages-dir: packages/opal-client/ | |
# - name: Publish package distributions to PyPI - Opal-Server | |
# if: github.event_name == 'release' && github.event.action == 'created' | |
# uses: pypa/gh-action-pypi-publish@release/v1 | |
# with: | |
# password: ${{ secrets.PYPI_TOKEN }} | |
# packages-dir: packages/opal-server/ | |
# - name: Push changes of __packaging__.py to GitHub | |
# if: github.event_name == 'release' && github.event.action == 'created' | |
# uses: ad-m/github-push-action@master | |
# with: | |
# github_token: ${{ secrets.TOKEN_GITHUB }} | |
# branch: master |