Skip to content

Commit c4d6dfd

Browse files
committed
AP-733 use org .github workflow templates
- uses .github/.github templates for build, merge, push, and release - which also adds support for multi-arch builds in the registry - bumps some github action versions - cleans up test job a bit - corrects bundle audit misname - adds a js:eslint step (which was not previously performed)
1 parent 95823df commit c4d6dfd

2 files changed

Lines changed: 34 additions & 197 deletions

File tree

.github/workflows/build.yml

Lines changed: 27 additions & 145 deletions
Original file line numberDiff line numberDiff line change
@@ -3,145 +3,44 @@ name: Build / Test / Push
33
on:
44
push:
55
branches:
6-
- '**'
6+
- "**"
7+
workflow_call:
78
workflow_dispatch:
89

910
env:
1011
BUILD_SUFFIX: -build-${{ github.run_id }}_${{ github.run_attempt }}
11-
DOCKER_METADATA_SET_OUTPUT_ENV: 'true'
1212

1313
jobs:
14-
build:
15-
runs-on: ${{ matrix.runner }}
16-
outputs:
17-
image-arm64: ${{ steps.gen-output.outputs.image-arm64 }}
18-
image-x64: ${{ steps.gen-output.outputs.image-x64 }}
19-
strategy:
20-
fail-fast: false
21-
matrix:
22-
runner:
23-
- ubuntu-24.04
24-
- ubuntu-24.04-arm
25-
steps:
26-
- name: Checkout code
27-
uses: actions/checkout@v4
28-
29-
- name: Set up Docker Buildx
30-
uses: docker/setup-buildx-action@v3
31-
32-
- name: Login to GitHub Container Registry
33-
uses: docker/login-action@v3
34-
with:
35-
registry: ghcr.io
36-
username: ${{ github.actor }}
37-
password: ${{ secrets.GITHUB_TOKEN }}
38-
39-
- id: build-meta
40-
name: Docker meta
41-
uses: docker/metadata-action@v5
42-
with:
43-
images: ghcr.io/${{ github.repository }}
44-
tags: type=sha,suffix=${{ env.BUILD_SUFFIX }}
45-
46-
# Build cache is shared among all builds of the same architecture
47-
- id: cache-meta
48-
name: Docker meta
49-
uses: docker/metadata-action@v5
50-
with:
51-
images: ghcr.io/${{ github.repository }}
52-
tags: type=raw,value=buildcache-${{ runner.arch }}
53-
54-
- id: get-registry
55-
name: Get the sanitized registry name
56-
run: |
57-
echo "registry=$(echo '${{ steps.build-meta.outputs.tags }}' | cut -f1 -d:)" | tee -a "$GITHUB_OUTPUT"
58-
59-
- id: build
60-
name: Build/push the arch-specific image
61-
uses: docker/build-push-action@v6
62-
with:
63-
cache-from: type=registry,ref=${{ steps.cache-meta.outputs.tags }}
64-
cache-to: type=registry,ref=${{ steps.cache-meta.outputs.tags }},mode=max
65-
labels: ${{ steps.build-meta.outputs.labels }}
66-
provenance: mode=max
67-
sbom: true
68-
tags: ${{ steps.get-registry.outputs.registry }}
69-
outputs: type=image,push-by-digest=true,push=true
70-
71-
- id: gen-output
72-
name: Write arch-specific image digest to outputs
73-
run: |
74-
echo "image-${RUNNER_ARCH,,}=${{ steps.get-registry.outputs.registry }}@${{ steps.build.outputs.digest }}" | tee -a "$GITHUB_OUTPUT"
75-
76-
merge:
77-
runs-on: ubuntu-24.04
78-
needs: build
79-
env:
80-
DOCKER_APP_IMAGE_ARM64: ${{ needs.build.outputs.image-arm64 }}
81-
DOCKER_APP_IMAGE_X64: ${{ needs.build.outputs.image-x64 }}
82-
outputs:
83-
image: ${{ steps.meta.outputs.tags }}
84-
steps:
85-
- name: Checkout code
86-
uses: actions/checkout@v4
87-
88-
- name: Set up Docker Buildx
89-
uses: docker/setup-buildx-action@v3
90-
91-
- name: Login to GitHub Container Registry
92-
uses: docker/login-action@v3
93-
with:
94-
registry: ghcr.io
95-
username: ${{ github.actor }}
96-
password: ${{ secrets.GITHUB_TOKEN }}
97-
98-
- id: meta
99-
name: Generate tag for the app image
100-
uses: docker/metadata-action@v5
101-
with:
102-
images: ghcr.io/${{ github.repository }}
103-
tags: type=sha,suffix=${{ env.BUILD_SUFFIX }}
104-
105-
- name: Push the multi-platform app image
106-
run: |
107-
docker buildx imagetools create \
108-
--tag "$DOCKER_METADATA_OUTPUT_TAGS" \
109-
"$DOCKER_APP_IMAGE_ARM64" "$DOCKER_APP_IMAGE_X64"
14+
docker-build:
15+
uses: BerkeleyLibrary/.github/.github/workflows/docker-build.yml@v2.0.0
16+
with:
17+
image: ghcr.io/${{ github.repository }}
18+
secrets: inherit
11019

