Skip to content
Docker build

Remove need to provide client secret when creating workspace and remove Directory.Read.All Dependency from automation admin #11218

Sign in to view logs

Remove need to provide client secret when creating workspace and remove Directory.Read.All Dependency from automation admin

Remove need to provide client secret when creating workspace and remove Directory.Read.All Dependency from automation admin #11218

Workflow file for this run

.github/workflows/build_docker_images.yml at 25e3789
---
name: Docker build
on: # yamllint disable-line rule:truthy
pull_request:
branches:
- main
- "feature/**"
workflow_dispatch:
# for each ref (branch/pr) run just the most recent, cancel
# other pending/running ones
concurrency:
group: "${{ github.workflow }}-${{ github.head_ref }}"
cancel-in-progress: true
permissions:
contents: read
jobs:
docker_build:
name: Build images
runs-on: ubuntu-latest
permissions:
contents: read
actions: write # For uploading artifacts
pull-requests: read # For path filter
steps:
- name: Upload Event File
# this step is required to publish test results from forks
uses: actions/upload-artifact@v6
with:
name: Event File
path: ${{ github.event_path }}
- name: Checkout
uses: actions/checkout@v6
with:
persist-credentials: false
- name: Filter changes
uses: dorny/paths-filter@v3
id: filter
with:
filters: |
api:
- 'api_app/**/*'
api_version:
- 'api_app/_version.py'
resource_processor:
- 'resource_processor/**/*'
resource_processor_version:
- 'resource_processor/_version.py'
guacamole_server:
- 'templates/workspace_services/guacamole/guacamole-server/**/*'
guacamole_server_version:
- 'templates/workspace_services/guacamole/guacamole-server/docker/version.txt'
gitea:
- 'templates/shared_services/gitea/docker/**/*'
gitea_version:
- 'templates/shared_services/gitea/docker/version.txt'
airlock_processor:
- 'airlock_processor/**/*'
airlock_processor_version:
- 'airlock_processor/_version.py'
ui_app:
- 'ui/app/**/*'
ui_app_version:
- 'ui/app/package.json'
- name: "Stale version: api"
if: ${{ steps.filter.outputs.api == 'true' &&
steps.filter.outputs.api_version == 'false' }}
run: echo "::error::Code update without version change" && exit 1
- name: "Stale version: resource_processor"
if: ${{ steps.filter.outputs.resource_processor == 'true' &&
steps.filter.outputs.resource_processor_version == 'false' }}
run: echo "::error::Code update without version change" && exit 1
- name: "Stale version: guacamole_server"
if: ${{ steps.filter.outputs.guacamole_server == 'true' &&
steps.filter.outputs.guacamole_server_version == 'false' }}
run: echo "::error::Code update without version change" && exit 1
- name: "Stale version: gitea"
if: ${{ steps.filter.outputs.gitea == 'true' &&
steps.filter.outputs.gitea_version == 'false' }}
run: echo "::error::Code update without version change" && exit 1
- name: "Stale version: airlock_processor"
if: ${{ steps.filter.outputs.airlock_processor == 'true' &&
steps.filter.outputs.airlock_processor_version == 'false' }}
run: echo "::error::Code update without version change" && exit 1
- name: "Stale version: ui_app"
if: ${{ steps.filter.outputs.ui_app == 'true' &&
steps.filter.outputs.ui_app_version == 'false' }}
run: echo "::error::Code update without version change" && exit 1
- name: Setup Node.js
if: |
(steps.filter.outputs.ui_app == 'true'
|| github.event_name == 'workflow_dispatch')
uses: actions/setup-node@v4
with:
node-version: "24"
- name: "Test: UI"
if: |
(steps.filter.outputs.ui_app == 'true'
|| github.event_name == 'workflow_dispatch')
working-directory: ui/app
run: |
mkdir -p ../../test-results
npm install
cp src/config.source.json src/config.json
if ! npm test -- run --reporter=junit --outputFile=../../test-results/ui-junit.xml; then
touch ../../test-results/ui_tests_failed
fi
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
