11name : Build and publish to Docker Hub
22on :
33 release :
4+ # job will automatically run after a new "release" is create on github.
45 types : [created]
56
67 # Allows you to run this workflow manually from the Actions tab
78 workflow_dispatch :
9+ inputs :
10+ dry_run :
11+ description : ' If true, will not push the built images to docker hub.'
12+ required : false
13+ default : ' false'
814
915jobs :
10- # this job builds the docker images locally on the workflow runner machine
11- # it then runs a modified docker compose and tests the output of an OPA query
12- # the output will only be as expect if the OPAL client managed to connect to
13- # OPAL server and to download the data and policy successfully.
14- # this job also outputs the docker compose logs so it's easy to understand
15- # what went wrong in case of error.
16- docker_build_and_test :
16+ # this job will build, test and (potentially) push the docker images to docker hub
17+ #
18+ # BUILD PHASE:
19+ # - will auto tag the image according to the release tag / `git describe`.
20+ #
21+ # TEST PHASE:
22+ # - will run an e2e test with a modified docker compose.
23+ # - queries OPA data to check its state matches an expected value.
24+ # - state will match only if OPAL client successfully synced to OPAL server.
25+ # - outputs the docker compose logs to more easily investigate errors.
26+ #
27+ # PUSH PHASE:
28+ # - Runs only if test phase completes with no errors.
29+ # - Pushes images (built at BUILD PHASE) to docker hub.
30+ docker_build_and_publish :
1731 runs-on : ubuntu-latest
1832 steps :
33+ # BUILD PHASE
1934 - name : Checkout
2035 uses : actions/checkout@v2
36+ with :
37+ fetch-depth : 0
2138
2239 - name : Set up QEMU
2340 uses : docker/setup-qemu-action@v1
2441
2542 - name : Set up Docker Buildx
2643 uses : docker/setup-buildx-action@v1
2744
28- # In this step, this action saves a list of existing images,
29- # the cache is created without them in the post run.
30- # It also restores the cache if it exists.
31- -
uses :
satackey/[email protected] 32- # Ignore the failure of a step and avoid terminating the job.
33- continue-on-error : true
45+ - name : Get version tag from github release
46+ if : github.event_name == 'release' && github.event.action == 'created'
47+ run : |
48+ echo "opal_version_tag=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
49+
50+ name : Get version tag from git history
51+ if : ${{ !(github.event_name == 'release' && github.event.action == 'created') }}
52+ run : |
53+ echo "opal_version_tag=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV
54+
55+ name : Echo version tag
56+ run : |
57+ echo "The version tag that will be published to docker hub is: ${{ env.opal_version_tag }}"
3458
3559name : Build client
3660 id : build_client
37- run : docker build -t authorizon/opal-client:test --target client -f docker/Dockerfile .
61+ uses : docker/build-push-action@v2
62+ with :
63+ file : docker/Dockerfile
64+ push : false
65+ target : client
66+ cache-from : type=registry,ref=authorizon/opal-client:latest
67+ cache-to : type=inline
68+ load : true
69+ tags : |
70+ authorizon/opal-client:test
71+ authorizon/opal-client:latest
72+ authorizon/opal-client:${{ env.opal_version_tag }}
3873
3974name : Build client-standalone
4075 id : build_client_standalone
41- run : docker build -t authorizon/opal-client-standalone:test --target client-standalone -f docker/Dockerfile .
76+ uses : docker/build-push-action@v2
77+ with :
78+ file : docker/Dockerfile
79+ push : false
80+ target : client-standalone
81+ cache-from : type=registry,ref=authorizon/opal-client-standalone:latest
82+ cache-to : type=inline
83+ load : true
84+ tags : |
85+ authorizon/opal-client-standalone:test
86+ authorizon/opal-client-standalone:latest
87+ authorizon/opal-client-standalone:${{ env.opal_version_tag }}
4288
4389name : Build server
4490 id : build_server
45- run : docker build -t authorizon/opal-server:test --target server -f docker/Dockerfile .
