Skip to content

Commit 059bdb1

Browse files
authored
ci: improve Docker CI pipeline dispatched on PRs (#52)
1 parent eb9df9d commit 059bdb1

File tree

18 files changed

+96
-38
lines changed

18 files changed

+96
-38
lines changed

.github/semantic-release/release.sh

Lines changed: 7 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2,26 +2,23 @@
22

33
set -Eeuo pipefail
44

5-
SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
6-
75
RELEASE_VERSION=$1
86
RELEASE_CHANNEL=${2:-'default'}
97

8+
if [[ -z "$ROOT_PROJECT_DIR" ]]; then
9+
echo 'Error: environment variable "ROOT_PROJECT_DIR" is not set.'
10+
exit 1
11+
fi
12+
13+
cd "$ROOT_PROJECT_DIR/src/main"
14+
1015
export REGISTRY='docker.io'
11-
export BUILD_CONTEXT="$SCRIPT_DIR"
1216
export IMAGE_VERSION="$RELEASE_VERSION"
1317

1418
# The default channel binds to the default Git branch (i.e. "main")
1519
# If we release from "main" branch -> we add the "latest" tag
1620
IS_LATEST_RELEASE="$([ "$RELEASE_CHANNEL" == 'default' ] && echo 'true' || echo 'false')"
1721
export IS_LATEST_RELEASE
1822

19-
if [[ -z "$ROOT_PROJECT_DIR" ]]; then
20-
echo 'Error: environment variable "ROOT_PROJECT_DIR" is not set.'
21-
exit 1
22-
fi
23-
24-
cd "$ROOT_PROJECT_DIR/src"
25-
2623
docker buildx bake release --print
2724
docker buildx bake release --push

.github/workflows/ci.yml

Lines changed: 7 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,6 @@ on:
1111

1212
permissions: {}
1313

14-
# TODO: rework CI - Use the test.sh script and rely on the generated tag
15-
# TODO: fail if container run fails
1614
# TODO: do we want to test multi-arch build?
1715
# TODO: what about cache?
1816
jobs:
@@ -25,9 +23,6 @@ jobs:
2523
contents: read
2624
security-events: write # Required to upload found security gaps
2725

28-
env:
29-
IMAGE_TAG: 'djaytan/papermc-server:${{ github.sha }}'
30-
3126
steps:
3227
# Firewall rules:
3328
# -> "*.github.com": Standard interactions with GitHub
@@ -37,6 +32,8 @@ jobs:
3732
# -> "*.ubuntu.com": Standard interactions with Ubuntu APT repositories
3833
# -> "api.papermc.io": Dynamic retrieval of the PaperMC server
3934
# -> "mirror.gcr.io": Downloading of the Trivy security scanner
35+
# -> "piston-data.mojang.com": Downloading of the Mojang server
36+
# -> "api.minecraftservices.com": Downloading Yggdrasil public key for Reobfuscation
4037
- name: Harden runner
4138
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
4239
with:
@@ -55,6 +52,8 @@ jobs:
5552
security.ubuntu.com:80
5653
api.papermc.io:443
5754
mirror.gcr.io:443
55+
piston-data.mojang.com:443
56+
api.minecraftservices.com:443
5857
5958
- name: Checkout repository
6059
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -67,17 +66,13 @@ jobs:
6766
username: ${{ vars.DOCKERHUB_USERNAME }}
6867
password: ${{ secrets.DOCKERHUB_TOKEN }}
6968

70-
- name: Build
71-
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
72-
with:
73-
context: src/
74-
tags: ${{ env.IMAGE_TAG }}
75-
load: true # Load into daemon for test usage in next step
69+
- name: Build & Test
70+
run: src/test/build-and-test.sh
7671

7772
- name: Run Trivy vulnerability scanner
7873
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # 0.30.0
7974
with:
80-
image-ref: ${{ env.IMAGE_TAG }}
75+
image-ref: djaytan/papermc-server:dev
8176
format: sarif
8277
output: results.sarif
8378

src/Dockerfile renamed to src/main/Dockerfile

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ RUN apt-get update && \
3838
apt-get clean
3939

4040
# Retrieve latest Paper server for the given version
41-
COPY --chmod=500 build/get-papermc-server.sh .
41+
COPY --chmod=500 get-papermc-server.sh .
4242
RUN ./get-papermc-server.sh "$MINECRAFT_VERSION"
4343

4444
FROM docker.io/eclipse-temurin:21-jre-noble@sha256:3ef64ec531571987f58ccc90bd3d7f92950539f1baa00a5c45b660d6faccf37d
@@ -68,7 +68,6 @@ WORKDIR /home/papermc
6868
COPY --from=build --chown=papermc --chmod=500 /build/papermc-server-*.jar ./
6969

7070
# Copy license file
71-
# TODO: rely on named build context instead: https://docs.docker.com/build/concepts/context/#named-contexts
7271
ADD --chmod=444 https://raw.githubusercontent.com/Djaytan/docker-papermc-server/refs/heads/main/LICENSE.md .
7372

7473
# Copy the configuration files
@@ -85,3 +84,5 @@ EXPOSE 25565/tcp
8584
EXPOSE 25565/udp
8685

8786
ENTRYPOINT ["./start.sh"]
87+
88+
# TODO: healthcheck
File renamed without changes.
File renamed without changes.
File renamed without changes.

0 commit comments

Comments
 (0)