diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml index 3c3629ef98..51b96e2cd8 100644 --- a/.github/workflows/pre-release.yaml +++ b/.github/workflows/pre-release.yaml @@ -23,6 +23,14 @@ jobs: with: ref: ${{ github.ref }} + build-docker-image: + name: build ucm docker image + uses: ./.github/workflows/ucm-docker-image.yaml + needs: + - bundle-ucm + with: + is_release: false + release: name: create release runs-on: ubuntu-20.04 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4cac97eacb..69600acc83 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -21,6 +21,15 @@ jobs: with: ref: ${{github.ref}} + build-docker-image: + name: build ucm docker image + uses: ./.github/workflows/ucm-docker-image.yaml + needs: + - bundle-ucm + with: + version: ${{inputs.version}} + is_release: true + release: name: create release runs-on: ubuntu-20.04 @@ -57,3 +66,51 @@ jobs: --notes-start-tag "${prev_tag}" \ \ /tmp/ucm/**/ucm-*.{zip,tar.gz} + + + # Configure Docker's builder, + # This seems necessary to support docker cache layers. + - name: Setup Docker buildx + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + + # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. + - name: Log in to the Container registry + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 + with: + registry: ${{ env.container_registry }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.container_registry }}/${{ env.docker_image_name }} + tags: | + type=schedule + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=sha,format=long + + + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. + # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. + # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. + - name: Build and push Docker image + id: push + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: ./docker/ + push: ${{ env.is_published_build }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + # Use github actions cache for docker image layers + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: | + SHARE_COMMIT=${{ github.sha }} + # Save image locally for use in tests even if we don't push it. + outputs: type=docker,dest=/tmp/share-docker-image.tar # export docker image + diff --git a/.github/workflows/ucm-docker-image.yaml b/.github/workflows/ucm-docker-image.yaml new file mode 100644 index 0000000000..634d509b84 --- /dev/null +++ b/.github/workflows/ucm-docker-image.yaml @@ -0,0 +1,107 @@ +name: build and push ucm docker image + +# Build docker image containing ucm executable +# Push to the github docker image repo (a.k.a. 'packages') + +on: + workflow_call: + inputs: + version: + description: Semver version of the release. E.g. 0.5.19 + type: string + required: false + is_release: + description: Whether this is a release build. + type: boolean + required: false + default: false + + push: + branches: + - cp/test-ucm-docker-image + +jobs: + docker-image: + name: Build and push ucm docker image + runs-on: ubuntu-20.04 + + # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. + permissions: + contents: read + # Allow uploading the docker image to the container registry + packages: write + # Allow creating and updating the artifact attestation + attestations: write + # Required to get user information for building attestations + id-token: write + + env: + container_registry: ghcr.io + docker_image_name: ${{ github.repository }} + + + steps: + - uses: actions/checkout@v4 + + - name: Download ucm executable and ucm UI + uses: actions/download-artifact@v4 + with: + name: bundle-linux + github-token: ${{ secrets.GITHUB_TOKEN }} + run-id: 8975410616 + path: ./tmp/downloads + + - name: Unpack ucm bundle tar + run: | + ls -lah ./tmp/downloads + mkdir -p ./tmp/ucm + tar -xvf ./tmp/downloads/ucm-*.tar.gz -C ./tmp/ucm + ls -lah ./tmp/ucm + + # Configure Docker's builder, + # This seems necessary to support docker cache layers. + - name: Setup Docker buildx + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + + # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. + - name: Log in to the Container registry + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 + with: + registry: ${{ env.container_registry }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.container_registry }}/${{ env.docker_image_name }} + flavor: | + # We tag latest manually below. + latest=false + tags: | + type=schedule + type=raw,value=v0.5.19,enable=true + type=ref,event=tag + type=sha,format=long + # set latest tag for pushes to trunk + type=raw,value=latest,enable=true + type=raw,value=nightly,enable=false + + + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. + # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. + # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. + - name: Build and push Docker image + id: push + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: ./ + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + # Use github actions cache for docker image layers + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/Dockerfile b/Dockerfile index 14aa55ca46..fe3c8617d9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,15 +9,14 @@ RUN apt-get update && \ update-locale LANG=en_US.UTF-8 -COPY tmp/ucm/ucm /usr/local/bin/ucm -COPY tmp/ucm/ui /usr/local/share/ucm +COPY tmp/ucm/ /usr/local/bin/ucm/ ENV UCM_WEB_UI=/usr/local/share/ucm ENV UCM_PORT=8080 ENV UCM_TOKEN=pub -RUN chmod 555 /usr/local/bin/ucm +RUN chmod 555 /usr/local/bin/ucm/ucm EXPOSE 8080 -ENTRYPOINT ["/usr/local/bin/ucm"] -CMD ["--codebase","/unison"] +ENTRYPOINT ["/usr/local/bin/ucm/ucm"] +CMD ["--codebase-create","/codebase"]