From 043e7b851cd43c2bc10d46ce7c6940db8b23e693 Mon Sep 17 00:00:00 2001 From: "Benjamin W. Bohl" Date: Tue, 25 Jun 2024 11:49:01 +0200 Subject: [PATCH 1/9] add job to build edirom dev --- .github/workflows/docker-publish.yml | 36 +++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 4b1262a..ba24f70 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -24,10 +24,44 @@ env: # might even be set through echo "$GITHUB_REPOSITORY" | awk -F / '{print $2}' | sed -e "s/:refs//" if usernames on GitHub and DockerHub are identical DOCKERHUB_IMAGE_NAME: docker-edirom-online + # Edirom Online + EDIROM_REPO: https://github.com/Edirom/Edirom-Online + EDIROM_BRANCH: develop + EDIROM_DIR: edirom-dir + jobs: - build: + build-edirom: + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Checkout Edirom Online repository + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + with: + path: ${{ env.EDIROM_DIR }} + ref: ${{ env.EDIROM_BRANCH }} + repository: ${{ env.EDIROM_REPO }} + submodules: 'recursive' + + - name: Build Edirom Online from ${{ github.ref }} at ${{ github.sha }} + run: | + cd ${{ env.EDIROM_DIR }} + docker run --rm -v $(pwd):/app -w /app --entrypoint ./build.sh bwbohl/sencha-cmd + + #- name: Get short sha + # uses: benjlevesque/short-sha@599815c8ee942a9616c92bcfb4f947a3b670ab0b # v3.0 + # id: short-sha + # with: + # length: 7 + + #- name: Build Edirom Online from ${{ github.ref }} at ${{ github.sha }} + # run: docker run --rm -v $(pwd):/app -w /app --entrypoint ./build.sh bwbohl/sencha-cmd + + + build: + needs: build-edirom runs-on: ubuntu-latest permissions: contents: read From 3619bbe5561d084e1dba6a0cdb827d494a4f7e9f Mon Sep 17 00:00:00 2001 From: "Benjamin W. Bohl" Date: Tue, 25 Jun 2024 11:54:36 +0200 Subject: [PATCH 2/9] upload artifact after build --- .github/workflows/docker-publish.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index ba24f70..5dfc783 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -59,6 +59,13 @@ jobs: #- name: Build Edirom Online from ${{ github.ref }} at ${{ github.sha }} # run: docker run --rm -v $(pwd):/app -w /app --entrypoint ./build.sh bwbohl/sencha-cmd + - name: Upload Edirom Online artifact + uses: actions/upload-artifact@v4 + with: + if-no-files-found: 'error' + path: ${{ github.workspace }}/${{ env.EDIROM_DIR }}/build-xar/Edirom-Online-*.xar + retention-days: 90 + build: needs: build-edirom From a4f64286573be6802a8fcd0f31587acff6871a04 Mon Sep 17 00:00:00 2001 From: "Benjamin W. Bohl" Date: Tue, 25 Jun 2024 12:09:55 +0200 Subject: [PATCH 3/9] add build artifact to docker container --- .github/workflows/docker-publish.yml | 9 +++++++++ Dockerfile | 4 +++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 5dfc783..f4d56d0 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -81,6 +81,14 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + - name: Download Edirom artifact + uses: actions/download-artifact@v4 + with: + path: add-xars + + - name: list downloaded files + run: ls -R add-xars + # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign @@ -137,6 +145,7 @@ jobs: linux/arm64/v8 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + build-args: EDIROM_VERSION=dev # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker diff --git a/Dockerfile b/Dockerfile index 84b8cda..ecfb6a4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,9 @@ ENV EXIST_DEFAULT_APP_PATH=xmldb:exist:///db/apps/Edirom-Online ENV EXIST_CONTEXT_PATH=/ ENV EXIST_ENV=development -ADD --chown=wegajetty:wegajetty https://github.com/Edirom/Edirom-Online/releases/download/v${EDIROM_VERSION}/Edirom-Online-${EDIROM_VERSION}.xar ${EXIST_HOME}/autodeploy/ +#ADD --chown=wegajetty:wegajetty https://github.com/Edirom/Edirom-Online/releases/download/v${EDIROM_VERSION}/Edirom-Online-${EDIROM_VERSION}.xar ${EXIST_HOME}/autodeploy/ + +COPY add-xars/*.xar ${EXIST_HOME}/autodeploy/ USER wegajetty:wegajetty COPY --chown=wegajetty:wegajetty edirom-entrypoint.sh ${EXIST_HOME}/ From 795234e4741b40db5321ebde4e7396398d985e04 Mon Sep 17 00:00:00 2001 From: "Benjamin W. Bohl" Date: Tue, 25 Jun 2024 12:26:33 +0200 Subject: [PATCH 4/9] workflow: fix edirom repo --- .github/workflows/docker-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index f4d56d0..b796570 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -25,7 +25,7 @@ env: DOCKERHUB_IMAGE_NAME: docker-edirom-online # Edirom Online - EDIROM_REPO: https://github.com/Edirom/Edirom-Online + EDIROM_REPO: Edirom/Edirom-Online EDIROM_BRANCH: develop EDIROM_DIR: edirom-dir @@ -161,4 +161,4 @@ jobs: for tag in ${TAGS}; do images+="${tag}@${DIGEST} " done - cosign sign --yes ${images} \ No newline at end of file + cosign sign --yes ${images} From 1167efb342c82582551ed5176c90c780e2961945 Mon Sep 17 00:00:00 2001 From: "Benjamin W. Bohl" Date: Tue, 25 Jun 2024 12:34:49 +0200 Subject: [PATCH 5/9] only download Edirom Online xar artifact --- .github/workflows/docker-publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index b796570..20888ec 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -85,6 +85,7 @@ jobs: uses: actions/download-artifact@v4 with: path: add-xars + pattern: Edirom-Online*.xar - name: list downloaded files run: ls -R add-xars From 16eb3417f0490a4606ae342626010eaea59e7f60 Mon Sep 17 00:00:00 2001 From: "Benjamin W. Bohl" Date: Tue, 25 Jun 2024 12:39:58 +0200 Subject: [PATCH 6/9] Update docker-publish.yml --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 20888ec..f6bcab5 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -85,7 +85,7 @@ jobs: uses: actions/download-artifact@v4 with: path: add-xars - pattern: Edirom-Online*.xar + #pattern: Edirom-Online*.xar - name: list downloaded files run: ls -R add-xars From 52fbb05bbd9632c142b8b2c2066e77ad35c9bc72 Mon Sep 17 00:00:00 2001 From: "Benjamin W. Bohl" Date: Tue, 25 Jun 2024 12:41:21 +0200 Subject: [PATCH 7/9] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ecfb6a4..edd83b4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ ENV EXIST_ENV=development #ADD --chown=wegajetty:wegajetty https://github.com/Edirom/Edirom-Online/releases/download/v${EDIROM_VERSION}/Edirom-Online-${EDIROM_VERSION}.xar ${EXIST_HOME}/autodeploy/ -COPY add-xars/*.xar ${EXIST_HOME}/autodeploy/ +COPY add-xars/**/*.xar ${EXIST_HOME}/autodeploy/ USER wegajetty:wegajetty COPY --chown=wegajetty:wegajetty edirom-entrypoint.sh ${EXIST_HOME}/ From eecd0bbaf15b098b06c7b1dadfca32bf04767c6f Mon Sep 17 00:00:00 2001 From: bwbohl Date: Tue, 25 Jun 2024 16:13:52 +0200 Subject: [PATCH 8/9] move COPY task after USER switch --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index edd83b4..d49a58e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,9 +10,8 @@ ENV EXIST_ENV=development #ADD --chown=wegajetty:wegajetty https://github.com/Edirom/Edirom-Online/releases/download/v${EDIROM_VERSION}/Edirom-Online-${EDIROM_VERSION}.xar ${EXIST_HOME}/autodeploy/ -COPY add-xars/**/*.xar ${EXIST_HOME}/autodeploy/ - USER wegajetty:wegajetty +COPY add-xars/**/*.xar ${EXIST_HOME}/autodeploy/ COPY --chown=wegajetty:wegajetty edirom-entrypoint.sh ${EXIST_HOME}/ CMD ["./edirom-entrypoint.sh"] From 1ec7b5eb6548975b0de396b4863fead04d69fac4 Mon Sep 17 00:00:00 2001 From: bwbohl Date: Tue, 25 Jun 2024 16:22:15 +0200 Subject: [PATCH 9/9] workflow: restrict step execution on pull_requests --- .github/workflows/docker-publish.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index f6bcab5..4fd0921 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -44,12 +44,12 @@ jobs: ref: ${{ env.EDIROM_BRANCH }} repository: ${{ env.EDIROM_REPO }} submodules: 'recursive' - + - name: Build Edirom Online from ${{ github.ref }} at ${{ github.sha }} run: | cd ${{ env.EDIROM_DIR }} docker run --rm -v $(pwd):/app -w /app --entrypoint ./build.sh bwbohl/sencha-cmd - + #- name: Get short sha # uses: benjlevesque/short-sha@599815c8ee942a9616c92bcfb4f947a3b670ab0b # v3.0 # id: short-sha @@ -86,7 +86,7 @@ jobs: with: path: add-xars #pattern: Edirom-Online*.xar - + - name: list downloaded files run: ls -R add-xars @@ -97,7 +97,7 @@ jobs: uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 with: cosign-release: 'v2.2.4' - + - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -117,6 +117,7 @@ jobs: # Login against DockerHub registry except on PR - name: Log in to DockerHub + if: github.event_name != 'pull_request' uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 with: username: ${{ secrets.BWBOHL_DOCKERHUB_USERNAME }} @@ -154,6 +155,7 @@ jobs: # transparency data even for private images, pass --force to cosign below. # https://github.com/sigstore/cosign - name: Sign the images with GitHub OIDC Token + if: github.event_name != 'pull_request' env: DIGEST: ${{ steps.build-and-push.outputs.digest }} TAGS: ${{ steps.meta.outputs.tags }}