create reusable workflow for docker build

mrmoonl1ght94 · mrmoonl1ght94 · commit 9a5ff394d9ac · 2024-10-08T02:02:36.000+04:00
diff --git a/.github/workflows/branch-deploy.yml b/.github/workflows/branch-deploy.yml
@@ -2,7 +2,6 @@ name: "Infra: Feature Testing: Init env"
 
 on:
   workflow_dispatch:
-
   pull_request:
     types: ['labeled']
 
@@ -19,61 +18,42 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           token: ${{ github.token }}
+
       - name: get branch name
         id: extract_branch
         run: |
           tag='pr${{ github.event.pull_request.number }}'
           echo "tag=${tag}" >> $GITHUB_OUTPUT
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
           java-version: '17'
           distribution: 'zulu'
           cache: 'maven'
+
       - name: Build
         id: build
         run: |
           ./mvnw -B -ntp versions:set -DnewVersion=$GITHUB_SHA
           ./mvnw -B -V -ntp clean package -Pprod -DskipTests
           export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Cache Docker layers
-        uses: actions/cache@v4
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-
-      - name: Configure AWS credentials for Kafka-UI account
-        uses: aws-actions/configure-aws-credentials@v4
+
+      - name: Build and Push Docker Image
+        uses: ./.github/workflows/build-docker
         with:
+          tag: ${{ steps.extract_branch.outputs.tag }}
+          version: ${{ steps.build.outputs.version }}
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: eu-central-1
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
-      - name: Build and push
-        id: docker_build_and_push
-        uses: docker/build-push-action@v5
-        with:
-          builder: ${{ steps.buildx.outputs.name }}
-          context: api
-          push: true
-          tags: 297478128798.dkr.ecr.eu-central-1.amazonaws.com/kafka-ui:${{ steps.extract_branch.outputs.tag }}
-          build-args: |
-            JAR_FILE=api-${{ steps.build.outputs.version }}.jar
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
+          repository: 297478128798.dkr.ecr.eu-central-1.amazonaws.com/kafka-ui
+          build-context: api
+
     outputs:
       tag: ${{ steps.extract_branch.outputs.tag }}
+
   make-branch-env:
     needs: build
     runs-on: ubuntu-latest
@@ -89,7 +69,7 @@ jobs:
           git config --global user.email "infra@kafbat.io"
           git config --global user.name "infra-tech"
           git add ../kafka-ui-from-branch/
-          git commit -m "added env:${{ needs.build.outputs.deploy }}" && git push || true
+          git commit -m "added env:${{ needs.build.outputs.tag }}" && git push || true
 
       - name: update status check for private deployment
         if: ${{ github.event.label.name == 'status/feature_testing' }}
@@ -98,7 +78,7 @@ jobs:
           authToken: ${{secrets.GITHUB_TOKEN}}
           context: "Click Details button to open custom deployment page"
           state: "success"
-          sha: ${{ github.event.pull_request.head.sha  || github.sha }}
+          sha: ${{ github.event.pull_request.head.sha || github.sha }}
           target_url: "http://${{ needs.build.outputs.tag }}.internal.ui.kafbat.dev"
 
