diff options
author | 2024-06-24 15:58:16 +0200 | |
---|---|---|
committer | 2024-06-24 19:26:47 +0200 | |
commit | d46a69a43f5662947a81286adcb8f452163cfdf5 (patch) | |
tree | b6251a20d2979f019b45d9ee5bec16ef3011799c /.github | |
parent | fix(frontend): Algolia search (diff) | |
download | refinery-d46a69a43f5662947a81286adcb8f452163cfdf5.tar.gz refinery-d46a69a43f5662947a81286adcb8f452163cfdf5.tar.zst refinery-d46a69a43f5662947a81286adcb8f452163cfdf5.zip |
build: create Docker images automatically
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/build.yml | 103 |
1 files changed, 85 insertions, 18 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 916e124e..b8c61504 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -13,6 +13,8 @@ on: | |||
13 | jobs: | 13 | jobs: |
14 | build: | 14 | build: |
15 | name: Build | 15 | name: Build |
16 | permissions: | ||
17 | contents: read | ||
16 | strategy: | 18 | strategy: |
17 | matrix: | 19 | matrix: |
18 | os: | 20 | os: |
@@ -32,10 +34,6 @@ jobs: | |||
32 | if [ "${SONAR_TOKEN}" != '' ]; then | 34 | if [ "${SONAR_TOKEN}" != '' ]; then |
33 | echo 'is_SONAR_TOKEN_set=true' >> $GITHUB_OUTPUT | 35 | echo 'is_SONAR_TOKEN_set=true' >> $GITHUB_OUTPUT |
34 | fi | 36 | fi |
35 | - name: Checkout code | ||
36 | uses: actions/checkout@v4 | ||
37 | with: | ||
38 | fetch-depth: ${{ !steps.check-secret.outputs.is_SONAR_TOKEN_set && 1 || 0 }} # Shallow clones should be disabled for a better relevancy of SonarCloud analysis | ||
39 | - name: Set up JDK 21 | 37 | - name: Set up JDK 21 |
40 | uses: actions/setup-java@v4 | 38 | uses: actions/setup-java@v4 |
41 | with: | 39 | with: |
@@ -56,6 +54,10 @@ jobs: | |||
56 | ~/.sonar/cache | 54 | ~/.sonar/cache |
57 | key: ${{ matrix.os }}-sonar | 55 | key: ${{ matrix.os }}-sonar |
58 | restore-keys: ${{ matrix.os }}-sonar | 56 | restore-keys: ${{ matrix.os }}-sonar |
57 | - name: Checkout code | ||
58 | uses: actions/checkout@v4 | ||
59 | with: | ||
60 | fetch-depth: ${{ !steps.check-secret.outputs.is_SONAR_TOKEN_set && 1 || 0 }} # Shallow clones should be disabled for a better relevancy of SonarCloud analysis | ||
59 | - name: Cache node distribution | 61 | - name: Cache node distribution |
60 | uses: actions/cache@v4 | 62 | uses: actions/cache@v4 |
61 | with: | 63 | with: |
@@ -81,7 +83,7 @@ jobs: | |||
81 | run: | | 83 | run: | |
82 | ./gradlew sonar -Pci --info --stacktrace --max-workers 4 --no-daemon | 84 | ./gradlew sonar -Pci --info --stacktrace --max-workers 4 --no-daemon |
83 | - name: Build signed Maven repository | 85 | - name: Build signed Maven repository |
84 | if: ${{ matrix.os == 'ubuntu-latest' && github.event_name == 'push' && github.repository == 'graphs4value/refinery' }} | 86 | if: ${{ matrix.os == 'ubuntu-latest' && github.event_name == 'push' && github.repository_owner == 'graphs4value' }} |
85 | env: | 87 | env: |
86 | PGP_KEY: ${{ secrets.PGP_KEY }} | 88 | PGP_KEY: ${{ secrets.PGP_KEY }} |
87 | PGP_KEY_ID: ${{ secrets.PGP_KEY_ID }} | 89 | PGP_KEY_ID: ${{ secrets.PGP_KEY_ID }} |
@@ -89,7 +91,7 @@ jobs: | |||
89 | run: | | 91 | run: | |
90 | ./gradlew mavenRepositoryTar -Pci -PforceSign --info --stacktrace --max-workers 4 --no-daemon | 92 | ./gradlew mavenRepositoryTar -Pci -PforceSign --info --stacktrace --max-workers 4 --no-daemon |
