Build And Push Docker Release 3.0 #42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build And Push Docker Release 3.0 | |
| on: | |
| workflow_dispatch: | |
| branches: [ "3.0.0" ] | |
| inputs: | |
| tag: | |
| description: tag/version to release | |
| required: true | |
| jobs: | |
| build_push_docker_release_30: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| name: git checkout 3.0.0 | |
| with: | |
| ref: 3.0.0 | |
| - name: Set up Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 17 | |
| distribution: temurin | |
| server-id: central | |
| server-username: MAVEN_USERNAME | |
| server-password: MAVEN_PASSWORD | |
| - name: Cache local Maven repository | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: preliminary checks | |
| run: | | |
| docker login --username=${{ secrets.DOCKERHUB_SB_USERNAME }} --password=${{ secrets.DOCKERHUB_SB_PASSWORD }} | |
| set -e | |
| # fail if templates/generators contain carriage return '\r' | |
| /bin/bash ./bin/utils/detect_carriage_return.sh | |
| # fail if generators contain merge conflicts | |
| /bin/bash ./bin/utils/detect_merge_conflict.sh | |
| # fail if generators contain tab '\t' | |
| /bin/bash ./bin/utils/detect_tab_in_java_class.sh | |
| - name: Build with Maven | |
| run: | | |
| mvn clean install -U -Pdocker -DJETTY_TEST_HTTP_PORT=8090 -DJETTY_TEST_STOP_PORT=8089 | |
| - name: docker generator build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./modules/swagger-generator | |
| file: ./modules/swagger-generator/Dockerfile | |
| push: true | |
| platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x | |
| provenance: false | |
| build-args: | | |
| HIDDEN_OPTIONS_DEFAULT_PATH=hiddenOptions.yaml | |
| JAVA_MEM=1024m | |
| HTTP_PORT=8080 | |
| tags: swaggerapi/swagger-generator-v3:latest,swaggerapi/swagger-generator-v3:${{ env.TAG }} | |
| - name: docker generator root build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./modules/swagger-generator | |
| file: ./modules/swagger-generator/Dockerfile_root | |
| push: true | |
| platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x | |
| provenance: false | |
| build-args: | | |
| HIDDEN_OPTIONS_DEFAULT_PATH=hiddenOptions.yaml | |
| JAVA_MEM=1024m | |
| HTTP_PORT=8080 | |
| tags: swaggerapi/swagger-generator-v3-root:latest,swaggerapi/swagger-generator-v3-root:${{ env.TAG }},swaggerapi/swagger-generator-v3:${{ env.TAG }}-root | |
| - name: docker cli build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./modules/swagger-codegen-cli | |
| file: ./modules/swagger-codegen-cli/Dockerfile | |
| push: true | |
| platforms: linux/amd64,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x | |
| provenance: false | |
| tags: swaggerapi/swagger-codegen-cli-v3:latest,swaggerapi/swagger-codegen-cli-v3:${{ env.TAG }} | |
| - name: docker minimal build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./modules/swagger-generator | |
| file: ./modules/swagger-generator/Dockerfile_minimal | |
| push: true | |
| platforms: linux/amd64,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x | |
| provenance: false | |
| tags: swaggerapi/swagger-generator-v3-minimal:latest,swaggerapi/swagger-generator-v3-minimal:${{ env.TAG }} | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@v3.7.0 | |
| - name: Generate SBOM for swagger-generator-v3 | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| image: swaggerapi/swagger-generator-v3:${{ env.TAG }} | |
| format: spdx-json | |
| output-file: swagger-generator-v3.spdx.json | |
| - name: Attach SBOM to swagger-generator-v3 | |
| run: | | |
| cosign attach sbom --sbom swagger-generator-v3.spdx.json swaggerapi/swagger-generator-v3:${{ env.TAG }} | |
| - name: Generate SBOM for swagger-generator-v3-root | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| image: swaggerapi/swagger-generator-v3-root:${{ env.TAG }} | |
| format: spdx-json | |
| output-file: swagger-generator-v3-root.spdx.json | |
| - name: Attach SBOM to swagger-generator-v3-root | |
| run: | | |
| cosign attach sbom --sbom swagger-generator-v3-root.spdx.json swaggerapi/swagger-generator-v3-root:${{ env.TAG }} | |
| - name: Generate SBOM for swagger-codegen-cli-v3 | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| image: swaggerapi/swagger-codegen-cli-v3:${{ env.TAG }} | |
| format: spdx-json | |
| output-file: swagger-codegen-cli-v3.spdx.json | |
