From 24b2bc06c1b09c08eb983b80aef6dbff8aedb334 Mon Sep 17 00:00:00 2001 From: Derek Clair Brown Date: Mon, 17 Feb 2025 15:24:46 -0700 Subject: [PATCH 1/3] build pipeline --- .github/workflows/docker_build.yml | 103 +++++++++++++++++++++++++++++ deployment/dockerfile.appserver | 4 +- deployment/dockerfile.build | 6 +- deployment/dockerfile.tools | 4 +- 4 files changed, 110 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/docker_build.yml diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml new file mode 100644 index 0000000..9310eca --- /dev/null +++ b/.github/workflows/docker_build.yml @@ -0,0 +1,103 @@ +name: "Appserver: Build & Push Docker Image" +run-name: Build & Push appserver/${{ github.base_ref || github.ref_name }} +on: + push: + branches: [main] +defaults: + run: + shell: bash +jobs: + build-and-push: + runs-on: ubuntu-latest + env: + REGISTRY: harbor.delivery.iqgeo.cloud/${{ vars.harbor_project_name }} + platform_version: 7.2 + steps: + - + name: Checkout code + uses: actions/checkout@v4 + with: + lfs: true + + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - + name: Authenticate Docker to Harbor + uses: docker/login-action@v3 + with: + registry: harbor.delivery.iqgeo.cloud + username: ${{ secrets.container_registry_username }} + password: ${{ secrets.container_registry_password }} + + - + name: "Build: Platform" + id: platform + uses: docker/build-push-action@v6 + with: + push: false + pull: false + context: . + file: deployment/dockerfile.build + build-args: | + CONTAINER_REGISTRY=${{ env.REGISTRY }} + platforms: linux/amd64,linux/arm64 + tags: | + ${{ env.REGISTRY }}/platform-build:${{ env.platform_version }} + iqgeo-myproj-build + cache-to: type=gha,mode=max + cache-from: type=gha + + - + name: Extract Appserver metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.REGISTRY }}/platform-appserver + tags: | + type=raw,value={{branch}}-{{sha}} + type=sha,prefix={{branch}}-,enable={{!is_default_branch}} + type=raw,value=${{ env.platform_version }},enable={{is_default_branch}} + + - + name: "Build: Appserver" + uses: docker/build-push-action@v6 + with: + push: true + pull: true + context: deployment + file: deployment/dockerfile.appserver + build-args: | + CONTAINER_REGISTRY=${{ env.REGISTRY }} + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + cache-from: type=gha + + - + name: Extract Appserver Tools metadata (tags, labels) for Docker + id: tools_metadata + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.REGISTRY }}/platform-tools + tags: | + type=raw,value={{branch}}-{{sha}} + type=sha,prefix={{branch}}-,enable={{!is_default_branch}} + type=raw,value=${{ env.platform_version }},enable={{is_default_branch}} + + - + name: "Build: Appserver Tools" + uses: docker/build-push-action@v6 + with: + push: true + pull: true + context: deployment + file: deployment/dockerfile.tools + build-args: | + CONTAINER_REGISTRY=${{ env.REGISTRY }} + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.tools_metadata.outputs.tags }} + cache-from: type=gha + diff --git a/deployment/dockerfile.appserver b/deployment/dockerfile.appserver index 80b6098..99a4673 100644 --- a/deployment/dockerfile.appserver +++ b/deployment/dockerfile.appserver @@ -1,4 +1,4 @@ -ARG CONTAINER_REGISTRY=harbor.delivery.iqgeo.cloud/releases/ +ARG CONTAINER_REGISTRY=${CONTAINER_REGISTRY:-harbor.delivery.iqgeo.cloud/releases} FROM iqgeo-myproj-build AS iqgeo_builder @@ -16,7 +16,7 @@ RUN rm -rf ${MODULES}/*/node_modules \ && rm -rf ${MODULES}/*/native ############################################## project appserver image -FROM ${CONTAINER_REGISTRY}platform-appserver:7.2 +FROM ${CONTAINER_REGISTRY}/platform-appserver:7.2 USER root diff --git a/deployment/dockerfile.build b/deployment/dockerfile.build index 1398acb..ed9573f 100644 --- a/deployment/dockerfile.build +++ b/deployment/dockerfile.build @@ -1,10 +1,10 @@ -ARG CONTAINER_REGISTRY=harbor.delivery.iqgeo.cloud/releases/ +ARG CONTAINER_REGISTRY=${CONTAINER_REGISTRY:-harbor.delivery.iqgeo.cloud/releases} # START SECTION Aliases for Injector images -FROM ${CONTAINER_REGISTRY}comms:3.2 AS comms +FROM ${CONTAINER_REGISTRY}/comms:3.2 AS comms # END SECTION # Create container for building the project -FROM ${CONTAINER_REGISTRY}platform-build:7.2 +FROM ${CONTAINER_REGISTRY}/platform-build:7.2 # START SECTION Copy the modules - if you edit these lines manually note that your change will get lost if you run the IQGeo Project Update tool COPY --link custom ${MODULES}/custom diff --git a/deployment/dockerfile.tools b/deployment/dockerfile.tools index e65488c..1439148 100644 --- a/deployment/dockerfile.tools +++ b/deployment/dockerfile.tools @@ -1,4 +1,4 @@ -ARG CONTAINER_REGISTRY=harbor.delivery.iqgeo.cloud/releases/ +ARG CONTAINER_REGISTRY=${CONTAINER_REGISTRY:-harbor.delivery.iqgeo.cloud/releases} FROM iqgeo-myproj-build AS iqgeo_builder @@ -6,7 +6,7 @@ FROM iqgeo-myproj-build AS iqgeo_builder # END SECTION -FROM ${CONTAINER_REGISTRY}platform-tools:7.2 AS tools_intermediate +FROM ${CONTAINER_REGISTRY}/platform-tools:7.2 AS tools_intermediate USER root From bf3da7c6f229cc26f6bc32ee3490cec3bbd1139c Mon Sep 17 00:00:00 2001 From: Derek Clair Brown Date: Mon, 17 Feb 2025 15:26:43 -0700 Subject: [PATCH 2/3] LFC: method for secure OIDC configuration --- .github/workflows/docker_build.yml | 2 ++ deployment/dockerfile.appserver | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index 9310eca..b31a3df 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -69,6 +69,8 @@ jobs: pull: true context: deployment file: deployment/dockerfile.appserver + # secret-files: | + # oidc=${{ secrets.oidc_config }} build-args: | CONTAINER_REGISTRY=${{ env.REGISTRY }} platforms: linux/amd64,linux/arm64 diff --git a/deployment/dockerfile.appserver b/deployment/dockerfile.appserver index 99a4673..8399642 100644 --- a/deployment/dockerfile.appserver +++ b/deployment/dockerfile.appserver @@ -49,3 +49,4 @@ USER www-data COPY --chown=www-data:www-data entrypoint.d/* /entrypoint.d/ COPY --chown=www-data:www-data appserver_config/ /opt/iqgeo/config/ +# RUN --mount=type=secret,id=oidc,target=/opt/iqgeo/config/oidc/conf.json From 59c15a8a16a142d92dce30a50a641da60aa46c87 Mon Sep 17 00:00:00 2001 From: Derek Clair Brown Date: Mon, 17 Feb 2025 16:35:10 -0700 Subject: [PATCH 3/3] Add QEMU setup for multi-arch builds --- .github/workflows/docker_build.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index b31a3df..72021df 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -19,10 +19,6 @@ jobs: with: lfs: true - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Authenticate Docker to Harbor uses: docker/login-action@v3 @@ -31,6 +27,14 @@ jobs: username: ${{ secrets.container_registry_username }} password: ${{ secrets.container_registry_password }} + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: "Build: Platform" id: platform