From 21075f0d9a4da03519a6b0d316d83e44b1c603c6 Mon Sep 17 00:00:00 2001 From: Justin Hiemstra Date: Mon, 31 Jul 2023 16:47:21 -0500 Subject: [PATCH 1/3] Add image creation pieces --- images/Dockerfile | 30 +++++++++++++++++++ images/entrypoint.sh | 17 +++++++++++ .../supervisord/pelican_director_serve.conf | 4 +++ images/supervisord/supervisord.conf | 19 ++++++++++++ 4 files changed, 70 insertions(+) create mode 100644 images/Dockerfile create mode 100644 images/entrypoint.sh create mode 100644 images/supervisord/pelican_director_serve.conf create mode 100644 images/supervisord/supervisord.conf diff --git a/images/Dockerfile b/images/Dockerfile new file mode 100644 index 000000000..445071507 --- /dev/null +++ b/images/Dockerfile @@ -0,0 +1,30 @@ +ARG BASE_YUM_REPO=release +ARG BASE_OSG_SERIES=3.6 + +FROM opensciencegrid/software-base:$BASE_OSG_SERIES-el7-$BASE_YUM_REPO + +# Install dependencies +RUN yum -y update \ + && yum -y install golang \ + && yum clean all \ + && rm -rf /var/cache/yum/ + +WORKDIR /pelican + +# Copy over needed files +# The build+push action that builds this dockerfile will copy the +# linux/amd64 pelican artifact into the correct spot whenever the action +# is triggered. +COPY pelican /pelican +COPY supervisord/supervisord.conf /etc/supervisord.conf + +# Eventually add more entrypoint commands and corresponding supervisor +# daemons here +COPY supervisord/pelican_director_serve.conf /etc/supervisord.d/pelican_director_serve.conf +COPY entrypoint.sh /entrypoint.sh + +RUN chmod +x /entrypoint.sh \ + && chmod +x /pelican/pelican \ + +ENTRYPOINT ["/entrypoint.sh"] + diff --git a/images/entrypoint.sh b/images/entrypoint.sh new file mode 100644 index 000000000..80395ddbc --- /dev/null +++ b/images/entrypoint.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +supervisord -c /etc/supervisord.conf + +# grab whatever arg is passed to container run command +# and use it to launch the corresponding pelican_X daemon +# (eg running the container with the arg director_serve will +# launch the pelican_director_serve daemon through supervisord) +if [ "$1" ]; then + supervisorctl start "pelican_$1" + # Keep the container running + tail -f /dev/null +else + echo "A command must be provided" +fi + + diff --git a/images/supervisord/pelican_director_serve.conf b/images/supervisord/pelican_director_serve.conf new file mode 100644 index 000000000..d6e48adc0 --- /dev/null +++ b/images/supervisord/pelican_director_serve.conf @@ -0,0 +1,4 @@ +[program:pelican_director_serve] +command=/pelican/pelican director serve -p %(ENV_PELICAN_DIRECTOR_PORT)s +autorestart=true +redirect_stderr=true diff --git a/images/supervisord/supervisord.conf b/images/supervisord/supervisord.conf new file mode 100644 index 000000000..9801ebecd --- /dev/null +++ b/images/supervisord/supervisord.conf @@ -0,0 +1,19 @@ +[supervisord] +nodaemon=true +pidfile=/var/run/supervisord.pid +logfile=/var/log/supervisord.log +childlogdir = /var/log/supervisor + +[unix_http_server] +file=/tmp/supervisor.sock ; (the path to the socket file) + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket +loglevel=debug + +[include] +files=/etc/supervisord.d/*.conf + From e2c425a155fc67c2cbfe734fee8d05afe67f4e5d Mon Sep 17 00:00:00 2001 From: Justin Hiemstra Date: Mon, 31 Jul 2023 16:50:04 -0500 Subject: [PATCH 2/3] Add new workflow to build + push container --- .github/workflows/publish-container.yml | 141 ++++++++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 .github/workflows/publish-container.yml diff --git a/.github/workflows/publish-container.yml b/.github/workflows/publish-container.yml new file mode 100644 index 000000000..960c80644 --- /dev/null +++ b/.github/workflows/publish-container.yml @@ -0,0 +1,141 @@ + +name: Release, Build, and Push + +on: + push: + tags: + - v[0-9]+.