       - name: update status check for public deployment
@@ -108,5 +88,5 @@ jobs:
           authToken: ${{secrets.GITHUB_TOKEN}}
           context: "Click Details button to open custom deployment page"
           state: "success"
-          sha: ${{ github.event.pull_request.head.sha  || github.sha }}
+          sha: ${{ github.event.pull_request.head.sha || github.sha }}
           target_url: "http://${{ needs.build.outputs.tag }}.internal.ui.kafbat.dev"
diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
@@ -0,0 +1,61 @@
+name: 'Docker Build and Push'
+description: 'Build Docker image and push to ECR'
+
+inputs:
+  tag:
+    description: 'Tag from branch name or PR number'
+    required: true
+  version:
+    description: 'Version for the Docker image'
+    required: true
+  aws-access-key-id:
+    description: 'AWS Access Key ID'
+    required: true
+    secret: true
+  aws-secret-access-key:
+    description: 'AWS Secret Access Key'
+    required: true
+    secret: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Cache Docker layers
+      uses: actions/cache@v4
+      with:
+        path: /tmp/.buildx-cache
+        key: ${{ runner.os }}-buildx-${{ github.sha }}
+        restore-keys: |
+          ${{ runner.os }}-buildx-
+
+    - name: Configure AWS credentials for Kafka-UI account
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ inputs.aws-access-key-id }}
+        aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
+        aws-region: us-east-1
+
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2
+      with:
+        registry-type: 'public'
+
+    - name: Build and push Docker image
+      id: docker_build_and_push
+      uses: docker/build-push-action@v5
+      with:
+        builder: ${{ steps.buildx.outputs.name }}
+        context: api
+        tags: public.ecr.aws/kafbat/kafka-ui-custom-build:${{ inputs.tag }}
+        build-args: |
+          JAR_FILE=api-${{ inputs.version }}.jar
+        cache-from: type=local,src=/tmp/.buildx-cache
+        cache-to: type=local,dest=/tmp/.buildx-cache
diff --git a/.github/workflows/build-public-image.yml b/.github/workflows/build-public-image.yml
@@ -17,59 +17,34 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           token: ${{ github.token }}
+
       - name: get branch name
         id: extract_branch
         run: |
           tag='${{ github.event.pull_request.number }}'
           echo "tag=${tag}" >> $GITHUB_OUTPUT
+
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
           java-version: '17'
           distribution: 'zulu'
           cache: 'maven'
+
       - name: Build
         id: build
         run: |
           ./mvnw -B -ntp versions:set -DnewVersion=$GITHUB_SHA
           ./mvnw -B -V -ntp clean package -Pprod -DskipTests
           export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Cache Docker layers
-        uses: actions/cache@v4
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-
-      - name: Configure AWS credentials for Kafka-UI account
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-east-1
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
-        with:
-          registry-type: 'public'
-      - name: Build and push
-        id: docker_build_and_push
-        uses: docker/build-push-action@v5
+
+      - name: Build and Test Docker Image
+        uses: ./.github/workflows/build-docker
         with:
-          builder: ${{ steps.buildx.outputs.name }}
-          context: api
-          push: true
-          tags: public.ecr.aws/kafbat/kafka-ui-custom-build:${{ steps.extract_branch.outputs.tag }}
-          build-args: |
-            JAR_FILE=api-${{ steps.build.outputs.version }}.jar
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
+          tag: ${{ steps.extract_branch.outputs.tag }}
+          version: ${{ steps.build.outputs.version }}
+
       - name: make comment with private deployment link
         uses: peter-evans/create-or-update-comment@v4
         with:
diff --git a/.github/workflows/cve_checks.yml b/.github/workflows/cve_checks.yml
@@ -1,4 +1,5 @@
 name: "Infra: CVE checks"
+
 on:
   workflow_dispatch:
   schedule:
@@ -17,6 +18,12 @@ jobs:
         with:
           token: ${{ github.token }}
 
+      - name: get branch name
+        id: extract_branch
+        run: |
+          tag='build-${{ github.sha }}'
+          echo "tag=${tag}" >> $GITHUB_OUTPUT
+
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
@@ -32,34 +39,16 @@ jobs:
           export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Cache Docker layers
-        uses: actions/cache@v4
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-
-
-      - name: Build docker image
-        uses: docker/build-push-action@v5
+      - name: Build Docker Image
+        uses: ./.github/workflows/build-docker
         with:
-          builder: ${{ steps.buildx.outputs.name }}
-          context: api
-          platforms: linux/amd64
-          push: false
-          load: true
-          tags: |
-            ghcr.io/kafbat/kafka-ui:${{ steps.build.outputs.version }}
-          build-args: |
-            JAR_FILE=api-${{ steps.build.outputs.version }}.jar
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
+          tag: ${{ steps.extract_branch.outputs.tag }}
+          version: ${{ steps.build.outputs.version }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-central-1
+          repository: ghcr.io/kafbat/kafka-ui
+          build-context: api
 
       - name: Run CVE checks
         uses: aquasecurity/trivy-action@0.19.0
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,7 +1,7 @@
 name: "Main: Build & deploy"
+
 on:
   workflow_dispatch:
-
   push:
     branches: [ "main" ]
 
@@ -37,21 +37,16 @@ jobs:
           export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
 
-      # docker images
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Cache Docker layers
-        uses: actions/cache@v4
+      - name: Build & Push Docker Image
+        uses: ./.github/workflows/build-docker
         with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-
+          tag: ${{ steps.build.outputs.version }}
+          version: ${{ steps.build.outputs.version }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-central-1
+          repository: ghcr.io/kafbat/kafka-ui
+          build-context: api
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
@@ -60,19 +55,7 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build & push docker image
-        id: docker_build_and_push
-        uses: docker/build-push-action@v5
-        with:
-          builder: ${{ steps.buildx.outputs.name }}
-          context: api
-          platforms: linux/amd64,linux/arm64
-          provenance: false
-          push: true
-          tags: |
-            ghcr.io/kafbat/kafka-ui:${{ steps.build.outputs.version }}
-            ghcr.io/kafbat/kafka-ui:main
-          build-args: |
-            JAR_FILE=api-${{ steps.build.outputs.version }}.jar
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
+      - name: Push additional tag for main branch
+        run: |
+          docker tag ghcr.io/kafbat/kafka-ui:${{ steps.build.outputs.version }} ghcr.io/kafbat/kafka-ui:main
+          docker push ghcr.io/kafbat/kafka-ui:main
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