91 | - name: Build unsigned Maven repository | 93 | - name: Build unsigned Maven repository |
92 | if: ${{ matrix.os == 'ubuntu-latest' && (github.event_name != 'push' || github.repository != 'graphs4value/refinery') }} | 94 | if: ${{ matrix.os == 'ubuntu-latest' && (github.event_name != 'push' || github.repository_owner != 'graphs4value') }} |
93 | run: | | 95 | run: | |
94 | ./gradlew mavenRepositoryTar -Pci --info --stacktrace --max-workers 4 --no-daemon | 96 | ./gradlew mavenRepositoryTar -Pci --info --stacktrace --max-workers 4 --no-daemon |
95 | - name: Upload Maven repository artifact | 97 | - name: Upload Maven repository artifact |
@@ -99,6 +101,14 @@ jobs: | |||
99 | name: maven-repository-tar | 101 | name: maven-repository-tar |
100 | path: build/refinery-maven-repository.tar | 102 | path: build/refinery-maven-repository.tar |
101 | compression-level: 0 | 103 | compression-level: 0 |
104 | - name: Upload application artifacts | ||
105 | if: ${{ matrix.os == 'ubuntu-latest' }} | ||
106 | uses: actions/upload-artifact@v4 | ||
107 | with: | ||
108 | name: distributions-tar | ||
109 | path: subprojects/**/build/distributions/*.tar | ||
110 | compression-level: 0 | ||
111 | retention-days: 5 # No need to preserve for long, since they are uploaded to GHCR | ||
102 | - name: Upload site artifact | 112 | - name: Upload site artifact |
103 | if: ${{ matrix.os == 'ubuntu-latest' }} | 113 | if: ${{ matrix.os == 'ubuntu-latest' }} |
104 | uses: actions/upload-artifact@v4 | 114 | uses: actions/upload-artifact@v4 |
@@ -108,9 +118,12 @@ jobs: | |||
108 | compression-level: 0 | 118 | compression-level: 0 |
109 | reuse-check: | 119 | reuse-check: |
110 | name: REUSE Compliance Check | 120 | name: REUSE Compliance Check |
121 | permissions: | ||
122 | contents: read | ||
111 | runs-on: ubuntu-latest | 123 | runs-on: ubuntu-latest |
112 | steps: | 124 | steps: |
113 | - uses: actions/checkout@v4 | 125 | - name: Checkout code |
126 | uses: actions/checkout@v4 | ||
114 | - name: REUSE Compliance Check | 127 | - name: REUSE Compliance Check |
115 | uses: fsfe/reuse-action@a46482ca367aef4454a87620aa37c2be4b2f8106 | 128 | uses: fsfe/reuse-action@a46482ca367aef4454a87620aa37c2be4b2f8106 |
116 | with: | 129 | with: |
@@ -140,25 +153,79 @@ jobs: | |||
140 | git_config_global: true | 153 | git_config_global: true |
141 | git_user_signingkey: true | 154 | git_user_signingkey: true |
142 | git_commit_gpgsign: true | 155 | git_commit_gpgsign: true |
143 | - name: Commit and push to graphs4value.github.io | 156 | - name: Create empty git repository |
144 | env: | ||
145 | GH_PAGES_TOKEN: ${{ secrets.GH_PAGES_TOKEN }} | ||
146 | GITHUB_REPOSITORY: ${{ github.sha }} | ||
147 | GITHUB_SHA: ${{ github.sha }} | ||
148 | run: | | 157 | run: | |
149 | mkdir graphs4value.github.io | 158 | mkdir graphs4value.github.io |
150 | pushd graphs4value.github.io | 159 | cd graphs4value.github.io |
151 | git config --global init.defaultBranch main | 160 | git config --global init.defaultBranch main |
152 | git config --global user.name "Graphs4Value bot" | 161 | git config --global user.name "Graphs4Value bot" |
153 | git config --global user.email "refinery@refinery.tools" | 162 | git config --global user.email "refinery@refinery.tools" |
154 | git init | 163 | git init |
155 | git remote add origin "https://x-access-token:${GH_PAGES_TOKEN}@github.com/graphs4value/graphs4value.github.io.git" | 164 | - name: Extract site artifact |
165 | working-directory: ./graphs4value.github.io | ||
166 | run: | | ||
156 | unzip ../site-zip/refinery-docs.zip | 167 | unzip ../site-zip/refinery-docs.zip |
168 | - name: Extract Maven repository artifact | ||
169 | working-directory: ./graphs4value.github.io | ||
170 | run: | | ||
157 | mkdir -p maven/snapshots | 171 | mkdir -p maven/snapshots |
158 | pushd maven/snapshots | 172 | cd maven/snapshots |
159 | tar xf ../../../maven-repository-tar/refinery-maven-repository.tar | 173 | tar -xvf ../../../maven-repository-tar/refinery-maven-repository.tar |
160 | popd | 174 | - name: Commit and push to graphs4value.github.io |
175 | working-directory: ./graphs4value.github.io | ||
176 | env: | ||
177 | GH_PAGES_TOKEN: ${{ secrets.GH_PAGES_TOKEN }} | ||
178 | GITHUB_REPOSITORY: ${{ github.repository }} | ||
179 | GITHUB_SHA: ${{ github.sha }} | ||
180 | run: | | ||
181 | git remote add origin "https://x-access-token:${GH_PAGES_TOKEN}@github.com/graphs4value/graphs4value.github.io.git" | ||
161 | git add . | 182 | git add . |
162 | git commit -S -m "Update from https://github.com/${GITHUB_REPOSITORY}/commit/${GITHUB_SHA}" | 183 | git commit -S -m "Update from https://github.com/${GITHUB_REPOSITORY}/commit/${GITHUB_SHA}" |
163 | git push --force origin main | 184 | git push --force origin main |
164 | popd | 185 | docker-build: |
186 | name: Build Docker images | ||
187 | needs: build | ||
188 | permissions: | ||
189 | packages: write | ||
190 | contents: read | ||
191 | runs-on: ubuntu-latest | ||
192 | steps: | ||
193 | - name: Set up QEMU | ||
194 | uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 | ||
195 | with: | ||
196 | platforms: arm64 | ||
197 | - name: Set up Docker Buildx | ||
198 | uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb | ||
199 | with: | ||
200 | platforms: linux/amd64,linux/arm64 | ||
201 | - name: Checkout code | ||
202 | uses: actions/checkout@v4 | ||
203 | - name: Download application artifacts | ||
204 | uses: actions/download-artifact@v4 | ||
205 | with: | ||
206 | name: distributions-tar | ||
207 | path: subprojects | ||
208 | - name: Extract application artifacts | ||
209 | working-directory: ./docker | ||
210 | run: | | ||
211 | ./prepare_context.sh | ||
212 | - name: Bake images | ||
213 | working-directory: ./docker | ||
214 | run: | | ||
215 | ./bake.sh false --set '*.cache-from=gha' --set '*.cache-to=type=gha,mode=max' | ||
216 | - name: Log in to GitHub Container registry | ||
217 | if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }} | ||
218 | uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 | ||
219 | with: | ||
220 | registry: ghcr.io | ||
221 | username: ${{ github.actor }} | ||
222 | password: ${{ secrets.GITHUB_TOKEN }} | ||
223 | - name: Upload images to GitHub Container registry | ||
224 | if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }} | ||
225 | working-directory: ./docker | ||
226 | run: | | ||
227 | ./bake.sh true --set '*.cache-from=gha' --set '*.cache-to=type=gha,mode=max' | ||
228 | - name: Delete application artifacts | ||
229 | uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 | ||
230 | with: | ||
231 | name: distributions-tar | ||