OPSEXP-2757: fix permissions for tomcat binaries (#177) #410
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build the tomcats | |
| on: | |
| push: | |
| paths: | |
| - 'Dockerfile' | |
| - '.dockerignore' | |
| - '.github/workflows/main.yml' | |
| - 'tomcat*.json' | |
| schedule: | |
| - cron: '42 2 * * MON' | |
| env: | |
| IMAGE_REGISTRY_NAMESPACE: alfresco | |
| IMAGE_REPOSITORY: alfresco-base-tomcat | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref_name }} | |
| cancel-in-progress: true | |
| jobs: | |
| docker_images: | |
| name: >- | |
| Tomcat ${{ matrix.tomcat_major }} | |
| jre${{ matrix.java_major }} | |
| on ${{ matrix.base_image.flavor }}${{ matrix.base_image.major }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - tomcat_major: 9 | |
| base_image: | |
| flavor: rockylinux | |
| major: 8 | |
| java_major: 11 | |
| - tomcat_major: 9 | |
| base_image: | |
| flavor: rockylinux | |
| major: 8 | |
| java_major: 17 | |
| - tomcat_major: 10 | |
| base_image: | |
| flavor: rockylinux | |
| major: 8 | |
| java_major: 11 | |
| - tomcat_major: 10 | |
| base_image: | |
| flavor: rockylinux | |
| major: 8 | |
| java_major: 17 | |
| - tomcat_major: 10 | |
| base_image: | |
| flavor: rockylinux | |
| major: 9 | |
| java_major: 17 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
| - uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0 | |
| - id: vars | |
| name: Compute Image Tag | |
| env: | |
| IMAGE_BASE_NAME: tomcat${{ matrix.tomcat_major }}-jre${{ matrix.java_major }}-${{ matrix.base_image.flavor }}${{ matrix.base_image.major }} | |
| run: | | |
| if [[ "${{ github.ref_name }}" == "master" ]]; then | |
| echo "image_tag=$IMAGE_BASE_NAME" >> $GITHUB_OUTPUT | |
| echo "image_labels=" >> $GITHUB_OUTPUT | |
| else | |
| echo "image_tag=${IMAGE_BASE_NAME}-${GITHUB_REF_NAME//\//-}" >> $GITHUB_OUTPUT | |
| echo "image_labels=quay.expires-after=2w" >> $GITHUB_OUTPUT | |
| fi | |
| echo "image_created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT | |
| echo "tomcat_version=$(jq -r .tomcat_version tomcat${{ matrix.tomcat_major }}.json)" >> $GITHUB_OUTPUT | |
| echo "tomcat_sha512=$(jq -r .tomcat_sha512 tomcat${{ matrix.tomcat_major }}.json)" >> $GITHUB_OUTPUT | |
| echo "tcnative_version=$(jq -r .tcnative_version tomcat${{ matrix.tomcat_major }}.json)" >> $GITHUB_OUTPUT | |
| echo "tcnative_sha512=$(jq -r .tcnative_sha512 tomcat${{ matrix.tomcat_major }}.json)" >> $GITHUB_OUTPUT | |
| - name: Login to quay.io | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| - name: Login to docker.io | |
| if: github.ref_name == 'master' | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build image for tests | |
| uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 | |
| with: | |
| load: true | |
| build-args: | | |
| DISTRIB_NAME=${{ matrix.base_image.flavor }} | |
| DISTRIB_MAJOR=${{ matrix.base_image.major }} | |
| JAVA_MAJOR=${{ matrix.java_major }} | |
| TOMCAT_MAJOR=${{ matrix.tomcat_major }} | |
| TOMCAT_VERSION=${{ steps.vars.outputs.tomcat_version }} | |
| TOMCAT_SHA512=${{ steps.vars.outputs.tomcat_sha512 }} | |
| TCNATIVE_VERSION=${{ steps.vars.outputs.tcnative_version }} | |
| TCNATIVE_SHA512=${{ steps.vars.outputs.tcnative_sha512 }} | |
| tags: local/${{ env.IMAGE_REPOSITORY }}:ci | |
| - name: Test Built Image | |
| env: | |
| CATALINA_OUT: /tmp/catalina.out | |
| run: | | |
| echo -n "Checking for Tomcat config: " | |
| docker run local/${{ env.IMAGE_REPOSITORY }}:ci ./bin/catalina.sh configtest \ | |
| > ${{ env.CATALINA_OUT }} 2>&1 | |
| tail -1 ${{ env.CATALINA_OUT }} | grep '^INFO: Server initialization in ' | |
| echo -n "Checking for tcNative libs: " | |
| grep 'Loaded Apache Tomcat Native library .* using APR version' ${{ env.CATALINA_OUT }} | |
| echo -n "Checking shell environment: " | |
| BASH_LOGIN_STDERR="$(docker run local/${{ env.IMAGE_REPOSITORY }}:ci /bin/bash 2>&1 > /dev/null || true)" | |
| if [ -z "$BASH_LOGIN_STDERR" ]; then | |
| echo ok | |
| else echo 'bash reported an error' | |
| echo $BASH_LOGIN_STDERR | |
| exit 7 | |
| fi | |
| - name: Build and Push Image to quay.io | |
| uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 | |
| with: | |
| push: ${{ github.actor != 'dependabot[bot]' }} | |
| build-args: | | |
| DISTRIB_NAME=${{ matrix.base_image.flavor }} | |
| DISTRIB_MAJOR=${{ matrix.base_image.major }} | |
| JAVA_MAJOR=${{ matrix.java_major }} | |
| TOMCAT_MAJOR=${{ matrix.tomcat_major }} | |
| TOMCAT_VERSION=${{ steps.vars.outputs.tomcat_version }} | |
| TOMCAT_SHA512=${{ steps.vars.outputs.tomcat_sha512 }} | |
| TCNATIVE_VERSION=${{ steps.vars.outputs.tcnative_version }} | |
| TCNATIVE_SHA512=${{ steps.vars.outputs.tcnative_sha512 }} | |
| REVISION=${{ github.run_number }} | |
| CREATED=${{ steps.vars.outputs.image_created }} | |
| tags: | | |
| quay.io/${{ env.IMAGE_REGISTRY_NAMESPACE }}/${{ env.IMAGE_REPOSITORY }}:${{ steps.vars.outputs.image_tag }} | |
| platforms: linux/amd64,linux/arm64/v8 | |
| labels: ${{ steps.vars.outputs.image_labels }} | |
| provenance: false | |
| - name: Push Image to docker.io | |
| if: github.ref_name == 'master' | |
| env: | |
| SRC_IMAGE: quay.io/${{ env.IMAGE_REGISTRY_NAMESPACE }}/${{ env.IMAGE_REPOSITORY }}:${{ steps.vars.outputs.image_tag }} | |
| DST_IMAGE: ${{ env.IMAGE_REGISTRY_NAMESPACE }}/${{ env.IMAGE_REPOSITORY }}:${{ steps.vars.outputs.image_tag }} | |
| run: | | |
| docker buildx imagetools create ${{ env.SRC_IMAGE }} -t ${{ env.DST_IMAGE }} |