updated for main branch

mrmoonl1ght94 · mrmoonl1ght94 · commit 5b83013c6eda · 2024-10-08T21:09:05.000+04:00
diff --git a/.github/workflows/branch-deploy.yml b/.github/workflows/branch-deploy.yml
@@ -41,7 +41,7 @@ jobs:
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
 
       - name: Build and Push Docker Image
-        uses: ./.github/workflows/build-docker
+        uses: ./.github/workflows/docker_build
         with:
           tag: ${{ steps.extract_branch.outputs.tag }}
           version: ${{ steps.build.outputs.version }}
diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
diff --git a/.github/workflows/build-public-image.yml b/.github/workflows/build-public-image.yml
@@ -40,7 +40,7 @@ jobs:
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
 
       - name: Build and Test Docker Image
-        uses: ./.github/workflows/build-docker
+        uses: ./.github/workflows/docker_build
         with:
           tag: ${{ steps.extract_branch.outputs.tag }}
           version: ${{ steps.build.outputs.version }}
diff --git a/.github/workflows/cve_checks.yml b/.github/workflows/cve_checks.yml
@@ -40,7 +40,7 @@ jobs:
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
 
       - name: Build Docker Image
-        uses: ./.github/workflows/build-docker
+        uses: ./.github/workflows/docker_build
         with:
           tag: ${{ steps.extract_branch.outputs.tag }}
           version: ${{ steps.build.outputs.version }}
diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml
@@ -0,0 +1,84 @@
+name: "Docker build"
+
+on:
+  workflow_call:
+    inputs:
+      sha:
+        required: true
+        type: string
+      version:
+        required: true
+        type: string
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.sha }}
+          token: ${{ github.token }}
+
+      - name: Download maven artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: kafbat-ui-${{ inputs.version }}
+          path: api/target
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ inputs.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Setup docker with containerd
+        uses: crazy-max/ghaction-setup-docker@v3
+        with:
+          daemon-config: |
+            {
+                "features": {
+                "containerd-snapshotter": true
+                }
+            }
+
+      - name: Build docker image
+        id: docker_build
+        uses: docker/build-push-action@v5
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: api
+          platforms: linux/amd64,linux/arm64
+          provenance: mode=min
+          sbom: true
+          push: false
+          load: true
+          tags: |
+            kafka-ui:temp
+          build-args: |
+            JAR_FILE=api-${{ inputs.version }}.jar
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+
+      - name: Dump docker image
+        run: |
+          docker image save kafka-ui:temp > /tmp/image.tar
+
+      - name: Upload docker image
+        uses: actions/upload-artifact@v4
+        with:
+          name: image
+          path: /tmp/image.tar
+          retention-days: 1
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -9,17 +9,20 @@ permissions:
   contents: read
 
 jobs:
-  build:
+  jar-build:
     runs-on: ubuntu-latest
+
     permissions:
       contents: read
-      packages: write
+
+    outputs:
+      version: ${{steps.build.outputs.version}}
 
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.event.pull_request.head.sha }}
+          ref: ${{ github.sha }}  # Используем входной параметр sha
           token: ${{ github.token }}
 
       - name: Set up JDK
@@ -37,25 +40,30 @@ jobs:
           export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
 
-      - name: Build & Push Docker Image
-        uses: ./.github/workflows/build-docker
+      - name: Upload jar
+        uses: actions/upload-artifact@v4
         with:
-          tag: ${{ steps.build.outputs.version }}
-          version: ${{ steps.build.outputs.version }}
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: eu-central-1
-          repository: ghcr.io/kafbat/kafka-ui
-          build-context: api
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          name: kafbat-ui-${{ steps.build.outputs.version }}
+          path: api/target/api-${{ steps.build.outputs.version }}.jar
+          retention-days: 1
 
-      - name: Push additional tag for main branch
-        run: |
-          docker tag ghcr.io/kafbat/kafka-ui:${{ steps.build.outputs.version }} ghcr.io/kafbat/kafka-ui:main
-          docker push ghcr.io/kafbat/kafka-ui:main
+  docker-build:
+    needs: jar-build
+    permissions:
+      contents: read
+    uses: ./.github/workflows/docker_build.yml
+    secrets: inherit
+    with:
+      sha: ${{ github.sha }}
+      version: ${{ needs.jar-build.outputs.version }}
+
+  docker-deploy:
+    needs: [ jar-build, docker-build ]
+    permissions:
+      packages: write
+      id-token: write
+    uses: ./.github/workflows/docker_publish.yml
+    secrets: inherit
+    with:
+      version: ${{ needs.jar-build.outputs.version }}
+      generic_tag: main
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -19,7 +19,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
+          ref: ${{ github.sha }}
           token: ${{ github.token }}
 
       - run: |
@@ -54,17 +54,26 @@ jobs:
           name: kafbat-ui-${{ steps.build.outputs.version }}
           path: api/target/api-${{ steps.build.outputs.version }}.jar
 
-      # Docker images
-      - name: Build & Push Docker Image
-        uses: ./.github/workflows/build-docker
-        with:
-          tag: ${{ steps.build.outputs.version }}
-          version: ${{ steps.build.outputs.version }}
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: eu-central-1
-          repository: ghcr.io/kafbat/kafka-ui
-          build-context: api
+  docker-build:
+    needs: release
+    permissions:
+      contents: read
+    uses: ./.github/workflows/docker_build.yml
+    secrets: inherit
+    with:
+      sha: ${{ github.sha }}
+      version: ${{ needs.release.outputs.version }}
+
+  docker-deploy:
+    needs: [release, docker-build]
+    permissions:
+      packages: write
+      id-token: write
+    uses: ./.github/workflows/docker_publish.yml
+    secrets: inherit
+    with:
+      version: ${{ needs.release.outputs.version }}
+      generic_tag: latest
 
   charts:
     runs-on: ubuntu-latest
