Docker #1923
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker | |
on: | |
# build dev daily | |
schedule: | |
- cron: "20 2 * * *" # Daily at 02:20 | |
push: | |
tags: | |
- v* | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: "The tag to release. Note that this happens by default on the tag push. Only run this action when something went wrong!" | |
required: false | |
permissions: | |
contents: read # to fetch code (actions/checkout) | |
env: | |
REGISTRY_IMAGE: openproject/openproject | |
jobs: | |
setup: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Extract version | |
id: extract_version | |
run: | | |
if [[ ${{ github.event_name }} == 'push' ]]; then | |
TAG_REF=${GITHUB_REF#refs/tags/} | |
CHECKOUT_REF=$GITHUB_REF | |
elif [[ ${{ github.event_name }} == 'schedule' ]]; then | |
TAG_REF=dev | |
CHECKOUT_REF=refs/heads/dev | |
elif [[ ${{ github.event_name }} == 'workflow_dispatch' ]]; then | |
TAG_REF=${{ inputs.tag }} | |
CHECKOUT_REF=${{ inputs.tag }} | |
if [ -z "$TAG_REF" ]; then | |
TAG_REF=dev | |
CHECKOUT_REF=dev | |
fi | |
else | |
echo "Unsupported event" | |
exit 1 | |
fi | |
if [ -z "$TAG_REF" ] || [ -z "$CHECKOUT_REF" ]; then | |
echo "No TAG_REF or CHECKOUT_REF set. Aborting" | |
exit 1 | |
fi | |
VERSION=${TAG_REF#v} | |
echo "Version: $VERSION" | |
echo "version=$VERSION" >> "$GITHUB_OUTPUT" | |
echo "checkout_ref=$CHECKOUT_REF" >> "$GITHUB_OUTPUT" | |
- uses: actions/checkout@v4 | |
- name: Cache NPM | |
uses: runs-on/cache@v4 | |
with: | |
path: | | |
frontend/node_modules | |
node_modules | |
key: nodejs-x64-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: nodejs-x64- | |
- name: Cache angular | |
uses: runs-on/cache@v4 | |
with: | |
path: frontend/.angular | |
key: angular-${{ github.ref }} | |
restore-keys: angular- | |
- uses: ruby/setup-ruby@v1 | |
with: | |
bundler-cache: true | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: npm | |
cache-dependency-path: | | |
package-lock.json | |
frontend/package-lock.json | |
- name: Precompile assets | |
run: | | |
./docker/prod/setup/precompile-assets.sh | |
# public/assets will be saved as artifact, so temporarily copying config file there as well | |
cp config/frontend_assets.manifest.json public/assets/frontend_assets.manifest.json | |
- uses: actions/upload-artifact@v4 | |
with: | |
path: public/ | |
name: public-assets-${{ github.sha }} | |
overwrite: true | |
# Since v4.4, hidden files are excluded by default. | |
# We need to include public/assets/.sprockets-manifest-*.json | |
include-hidden-files: true | |
outputs: | |
version: ${{ steps.extract_version.outputs.version }} | |
checkout_ref: ${{ steps.extract_version.outputs.checkout_ref }} | |
build: | |
needs: | |
- setup | |
if: github.repository == 'opf/openproject' | |
runs-on: | |
labels: | |
- runs-on | |
- ssh=false | |
- run-id=${{ github.run_id }} | |
- ${{ matrix.runner }} | |
strategy: | |
matrix: | |
include: | |
- platform: linux/amd64 | |
digest: amd64-slim | |
bim_support: true | |
target: slim | |
runner: runner=4cpu-linux-x64 | |
- platform: linux/arm64/v8 | |
digest: arm64-slim | |
bim_support: false | |
target: slim | |
runner: runner=4cpu-linux-arm64 | |
- platform: linux/amd64 | |
digest: amd64-aio | |
bim_support: true | |
target: all-in-one | |
runner: runner=4cpu-linux-x64 | |
- platform: linux/arm64/v8 | |
digest: arm64-aio | |
bim_support: false | |
target: all-in-one | |
runner: runner=4cpu-linux-arm64 | |
- platform: linux/ppc64le | |
digest: ppc-aio | |
bim_support: false | |
