Skip to content

Commit

Permalink
build(ci): build docker images for each tag, release, push (#151)
Browse files Browse the repository at this point in the history 
* build(ci): build docker images for each tag, release, push

* build(ci): set bot name and login vars

* docker(build): add arm64 to the build options

* build(ci): add manual push workflow and use repo vars

* build(ci): update vscode tasks to push latest tag

* fix from feedback
  • Loading branch information
@psyray
psyray authored Sep 2, 2024
1 parent 48ec4ac commit 5ca5915
Show file tree
Hide file tree
Showing 2 changed files with 176 additions and 21 deletions.
113 changes: 103 additions & 10 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,116 @@
name: Docker Image CI

on:
pull_request:
push:
branches:
- master
- "master"
- "release/**"
tags:
- "v*.*.*"
release:
types: [published]
workflow_dispatch:
inputs:
push_image:
description: 'Push image to registry'
required: true
default: 'false'
type: choice
options:
- 'true'
- 'false'

env:
REGISTRY: ghcr.io
OWNER: security-tools-alliance
PROJECT: rengine-ng

jobs:
build:
build-and-push:
runs-on: ubuntu-latest

strategy:
matrix:
image: [celery, web, postgres, redis, ollama, certs, proxy]
platform: [linux/amd64, linux/arm64]
steps:
- name: Checkout the repo
- name: Checkout code
uses: actions/checkout@v4

- name: Log in to GitHub's Container Registry
run: echo "${{ secrets.CONTAINER_REGISTRY_SECRET }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.OWNER }}/${{ env.PROJECT }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
type=raw,value=latest,enable={{is_default_branch}}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to GHCR
if: github.event_name != 'pull_request' || github.event.inputs.push_image == 'true'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ vars.GHCR_USERNAME }}
password: ${{ secrets.GHCR_PAT }}

- name: Build and push
uses: docker/build-push-action@v6
with:
context: ./docker/${{ matrix.image }}
file: ./docker/${{ matrix.image }}/Dockerfile
push: ${{ github.event_name != 'pull_request' || github.event.inputs.push_image == 'true' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: ${{ matrix.platform }}
outputs: type=docker,dest=/tmp/image.tar