91+ uses : docker/build-push-action@v2
92+ with :
93+ file : docker/Dockerfile
94+ push : false
95+ target : server
96+ cache-from : type=registry,ref=authorizon/opal-server:latest
97+ cache-to : type=inline
98+ load : true
99+ tags : |
100+ authorizon/opal-server:test
101+ authorizon/opal-server:latest
102+ authorizon/opal-server:${{ env.opal_version_tag }}
46103
47- - name : Create modified docker compose
104+ # TEST PHASE
105+ - name : Create modified docker compose file
48106 run : sed 's/:latest/:test/g' docker/docker-compose-example.yml > docker/docker-compose-test.yml
49107
50108 - name : Bring up stack
@@ -56,64 +114,27 @@ jobs:
56114 - name : Output container logs
57115 run : docker-compose -f docker/docker-compose-test.yml logs
58116
59- # this job will rebuild and push the docker images to docker hub
60- # - it will only run after a new "release" is create on github
61- # - it will auto tag the image according to the github release tag
62- docker_release :
63- runs-on : ubuntu-latest
64- needs : docker_build_and_test
65- if : github.event_name == 'release' && github.event.action == 'created'
66- steps :
67- - name : Checkout
68- uses : actions/checkout@v2
69-
70- - name : Set up QEMU
71- uses : docker/setup-qemu-action@v1
72-
73- - name : Set up Docker Buildx
74- uses : docker/setup-buildx-action@v1
117+ # PUSH PHASE
118+ - name : Output local docker images
119+ run : docker image ls --digests | grep opal
75120
76121 - name : Login to DockerHub
122+ if : ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
77123 uses : docker/login-action@v1
78124 with :
79125 username : ${{ secrets.DOCKERHUB_USERNAME }}
80126 password : ${{ secrets.DOCKERHUB_TOKEN }}
81127
128+ # pushes the *same* docker images that were previously tested as part of e2e sanity test.
129+ # each image is pushed with the versioned tag first, if it succeeds the image is pushed with the latest tag as well.
82130 - name : Push client
83- id : push_client
84- uses : docker/build-push-action@v2
85- with :
86- file : docker/Dockerfile
87- push : true
88- target : client
89- cache-from : type=registry,ref=authorizon/opal-client:latest
90- cache-to : type=inline
91- tags : |
92- authorizon/opal-client:latest
93- authorizon/opal-client:${{ github.event.release.tag_name }}
131+ if : ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
132+ run : docker push authorizon/opal-client:${{ env.opal_version_tag }} && docker push authorizon/opal-client:latest
94133
95134 - name : Push client-standalone
96- id : push_client_standalone
97- uses : docker/build-push-action@v2
98- with :
99- file : docker/Dockerfile
100- push : true
101- target : client-standalone
102- cache-from : type=registry,ref=authorizon/opal-client-standalone:latest
103- cache-to : type=inline
104- tags : |
105- authorizon/opal-client-standalone:latest
106- authorizon/opal-client-standalone:${{ github.event.release.tag_name }}
135+ if : ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
136+ run : docker push authorizon/opal-client-standalone:${{ env.opal_version_tag }} && docker push authorizon/opal-client-standalone:latest
107137
108138 - name : Push server
109- id : push_server
110- uses : docker/build-push-action@v2
111- with :
112- file : docker/Dockerfile
113- push : true
114- target : server
115- cache-from : type=registry,ref=authorizon/opal-server:latest
116- cache-to : type=inline
117- tags : |
118- authorizon/opal-server:latest
119- authorizon/opal-server:${{ github.event.release.tag_name }}
139+ if : ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
140+ run : docker push authorizon/opal-server:${{ env.opal_version_tag }} && docker push authorizon/opal-server:latest
0 commit comments