diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ad28562..c17775d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,141 +7,28 @@ on: workflow_call: workflow_dispatch: -env: - BUILD_SUFFIX: -build-${{ github.run_id }}_${{ github.run_attempt }} - DOCKER_METADATA_SET_OUTPUT_ENV: 'true' - jobs: - build: - runs-on: ${{ matrix.runner }} - outputs: - build-image-arm: ${{ steps.gen-output.outputs.image-arm64 }} - build-image-x64: ${{ steps.gen-output.outputs.image-x64 }} - strategy: - fail-fast: false - matrix: - include: - - platform: linux/amd64 - runner: ubuntu-24.04 - - platform: linux/arm64 - runner: ubuntu-24.04-arm - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - id: build-meta - name: Produce the build image tag - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository }} - tags: type=sha,suffix=${{ env.BUILD_SUFFIX }} - - # Build cache is shared among all builds of the same architecture - - id: cache-meta - name: Fetch build cache metadata - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository }} - tags: type=raw,value=buildcache-${{ runner.arch }} - - - id: get-registry - name: Get the sanitized registry name - run: | - echo "registry=$(echo '${{ steps.build-meta.outputs.tags }}' | cut -f1 -d:)" | tee -a "$GITHUB_OUTPUT" - - - id: set_build_url - name: Set BUILD_URL - run: | - echo "build_url=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" | tee -a "$GITHUB_OUTPUT" - - - id: build - name: Build/push the arch-specific image - uses: docker/build-push-action@v6 - with: - platforms: ${{ matrix.platform }} - build-args: | - BUILD_TIMESTAMP=${{ github.event.repository.updated_at }} - BUILD_URL=${{ steps.set_build_url.outputs.build_url }} - GIT_REF_NAME=${{ github.ref_name }} - GIT_SHA=${{ github.sha }} - GIT_REPOSITORY_URL=${{ github.repositoryUrl }} - cache-from: type=registry,ref=${{ steps.cache-meta.outputs.tags }} - cache-to: type=registry,ref=${{ steps.cache-meta.outputs.tags }},mode=max - labels: ${{ steps.build-meta.outputs.labels }} - provenance: mode=max - sbom: true - tags: ${{ steps.get-registry.outputs.registry }} - outputs: type=image,push-by-digest=true,push=true - - - id: gen-output - name: Write arch-specific image digest to outputs - run: | - echo "image-${RUNNER_ARCH,,}=${{ steps.get-registry.outputs.registry }}@${{ steps.build.outputs.digest }}" | tee -a "$GITHUB_OUTPUT" - - merge: - runs-on: ubuntu-latest - needs: - - build - env: - DOCKER_APP_IMAGE_ARM64: ${{ needs.build.outputs.build-image-arm }} - DOCKER_APP_IMAGE_X64: ${{ needs.build.outputs.build-image-x64 }} - outputs: - build-image: ${{ steps.meta.outputs.tags }} - build-image-arm: ${{ needs.build.outputs.build-image-arm }} - build-image-x64: ${{ needs.build.outputs.build-image-x64 }} - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository }} - tags: | - type=sha,suffix=-build-${{ github.run_id }}_${{ github.run_attempt }} - - - name: Push the multi-platform image - run: | - docker buildx imagetools create \ - --tag "$DOCKER_METADATA_OUTPUT_TAGS" \ - "$DOCKER_APP_IMAGE_ARM64" "$DOCKER_APP_IMAGE_X64" + docker-build: + uses: BerkeleyLibrary/.github/.github/workflows/docker-build.yml@v2.0.0 + with: + image: ghcr.io/${{ github.repository }} + secrets: inherit test: runs-on: ubuntu-24.04 - needs: merge + needs: docker-build env: COMPOSE_FILE: docker-compose.yml:docker-compose.ci.yml - DOCKER_APP_IMAGE: ${{ needs.merge.outputs.build-image }} + DOCKER_APP_IMAGE: ${{ needs.docker-build.outputs.image }} steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Docker Compose - uses: docker/setup-compose-action@v1 + uses: docker/setup-compose-action@v2 - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.actor }} @@ -149,8 +36,6 @@ jobs: - name: Setup the stack run: | - docker compose build --quiet - docker compose pull --quiet docker compose up --wait docker compose exec -u root app chown -R bfs:bfs artifacts @@ -168,46 +53,19 @@ jobs: - name: Upload the test report if: ${{ always() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: BFS Build Report (${{ github.run_id }}_${{ github.run_attempt }}) path: artifacts/* if-no-files-found: error push: - runs-on: ubuntu-24.04 needs: - - merge + - docker-build - test - env: - DOCKER_APP_IMAGE: ${{ needs.merge.outputs.build-image }} - DOCKER_APP_IMAGE_ARM64: ${{ needs.merge.outputs.build-image-arm }} - DOCKER_APP_IMAGE_X64: ${{ needs.merge.outputs.build-image-x64 }} - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Produce permanent image tags - id: branch-meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository }} - tags: | - type=sha - type=ref,event=branch - type=raw,value=latest,enable={{is_default_branch}} - - - name: Retag and push the image - run: | - docker buildx imagetools create \ - $(jq -cr '.tags | map("--tag " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $DOCKER_APP_IMAGE_ARM64 $DOCKER_APP_IMAGE_X64 + uses: BerkeleyLibrary/.github/.github/workflows/docker-push.yml@v2.0.0 + with: + image: ghcr.io/${{ github.repository }} + build-image-arm64: ${{ needs.docker-build.outputs.image-arm64 }} + build-image-x64: ${{ needs.docker-build.outputs.image-x64 }} + secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b9a9c62..7e63c5a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,55 +7,9 @@ on: workflow_call: workflow_dispatch: -env: - DOCKER_METADATA_SET_OUTPUT_ENV: 'true' - jobs: - retag: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Determine the sha-based image tag to retag - id: get-base-image - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository }} - tags: type=sha - - - name: Verify that the image was previously built - env: - BASE_IMAGE: ${{ steps.get-base-image.outputs.tags }} - run: | - docker manifest inspect "$BASE_IMAGE" - - - name: Produce release tags - id: tag-meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository }} - flavor: latest=false - tags: | - type=ref,event=tag - type=semver,pattern={{major}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{version}} - - - name: Retag the pulled image - env: - BASE_IMAGE: ${{ steps.get-base-image.outputs.tags }} - run: | - docker buildx imagetools create \ - $(jq -cr '.tags | map("--tag " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - "$(echo "$BASE_IMAGE" | cut -f1 -d:)" + release: + uses: BerkeleyLibrary/.github/.github/workflows/docker-release.yml@v2.0.0 + with: + image: ghcr.io/${{ github.repository }} + secrets: inherit diff --git a/Gemfile b/Gemfile index 133ba11..c8ec0c0 100644 --- a/Gemfile +++ b/Gemfile @@ -6,10 +6,10 @@ gem 'bcrypt_pbkdf', '~> 1.1.0' gem 'berkeley_library-docker', '~> 0.1.1' gem 'date', '~> 3.3.3' gem 'ed25519', '~> 1.3.0' -gem 'httparty', '~> 0.21.0' +gem 'httparty', '~> 0.24.2' gem 'mail', '~> 2.8.1' gem 'net-sftp', '~> 4.0.0' gem 'net-ssh', '~> 7.1.0' -gem 'nokogiri', '~> 1.15.0' +gem 'nokogiri', '~> 1.19.4' gem 'rspec' gem 'thor', '~> 1.1' diff --git a/Gemfile.lock b/Gemfile.lock index b21d722..195650a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -3,10 +3,13 @@ GEM specs: bcrypt_pbkdf (1.1.0) berkeley_library-docker (0.1.1) - date (3.3.3) + bigdecimal (4.1.2) + csv (3.3.5) + date (3.3.4) diff-lcs (1.5.0) ed25519 (1.3.0) - httparty (0.21.0) + httparty (0.24.2) + csv mini_mime (>= 1.0.0) multi_xml (>= 0.5.2) mail (2.8.1) @@ -14,25 +17,26 @@ GEM net-imap net-pop net-smtp - mini_mime (1.1.2) - mini_portile2 (2.8.2) - multi_xml (0.6.0) - net-imap (0.3.6) + mini_mime (1.1.5) + mini_portile2 (2.8.9) + multi_xml (0.9.1) + bigdecimal (>= 3.1, < 5) + net-imap (0.6.4.1) date net-protocol net-pop (0.1.2) net-protocol - net-protocol (0.2.1) + net-protocol (0.2.2) timeout net-sftp (4.0.0) net-ssh (>= 5.0.0, < 8.0.0) net-smtp (0.3.3) net-protocol net-ssh (7.1.0) - nokogiri (1.15.3) + nokogiri (1.19.4) mini_portile2 (~> 2.8.2) racc (~> 1.4) - racc (1.7.1) + racc (1.8.1) rspec (3.11.0) rspec-core (~> 3.11.0) rspec-expectations (~> 3.11.0) @@ -46,8 +50,8 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.11.0) rspec-support (3.11.0) - thor (1.1.0) - timeout (0.4.0) + thor (1.5.0) + timeout (0.6.1) PLATFORMS ruby @@ -57,16 +61,16 @@ DEPENDENCIES berkeley_library-docker (~> 0.1.1) date (~> 3.3.3) ed25519 (~> 1.3.0) - httparty (~> 0.21.0) + httparty (~> 0.24.2) mail (~> 2.8.1) net-sftp (~> 4.0.0) net-ssh (~> 7.1.0) - nokogiri (~> 1.15.0) + nokogiri (~> 1.19.4) rspec thor (~> 1.1) RUBY VERSION - ruby 3.1.2p20 + ruby 3.3.11 BUNDLED WITH - 2.1.4 + 4.0.9