11120
test:
11221
runs-on: ubuntu-24.04
113-
needs: merge
22+
needs: docker-build
11423
env:
11524
COMPOSE_FILE: docker-compose.yml:docker-compose.ci.yml
116-
DOCKER_APP_IMAGE: ${{ needs.merge.outputs.image }}
25+
DOCKER_APP_IMAGE: ${{ needs.docker-build.outputs.image }}
11726
steps:
11827
- name: Checkout code
119-
uses: actions/checkout@v4
28+
uses: actions/checkout@v6
12029

12130
- name: Set up Docker Compose
122-
uses: docker/setup-compose-action@v1
31+
uses: docker/setup-compose-action@v2
12332

12433
- name: Login to GitHub Container Registry
125-
uses: docker/login-action@v3
34+
uses: docker/login-action@v4
12635
with:
12736
registry: ghcr.io
12837
username: ${{ github.actor }}
12938
password: ${{ secrets.GITHUB_TOKEN }}
13039

131-
- name: Setup the stack
132-
run: |
133-
docker run --quiet --rm "${DOCKER_APP_IMAGE}" rails secret > /tmp/secret_key_base
134-
docker compose build --quiet
135-
docker compose pull --quiet
136-
docker compose up --wait
137-
docker compose exec -u root app chown -R altmedia:altmedia artifacts
138-
13940
- name: Run RSpec
14041
if: ${{ always() }}
14142
run: |
14243
docker compose exec -e RAILS_ENV=test app rake coverage
143-
# docker compose exec -e RAILS_ENV=test app rake check
144-
# docker compose exec -e RAILS_ENV=test app rspec --format progress --format html --out artifacts/rspec.html
14544
14645
- name: Run Rubocop
14746
if: ${{ always() }}
@@ -153,55 +52,38 @@ jobs:
15352
run: |
15453
docker compose exec -e RAILS_ENV=test app rake brakeman
15554
156-
- name: Run ESLint
55+
- name: Run Bundle Audit
15756
if: ${{ always() }}
15857
run: |
15958
docker compose exec -e RAILS_ENV=test app rake bundle:audit
16059
60+
- name: Run ESLint
61+
if: ${{ always() }}
62+
run: |
63+
docker compose exec -e RAILS_ENV=test app rake js:eslint
64+
16165
- name: Copy out artifacts
16266
if: ${{ always() }}
16367
run: |
16468
docker compose cp app:/opt/app/artifacts ./ || mkdir artifacts
16569
docker compose logs > artifacts/docker-compose-services.log
166-
docker compose config > artifacts/docker-compose.merged.yml
70+
docker compose config > artifacts/docker-compose.docker-buildd.yml
16771
16872
- name: Upload the test report
16973
if: ${{ always() }}
170-
uses: actions/upload-artifact@v4
74+
uses: actions/upload-artifact@v7
17175
with:
17276
name: Framework Build Report (${{ github.run_id }}_${{ github.run_attempt }})
17377
path: artifacts/*
17478
if-no-files-found: error
17579

