Build and publish to Docker Hub #60
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and publish to Docker Hub | |
on: | |
release: | |
# job will automatically run after a new "release" is create on github. | |
types: [created] | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
inputs: | |
dry_run: | |
description: 'If true, will not push the built images to docker hub.' | |
required: false | |
default: 'false' | |
jobs: | |
# this job will build, test and (potentially) push the docker images to docker hub | |
# | |
# BUILD PHASE: | |
# - will auto tag the image according to the release tag / `git describe`. | |
# | |
# TEST PHASE: | |
# - will run an e2e test with a modified docker compose. | |
# - queries OPA data to check its state matches an expected value. | |
# - state will match only if OPAL client successfully synced to OPAL server. | |
# - outputs the docker compose logs to more easily investigate errors. | |
# | |
# PUSH PHASE: | |
# - Runs only if test phase completes with no errors. | |
# - Pushes images (built at BUILD PHASE) to docker hub. | |
docker_build_and_publish: | |
runs-on: ubuntu-latest | |
steps: | |
# BUILD PHASE | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to DockerHub | |
if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }} | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Get version tag from github release | |
if: github.event_name == 'release' && github.event.action == 'created' | |
run: | | |
echo "opal_version_tag=${{ github.event.release.tag_name }}" >> $GITHUB_ENV | |
- name: Get version tag from git history | |
if: ${{ !(github.event_name == 'release' && github.event.action == 'created') }} | |
run: | | |
echo "opal_version_tag=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV | |
- name: Echo version tag | |
run: | | |
echo "The version tag that will be published to docker hub is: ${{ env.opal_version_tag }}" | |
- name: Build client for testing | |
id: build_client | |
uses: docker/build-push-action@v4 | |
with: | |
file: docker/Dockerfile | |
push: false | |
target: client | |
cache-from: type=registry,ref=permitio/opal-client:latest | |
cache-to: type=inline | |
load: true | |
tags: | | |
permitio/opal-client:test | |
- name: Build client-standalone for testing | |
id: build_client_standalone | |
uses: docker/build-push-action@v4 | |
with: | |
file: docker/Dockerfile | |
push: false | |
target: client-standalone | |
cache-from: type=registry,ref=permitio/opal-client-standalone:latest | |
cache-to: type=inline | |
load: true | |
tags: | | |
permitio/opal-client-standalone:test | |
- name: Build server for testing | |
id: build_server | |
uses: docker/build-push-action@v4 | |
with: | |
file: docker/Dockerfile | |
push: false | |
target: server | |
cache-from: type=registry,ref=permitio/opal-server:latest | |
cache-to: type=inline | |
load: true | |
tags: | | |
permitio/opal-server:test | |
# TEST PHASE | |
- name: Create modified docker compose file | |
run: sed 's/:latest/:test/g' docker/docker-compose-example.yml > docker/docker-compose-test.yml | |
- name: Bring up stack | |
run: docker-compose -f docker/docker-compose-test.yml up -d | |
- name: Check if OPA is healthy | |
run: ./scripts/wait-for.sh -t 60 http://localhost:8181/v1/data/users -- sleep 10 && curl -s "http://localhost:8181/v1/data/users" | jq '.result.bob.location.country == "US"' | |
- name: Output container logs | |
run: docker-compose -f docker/docker-compose-test.yml logs | |
# PUSH PHASE | |
- name: Output local docker images | |
run: docker image ls --digests | grep opal | |
# pushes the *same* docker images that were previously tested as part of e2e sanity test. | |
# each image is pushed with the versioned tag first, if it succeeds the image is pushed with the latest tag as well. | |
- name: Build & Push client | |
if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }} | |
id: build_push_client | |
uses: docker/build-push-action@v4 | |
with: | |
file: docker/Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
target: client | |
cache-from: type=registry,ref=permitio/opal-client:latest | |
cache-to: type=inline | |
tags: | | |
permitio/opal-client:latest | |
permitio/opal-client:${{ env.opal_version_tag }} | |
- name: Build client-standalone | |
if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }} | |
id: build_push_client_standalone | |
uses: docker/build-push-action@v4 | |
with: | |
file: docker/Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
target: client-standalone | |
cache-from: type=registry,ref=permitio/opal-client-standalone:latest | |
cache-to: type=inline | |
tags: | | |
permitio/opal-client-standalone:latest | |
permitio/opal-client-standalone:${{ env.opal_version_tag }} | |
- name: Build server | |
if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }} | |
id: build_push_server | |
uses: docker/build-push-action@v4 | |
with: | |
file: docker/Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
target: server | |
cache-from: type=registry,ref=permitio/opal-server:latest | |
cache-to: type=inline | |
tags: | | |
permitio/opal-server:latest | |
permitio/opal-server:${{ env.opal_version_tag }} |