diff --git a/.github/workflows/build-dev.yml b/.github/workflows/build-dev.yml new file mode 100644 index 0000000..2e4ed76 --- /dev/null +++ b/.github/workflows/build-dev.yml @@ -0,0 +1,67 @@ +name: Docker Build + +on: + push: + branches-ignore: + - master + - 'hotfix-*' + +permissions: + contents: read + +jobs: + build: + name: Build Docker Image + runs-on: Linux + + steps: + - name: Checkout code + uses: actions/checkout@v5 + with: + submodules: recursive + + - name: Get git metadata + id: vars + run: | + COMMIT_HASH=$(git rev-parse --short HEAD) + echo "GIT_COMMIT=$COMMIT_HASH" >> $GITHUB_ENV + if [[ "${GITHUB_REF}" == refs/tags/* ]]; then + TAG_VERSION=${GITHUB_REF#refs/tags/} + echo "TAG_VERSION=$TAG_VERSION" >> $GITHUB_ENV + fi + + - name: Login to Docker registry + uses: docker/login-action@v3 + with: + registry: ${{ secrets.DOCKER_REGISTRY }} + username: ${{ secrets.DOCKER_REGISTRY_USERNAME }} + password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} + + - name: Start MongoDB container + run: | + docker run -d --name mongodb -p 27017:27017 ${{ secrets.MONGO_RS_IMAGE }} + # Get Mongo container IP for docker build + MONGO_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mongodb) + echo "MONGO_IP=$MONGO_IP" >> $GITHUB_ENV + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build Docker image + uses: docker/build-push-action@v6 + with: + context: . + push: false + load: true + tags: ${{ secrets.DOCKER_REGISTRY }}/${{ secrets.IMAGE_NAME }}:${{ env.GIT_COMMIT }} + build-args: | + MONGO_URL=mongodb://mongodb:27017 + add-hosts: | + mongodb:${{ env.MONGO_IP }} + cache-to: type=local,dest=/tmp/.buildx-cache-new + + - name: Cleanup MongoDB + if: always() + run: | + docker stop mongodb + docker rm mongodb \ No newline at end of file diff --git a/.github/workflows/build-prod.yml b/.github/workflows/build-prod.yml new file mode 100644 index 0000000..c831d7a --- /dev/null +++ b/.github/workflows/build-prod.yml @@ -0,0 +1,97 @@ +name: Docker Build + +on: + push: + branches: + - master + - 'hotfix-*' + +permissions: + contents: read + +jobs: + build: + name: Build Docker Image + runs-on: Linux + + steps: + - name: Checkout code + uses: actions/checkout@v5 + with: + submodules: recursive + + - name: Get git metadata + id: vars + run: | + COMMIT_HASH=$(git rev-parse --short HEAD) + echo "GIT_COMMIT=$COMMIT_HASH" >> $GITHUB_ENV + if [[ "${GITHUB_REF}" == refs/tags/* ]]; then + TAG_VERSION=${GITHUB_REF#refs/tags/} + echo "TAG_VERSION=$TAG_VERSION" >> $GITHUB_ENV + fi + + - name: Login to Docker registry + uses: docker/login-action@v3 + with: + registry: ${{ secrets.DOCKER_REGISTRY }} + username: ${{ secrets.DOCKER_REGISTRY_USERNAME }} + password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} + + - name: Start MongoDB container + run: | + docker run -d --name mongodb -p 27017:27017 ${{ secrets.MONGO_RS_IMAGE }} + # Get Mongo container IP for docker build + MONGO_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mongodb) + echo "MONGO_IP=$MONGO_IP" >> $GITHUB_ENV + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build & Push Docker image + uses: docker/build-push-action@v6 + with: + context: . + push: true + tags: | + ${{ secrets.DOCKER_REGISTRY }}/${{ secrets.IMAGE_NAME }}:${{ env.GIT_COMMIT }}-amd64 + build-args: | + MONGO_URL=mongodb://mongodb:27017 + add-hosts: | + mongodb:${{ env.MONGO_IP }} + cache-to: type=inline + + - name: Prepare image names + id: names + run: | + IMAGE_SHA=${{ secrets.DOCKER_REGISTRY }}/${{ secrets.IMAGE_NAME }}:${{ env.GIT_COMMIT }} + IMAGE_AMD64=${{ secrets.DOCKER_REGISTRY }}/${{ secrets.IMAGE_NAME }}:${{ env.GIT_COMMIT }}-amd64 + IMAGE_ARM64=${{ secrets.DOCKER_REGISTRY }}/${{ secrets.IMAGE_NAME }}:${{ env.GIT_COMMIT }}-arm64-v8 + echo "IMAGE_SHA=$IMAGE_SHA" >> $GITHUB_OUTPUT + echo "IMAGE_AMD64=$IMAGE_AMD64" >> $GITHUB_OUTPUT + echo "IMAGE_ARM64=$IMAGE_ARM64" >> $GITHUB_OUTPUT + + - name: Pull amd64 image (ensure it's available) + run: | + docker pull ${{ steps.names.outputs.IMAGE_AMD64 }} + + - name: Run custom platform build script (build arm64 image) + run: | + IMAGE_AMD64=${{ steps.names.outputs.IMAGE_AMD64 }} + IMAGE_ARM64=${{ steps.names.outputs.IMAGE_ARM64 }} + ./scripts/build-docker-for-platform.sh "$IMAGE_AMD64" arm64/v8 "$IMAGE_ARM64" + docker push "$IMAGE_ARM64" || true + + - name: Create & push multi-arch manifest (using buildx imagetools) + run: | + IMAGE_SHA=${{ steps.names.outputs.IMAGE_SHA }} + IMAGE_AMD64=${{ steps.names.outputs.IMAGE_AMD64 }} + IMAGE_ARM64=${{ steps.names.outputs.IMAGE_ARM64 }} + + # create manifest + docker buildx imagetools create -t "$IMAGE_SHA" "$IMAGE_AMD64" "$IMAGE_ARM64" + + - name: Cleanup MongoDB + if: always() + run: | + docker stop mongodb + docker rm mongodb \ No newline at end of file diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml new file mode 100644 index 0000000..828012c --- /dev/null +++ b/.github/workflows/tag.yml @@ -0,0 +1,51 @@ +name: Tag Docker Image + +on: + push: + tags: + - '*' + +permissions: + contents: read + +jobs: + tag_docker_image: + name: Tag Docker Image + runs-on: Linux + + steps: + - name: Checkout repository + uses: actions/checkout@v5 + with: + submodules: recursive + + - name: Get git metadata + id: vars + run: | + COMMIT_HASH=$(git rev-parse --short HEAD) + echo "GIT_COMMIT=$COMMIT_HASH" >> $GITHUB_ENV + if [[ "${GITHUB_REF}" == refs/tags/* ]]; then + TAG_VERSION=${GITHUB_REF#refs/tags/} + echo "TAG_VERSION=$TAG_VERSION" >> $GITHUB_ENV + fi + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Docker registry + uses: docker/login-action@v3 + with: + registry: ${{ secrets.DOCKER_REGISTRY }} + username: ${{ secrets.DOCKER_REGISTRY_USERNAME }} + password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} + + - name: Create tagged image manifest + env: + IMAGE_ID: ${{ secrets.DOCKER_REGISTRY }}/${{ secrets.IMAGE_NAME }}:${{ env.GIT_COMMIT }} + IMAGE_TAG_ID: ${{ secrets.DOCKER_REGISTRY }}/${{ secrets.IMAGE_NAME }}:${{ env.TAG_VERSION }} + run: | + echo "Inspecting existing image: $IMAGE_ID" + docker manifest inspect "$IMAGE_ID" + + echo "Creating tagged manifest: $IMAGE_TAG_ID -> $IMAGE_ID" + docker buildx imagetools create -t "$IMAGE_TAG_ID" "$IMAGE_ID" diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 48d082e..