# Unit Tests are executed by calling the 'test-results' target in the
# Dockerfile's. Test runner exit codes must be swallowed (and kept) so we
# can output the test results. This means we have to check for failure
# trigger files in later steps.
- name: "Test image: api"
# test should be before build since its docker target
# is prior to runtime
if: |
(steps.filter.outputs.api == 'true'
|| github.event_name == 'workflow_dispatch')
uses: docker/build-push-action@v6
with:
context: ./api_app/
file: ./api_app/Dockerfile
outputs: type=local,dest=test-results
target: test-results
cache-from: type=gha
cache-to: type=gha,mode=max
- name: "Check pytest failure file existence"
id: check_api_test_result
uses: andstor/file-existence-action@v3
with:
files: "test-results/pytest_api_unit_failed"
- name: "Build image: api"
if: |
(steps.filter.outputs.api == 'true'
|| github.event_name == 'workflow_dispatch')
&& steps.check_api_test_result.outputs.files_exists == 'false'
uses: docker/build-push-action@v6
with:
context: ./api_app/
file: ./api_app/Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
- name: "Build image: resource_processor"
if: |
(steps.filter.outputs.resource_processor == 'true'
|| github.event_name == 'workflow_dispatch')
uses: docker/build-push-action@v6
with:
context: ./resource_processor
file: ./resource_processor/vmss_porter/Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
- name: "Test image: guacamole_server"
if: |
(steps.filter.outputs.guacamole_server == 'true'
|| github.event_name == 'workflow_dispatch')
uses: docker/build-push-action@v6
with:
context: ./templates/workspace_services/guacamole/guacamole-server
file: ./templates/workspace_services/guacamole/guacamole-server/docker/Dockerfile
outputs: type=local,dest=test-results
target: test-results
cache-from: type=gha
cache-to: type=gha,mode=max
- name: "Check maven failure file existence"
id: check_maven_test_result
uses: andstor/file-existence-action@v3
with:
files: "test-results/guacamole_package_failed"
- name: "Build image: guacamole_server"
if: |
(steps.filter.outputs.guacamole_server == 'true'
|| github.event_name == 'workflow_dispatch')
&& steps.check_maven_test_result.outputs.files_exists == 'false'
uses: docker/build-push-action@v6
with:
context: ./templates/workspace_services/guacamole/guacamole-server
file: ./templates/workspace_services/guacamole/guacamole-server/docker/Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
- name: "Build image: gitea"
if: |
(steps.filter.outputs.gitea == 'true'
|| github.event_name == 'workflow_dispatch')
uses: docker/build-push-action@v6
with:
context: ./templates/shared_services/gitea/docker
file: ./templates/shared_services/gitea/docker/Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
# Unit Tests are executed by calling the 'test-results' target in the
# Dockerfile's. Test runner exit codes must be swallowed (and kept) so we
# can output the test results. This means we have to check for failure
# trigger files in later steps.
- name: "Test image: airlock_processor"
# test should be before build since its docker target
# is prior to runtime
if: |
(steps.filter.outputs.airlock_processor == 'true'
|| github.event_name == 'workflow_dispatch')
uses: docker/build-push-action@v6
with:
context: ./airlock_processor/
file: ./airlock_processor/Dockerfile
outputs: type=local,dest=test-results
target: test-results
cache-from: type=gha
cache-to: type=gha,mode=max
- name: "Check pytest failure file existence"
id: check_airlock_processor_test_result
uses: andstor/file-existence-action@v3
with:
files: "test-results/pytest_airlock_processor_unit_failed"
- name: "Build image: airlock_processor"
if: |
(steps.filter.outputs.airlock_processor == 'true'
|| github.event_name == 'workflow_dispatch')
&& steps.check_airlock_processor_test_result.outputs.files_exists == 'false'
uses: docker/build-push-action@v6
with:
context: ./airlock_processor/
file: ./airlock_processor/Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Upload Unit Test Results
if: always()
uses: actions/upload-artifact@v6
with:
name: test-results
path: test-results