Skip to content
CI Build

build #30

Sign in to view logs

build

build #30

Workflow file for this run

.github/workflows/build.yaml at 5ff3d21
name: CI Build
on:
# Build main container:
repository_dispatch:
types: [build]
workflow_dispatch:
push:
branches: ['main']
paths-ignore: ['**/*.md']
# Build release container:
tags:
- 'v*.*'
- 'v*.*.*'
# Dry run for PRs:
pull_request:
branches: ['main']
paths-ignore: ['**/*.md']
permissions:
contents: write
jobs:
build:
name: Maven Build
strategy:
matrix:
java: [ '21' ]
maven: [ '3.9.9' ]
runs-on: 'ubuntu-24.04'
steps:
- name: Checkout distro repository
uses: actions/checkout@v4
- name: Checkout backend repository
uses: actions/checkout@v4
with:
repository: 'llamara-ai/llamara-backend'
path: 'llamara-backend'
ref: ${{ startsWith(github.ref, 'refs/tags/v') && github.ref || 'main' }}
- name: Download frontend artifact from GitLab
env:
GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }}
GITLAB_HOST: ${{ secrets.GITLAB_HOST }}
FRONTEND_PROJECT: ${{ secrets.FRONTEND_PROJECT }}
FRONTEND_REF: ${{ startsWith(github.ref, 'refs/tags/v') && github.ref || 'main' }}
FRONTEND_JOB: 'build'
run: |
echo -n "Downloading frontend artifact for ref ${FRONTEND_REF} from GitLab ... "
curl --location --output frontend.zip --silent --show-error --fail-with-body --header "PRIVATE-TOKEN: $GITLAB_TOKEN" "https://$GITLAB_HOST/api/v4/projects/$FRONTEND_PROJECT/jobs/artifacts/$FRONTEND_REF/download?job=$FRONTEND_JOB"
echo "SUCCESS"
echo -n "Unzipping frontend artifact ... "
unzip -q frontend.zip
echo "DONE"
echo -n "Moving frontend files into backend ... "
mv dist/* llamara-backend/src/main/resources/META-INF/resources/
echo "DONE"
- name: Maven Build
uses: ./llamara-backend/.github/actions/maven-build
with:
java: ${{ matrix.java }}
maven: ${{ matrix.maven }}
pom: "llamara-backend/pom.xml"
skip_spotless: 'true'
skip_changed_files: 'true'
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
- name: Upload packaged application
uses: actions/upload-artifact@v4
with:
name: quarkus-app
path: |
llamara-backend/target/quarkus-app
publish-docker:
name: Docker Build & Publish
needs: build
runs-on: 'ubuntu-24.04'
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: 'llamara-ai/llamara'
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
steps:
- name: Checkout distro repository
uses: actions/checkout@v4
- name: Checkout backend repository
uses: actions/checkout@v4
with:
repository: 'llamara-ai/llamara-backend'
path: 'llamara-backend'
ref: ${{ github.event.inputs.ref || 'main' }}
- name: Get Build Date
id: date
run: echo "date=$(date +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
- name: Get Project Version
id: version
run: echo "version=$(mvn --file llamara-backend/pom.xml help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT
# Install the cosign tool
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@v3
with:
cosign-release: 'v2.2.4'
# Set up BuildKit Docker container builder to be able to build
# multi-platform images and export cache
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# Login against a Docker registry
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Download packaged application
uses: actions/download-artifact@v4
with:
name: quarkus-app
path: target/quarkus-app
# Build and push Docker image with Buildx
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@v5
with:
file: llamara-backend/src/main/docker/Dockerfile.jvm
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
BUILD_DATE=${{ steps.date.outputs.date }}
VCS_REF=${{ github.sha }}
LLAMARA_VERSION=${{ steps.version.outputs.version }}
# Sign the resulting Docker image digest.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ github.event_name != 'pull_request' }}
env:
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
TAGS: ${{ steps.meta.outputs.tags }}
DIGEST: ${{ steps.build-and-push.outputs.digest }}
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}