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,90 +0,0 @@ -stages: - - build - -variables: - DOCKER_TLS_CERTDIR: "" - GIT_SUBMODULE_STRATEGY: recursive - -build: - stage: build - image: docker:20.10.17 - services: - - name: docker:20.10.17-dind - command: ["--tls=false"] - - name: gitlab2.simplito.com:5050/teamserverdev/privmx-server-ee/mongo-with-rs2:7 - alias: mongodb - script: - - export MONGODB_IP=$(cat /etc/hosts | grep mongodb | awk '{print $1}') - - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - - ./scripts/build-base-images.sh - - docker build --cache-from gitlab2.simplito.com:5050/teamserverdev/privmx-server-ee/node-python3:22.11.0-bullseye-slim --cache-from gitlab2.simplito.com:5050/teamserverdev/privmx-server-ee/node-ssl:22.11.0-bullseye-slim --add-host=mongodb:$MONGODB_IP --build-arg "MONGO_URL=mongodb://mongodb" . - except: - - tags - - master - - /^hotfix-.*$/ - -build_and_publish_docker_base_image: - stage: build - image: docker:20.10.17 - services: - - name: docker:20.10.17-dind - command: ["--tls=false"] - - name: gitlab2.simplito.com:5050/teamserverdev/privmx-server-ee/mongo-with-rs2:7 - alias: mongodb - script: - - export MONGODB_IP=$(cat /etc/hosts | grep mongodb | awk '{print $1}') - - export IMAGE_ID=$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA - - export IMAGE_ID_AMD64=$IMAGE_ID-amd64 - - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - - ./scripts/build-base-images.sh - - docker build --cache-from gitlab2.simplito.com:5050/teamserverdev/privmx-server-ee/node-python3:22.11.0-bullseye-slim --cache-from gitlab2.simplito.com:5050/teamserverdev/privmx-server-ee/node-ssl:22.11.0-bullseye-slim --add-host=mongodb:$MONGODB_IP --build-arg "MONGO_URL=mongodb://mongodb" -t $IMAGE_ID_AMD64 . - - docker push $IMAGE_ID_AMD64 - except: - - tags - only: - - master - - /^hotfix-.*$/ - -# These two stages could be merged, but the second `docker build` does not consider the --platform argument of the FROM directive, so they have to be separated. -build_multi_arch_docker_image: - stage: build - needs: - - build_and_publish_docker_base_image - image: docker:20.10.17 - services: - - name: docker:20.10.17-dind - command: ["--tls=false"] - script: - - export IMAGE_ID=$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA - - export IMAGE_ID_AMD64=$IMAGE_ID-amd64 - - export IMAGE_ID_ARM64=$IMAGE_ID-arm64-v8 - - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - - docker pull $IMAGE_ID_AMD64 - - ./scripts/build-docker-for-platform.sh $IMAGE_ID_AMD64 arm64/v8 $IMAGE_ID_ARM64 - - docker push $IMAGE_ID_ARM64 - - docker manifest create $IMAGE_ID $IMAGE_ID_AMD64 $IMAGE_ID_ARM64 - - docker manifest annotate --arch amd64 $IMAGE_ID $IMAGE_ID_AMD64 - - docker manifest annotate --arch arm64 --variant v8 $IMAGE_ID $IMAGE_ID_ARM64 - - docker manifest push $IMAGE_ID - except: - - tags - only: - - master - - /^hotfix-.*$/ - -tag_docker_image: - stage: build - image: docker:20.10.17 - services: - - name: docker:20.10.17-dind - command: ["--tls=false"] - script: - - export IMAGE_ID=$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA - - export IMAGE_TAG_ID=$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG - - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - - docker manifest inspect $IMAGE_ID - - docker buildx imagetools create -t $IMAGE_TAG_ID $IMAGE_ID - except: - - branches - only: - - tags