17680
push:
177-
runs-on: ubuntu-24.04
17881
needs:
179-
- merge
82+
- docker-build
18083
- test
181-
env:
182-
DOCKER_APP_IMAGE: ${{ needs.merge.outputs.image }}
183-
steps:
184-
- name: Checkout code
185-
uses: actions/checkout@v4
186-
187-
- name: Login to GitHub Container Registry
188-
uses: docker/login-action@v3
189-
with:
190-
registry: ghcr.io
191-
username: ${{ github.actor }}
192-
password: ${{ secrets.GITHUB_TOKEN }}
193-
194-
- name: Produce permanent image tags
195-
uses: docker/metadata-action@v5
196-
with:
197-
images: ghcr.io/${{ github.repository }}
198-
tags: |
199-
type=sha
200-
type=ref,event=branch
201-
type=raw,value=latest,enable={{is_default_branch}}
202-
203-
- name: Retag and push the image
204-
run: |
205-
docker pull "$DOCKER_APP_IMAGE"
206-
echo "$DOCKER_METADATA_OUTPUT_TAGS" | tr ' ' '\n' | xargs -n1 docker tag "$DOCKER_APP_IMAGE"
207-
docker push --all-tags "$(echo "$DOCKER_APP_IMAGE" | cut -f1 -d:)"
84+
uses: BerkeleyLibrary/.github/.github/workflows/docker-push.yml@v2.0.0
85+
with:
86+
image: ghcr.io/${{ github.repository }}
87+
build-image-arm64: ${{ needs.docker-build.outputs.image-arm64 }}
88+
build-image-x64: ${{ needs.docker-build.outputs.image-x64 }}
89+
secrets: inherit

.github/workflows/release.yml

Lines changed: 7 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -3,57 +3,12 @@ name: Push Release Tags
33
on:
44
push:
55
tags:
6-
- '**'
6+
- "**"
7+
workflow_call:
78
workflow_dispatch:
8-
9-
env:
10-
DOCKER_METADATA_SET_OUTPUT_ENV: 'true'
11-
129
jobs:
13-
retag:
14-
runs-on: ubuntu-latest
15-
steps:
16-
- name: Checkout code
17-
uses: actions/checkout@v4
18-
19-
- name: Set up Docker Buildx
20-
uses: docker/setup-buildx-action@v3
21-
22-
- name: Login to GitHub Container Registry
23-
uses: docker/login-action@v3
24-
with:
25-
registry: ghcr.io
26-
username: ${{ github.actor }}
27-
password: ${{ secrets.GITHUB_TOKEN }}
28-
29-
- name: Determine the sha-based image tag to retag
30-
id: get-base-image
31-
uses: docker/metadata-action@v5
32-
with:
33-
images: ghcr.io/${{ github.repository }}
34-
tags: type=sha
35-
36-
- name: Verify that the image was previously built
37-
env:
38-
BASE_IMAGE: ${{ steps.get-base-image.outputs.tags }}
39-
run: |
40-
docker pull "$BASE_IMAGE"
41-
42-
- name: Produce release tags
43-
id: tag-meta
44-
uses: docker/metadata-action@v5
45-
with:
46-
images: ghcr.io/${{ github.repository }}
47-
flavor: latest=false
48-
tags: |
49-
type=ref,event=tag
50-
type=semver,pattern={{major}}
51-
type=semver,pattern={{major}}.{{minor}}
52-
type=semver,pattern={{version}}
53-
54-
- name: Retag the pulled image
55-
env:
56-
BASE_IMAGE: ${{ steps.get-base-image.outputs.tags }}
57-
run: |
58-
echo "$DOCKER_METADATA_OUTPUT_TAGS" | tr ' ' '\n' | xargs -n1 docker tag "$BASE_IMAGE"
59-
docker push --all-tags "$(echo "$BASE_IMAGE" | cut -f1 -d:)"
10+
release:
11+
uses: BerkeleyLibrary/.github/.github/workflows/docker-release.yml@v2.0.0
12+
with:
13+
image: ghcr.io/${{ github.repository }}
14+
secrets: inherit

0 commit comments

Comments
 (0)