| - name: Attach SBOM to swagger-codegen-cli-v3 | |
| run: | | |
| cosign attach sbom --sbom swagger-codegen-cli-v3.spdx.json swaggerapi/swagger-codegen-cli-v3:${{ env.TAG }} | |
| - name: Generate SBOM for swagger-generator-v3-minimal | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| image: swaggerapi/swagger-generator-v3-minimal:${{ env.TAG }} | |
| format: spdx-json | |
| output-file: swagger-generator-v3-minimal.spdx.json | |
| - name: Attach SBOM to swagger-generator-v3-minimal | |
| run: | | |
| cosign attach sbom --sbom swagger-generator-v3-minimal.spdx.json swaggerapi/swagger-generator-v3-minimal:${{ env.TAG }} | |
| - name: deploy | |
| run: | | |
| echo "${{ env.TAG }}" | |
| TOKEN="${{ secrets.RANCHER2_BEARER_TOKEN }}" | |
| RANCHER_HOST="rancher.tools.swagger.io" | |
| CLUSTER_ID="c-n8zp2" | |
| NAMESPACE_NAME="swagger-oss" | |
| K8S_OBJECT_TYPE="daemonsets" | |
| K8S_OBJECT_NAME="swagger-generator-v3" | |
| DEPLOY_IMAGE="swaggerapi/swagger-generator-v3:${{ env.TAG }}" | |
| workloadStatus="" | |
| getStatus() { | |
| echo "Getting update status..." | |
| if ! workloadStatus="$(curl -s -X GET \ | |
| -H "Authorization: Bearer ${TOKEN}" \ | |
| -H 'Content-Type: application/json' \ | |
| "https://${RANCHER_HOST}/k8s/clusters/${CLUSTER_ID}/apis/apps/v1/namespaces/${NAMESPACE_NAME}/${K8S_OBJECT_TYPE}/${K8S_OBJECT_NAME}/status")" | |
| then | |
| echo 'ERROR - get status k8s API call failed!' | |
| echo "Exiting build"... | |
| exit 1 | |
| fi | |
| } | |
| # $1 = image to deploy | |
| updateObject() { | |
| local image="${1}" | |
| echo "Updating image value..." | |
| if ! curl -s -X PATCH \ | |
| -H "Authorization: Bearer ${TOKEN}" \ | |
| -H 'Content-Type: application/json-patch+json' \ | |
| "https://${RANCHER_HOST}/k8s/clusters/${CLUSTER_ID}/apis/apps/v1/namespaces/${NAMESPACE_NAME}/${K8S_OBJECT_TYPE}/${K8S_OBJECT_NAME}" \ | |
| -d "[{\"op\": \"replace\", \"path\": \"/spec/template/spec/containers/0/image\", \"value\": \"${image}\"}]" | |
| then | |
| echo 'ERROR - image update k8s API call failed!' | |
| echo "Exiting build..." | |
| exit 1 | |
| fi | |
| } | |
| # Check that the TAG is valid | |
| if [[ ${{ env.TAG }} =~ ^[vV]?[0-9]*\.[0-9]*\.[0-9]*$ ]]; then | |
| echo "" | |
| echo "This is a Valid TAG..." | |
| # Get current image/tag in case we need to rollback | |
| getStatus | |
| ROLLBACK_IMAGE="$(echo "${workloadStatus}" | jq -r '.spec.template.spec.containers[0].image')" | |
| echo "" | |
| echo "Current image: ${ROLLBACK_IMAGE}" | |
| # Update image and validate response | |
| echo "" | |
| updateObject "${DEPLOY_IMAGE}" | |
| echo "" | |
| echo "" | |
| echo "Waiting for pods to start..." | |
| echo "" | |
| sleep 60s | |
| # Get state of the k8s object. If numberReady == desiredNumberScheduled, consider the upgrade successful. Else raise error | |
| getStatus | |
| status="$(echo "${workloadStatus}" | jq '.status')" | |
| echo "" | |
| echo "${status}" | |
| echo "" | |
| numberDesired="$(echo "${status}" | jq -r '.desiredNumberScheduled')" | |
| numberReady="$(echo "${status}" | jq -r '.numberReady')" | |
| if (( numberReady == numberDesired )); then | |
| echo "${K8S_OBJECT_NAME} has been upgraded to ${DEPLOY_IMAGE}" | |
| # If pods are not starting, rollback the upgrade and exit the build with error | |
| else | |
| echo "state = error...rolling back upgrade" | |
| updateObject "${ROLLBACK_IMAGE}" | |
| echo "" | |
| echo "" | |
| echo "Waiting for rollback pods to start..." | |
| echo "" | |
| sleep 60s | |
| getStatus | |
| status="$(echo "${workloadStatus}" | jq '.status')" | |
| echo "" | |
| echo "${status}" | |
| echo "" | |
| numberDesired="$(echo "${status}" | jq -r '.desiredNumberScheduled')" | |
| numberReady="$(echo "${status}" | jq -r '.numberReady')" | |
| if (( numberReady == numberDesired )); then | |
| echo "Rollback to ${ROLLBACK_IMAGE} completed." | |
| else | |
| echo "FATAL - rollback failed" | |
| fi | |
| echo "Exiting Build..." | |
| exit 1 | |
| fi | |
| else | |
| echo "This TAG is not in a valid format..." | |
| echo "Exiting Build..." | |
| exit 0 | |
| fi | |
| echo "Exiting Build..." | |
| exit 0 | |
| env: | |
| MAVEN_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }} | |
| MAVEN_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} | |
| TAG: ${{ github.event.inputs.tag }} |