Skip to content

create reusable workflow for docker build #584

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 7 commits into from
Closed

create reusable workflow for docker build #584

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
9a5ff39
create reusable workflow for docker build
mrmoonl1ght94 Oct 7, 2024
5b83013
updated for main branch
mrmoonl1ght94 Oct 8, 2024
8e0c4db
little fix
mrmoonl1ght94 Oct 8, 2024
80ba959
Merge branch 'main' of https://github.com/kafbat/kafka-ui into issues…
mrmoonl1ght94 Oct 8, 2024
a95d40d
update main
mrmoonl1ght94 Oct 8, 2024
c65eab3
add some fixes
mrmoonl1ght94 Oct 8, 2024
3a10b77
update docker_build.yml
mrmoonl1ght94 Oct 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 15 additions & 35 deletions .github/workflows/branch-deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ name: "Infra: Feature Testing: Init env"

on:
workflow_dispatch:

pull_request:
types: ['labeled']

Expand All @@ -19,61 +18,42 @@ jobs:
with:
ref: ${{ github.event.pull_request.head.sha }}
token: ${{ github.token }}

- name: get branch name
id: extract_branch
run: |
tag='pr${{ github.event.pull_request.number }}'
echo "tag=${tag}" >> $GITHUB_OUTPUT
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'zulu'
cache: 'maven'

- name: Build
Copy link
Member

@Haarolean Haarolean Oct 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

an action like this is present in 4 workflows:

id: build
run: |
./mvnw -B -ntp versions:set -DnewVersion=$GITHUB_SHA
./mvnw -B -V -ntp clean package -Pprod -DskipTests
export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
echo "version=${VERSION}" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Configure AWS credentials for Kafka-UI account
uses: aws-actions/configure-aws-credentials@v4

- name: Build and Push Docker Image
uses: ./.github/workflows/docker_build
with:
tag: ${{ steps.extract_branch.outputs.tag }}
version: ${{ steps.build.outputs.version }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-central-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build and push
id: docker_build_and_push
uses: docker/build-push-action@v5
with:
builder: ${{ steps.buildx.outputs.name }}
context: api
push: true
tags: 297478128798.dkr.ecr.eu-central-1.amazonaws.com/kafka-ui:${{ steps.extract_branch.outputs.tag }}
build-args: |
JAR_FILE=api-${{ steps.build.outputs.version }}.jar
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
repository: 297478128798.dkr.ecr.eu-central-1.amazonaws.com/kafka-ui
Copy link
Member

@Haarolean Haarolean Oct 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need this? There's already an env var ECR_REGISTRY = public.ecr.aws/s0v8j8q9

build-context: api

outputs:
tag: ${{ steps.extract_branch.outputs.tag }}

make-branch-env:
needs: build
runs-on: ubuntu-latest
Expand All @@ -89,7 +69,7 @@ jobs:
git config --global user.email "[email protected]"
git config --global user.name "infra-tech"
git add ../kafka-ui-from-branch/
git commit -m "added env:${{ needs.build.outputs.deploy }}" && git push || true
git commit -m "added env:${{ needs.build.outputs.tag }}" && git push || true

- name: update status check for private deployment
if: ${{ github.event.label.name == 'status/feature_testing' }}
Expand All @@ -98,7 +78,7 @@ jobs:
authToken: ${{secrets.GITHUB_TOKEN}}
context: "Click Details button to open custom deployment page"
state: "success"
sha: ${{ github.event.pull_request.head.sha || github.sha }}
sha: ${{ github.event.pull_request.head.sha || github.sha }}
target_url: "http://${{ needs.build.outputs.tag }}.internal.ui.kafbat.dev"

- name: update status check for public deployment
Expand All @@ -108,5 +88,5 @@ jobs:
authToken: ${{secrets.GITHUB_TOKEN}}
context: "Click Details button to open custom deployment page"
state: "success"
sha: ${{ github.event.pull_request.head.sha || github.sha }}
sha: ${{ github.event.pull_request.head.sha || github.sha }}
target_url: "http://${{ needs.build.outputs.tag }}.internal.ui.kafbat.dev"
43 changes: 9 additions & 34 deletions .github/workflows/build-public-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,59 +17,34 @@ jobs:
with:
ref: ${{ github.event.pull_request.head.sha }}
token: ${{ github.token }}

- name: get branch name
id: extract_branch
run: |
tag='${{ github.event.pull_request.number }}'
echo "tag=${tag}" >> $GITHUB_OUTPUT

- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'zulu'
cache: 'maven'

- name: Build
id: build
run: |
./mvnw -B -ntp versions:set -DnewVersion=$GITHUB_SHA
./mvnw -B -V -ntp clean package -Pprod -DskipTests
export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
echo "version=${VERSION}" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Configure AWS credentials for Kafka-UI account
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: 'public'
- name: Build and push
id: docker_build_and_push
uses: docker/build-push-action@v5

- name: Build and Test Docker Image
uses: ./.github/workflows/docker_build
with:
builder: ${{ steps.buildx.outputs.name }}
context: api
push: true
tags: public.ecr.aws/kafbat/kafka-ui-custom-build:${{ steps.extract_branch.outputs.tag }}
build-args: |
JAR_FILE=api-${{ steps.build.outputs.version }}.jar
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
tag: ${{ steps.extract_branch.outputs.tag }}
version: ${{ steps.build.outputs.version }}

- name: make comment with private deployment link
uses: peter-evans/create-or-update-comment@v4
with:
Expand Down
43 changes: 16 additions & 27 deletions .github/workflows/cve_checks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
name: "Infra: CVE checks"

on:
workflow_dispatch:
schedule:
Expand All @@ -17,6 +18,12 @@ jobs:
with:
token: ${{ github.token }}

- name: get branch name
id: extract_branch
run: |
tag='build-${{ github.sha }}'
echo "tag=${tag}" >> $GITHUB_OUTPUT

- name: Set up JDK
uses: actions/setup-java@v4
with:
Expand All @@ -32,34 +39,16 @@ jobs:
export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
echo "version=${VERSION}" >> $GITHUB_OUTPUT

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-

- name: Build docker image
uses: docker/build-push-action@v5
- name: Build Docker Image
uses: ./.github/workflows/docker_build
with:
builder: ${{ steps.buildx.outputs.name }}
context: api
platforms: linux/amd64
push: false
load: true
tags: |
ghcr.io/kafbat/kafka-ui:${{ steps.build.outputs.version }}
build-args: |
JAR_FILE=api-${{ steps.build.outputs.version }}.jar
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
tag: ${{ steps.extract_branch.outputs.tag }}
version: ${{ steps.build.outputs.version }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
Copy link
Member

@Haarolean Haarolean Oct 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks redundant since there's an existing secret AWS_ROLE

aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-central-1
repository: ghcr.io/kafbat/kafka-ui
Copy link
Member

@Haarolean Haarolean Oct 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

given there are aws-related properties above, this looks like it should be AWS-related, why ghcr.io?

build-context: api

- name: Run CVE checks
uses: aquasecurity/[email protected]
Expand Down
5 changes: 1 addition & 4 deletions .github/workflows/docker_build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
ref: ${{ inputs.sha }}
token: ${{ github.token }}

- name: Download maven artifacts
Expand All @@ -44,9 +44,6 @@ jobs:
restore-keys: |
${{ runner.os }}-buildx-

# Build multi platform images and loading them at the same time is not possible with default container runtime : https://github.com/docker/buildx/issues/59
# So let's use containerd instead as it supports this option
# Also containerd is one of the option to allow preserving provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
- name: Setup docker with containerd
uses: crazy-max/ghaction-setup-docker@v3
with:
Expand Down
8 changes: 5 additions & 3 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
name: "Main: Build & deploy"

on:
workflow_dispatch:

push:
branches: [ "main" ]

permissions:
contents: read

jobs:
jar-build:
jar-jar-build:
runs-on: ubuntu-latest

permissions:
Expand All @@ -22,7 +22,7 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
ref: ${{ github.sha }}
token: ${{ github.token }}

- name: Set up JDK
Expand All @@ -40,6 +40,8 @@ jobs:
export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
echo "version=${VERSION}" >> $GITHUB_OUTPUT

- name: Upload jar
uses: actions/upload-artifact@v4
- name: Upload jar
uses: actions/upload-artifact@v4
with:
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
name: "Infra: Release"

on:
release:
types: [ published ]
Expand All @@ -18,7 +19,7 @@ jobs:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
ref: ${{ github.sha }}
token: ${{ github.token }}

- run: |
Expand Down Expand Up @@ -67,7 +68,7 @@ jobs:
needs: [release, docker-build]
permissions:
packages: write
id-token: write # Required to authenticate with OIDC for AWS
id-token: write
uses: ./.github/workflows/docker_publish.yml
secrets: inherit
with:
Expand Down
Loading