Introduce Container‑based GitHub Action #423
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
to prepare Docker build and GH action as it contains HSC and all dependencies.
The primary goal is to provide a GitHub action. Additionally, we create and publish a multi-platform Docker image for usage in other scenarios (Standalone, GitLab CI, ...).
Execute the Docker integration test only if Docker is available.
Will only be pushed on successful build and test by GitHub workflow.
Switching off Docker push leads to ERROR: failed to build: docker exporter does not currently support exporting manifest lists
The integration test must run with a local image first
Locally we build for the respective platform and test with it. Then we build a multi-platform image and push that to the Registry.
Allow a push of the Docker image with additional tags to override or extend given images.
We only need the timestamped Docker images for some time to enable testing of certain builds.
and enable optional dry-run (default true)
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a container-based GitHub Action for HTML Sanity Check, enabling users to run HSC in CI/CD workflows through a published Docker image on GHCR. The implementation includes Docker multi-architecture builds, automated publishing, and GHCR cleanup workflows.
- Adds a new GitHub Action (
action.yml) that uses a Docker imageghcr.io/aim42/hsc:v2 - Implements Docker build infrastructure with multi-arch support (amd64/arm64) and automated publishing to GHCR
- Introduces automated cleanup workflow to manage old timestamped Docker images in GHCR
Reviewed Changes
Copilot reviewed 15 out of 17 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
action.yml |
New GitHub Action definition using Docker image with HSC entrypoint |
htmlSanityCheck-cli/Dockerfile |
Multi-stage Docker image based on Eclipse Temurin JRE Alpine |
htmlSanityCheck-cli/build.gradle |
Docker plugin configuration with multi-arch builds and tagging strategy |
htmlSanityCheck-cli/hsc.sh |
Shell entrypoint script for Docker container |
htmlSanityCheck-cli/src/main/groovy/org/aim42/htmlsanitycheck/cli/HscCommand.groovy |
Added --fail-on-errors CLI option |
.github/workflows/gradle-build.yml |
Added Docker image publishing and GitHub Action testing jobs |
.github/workflows/cleanup-ghcr.yml |
New workflow for cleaning up old GHCR image versions |
| Multiple files | Updated regex patterns to properly escape dots in URL exclusions |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Test Results123 files ±0 123 suites ±0 10m 4s ⏱️ - 2m 32s For more details on these failures, see this check. Results for commit 689d304. ± Comparison against base commit 9efca5e. This pull request removes 60 and adds 23 tests. Note that renamed tests count towards both.♻️ This comment has been updated with latest results. |
Co-authored-by: Copilot <[email protected]>
Building a multi-platform Docker image only works in cooperation with a remote registry, which implies a push. The image is not directly available in the local image store. A pull is necessary to make it locally available. For the GitHub Action test it was necessary to use the Git SHA as unique identifier for the system to be tested (its testing the Docker image which is used as GitHub action). Other identifiers provided no clear distinction as there could be other/older images with the same tag in the remote registry.
ascheman
force-pushed
the
feature/369-gh-action
branch
from
a51b419 to
675d6d7
Compare
On GH pull requests the `git branch --show-current` does not return the branch name. In this case we use the SHA tag (only) for Docker tagging.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds a first‑class, Docker‑based GitHub Action for HTML Sanity Check (HSC) and a reusable container image published to GHCR. It also introduces CI jobs to build, test, and publish multi‑arch Docker images and a scheduled workflow that cleans up old, timestamped image versions from GHCR.
What’s included
action.ymlruns usingdocker://ghcr.io/aim42/hsc:v2with entrypoint'/hsc.sh'.argsto pass through to the CLI (HscCommand).eclipse-temurin:21-jre-alpine.hsc.shentrypoint.linux/amd64,linux/arm64)..github/workflows/gradle-build.ymlnow:v2, and executes the new Action end‑to‑end as part of CI.workflow_dispatchinputadditional_tags..github/workflows/cleanup-ghcr.ymlremoves old timestamped or stale SHA‑only image versions (default retention 14 days), while protectinglatestandv*tags.Implementation Details
action.ymlruns.using: 'docker'with fixed imageghcr.io/aim42/hsc:v2andentrypoint: '/hsc.sh'.v3), the test ingradle-build.ymlmust be updated accordingly (inline comment present).htmlSanityCheck-cli/Dockerfileorg.opencontainers.image.descriptionandversion(ARG‑driven) for provenance.hsc.shto execjava -jar /hsc.jarwith passed arguments.htmlSanityCheck-cli/build.gradlecom.fussionlabs.gradle.docker-pluginfor Buildx.dockerTags):yyyyMMddHHmmssand sanitized branch name.main: also pushv<major>(for the Action) andlatest.-Ddocker.image.additional.tags.dockerBuildMulti;dockerPushdepends on it..github/workflows/gradle-build.ymltest-gh-actionpulls the branch image, tags it locally asghcr.io/aim42/hsc:v2, and runs the Action from this repo with sample args to validate end‑to‑end behavior.publish-docker-imagesuses the Gradle taskdockerPushwith Buildx multi‑arch and GitHub Packages auth viaGITHUB_TOKEN..github/workflows/cleanup-ghcr.ymlyyyyMMddHHmmss) is older than cutoff, orcreated_at/updated_atis older than cutoff, orlatestorv\d+tags.Usage
In GitHub Actions (recommended)
<ref>with a tag, branch, or commit SHA of this repository.ghcr.io/aim42/hsc:v2under the hood.As a standalone Docker image
docker run --rm \ -v "$PWD:/work" \ -w /work \ ghcr.io/aim42/hsc:v2 \ -r build/hsc-report path/to/site \ --fail-on-errorsWhy this change
Backward compatibility
Security and Permissions
GITHUB_TOKENwithpackages: write.main(or via manual dispatch) and skips protected tags (latest,v*).Testing
test-gh-actionvalidates the Action end‑to‑end using a locally retagged image matchingv2.Follow‑ups
v3) inaction.ymland the test workflow.action.yml.Issues