-
Notifications
You must be signed in to change notification settings - Fork 176
164 lines (145 loc) · 5.69 KB
/
on_release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
name: Build and publish to Docker Hub
on:
release:
# job will automatically run after a new "release" is create on github.
types: [created]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
dry_run:
description: 'If true, will not push the built images to docker hub.'
required: false
default: 'false'
jobs:
# this job will build, test and (potentially) push the docker images to docker hub
#
# BUILD PHASE:
# - will auto tag the image according to the release tag / `git describe`.
#
# TEST PHASE:
# - will run an e2e test with a modified docker compose.
# - queries OPA data to check its state matches an expected value.
# - state will match only if OPAL client successfully synced to OPAL server.
# - outputs the docker compose logs to more easily investigate errors.
#
# PUSH PHASE:
# - Runs only if test phase completes with no errors.
# - Pushes images (built at BUILD PHASE) to docker hub.
docker_build_and_publish:
runs-on: ubuntu-latest
steps:
# BUILD PHASE
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub
if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Get version tag from github release
if: github.event_name == 'release' && github.event.action == 'created'
run: |
echo "opal_version_tag=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
- name: Get version tag from git history
if: ${{ !(github.event_name == 'release' && github.event.action == 'created') }}
run: |
echo "opal_version_tag=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV
- name: Echo version tag
run: |
echo "The version tag that will be published to docker hub is: ${{ env.opal_version_tag }}"
- name: Build client for testing
id: build_client
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
push: false
target: client
cache-from: type=registry,ref=permitio/opal-client:latest
cache-to: type=inline
load: true
tags: |
permitio/opal-client:test
- name: Build client-standalone for testing
id: build_client_standalone
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
push: false
target: client-standalone
cache-from: type=registry,ref=permitio/opal-client-standalone:latest
cache-to: type=inline
load: true
tags: |
permitio/opal-client-standalone:test
- name: Build server for testing
id: build_server
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
push: false
target: server
cache-from: type=registry,ref=permitio/opal-server:latest
cache-to: type=inline
load: true
tags: |
permitio/opal-server:test
# TEST PHASE
- name: Create modified docker compose file
run: sed 's/:latest/:test/g' docker/docker-compose-example.yml > docker/docker-compose-test.yml
- name: Bring up stack
run: docker-compose -f docker/docker-compose-test.yml up -d
- name: Check if OPA is healthy
run: ./scripts/wait-for.sh -t 60 http://localhost:8181/v1/data/users -- sleep 10 && curl -s "http://localhost:8181/v1/data/users" | jq '.result.bob.location.country == "US"'
- name: Output container logs
run: docker-compose -f docker/docker-compose-test.yml logs
# PUSH PHASE
- name: Output local docker images
run: docker image ls --digests | grep opal
# pushes the *same* docker images that were previously tested as part of e2e sanity test.
# each image is pushed with the versioned tag first, if it succeeds the image is pushed with the latest tag as well.
- name: Build & Push client
id: build_push_client
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
target: client
cache-from: type=registry,ref=permitio/opal-client:latest
cache-to: type=inline
tags: |
permitio/opal-client:latest
permitio/opal-client:${{ env.opal_version_tag }}
- name: Build client-standalone
id: build_push_client_standalone
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
target: client-standalone
cache-from: type=registry,ref=permitio/opal-client-standalone:latest
cache-to: type=inline
tags: |
permitio/opal-client-standalone:latest
permitio/opal-client-standalone:${{ env.opal_version_tag }}
- name: Build server
id: build_push_server
uses: docker/build-push-action@v4
with:
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
target: server
cache-from: type=registry,ref=permitio/opal-server:latest
cache-to: type=inline
tags: |
permitio/opal-server:latest
permitio/opal-server:${{ env.opal_version_tag }}