Skip to content
Container Images Releasing

fix,ci(ct): don't trigger the base push flow for backports #24

Sign in to view logs

fix,ci(ct): don't trigger the base push flow for backports

fix,ci(ct): don't trigger the base push flow for backports #24

Workflow file for this run

.github/workflows/container_base_push.yml at 09f7264
---
name: Container Images Releasing
on:
push:
tags:
- 'v[6-9].**'
branches:
- 'develop'
# TODO: delete for final PR
- '10478-version-base-img'
# "Path filters are not evaluated for pushes of tags" https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore
paths:
- 'modules/container-base/**'
- '!modules/container-base/src/backports/**'
- 'modules/dataverse-parent/pom.xml'
- '.github/workflows/container_base_push.yml'
# TODO: we are missing a workflow_call option here, so we can trigger this flow from pr comments and maven tests (keep the secrets availability in mind!)
# TODO: we are missing a pull_request option here (filter for stuff that would trigger the maven runs!) so we can trigger preview builds for them when coming from the main repo (keep the secrets availability in mind!)
env:
PLATFORMS: linux/amd64,linux/arm64
# TODO: set back to develop for final PR
DEVELOPMENT_BRANCH: 10478-version-base-img
jobs:
build:
name: Build image
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
# TODO: re-enable for final PR
# Only run in upstream repo - avoid unnecessary runs in forks
#if: ${{ github.repository_owner == 'IQSS' }}
steps:
- name: Checkout and Setup Maven
# TODO: change to upstream location in final PR
uses: gdcc/wip-dataverse-base-image/.github/actions/setup-maven@10478-version-base-img
with:
pom-paths: modules/container-base/pom.xml
# Note: Accessing, pushing tags etc. to DockerHub will only succeed in upstream and
# on events in context of upstream because secrets. PRs run in context of forks by default!
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# In case this is a push to develop, we care about buildtime.
# Configure a remote ARM64 build host in addition to the local AMD64 in two steps.
# TODO: re-enable for final PR
#- name: Setup SSH agent
# if: ${{ github.event_name != 'schedule' }}
# uses: webfactory/ssh-agent@v0.9.0
# with:
# ssh-private-key: ${{ secrets.BUILDER_ARM64_SSH_PRIVATE_KEY }}
#- name: Provide the known hosts key and the builder config
# if: ${{ github.event_name != 'schedule' }}
# run: |
# echo "${{ secrets.BUILDER_ARM64_SSH_HOST_KEY }}" > ~/.ssh/known_hosts
# mkdir -p modules/container-base/target/buildx-state/buildx/instances
# cat > modules/container-base/target/buildx-state/buildx/instances/maven << EOF
# { "Name": "maven",
# "Driver": "docker-container",
# "Dynamic": false,
# "Nodes": [{"Name": "maven0",
# "Endpoint": "unix:///var/run/docker.sock",
# "Platforms": [{"os": "linux", "architecture": "amd64"}],
# "DriverOpts": null,
# "Flags": ["--allow-insecure-entitlement=network.host"],
# "Files": null},
# {"Name": "maven1",
# "Endpoint": "ssh://${{ secrets.BUILDER_ARM64_SSH_CONNECTION }}",
# "Platforms": [{"os": "linux", "architecture": "arm64"}],
# "DriverOpts": null,
# "Flags": ["--allow-insecure-entitlement=network.host"],
# "Files": null}]}
# EOF
# Determine the base image name we are going to use from here on
- name: Determine base image name
run: |
if [[ "${{ github.ref_name }}" = "${{ env.DEVELOPMENT_BRANCH }}" ]]; then
echo "BASE_IMAGE=$( mvn initialize help:evaluate -Pct -f modules/container-base -Dexpression=base.image -q -DforceStdout )" | tee -a "${GITHUB_ENV}"
echo "BASE_IMAGE_UPCOMING=$( mvn initialize help:evaluate -Pct -f modules/container-base -Dexpression=base.image -Dbase.image.tag.suffix="" -q -DforceStdout )" | tee -a "${GITHUB_ENV}"
else
echo "BASE_IMAGE=$( mvn initialize help:evaluate -Pct -f modules/container-base -Dexpression=base.image -Dbase.image.tag.suffix="" -q -DforceStdout )" | tee -a "${GITHUB_ENV}"
fi
- name: Calculate revision number for immutable tag (on release branches only)
if: ${{ github.ref_name != env.DEVELOPMENT_BRANCH }}
id: revision-tag
uses: ./.github/actions/get-image-revision
with:
image-ref: ${{ env.BASE_IMAGE }}
tag-options-prefix: "-Dbase.image.tag.suffix='' -Ddocker.tags.revision="
- name: Configure update of "latest" tag for development branch
id: develop-tag
if: ${{ github.ref_name == env.DEVELOPMENT_BRANCH }}
run: |
echo "tag-options=-Ddocker.tags.develop=unstable -Ddocker.tags.upcoming=${BASE_IMAGE_UPCOMING#*:}" | tee -a "${GITHUB_OUTPUT}"
- name: Deploy multi-arch base container image to Docker Hub
id: build
run: |
mvn -f modules/container-base -Pct deploy -Ddocker.noCache -Ddocker.platforms=${{ env.PLATFORMS }} \
-Ddocker.imagePropertyConfiguration=override ${{ steps.develop-tag.outputs.tag-options }} ${{ steps.revision-tag.outputs.tag-options }}
#push-app-img:
# name: "Rebase & Publish App Image"
# permissions:
# contents: read
# packages: write
# pull-requests: write
# secrets: inherit
# needs:
# - discover
# - build
# uses: ./.github/workflows/container_app_push.yml
# with:
# branch: ${{ github.ref_name }}
# TODO: job to update the docker hub description with supported tags and all
#- if: ${{ github.event_name == 'push' && github.ref_name == env.DEVELOPMENT_BRANCH }}
# name: Push description to DockerHub
# uses: peter-evans/dockerhub-description@v3
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_TOKEN }}
# repository: gdcc/base
# short-description: "Dataverse Base Container image providing Payara application server and optimized configuration"
# readme-filepath: ./modules/container-base/README.md