target: all-in-one | |
runner: runner=4cpu-linux-x64 | |
steps: | |
- name: Checkout | |
with: | |
ref: ${{ needs.setup.outputs.checkout_ref }} | |
uses: actions/checkout@v4 | |
- name: Prepare docker files | |
run: | | |
cp ./docker/prod/Dockerfile ./Dockerfile | |
- name: Download precompiled public assets | |
uses: actions/download-artifact@v4 | |
with: | |
name: public-assets-${{ github.sha }} | |
path: public/ | |
- name: Setup precompiled assets | |
run: | | |
ls -al public/ | |
mv public/assets/frontend_assets.manifest.json config/frontend_assets.manifest.json | |
ls -al config/frontend_assets.manifest.json | |
# allow precompiled assets to be injected into docker image | |
echo '' >> .dockerignore | |
echo '!/public/assets' >> .dockerignore | |
echo '!/config/frontend_assets.manifest.json' >> .dockerignore | |
- name: Add build information | |
run: | | |
echo "${{ needs.setup.outputs.checkout_ref }}" > PRODUCT_VERSION | |
echo "https://github.com/opf/openproject/commits/${{ needs.setup.outputs.checkout_ref }}" > PRODUCT_URL | |
date -u +"%Y-%m-%dT%H:%M:%SZ" > RELEASE_DATE | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
context: git | |
labels: | | |
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/opf/openproject/refs/heads/dev/docker/prod/README.md | |
io.artifacthub.package.logo-url=https://raw.githubusercontent.com/opf/openproject/refs/heads/dev/docker/prod/logo.png | |
org.opencontainers.image.source=https://github.com/opf/openproject | |
org.opencontainers.image.documentation=https://www.openproject.org/docs/installation-and-operations/installation/ | |
org.opencontainers.image.vendor=OpenProject GmbH | |
tags: | | |
type=semver,pattern={{version}},value=${{ needs.setup.outputs.version }} | |
images: | | |
${{ env.REGISTRY_IMAGE }} | |
- name: Build image | |
id: build | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
platforms: ${{ matrix.platform }} | |
target: ${{ matrix.target }} | |
build-args: | | |
BIM_SUPPORT=${{ matrix.bim_support }} | |
pull: true | |
load: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=s3,blobs_prefix=cache/${{ github.repository }}/,manifests_prefix=cache/${{ github.repository }}/,region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }} | |
cache-to: type=s3,blobs_prefix=cache/${{ github.repository }}/,manifests_prefix=cache/${{ github.repository }}/,region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }},mode=max | |
- name: Test | |
# We only test the native container. If that fails the builds for the others | |
# will be cancelled as well. | |
if: matrix.platform == 'linux/amd64' && matrix.target == 'all-in-one' | |
run: | | |
docker run \ | |
--name openproject \ | |
-d -p 8080:80 --platform ${{ matrix.platform }} \ | |
-e SUPERVISORD_LOG_LEVEL=debug \ | |
-e OPENPROJECT_LOGIN__REQUIRED=false \ | |
-e OPENPROJECT_HTTPS=false \ | |
${{ steps.build.outputs.imageid }} | |
sleep 60 | |
docker logs openproject --tail 100 | |
wget -O- --retry-on-http-error=503,502 --retry-connrefused http://localhost:8080/api/v3 | |
- name: Push image | |
id: push | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
platforms: ${{ matrix.platform }} | |
target: ${{ matrix.target }} | |
build-args: | | |
BIM_SUPPORT=${{ matrix.bim_support }} | |
labels: ${{ steps.meta.outputs.labels }} | |
outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true | |
cache-from: type=s3,blobs_prefix=cache/${{ github.repository }}/,manifests_prefix=cache/${{ github.repository }}/,region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }} | |