[0-9]+.[0-9]+ + branches: + - main + repository_dispatch: + types: + - dispatch-build + workflow_dispatch: + +permissions: + contents: write + +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: 1.19 + + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v4 + with: + # either 'goreleaser' (default) or 'goreleaser-pro' + distribution: goreleaser + version: latest + # Switch this to release by removing snapshot later + args: release --clean --snapshot + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution + # GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} + + - name: Upload GoReleaser artifacts + uses: actions/upload-artifact@v3 + with: + name: pelican-artifacts + path: dist/ + + make-date-tag: + runs-on: ubuntu-latest + outputs: + dtag: ${{ steps.mkdatetag.outputs.dtag }} + steps: + - name: make date tag + id: mkdatetag + run: echo "dtag=$(date +%Y%m%d-%H%M)" >> $GITHUB_OUTPUT + #run: echo "::set-output name=dtag::$(date +%Y%m%d-%H%M)" + + build: + runs-on: ubuntu-latest + needs: [goreleaser, make-date-tag] + strategy: + fail-fast: False + steps: + - uses: actions/checkout@v2 + + - name: Download GoReleaser Artifact + uses: actions/download-artifact@v3 + with: + name: pelican-artifacts + path: ~/dist + + - name: Generate tag list + id: generate-tag-list + env: + TIMESTAMP: ${{ needs.make-date-tag.outputs.dtag }} + # Here, we either tag the container with the "latest" tag if + # the commit that triggered this action doesn't have a tag, + # or we tag it with the commit's tag if one exists + run: | + # Check if we're working with a tagged version + if [ -z "${{ inputs.tag }}" ] + then + # Use regex to check for a semver tag match + if [[ ${GITHUB_REF##*/} =~ v[0-9]+\.[0-9]+\.[0-9]+ ]] + then + GITHUB_TAG=${GITHUB_REF##*/} + else + GITHUB_TAG="latest" + fi + else + GITHUB_TAG=${{ inputs.tag }} + fi + + echo "Master SHA:" + echo $(git rev-parse $GITHUB_REF_NAME) + + echo "Current SHA:" + echo $(git rev-parse HEAD) + + echo $GITHUB_TAG + + docker_repo="pelican_platform/pelican" + tag_list=() + for registry in hub.opensciencegrid.org; do + for image_tag in "$GITHUB_TAG"; do + tag_list+=("$registry/$docker_repo":"$image_tag") + done + done + # This causes the tag_list array to be comma-separated below, + # which is required for build-push-action + IFS=, + echo "::set-output name=taglist::${tag_list[*]}" + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Log in to OSG Harbor + uses: docker/login-action@v1 + with: + registry: hub.opensciencegrid.org + username: ${{ secrets.PELICAN_HARBOR_ROBOT_USER }} + password: ${{ secrets.PELICAN_HARBOR_ROBOT_PASSWORD }} + + - name: Copy GoReleaser Artifact into Docker context + # For now, only working about the linux amd64 artifact, + # but we should probably look at building containers for + # multiple platforms at some point... + run: | + cp ~/dist/pelican_linux_amd64_v1/pelican . + working-directory: ./images + + - name: Build and push Docker images + uses: docker/build-push-action@v2.2.0 + with: + context: . + file: ./images/Dockerfile + push: true + tags: "${{ steps.generate-tag-list.outputs.taglist }}" From 8bb4edcfa3f231e239cfd148857ce271c8732de8 Mon Sep 17 00:00:00 2001 From: Justin Hiemstra Date: Mon, 31 Jul 2023 17:03:15 -0500 Subject: [PATCH 3/3] Removed commented deprecated action command --- .github/workflows/publish-container.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish-container.yml b/.github/workflows/publish-container.yml index 960c80644..0e2f4d1f6 100644 --- a/.github/workflows/publish-container.yml +++ b/.github/workflows/publish-container.yml @@ -56,7 +56,6 @@ jobs: - name: make date tag id: mkdatetag run: echo "dtag=$(date +%Y%m%d-%H%M)" >> $GITHUB_OUTPUT - #run: echo "::set-output name=dtag::$(date +%Y%m%d-%H%M)" build: runs-on: ubuntu-latest