- name: Push image if exists
if: github.event.inputs.push_image == 'true'
run: |
if [ -f /tmp/image.tar ]; then
docker load --input /tmp/image.tar
docker push ${{ steps.meta.outputs.tags }}
else
echo "No image found to push"
fi
- name: Build the Docker image
run: docker build . -t ghcr.io/Security-Tools-Alliance/rengine-ng:latest
update-release:
needs: build-and-push
if: github.event_name == 'release' && github.event.action == 'published'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Push the Docker image
run: docker push ghcr.io/Security-Tools-Alliance/rengine-ng:latest
- name: Update release description
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
release_id=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
"https://api.github.com/repos/${{ github.repository }}/releases/latest" | \
jq -r .id)
images="celery web postgres redis ollama certs proxy"
image_list=""
for image in $images; do
image_list="${image_list}- ghcr.io/${{ env.OWNER }}/${{ env.PROJECT }}:rengine-${image}-${{ github.ref_name }}\n"
done
body="Docker images for this release:\n${image_list}"
curl -X PATCH -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/${{ github.repository }}/releases/${release_id}" \
-d "{\"body\": \"$body\"}"
84 changes: 73 additions & 11 deletions .vscode/tasks.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
{
"label": "Build and Push Docker Image",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-${image}-${version} -f ./${image}/Dockerfile ./${image} && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-${image}-${version}",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-${image}-${version} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-${image}-latest -f ./${image}/Dockerfile ./${image} && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-${image}-${version} && if [ \"${input:isLatest}\" = \"true\" ]; then docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-${image}-latest; fi",
"problemMatcher": [],
"options": {
"env": {
Expand All @@ -16,7 +16,6 @@
{
"label": "Build All Docker Images",
"type": "shell",
"command": "echo Building all images with version ${input:globalVersion}",
"dependsOn": [
"Build CELERY",
"Build WEB",
Expand All @@ -29,46 +28,103 @@
"dependsOrder": "sequence",
"problemMatcher": []
},
{
"label": "Build and Push All Docker Images",
"type": "shell",
"dependsOn": [
"Build and Push CELERY",
"Build and Push WEB",
"Build and Push POSTGRES",
"Build and Push REDIS",
"Build and Push OLLAMA",
"Build and Push CERTS",
"Build and Push PROXY"
],
"dependsOrder": "sequence",
"problemMatcher": []
},
{
"label": "Build CELERY",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-celery-${input:globalVersion} -f ./celery/Dockerfile ./celery && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-celery-${input:globalVersion}",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-celery-${input:globalVersion} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-celery-latest -f ./celery/Dockerfile ./celery",
"problemMatcher": []
},
{
"label": "Build WEB",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-web-${input:globalVersion} -f ./web/Dockerfile ./web && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-web-${input:globalVersion}",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-web-${input:globalVersion} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-web-latest -f ./web/Dockerfile ./web",
"problemMatcher": []
},
{
"label": "Build POSTGRES",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-postgres-${input:globalVersion} -f ./postgres/Dockerfile ./postgres && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-postgres-${input:globalVersion}",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-postgres-${input:globalVersion} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-postgres-latest -f ./postgres/Dockerfile ./postgres",
"problemMatcher": []
},
{
"label": "Build REDIS",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-redis-${input:globalVersion} -f ./redis/Dockerfile ./redis && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-redis-${input:globalVersion}",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-redis-${input:globalVersion} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-redis-latest -f ./redis/Dockerfile ./redis",
"problemMatcher": []
},
{
"label": "Build OLLAMA",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-ollama-${input:globalVersion} -f ./ollama/Dockerfile ./ollama && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-ollama-${input:globalVersion}",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-ollama-${input:globalVersion} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-ollama-latest -f ./ollama/Dockerfile ./ollama",
"problemMatcher": []
},
{
"label": "Build CERTS",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-certs-${input:globalVersion} -f ./certs/Dockerfile ./certs && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-certs-${input:globalVersion}",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-certs-${input:globalVersion} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-certs-latest -f ./certs/Dockerfile ./certs",
"problemMatcher": []
},
{
"label": "Build PROXY",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-proxy-${input:globalVersion} -f ./proxy/Dockerfile ./proxy && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-proxy-${input:globalVersion}",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-proxy-${input:globalVersion} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-proxy-latest -f ./proxy/Dockerfile ./proxy",
"problemMatcher": []
},
{
"label": "Build and Push CELERY",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-celery-${input:globalVersion} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-celery-latest -f ./celery/Dockerfile ./celery && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-celery-${input:globalVersion} && if [ \"${input:isLatest}\" = \"true\" ]; then docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-celery-latest; fi",
"problemMatcher": []
},
{
"label": "Build and Push WEB",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-web-${input:globalVersion} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-web-latest -f ./web/Dockerfile ./web && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-web-${input:globalVersion} && if [ \"${input:isLatest}\" = \"true\" ]; then docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-web-latest; fi",
"problemMatcher": []
},
{
"label": "Build and Push POSTGRES",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-postgres-${input:globalVersion} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-postgres-latest -f ./postgres/Dockerfile ./postgres && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-postgres-${input:globalVersion} && if [ \"${input:isLatest}\" = \"true\" ]; then docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-postgres-latest; fi",
"problemMatcher": []
},
{
"label": "Build and Push REDIS",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-redis-${input:globalVersion} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-redis-latest -f ./redis/Dockerfile ./redis && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-redis-${input:globalVersion} && if [ \"${input:isLatest}\" = \"true\" ]; then docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-redis-latest; fi",
"problemMatcher": []
},
{
"label": "Build and Push OLLAMA",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-ollama-${input:globalVersion} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-ollama-latest -f ./ollama/Dockerfile ./ollama && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-ollama-${input:globalVersion} && if [ \"${input:isLatest}\" = \"true\" ]; then docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-ollama-latest; fi",
"problemMatcher": []
},
{
"label": "Build and Push CERTS",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-certs-${input:globalVersion} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-certs-latest -f ./certs/Dockerfile ./certs && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-certs-${input:globalVersion} && if [ \"${input:isLatest}\" = \"true\" ]; then docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-certs-latest; fi",
"problemMatcher": []
},
{
"label": "Build and Push PROXY",
"type": "shell",
"command": "cd ./docker; docker buildx build -t ghcr.io/security-tools-alliance/rengine-ng:rengine-proxy-${input:globalVersion} -t ghcr.io/security-tools-alliance/rengine-ng:rengine-proxy-latest -f ./proxy/Dockerfile ./proxy && docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-proxy-${input:globalVersion} && if [ \"${input:isLatest}\" = \"true\" ]; then docker push ghcr.io/security-tools-alliance/rengine-ng:rengine-proxy-latest; fi",
"problemMatcher": []
}
],
Expand All @@ -88,6 +144,12 @@
"type": "pickString",
"description": "Select the image to build",
"options": ["celery", "web", "postgres", "redis", "ollama", "certs", "proxy"]
}
]
},
{
"id": "isLatest",
"type": "pickString",
"description": "Is this the latest version (this will also push the 'latest' tag)?",
"options": ["true", "false"],
"default": "false"
} ]
}

0 comments on commit 5ca5915

Please sign in to comment.