CI Build #42

Workflow file for this run

	name: CI Build

	on:
	# Build main container:
	repository_dispatch:
	types: [build]
	workflow_dispatch:
	push:
	branches: ['main']
	paths-ignore: ['*/.md']
	# Build release container:
	tags:
	- 'v.'
	- 'v..*'
	# Dry run for PRs:
	pull_request:
	branches: ['main']
	paths-ignore: ['*/.md']

	permissions:
	contents: write

	jobs:
	build:
	name: Maven Build
	strategy:
	matrix:
	java: [ '21' ]
	maven: [ '3.9.9' ]

	runs-on: 'ubuntu-24.04'

	steps:
	- name: Checkout distro repository
	uses: actions/checkout@v4

	- name: Checkout backend repository
	uses: actions/checkout@v4
	with:
	repository: 'llamara-ai/llamara-backend'
	path: 'llamara-backend'
	ref: ${{ startsWith(github.ref, 'refs/tags/v') && github.ref \|\| 'main' }}

	- name: Download frontend artifact from GitLab
	env:
	GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }}
	GITLAB_HOST: ${{ secrets.GITLAB_HOST }}
	FRONTEND_PROJECT: ${{ secrets.FRONTEND_PROJECT }}
	FRONTEND_REF: ${{ startsWith(github.ref, 'refs/tags/v') && github.ref \|\| 'main' }}
	FRONTEND_JOB: 'build'
	run: \|
	echo -n "Downloading frontend artifact for ref ${FRONTEND_REF} from GitLab ... "
	curl --location --output frontend.zip --silent --show-error --fail-with-body --header "PRIVATE-TOKEN: $GITLAB_TOKEN" "https://$GITLAB_HOST/api/v4/projects/$FRONTEND_PROJECT/jobs/artifacts/$FRONTEND_REF/download?job=$FRONTEND_JOB"
	echo "SUCCESS"
	echo -n "Unzipping frontend artifact ... "
	unzip -q frontend.zip
	echo "DONE"
	echo -n "Moving frontend files into backend ... "
	mv dist/* llamara-backend/src/main/resources/META-INF/resources/
	echo "DONE"

	- name: Maven Build
	uses: ./llamara-backend/.github/actions/maven-build
	with:
	java: ${{ matrix.java }}
	maven: ${{ matrix.maven }}
	pom: "llamara-backend/pom.xml"
	skip_spotless: 'true'
	skip_changed_files: 'true'
	OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}

	- name: Upload packaged application
	uses: actions/upload-artifact@v4
	with:
	name: quarkus-app
	path: \|
	llamara-backend/target/quarkus-app

	publish-docker:
	name: Docker Build & Publish
	needs: build

	runs-on: 'ubuntu-24.04'

	env:
	# Use docker.io for Docker Hub if empty
	REGISTRY: ghcr.io
	# github.repository as <account>/<repo>
	IMAGE_NAME: 'llamara-ai/llamara'

	permissions:
	contents: read
	packages: write
	# This is used to complete the identity challenge
	# with sigstore/fulcio when running outside of PRs.
	id-token: write

	steps:
	- name: Checkout distro repository
	uses: actions/checkout@v4

	- name: Checkout backend repository
	uses: actions/checkout@v4
	with:
	repository: 'llamara-ai/llamara-backend'
	path: 'llamara-backend'
	ref: ${{ github.event.inputs.ref \|\| 'main' }}

	- name: Get Build Date
	id: date
	run: echo "date=$(date +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT

	- name: Get Project Version
	id: version
	run: echo "version=$(mvn --file llamara-backend/pom.xml help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT

	# Install the cosign tool
	# https://github.com/sigstore/cosign-installer
	- name: Install cosign
	if: github.event_name != 'pull_request'
	uses: sigstore/cosign-installer@v3
	with:
	cosign-release: 'v2.2.4'

	# Set up BuildKit Docker container builder to be able to build
	# multi-platform images and export cache
	# https://github.com/docker/setup-buildx-action
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	# Login against a Docker registry
	# https://github.com/docker/login-action
	- name: Log into registry ${{ env.REGISTRY }}
	if: github.event_name != 'pull_request'
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	# Extract metadata (tags, labels) for Docker
	# https://github.com/docker/metadata-action
	- name: Extract Docker metadata
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

	- name: Download packaged application
	uses: actions/download-artifact@v4
	with:
	name: quarkus-app
	path: target/quarkus-app

	# Build and push Docker image with Buildx
	# https://github.com/docker/build-push-action
	- name: Build and push Docker image
	id: build-and-push
	uses: docker/build-push-action@v5
	with:
	file: llamara-backend/src/main/docker/Dockerfile.jvm
	context: .
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	cache-from: type=gha
	cache-to: type=gha,mode=max
	build-args: \|
	BUILD_DATE=${{ steps.date.outputs.date }}
	VCS_REF=${{ github.sha }}
	LLAMARA_VERSION=${{ steps.version.outputs.version }}

	# Sign the resulting Docker image digest.
	# This will only write to the public Rekor transparency log when the Docker
	# repository is public to avoid leaking data. If you would like to publish
	# transparency data even for private images, pass --force to cosign below.
	# https://github.com/sigstore/cosign
	- name: Sign the published Docker image
	if: ${{ github.event_name != 'pull_request' }}
	env:
	# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
	TAGS: ${{ steps.meta.outputs.tags }}
	DIGEST: ${{ steps.build-and-push.outputs.digest }}
	# This step uses the identity token to provision an ephemeral certificate
	# against the sigstore community Fulcio instance.
	run: echo "${TAGS}" \| xargs -I {} cosign sign --yes {}@${DIGEST}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI Build #42

Workflow file

CI Build #42

Jobs

Run details

Workflow file for this run