diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..a84bd71 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,190 @@ +name: Build / Test / Push + +on: + push: + branches: + - '**' + workflow_dispatch: + +env: + BUILD_SUFFIX: -build-${{ github.run_id }}_${{ github.run_attempt }} + DOCKER_METADATA_SET_OUTPUT_ENV: 'true' + +jobs: + build: + runs-on: ${{ matrix.runner }} + outputs: + image-arm64: ${{ steps.gen-output.outputs.image-arm64 }} + image-x64: ${{ steps.gen-output.outputs.image-x64 }} + strategy: + fail-fast: false + matrix: + runner: + - ubuntu-24.04 + - ubuntu-24.04-arm + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - id: build-meta + name: Docker meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + tags: type=sha,suffix=${{ env.BUILD_SUFFIX }} + + # Build cache is shared among all builds of the same architecture + - id: cache-meta + name: Docker meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + tags: type=raw,value=buildcache-${{ runner.arch }} + + - id: get-registry + name: Get the sanitized registry name + run: | + echo "registry=$(echo '${{ steps.build-meta.outputs.tags }}' | cut -f1 -d:)" | tee -a "$GITHUB_OUTPUT" + + - id: build + name: Build/push the arch-specific image + uses: docker/build-push-action@v6 + with: + cache-from: type=registry,ref=${{ steps.cache-meta.outputs.tags }} + cache-to: type=registry,ref=${{ steps.cache-meta.outputs.tags }},mode=max + labels: ${{ steps.build-meta.outputs.labels }} + provenance: mode=max + sbom: true + tags: ${{ steps.get-registry.outputs.registry }} + outputs: type=image,push-by-digest=true,push=true + + - id: gen-output + name: Write arch-specific image digest to outputs + run: | + echo "image-${RUNNER_ARCH,,}=${{ steps.get-registry.outputs.registry }}@${{ steps.build.outputs.digest }}" | tee -a "$GITHUB_OUTPUT" + + merge: + runs-on: ubuntu-24.04 + needs: build + env: + DOCKER_APP_IMAGE_ARM64: ${{ needs.build.outputs.image-arm64 }} + DOCKER_APP_IMAGE_X64: ${{ needs.build.outputs.image-x64 }} + outputs: + image: ${{ steps.meta.outputs.tags }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - id: meta + name: Generate tag for the app image + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + tags: type=sha,suffix=${{ env.BUILD_SUFFIX }} + + - name: Push the multi-platform app image + run: | + docker buildx imagetools create \ + --tag "$DOCKER_METADATA_OUTPUT_TAGS" \ + "$DOCKER_APP_IMAGE_ARM64" "$DOCKER_APP_IMAGE_X64" + + test: + runs-on: ubuntu-24.04 + needs: merge + env: + COMPOSE_FILE: compose.yml:compose.ci.yml + DOCKER_APP_IMAGE: ${{ needs.merge.outputs.image }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Compose + uses: docker/setup-compose-action@v1 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Setup the stack + run: | + cp .env.example .env + docker compose config + docker compose build + docker compose pull + docker compose up --wait + docker compose exec -u root app chown archivesspace:archivesspace artifacts + + - name: Query the ASpace home page + run: | + curl --location --fail --retry 30 --retry-all-errors http://localhost:8080/ + + - name: Copy out artifacts + if: ${{ always() }} + run: | + docker compose cp app:/opt/app/artifacts ./ || mkdir artifacts + docker compose logs > artifacts/compose-services.log + docker compose config > artifacts/compose.merged.yml + + - name: Upload the build report + if: ${{ always() }} + uses: actions/upload-artifact@v4 + with: + name: ASpace Build Report (${{ github.run_id }}_${{ github.run_attempt }}) + path: artifacts/* + if-no-files-found: error + + push: + runs-on: ubuntu-24.04 + needs: + - build + - test + env: + DOCKER_APP_IMAGE_ARM64: ${{ needs.build.outputs.image-arm64 }} + DOCKER_APP_IMAGE_X64: ${{ needs.build.outputs.image-x64 }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Produce permanent image tags + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + tags: | + type=sha + type=ref,event=branch + type=raw,value=latest,enable={{is_default_branch}} + + - name: Retag and push the image + run: | + docker buildx imagetools create \ + $(jq -cr '.tags | map("--tag " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $DOCKER_APP_IMAGE_ARM64 $DOCKER_APP_IMAGE_X64 diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml deleted file mode 100644 index 90f0bb4..0000000 --- a/.github/workflows/docker-image.yml +++ /dev/null @@ -1,106 +0,0 @@ -name: Build -on: [ push, workflow_dispatch ] -env: - REGISTRY: ghcr.io - -jobs: - # TODO: DRY w/release.yml - setup: - runs-on: ubuntu-latest - - steps: - # See https://github.com/docker/build-push-action/blob/v2.10.0/TROUBLESHOOTING.md#repository-name-must-be-lowercase - - name: Sanitize image name - uses: actions/github-script@v6 - id: image-name - with: - result-encoding: string - script: return '${{ env.REGISTRY }}/${{ github.repository }}'.toLowerCase() - - - name: Get short SHA - run: | - echo SHORT_SHA="${GITHUB_SHA:0:7}" >> $GITHUB_ENV - outputs: - base_image_name: ${{ steps.image-name.outputs.result }} - build_image: ${{ steps.image-name.outputs.result }}:${{ env.SHORT_SHA }} - - build: - if: github.event_name != 'release' - needs: setup - env: - BUILD_IMAGE: ${{ needs.setup.outputs.build_image }} - - runs-on: ubuntu-latest - - permissions: - packages: write - contents: read - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Log in to the Container registry - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Get build start time - run: | - echo BUILD_TIMESTAMP="$(date --utc --iso-8601=seconds)" >> $GITHUB_ENV - - name: Build and push Docker image - uses: docker/build-push-action@v3 - with: - context: . - push: true - tags: ${{ env.BUILD_IMAGE }} - build-args: | - BUILD_TIMESTAMP=${{ env.BUILD_TIMESTAMP }} - BUILD_URL=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} - DOCKER_TAG=${{ env.BUILD_IMAGE }} - GIT_BRANCH=${{ github.ref_name }} - GIT_COMMIT=${{ github.sha }} - GIT_URL=${{ github.repositoryUrl }} - outputs: - build_image: ${{ env.BUILD_IMAGE }} - - # TODO: DRY w/release.yml - push: - if: github.event_name != 'release' - - needs: [ setup, build ] - env: - BASE_IMAGE_NAME: ${{ needs.setup.outputs.base_image_name }} - BUILD_IMAGE: ${{ needs.build.outputs.build_image }} - - runs-on: ubuntu-latest - - permissions: - packages: write - - steps: - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v3 - with: - images: ${{ env.BASE_IMAGE_NAME }} - - - name: Log in to the Container registry - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Tag and push image - uses: akhilerm/tag-push-action@v2.0.0 - with: - src: ${{ env.BUILD_IMAGE }} - dst: | - ${{ steps.meta.outputs.tags }} - - diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..4704e60 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,60 @@ +name: Push Release Tags + +on: + push: + tags: + - '**' + workflow_dispatch: + +env: + DOCKER_METADATA_SET_OUTPUT_ENV: 'true' + +jobs: + retag: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Determine the sha-based image tag to retag + id: get-base-image + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + tags: type=sha + + - name: Verify that the image was previously built + env: + BASE_IMAGE: ${{ steps.get-base-image.outputs.tags }} + run: | + docker manifest inspect "$BASE_IMAGE" + + - name: Produce release tags + id: tag-meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + flavor: latest=false + tags: | + type=ref,event=tag + type=semver,pattern={{major}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{version}} + + - name: Retag the pulled image + env: + BASE_IMAGE: ${{ steps.get-base-image.outputs.tags }} + run: | + docker buildx imagetools create \ + $(jq -cr '.tags | map("--tag " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + "$(echo "$BASE_IMAGE" | cut -f1 -d:)" diff --git a/compose.ci.yml b/compose.ci.yml new file mode 100644 index 0000000..6e70369 --- /dev/null +++ b/compose.ci.yml @@ -0,0 +1,15 @@ +--- + +services: + app: &services_app + build: !reset + image: ${DOCKER_APP_IMAGE} + volumes: !override + - artifacts:/opt/app/artifacts + + updater: + build: !reset + image: ${DOCKER_APP_IMAGE} + +volumes: + artifacts: {} diff --git a/docker-compose.yml b/compose.yml similarity index 95% rename from docker-compose.yml rename to compose.yml index 9f2ae6b..4bfc7e4 100644 --- a/docker-compose.yml +++ b/compose.yml @@ -1,4 +1,4 @@ -version: "3.8" +--- services: app: &services_app @@ -21,7 +21,7 @@ services: solr: condition: service_healthy updater: - condition: service_completed_successfully + condition: service_completed_successfully secrets: # @note Customize these in your local .env file if necessary - APPCONFIG_DB_URL @@ -29,7 +29,7 @@ services: # @note ArchivesSpace settings can be specified by setting ENV vars of the form # APPCONFIG_. We have run into problems with any # that require parsing JSON, however, so avoid that. - #APPCONFIG_FRONTEND_BRANDING_IMG: "assets/images/banner_logo.png" + #APPCONFIG_FRONTEND_BRANDING_IMG: "assets/images/banner_logo.png" - APPCONFIG_FRONTEND_BRANDING_IMG=assets/images/aspace_lit_development.png - APPCONFIG_FRONTEND_BRANDING_IMG_ALT_TEXT=ArchivesSpace Local Development Logo - APPCONFIG_PLUGINS_OVERRIDE=local,lcnaf,digitization_work_order,material_types @@ -43,7 +43,7 @@ services: volumes: - aspace_data:/opt/app/data - solr_data:/var/solr/data:ro - + updater: <<: *services_app depends_on: @@ -52,7 +52,7 @@ services: command: scripts/setup-database.sh ports: [] restart: on-failure - + solr: image: solr:8.11.2 environment: @@ -61,7 +61,7 @@ services: GC_TUNE: -XX:-UseLargePages ports: - 8983:8983 - command: solr-precreate archivesspace /opt/solr/server/solr/configsets/archivesspace + command: solr-precreate archivesspace /opt/solr/server/solr/configsets/archivesspace volumes: - ./solr:/opt/solr-8.11.2/server/solr/configsets/archivesspace/conf:ro - solr_data:/var/solr/data @@ -71,7 +71,7 @@ services: interval: 10s timeout: 10s retries: 5 - + db: image: mariadb:10.9 depends_on: @@ -87,7 +87,7 @@ services: - 3306:3306 volumes: - db_data:/var/lib/mysql - - ./init:/docker-entrypoint-initdb.d + - ./init:/docker-entrypoint-initdb.d configs: config.rb: