diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..9288bb3 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +--- +version: 2 +updates: + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "weekly" + + # Check for updates to GitHub Actions every week + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/container-test.yml b/.github/workflows/container-test.yml new file mode 100644 index 0000000..316b80a --- /dev/null +++ b/.github/workflows/container-test.yml @@ -0,0 +1,18 @@ +--- +name: "Container build and test" +on: [push, pull_request, workflow_call] +permissions: read-all + +jobs: + podman-build: + name: Utility Container Build + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Utility Container Build + run: make build + + - name: Run Container tests + run: make test diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..0127e5d --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,81 @@ +--- +name: Docker build and push to quay + +permissions: read-all + +on: + push: + branches: ['main', 'integrate_rhoai'] + # Publish semver tags as releases. + tags: ['v*.*.*'] + pull_request: + branches: ['main', 'integrate_rhoai'] + +env: + REGISTRY: quay.io + +jobs: + test: + uses: ./.github/workflows/container-test.yml + + build-container-and-push: + needs: [test] + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + strategy: + matrix: + include: + - dockerfile: ./container-source/Containerfile-runtime + image: quay.io/hybridcloudpatterns/manuela-runtime + - dockerfile: ./container-source/Containerfile-workbench + image: quay.io/hybridcloudpatterns/manuela-workbench + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_PASSWORD }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + images: ${{ matrix.image }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + with: + context: container-source + file: ${{ matrix.dockerfile }} + platforms: linux/amd64 + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..38811dc --- /dev/null +++ b/Makefile @@ -0,0 +1,61 @@ +TAG ?= latest +RUNTIME_CONTAINER ?= manuela-runtime:$(TAG) +WORKBENCH_CONTAINER ?= manuela-workbench:$(TAG) + +##@ Help-related tasks +.PHONY: help +help: ## Help + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^(\s|[a-zA-Z_0-9-])+:.*?##/ { printf " \033[36m%-35s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ Build-related tasks +.PHONY: build +build: build-runtime build-workbench test ## Build the runtime and the workbench container locally + +.PHONY: build-runtime +build-runtime: ## build manuela-runtime container + cd ./container-source; buildah bud -f ./Containerfile-runtime --format docker -t $(RUNTIME_CONTAINER) + +.PHONY: build-workbench +build-workbench: ## build manuela-workbench container + cd ./container-source; buildah bud -f ./Containerfile-workbench --format docker -t $(WORKBENCH_CONTAINER) + +.PHONY: test +test: ## test the built containers + podman run -it --rm --net=host --entrypoint /bin/sh $(RUNTIME_CONTAINER) -c "jupyter --version" + podman run -it --rm --net=host --entrypoint /bin/sh $(WORKBENCH_CONTAINER) -c "jupyter --version" + +.PHONY: clean +clean: ## Removes any previously built artifact + podman rmi $(RUNTIME_CONTAINER) $(WORKBENCH_CONTAINER) + +.PHONY: super-linter +super-linter: ## Runs super linter locally + rm -rf .mypy_cache + podman run -e RUN_LOCAL=true -e USE_FIND_ALGORITHM=true \ + -e VALIDATE_JAVASCRIPT_STANDARD=false \ + -e VALIDATE_MARKDOWN=false \ + -e VALIDATE_JAVASCRIPT_PRETTIER=false \ + -e VALIDATE_JSCPD=false \ + -e VALIDATE_JSON=false \ + -e VALIDATE_JSON_PRETTIER=false \ + -e VALIDATE_MARKDOWN_PRETTIER=false \ + -e VALIDATE_BASH=false \ + -e VALIDATE_BASH_EXEC=false \ + -e VALIDATE_CHECKOV=false \ + -e VALIDATE_CSS=false \ + -e VALIDATE_CSS_PRETTIER=false \ + -e VALIDATE_GITLEAKS=false \ + -e VALIDATE_GOOGLE_JAVA_FORMAT=false \ + -e VALIDATE_HTML=false \ + -e VALIDATE_HTML_PRETTIER=false \ + -e VALIDATE_JAVA=false \ + -e VALIDATE_KUBERNETES_KUBECONFORM=false \ + -e VALIDATE_NATURAL_LANGUAGE=false \ + -e VALIDATE_SHELL_SHFMT=false \ + -e VALIDATE_TYPESCRIPT_PRETTIER=false \ + -e VALIDATE_TYPESCRIPT_STANDARD=false \ + -e VALIDATE_YAML=false \ + -e VALIDATE_YAML_PRETTIER=false \ + -v $(PWD):/tmp/lint:rw,z \ + -w /tmp/lint \ + ghcr.io/super-linter/super-linter:slim-v7