From 575f158bce29766031580db9ecd868d4a32774e9 Mon Sep 17 00:00:00 2001 From: Chris Penner Date: Tue, 7 May 2024 09:55:57 -0700 Subject: [PATCH 1/3] Build ucm docker image --- .github/workflows/pre-release.yaml | 8 +++ .github/workflows/release.yaml | 57 +++++++++++++++++++ .github/workflows/ucm-docker-image.yaml | 76 +++++++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 .github/workflows/ucm-docker-image.yaml diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml index 3c3629ef98..51b96e2cd8 100644 --- a/.github/workflows/pre-release.yaml +++ b/.github/workflows/pre-release.yaml @@ -23,6 +23,14 @@ jobs: with: ref: ${{ github.ref }} + build-docker-image: + name: build ucm docker image + uses: ./.github/workflows/ucm-docker-image.yaml + needs: + - bundle-ucm + with: + is_release: false + release: name: create release runs-on: ubuntu-20.04 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4cac97eacb..69600acc83 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -21,6 +21,15 @@ jobs: with: ref: ${{github.ref}} + build-docker-image: + name: build ucm docker image + uses: ./.github/workflows/ucm-docker-image.yaml + needs: + - bundle-ucm + with: + version: ${{inputs.version}} + is_release: true + release: name: create release runs-on: ubuntu-20.04 @@ -57,3 +66,51 @@ jobs: --notes-start-tag "${prev_tag}" \ \ /tmp/ucm/**/ucm-*.{zip,tar.gz} + + + # Configure Docker's builder, + # This seems necessary to support docker cache layers. + - name: Setup Docker buildx + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + + # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. + - name: Log in to the Container registry + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 + with: + registry: ${{ env.container_registry }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.container_registry }}/${{ env.docker_image_name }} + tags: | + type=schedule + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=sha,format=long + + + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. + # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. + # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. + - name: Build and push Docker image + id: push + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: ./docker/ + push: ${{ env.is_published_build }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + # Use github actions cache for docker image layers + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: | + SHARE_COMMIT=${{ github.sha }} + # Save image locally for use in tests even if we don't push it. + outputs: type=docker,dest=/tmp/share-docker-image.tar # export docker image + diff --git a/.github/workflows/ucm-docker-image.yaml b/.github/workflows/ucm-docker-image.yaml new file mode 100644 index 0000000000..26cbe66141 --- /dev/null +++ b/.github/workflows/ucm-docker-image.yaml @@ -0,0 +1,76 @@ +name: build and push ucm docker image + +# Build docker image containing ucm executable +# Push to the github docker image repo (a.k.a. 'packages') + +on: + workflow_call: + inputs: + version: + description: Semver version of the release. E.g. 0.5.19 + type: string + required: false + is_release: + description: Whether this is a release build. + type: boolean + required: false + default: false + +jobs: + docker-image: + name: Build and push ucm docker image + runs-on: ubuntu-20.04 + steps: + - name: Download ucm executable and ucm UI + uses: actions/download-artifact@v4 + with: + path: /tmp/ucm + + # Configure Docker's builder, + # This seems necessary to support docker cache layers. + - name: Setup Docker buildx + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + + # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. + - name: Log in to the Container registry + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 + with: + registry: ${{ env.container_registry }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.container_registry }}/${{ env.docker_image_name }} + flavor: | + # We tag latest manually below. + latest=false + tags: | + type=schedule,pattern={{date 'YYYY-MM-DD'}} + type=raw,value=v${{ inputs.version }},enable=${{ github.event.inputs.is_release }} + type=ref,event=tag + type=ref,event=push + type=sha,format=long + type=raw,tag=${{ inputs.image_tag }} + # set latest tag for pushes to trunk + type=raw,value=latest,enable=${{ github.event.inputs.is_release }} + type=raw,value=nightly,enable=${{ !github.event.inputs.is_release }} + + + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. + # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. + # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. + - name: Build and push Docker image + id: push + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: ./docker/ + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + # Use github actions cache for docker image layers + cache-from: type=gha + cache-to: type=gha,mode=max From 3aac91a17e2ae1b3e4e2320d30a82b8d9842d464 Mon Sep 17 00:00:00 2001 From: Chris Penner Date: Tue, 7 May 2024 10:40:40 -0700 Subject: [PATCH 2/3] Test docker image builder --- .github/workflows/ucm-docker-image.yaml | 47 ++++++++++++++++++++----- Dockerfile | 2 +- 2 files changed, 40 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ucm-docker-image.yaml b/.github/workflows/ucm-docker-image.yaml index 26cbe66141..634d509b84 100644 --- a/.github/workflows/ucm-docker-image.yaml +++ b/.github/workflows/ucm-docker-image.yaml @@ -16,15 +16,47 @@ on: required: false default: false + push: + branches: + - cp/test-ucm-docker-image + jobs: docker-image: name: Build and push ucm docker image runs-on: ubuntu-20.04 + + # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. + permissions: + contents: read + # Allow uploading the docker image to the container registry + packages: write + # Allow creating and updating the artifact attestation + attestations: write + # Required to get user information for building attestations + id-token: write + + env: + container_registry: ghcr.io + docker_image_name: ${{ github.repository }} + + steps: + - uses: actions/checkout@v4 + - name: Download ucm executable and ucm UI uses: actions/download-artifact@v4 with: - path: /tmp/ucm + name: bundle-linux + github-token: ${{ secrets.GITHUB_TOKEN }} + run-id: 8975410616 + path: ./tmp/downloads + + - name: Unpack ucm bundle tar + run: | + ls -lah ./tmp/downloads + mkdir -p ./tmp/ucm + tar -xvf ./tmp/downloads/ucm-*.tar.gz -C ./tmp/ucm + ls -lah ./tmp/ucm # Configure Docker's builder, # This seems necessary to support docker cache layers. @@ -49,15 +81,13 @@ jobs: # We tag latest manually below. latest=false tags: | - type=schedule,pattern={{date 'YYYY-MM-DD'}} - type=raw,value=v${{ inputs.version }},enable=${{ github.event.inputs.is_release }} + type=schedule + type=raw,value=v0.5.19,enable=true type=ref,event=tag - type=ref,event=push type=sha,format=long - type=raw,tag=${{ inputs.image_tag }} # set latest tag for pushes to trunk - type=raw,value=latest,enable=${{ github.event.inputs.is_release }} - type=raw,value=nightly,enable=${{ !github.event.inputs.is_release }} + type=raw,value=latest,enable=true + type=raw,value=nightly,enable=false # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. @@ -67,7 +97,8 @@ jobs: id: push uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 with: - context: ./docker/ + context: ./ + platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index 14aa55ca46..148ea2faae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,4 +20,4 @@ RUN chmod 555 /usr/local/bin/ucm EXPOSE 8080 ENTRYPOINT ["/usr/local/bin/ucm"] -CMD ["--codebase","/unison"] +CMD ["--codebase-create","/codebase"] From e15b142c403143e9101ed6c826dce01b789c25b7 Mon Sep 17 00:00:00 2001 From: Chris Penner Date: Tue, 7 May 2024 12:11:20 -0700 Subject: [PATCH 3/3] Fix dockerfile --- Dockerfile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 148ea2faae..fe3c8617d9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,15 +9,14 @@ RUN apt-get update && \ update-locale LANG=en_US.UTF-8 -COPY tmp/ucm/ucm /usr/local/bin/ucm -COPY tmp/ucm/ui /usr/local/share/ucm +COPY tmp/ucm/ /usr/local/bin/ucm/ ENV UCM_WEB_UI=/usr/local/share/ucm ENV UCM_PORT=8080 ENV UCM_TOKEN=pub -RUN chmod 555 /usr/local/bin/ucm +RUN chmod 555 /usr/local/bin/ucm/ucm EXPOSE 8080 -ENTRYPOINT ["/usr/local/bin/ucm"] +ENTRYPOINT ["/usr/local/bin/ucm/ucm"] CMD ["--codebase-create","/codebase"]