cache-to: type=s3,blobs_prefix=cache/${{ github.repository }}/,manifests_prefix=cache/${{ github.repository }}/,region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }},mode=max | |
- name: Export digest | |
run: | | |
mkdir -p /tmp/digests | |
digest="${{ steps.push.outputs.digest }}" | |
touch "/tmp/digests/${digest#sha256:}" | |
- name: Upload digest | |
uses: actions/upload-artifact@v4 | |
with: | |
name: digests-${{ matrix.target }}-${{ matrix.digest }} | |
path: /tmp/digests/* | |
if-no-files-found: error | |
retention-days: 1 | |
merge: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
target: [slim, all-in-one] | |
needs: | |
- setup | |
- build | |
steps: | |
- name: Merge digests | |
uses: actions/upload-artifact/merge@v4 | |
with: | |
pattern: "digests-${{ matrix.target }}-*" | |
overwrite: true | |
name: "merged-digests-${{ matrix.target }}-${{ github.run_number }}-${{ github.run_attempt }}" | |
- name: Download digests | |
uses: actions/download-artifact@v4 | |
with: | |
name: "merged-digests-${{ matrix.target }}-${{ github.run_number }}-${{ github.run_attempt }}" | |
path: /tmp/digests | |
- name: Set suffix | |
id: set_suffix | |
run: | | |
suffix="-${{ matrix.target }}" | |
if [ "$suffix" = "-all-in-one" ]; then suffix="" ; fi | |
echo "suffix=$suffix" >> "$GITHUB_OUTPUT" | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY_IMAGE }} | |
labels: | | |
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/opf/openproject/refs/heads/dev/docker/prod/README.md | |
io.artifacthub.package.logo-url=https://raw.githubusercontent.com/opf/openproject/refs/heads/dev/docker/prod/logo.png | |
org.opencontainers.image.source=https://github.com/opf/openproject | |
org.opencontainers.image.documentation=https://www.openproject.org/docs/installation-and-operations/installation/ | |
org.opencontainers.image.vendor=OpenProject GmbH | |
flavor: | | |
latest=false | |
suffix=${{ steps.set_suffix.outputs.suffix }} | |
tags: | | |
type=semver,pattern={{version}},value=${{ needs.setup.outputs.version }} | |
type=semver,pattern={{major}}.{{minor}},value=${{ needs.setup.outputs.version }} | |
type=semver,pattern={{major}},value=${{ needs.setup.outputs.version }} | |
type=raw,value=dev,priority=200,enable={{is_default_branch}} | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Create manifest list and push | |
working-directory: /tmp/digests | |
run: | | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) | |
- name: Inspect image | |
run: | | |
docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} | |
notify: | |
needs: [setup, build, merge] | |
if: ${{ always() && contains(needs.*.result, 'failure') }} | |
uses: ./.github/workflows/email-notification.yml | |
secrets: inherit | |
with: | |
subject: "Docker build failed" | |
body: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
trigger_helm_release: | |
needs: [setup, build, merge] | |
permissions: | |
contents: none | |
if: ${{ github.repository == 'opf/openproject' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Trigger Helm charts release | |
env: | |
TOKEN: ${{ secrets.OPENPROJECT_CI_TOKEN }} | |
REPOSITORY: opf/helm-charts | |
WORKFLOW_ID: core_release.yml | |
run: | | |
curl -i --fail-with-body -H"authorization: Bearer $TOKEN" \ | |
-XPOST -H"Accept: application/vnd.github.v3+json" \ | |
https://api.github.com/repos/$REPOSITORY/actions/workflows/$WORKFLOW_ID/dispatches \ | |
-d '{"ref": "main", "inputs": { "tag" : "${{ needs.setup.outputs.version }}" }}' |