feat: add docker build and CI

cocogitto · Aug 1, 2023 · f46182e · f46182e
1 parent 58165bf
commit f46182e
Show file tree

Hide file tree

Showing 6 changed files with 191 additions and 9 deletions.
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -0,0 +1,114 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+jobs:
+  lints:
+    name: Format & Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v3
+
+      - name: Install stable toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+          components: rustfmt, clippy
+
+      - name: Run cargo fmt
+        uses: actions-rs/cargo@v1
+        continue-on-error: false
+        with:
+          command: fmt
+          args: --all -- --check
+
+      - name: Run cargo clippy
+        uses: actions-rs/cargo@v1
+        continue-on-error: false
+        with:
+          command: clippy
+          args: -- -D warnings
+
+      - uses: Swatinem/rust-cache@v1
+
+  arch-matrix:
+    needs: [lints, test]
+    runs-on: ubuntu-latest
+    env:
+      CROSS_CONFIG: Cross.toml
+    strategy:
+      matrix:
+        target: [ "armv7-unknown-linux-musleabihf", "x86_64-unknown-linux-musl", "aarch64-unknown-linux-musl" ]
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v3
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: nightly
+          override: true
+          target: ${{ matrix.target }}
+
+      - name: Cargo build
+        uses: actions-rs/cargo@v1
+        with:
+          use-cross: true
+          command: build
+          args: --target ${{ matrix.target }} --release
+
+      - uses: actions/upload-artifact@master
+        with:
+          name: ${{ matrix.target }}
+          path: ./target/${{ matrix.target }}/release/cocogitto_github_app
+
+  docker-build:
+    name: Update docker multi-arch latest
+    needs: [ arch-matrix ]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install docker buildx
+        id: buildx
+        uses: crazy-max/ghaction-docker-buildx@v1
+        with:
+          version: latest
+
+      - name: Docker Hub login
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Checkout sources
+        uses: actions/checkout@v3
+
+      - uses: actions/download-artifact@v3
+        with:
+          path: ~/artifacts
+
+      - name: Copy artifacts to build dir
+        run: |
+          mkdir -p target/x86_64-unknown-linux-musl/release/
+          mkdir -p target/aarch64-unknown-linux-musl/release/
+          mkdir -p target/armv7-unknown-linux-musleabihf/release/
+          cp -r ~/artifacts/aarch64-unknown-linux-musl/* target/aarch64-unknown-linux-musl/release/
+          cp -r ~/artifacts/armv7-unknown-linux-musleabihf/* target/armv7-unknown-linux-musleabihf/release/
+          cp -r ~/artifacts/x86_64-unknown-linux-musl/* target/x86_64-unknown-linux-musl/release/
+          chmod +x -R  target/aarch64-unknown-linux-musl/release
+          chmod +x -R  target/armv7-unknown-linux-musleabihf/release
+          chmod +x -R  target/x86_64-unknown-linux-musl/release
+        working-directory: ./
+
+      - name: Update multi-arch container latest
+        run: |
+          docker buildx build \
+          --push --platform linux/amd64,linux/arm/v7,linux/arm64/v8 \
+          . -t oknozor/cocogitto_github_app:latest
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,32 @@
+# Note that the following build needs binaries to be precompiled for the target
+# architectures. Use the `build-all` just recipies to build for all targets.
+FROM alpine as arm-builder
+COPY ./target/armv7-unknown-linux-musleabihf/release/cocogitto_github_app /cocogitto_github_app
+
+FROM alpine as arm64-builder
+COPY ./target/aarch64-unknown-linux-musl/release/cocogitto_github_app /cocogitto_github_app
+
+FROM alpine as amd64-builder
+COPY ./target/x86_64-unknown-linux-musl/release/cocogitto_github_app /cocogitto_github_app
+
+FROM ${TARGETARCH}-builder AS builder
+
+FROM alpine
+MAINTAINER Paul Delafosse "paul.delafosse@protonmail.com"
+
+RUN addgroup -S cocogitto && adduser -S cocogitto -G cocogitto
+USER cocogitto
+
+# Install binaries
+COPY --from=builder /cocogitto_github_app /usr/bin/cocogitto_github_app
+
+# Install assets
+COPY Rocket.toml .
+
+EXPOSE 8080
+
+COPY ./docker/entrypoint.sh /entrypoint.sh
+COPY ./Rocket.toml .
+
+CMD ["cocogitto_github_app"]
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec "$@"
diff --git a/justfile b/justfile
@@ -0,0 +1,22 @@
+## Build
+# needed between cross build, otherwise some link to GLIC are broken
+clean-targets:
+    rm -rd target/release
+    rm target/.rustc_info.json
+
+build-x86:
+    cross build --target x86_64-unknown-linux-musl --release
+    just clean-targets
+
+build-arm-v7:
+    cross build --target armv7-unknown-linux-musleabihf --release
+    just clean-targets
+
+build-arm-64:
+    cross build --target aarch64-unknown-linux-musl --release
+    just clean-targets
+
+build-all: build-x86 build-arm-v7 build-arm-64
+
+docker-build: build-all
+    docker buildx build --no-cache --push --platform linux/amd64,linux/arm/v7,linux/arm64/v8  . -t oknozor/cocogitto-bot:latest
diff --git a/src/main.rs b/src/main.rs
@@ -23,6 +23,9 @@ mod event_guard;
 mod model;
 mod octo;
 
+#[get("/health")]
+async fn health() { () }
+
 #[post("/", data = "<body>", rank = 2, format = "application/json")]
 async fn pull_request(_event: PullRequestEventType, body: Json<PullRequestEvent>) -> &'static str {
     let event = body.0;
@@ -129,5 +132,5 @@ async fn pull_request(_event: PullRequestEventType, body: Json<PullRequestEvent>
 
 #[launch]
 fn rocket() -> _ {
-    rocket::build().mount("/", routes![pull_request])
+    rocket::build().mount("/", routes![pull_request, health])
 }
diff --git a/src/octo/authenticate.rs b/src/octo/authenticate.rs
@@ -1,3 +1,4 @@
+use octocrab::models::Installation;
 use crate::model::installation_token::InstallationToken;
 use jsonwebtoken::EncodingKey;
 use octocrab::params::apps::CreateInstallationAccessToken;
@@ -15,19 +16,26 @@ pub async fn authenticate(installation_id: u64, repository: &str) -> octocrab::R
 
     let temp_client = Octocrab::builder().personal_token(token).build()?;
 
-    let installations = temp_client
+    let mut current_page = octocrab
         .apps()
         .installations()
         .send()
-        .await
-        .unwrap()
-        .take_items();
+        .await?;
+
+    let mut installations = current_page.take_items();
+    let mut installation = None;
+
+    while let None = installation {
+        installation = installations
+            .into_iter()
+            .find(|installation| installation.id.0 == installation_id);
 
-    let installation = installations
-        .iter()
-        .find(|installation| installation.id.0 == installation_id)
-        .expect("Installation not found");
+        installations = octocrab.get_page(&current_page.next).await?
+            .expect("Installation not found")
+            .take_items();
+    }
 
+    let installation: Installation = installation.unwrap();
     let mut create_access_token = CreateInstallationAccessToken::default();
     create_access_token.repositories = vec![repository.to_string()];