Skip to content
CI

Merge pull request #541 from RADAR-base/release-2.4.6 #709

Sign in to view logs

Merge pull request #541 from RADAR-base/release-2.4.6

Merge pull request #541 from RADAR-base/release-2.4.6 #709

Workflow file for this run

.github/workflows/main.yml at 1f13e19
# Continuous integration, including test and integration test
name: CI
# Run in master and dev branches and in all pull requests to those branches, as well as on workflow dispatch for downstream testing
on:
workflow_dispatch:
push:
branches: [ master, dev ]
pull_request:
branches: [ master, dev ]
env:
REGISTRY: ghcr.io
REPOSITORY: ${{ github.repository }}
IMAGES: >-
[{
'name': 'radar-appserver',
'build_file': 'Dockerfile',
'authors': 'Yatharth Ranjan <yatharth.ranjan@kcl.ac.uk>, Pauline Conde <pauline.conde@kcl.ac.uk>',
'description': 'RADAR-base appserver backend application',
'cache_keys_files': ['Dockerfile', '**/*.gradle.kts', 'gradle.properties', 'src/main/**']
}]
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v5
- uses: actions/setup-java@v5
with:
java-version: 17
distribution: temurin
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Compile code
run: ./gradlew assemble
# Use 'docker compose' instead of 'docker-compose' to use v2
- name: Setup docker services
run: |
sudo mkdir -p /usr/local/var/lib/radar/appserver/logs/
sudo chown -R $(whoami) /usr/local/var/lib/radar/appserver/logs
docker compose -f src/integrationTest/resources/docker/non_appserver/docker-compose.yml up -d
# Wait for services to start up.
sleep 50
- name: Install gpg secret key
run: |
cat <(echo -e "${{ secrets.GPG_SECRET_KEY }}") | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- name: Decrypt google application credentials
run: |
gpg --pinentry-mode loopback --local-user "Yatharth Ranjan" --batch --yes --passphrase "${{ secrets.GPG_SECRET_KEY_PASSPHRASE }}" --output src/integrationTest/resources/google-credentials.json --decrypt src/integrationTest/resources/google-credentials.enc.gpg
- name: Gradle check
run: GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/src/integrationTest/resources/google-credentials.json ./gradlew check
- name: Upload build artifacts
if: always()
uses: actions/upload-artifact@v4
with:
path: build/reports
if-no-files-found: ignore
retention-days: 5
# Build and test the code against the :dev docker image of parent repositories
test-downstream:
runs-on: ubuntu-latest
# FIXME: the tests against :dev fail and I cannot find out why. Since tests against current
# Management Portal main branch is ok, I disable this integration test.
if: false
# only run this on 'ready for review' PRs or when triggered by an upstream job
# if: github.event.pull_request.draft == false || github.event_name == 'workflow_dispatch'
steps:
- uses: actions/checkout@v5
- uses: actions/setup-java@v5
with:
java-version: 17
distribution: temurin
# Use 'docker compose' instead of 'docker-compose' to use v2
- name: Setup docker services (:dev)
run: |
sudo mkdir -p /usr/local/var/lib/radar/appserver/logs/
sudo chown -R $(whoami) /usr/local/var/lib/radar/appserver/logs
# call docker compose without args to include the override file
cd src/integrationTest/resources/docker/appserver_downstream
docker compose up -d
# Wait for services to start up.
sleep 50
- name: Install gpg secret key
run: |
cat <(echo -e "${{ secrets.GPG_SECRET_KEY }}") | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- name: Decrypt google application credentials
run: |
gpg --pinentry-mode loopback --local-user "Yatharth Ranjan" --batch --yes --passphrase "${{ secrets.GPG_SECRET_KEY_PASSPHRASE }}" --output src/integrationTest/resources/google-credentials.json --decrypt src/integrationTest/resources/google-credentials.enc.gpg
# Gradle check
- name: Check
run: GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/src/integrationTest/resources/google-credentials.json ./gradlew check
prepare-matrix:
name: Prepare Matrix Output
permissions: {}
runs-on: ubuntu-latest
outputs:
images: ${{ steps.step1.outputs.matrix }}
steps:
- name: Create Matrix Variable
id: step1
run: echo "matrix=${{ env.IMAGES }}" >> $GITHUB_OUTPUT
# Build and push tagged release backend docker image
docker:
needs: prepare-matrix
runs-on: ubuntu-latest
strategy:
matrix:
image: ${{ fromJson(needs.prepare-matrix.outputs.images ) }}
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v5
- name: Docker build parameters
id: docker_params
run: |
echo "::set-output name=has_docker_login::${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}"
if [ "${{ github.event_name == 'pull_request' }}" = "true" ]; then
echo "::set-output name=push::false"
echo "::set-output name=load::true"
echo "::set-output name=platforms::linux/amd64"
else
echo "::set-output name=push::true"
echo "::set-output name=load::false"
echo "::set-output name=platforms::linux/amd64,linux/arm64"
fi
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ matrix.image.name }}-${{ hashFiles(matrix.image.cache_key_files) }}
restore-keys: |
${{ runner.os }}-buildx-${{ matrix.image.name }}-
- name: Cache parameters
id: cache-parameters
run: |
if [ "${{ steps.cache_buildx.outputs.cache-hit }}" = "true" ]; then
echo "::set-output name=cache-to::"
else
echo "::set-output name=cache-to::type=local,dest=/tmp/.buildx-cache-new,mode=max"
fi
- name: Login to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Lowercase image name
run: |
echo "DOCKER_IMAGE=${REGISTRY}/${REPOSITORY,,}/${{ matrix.image.name }}" >>${GITHUB_ENV}
# Add Docker labels and tags
- name: Docker meta
id: docker_meta
uses: docker/metadata-action@v5
with:
images: ${{ env.DOCKER_IMAGE }}
# Setup docker build environment
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build backend docker and optionally push
uses: docker/build-push-action@v6
with:
context: .
file: ${{ matrix.image.build_file }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: ${{ steps.cache-parameters.outputs.cache-to }}
platforms: ${{ steps.docker_params.outputs.platforms }}
load: ${{ steps.docker_params.outputs.load }}
push: ${{ steps.docker_params.outputs.push }}
tags: ${{ steps.docker_meta.outputs.tags }}
# Use runtime labels from docker_meta as well as fixed labels
labels: |
${{ steps.docker_meta.outputs.labels }}
maintainer=${{ matrix.image.authors }}
org.opencontainers.image.description=${{ matrix.image.description }}
org.opencontainers.image.authors=${{ matrix.image.authors }}
org.opencontainers.image.vendor=RADAR-base
org.opencontainers.image.licenses=Apache-2.0
# Push the backend image on the dev and master branches
- name: Pull images
if: steps.docker_params.outputs.load == 'false'
run: docker pull ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
- name: Inspect docker images
run: |
docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move docker build cache
if: steps.cache_buildx.outputs.cache-hit != 'true'
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache