feat: use reusable action to push to private repo

Signed-off-by: WoodenMaiden <[email protected]>
SouthGreenPlatform · Oct 10, 2023 · 32620e4 · 32620e4
1 parent cf3fe03
commit 32620e4
Show file tree

Hide file tree

Showing 3 changed files with 134 additions and 45 deletions.
diff --git a/.github/workflows/cicd-dev.yml b/.github/workflows/cicd-dev.yml
@@ -1,4 +1,4 @@
-name: Push to dev environment
+name: Push to dev 👷‍♂️
 
 on:
   push:
@@ -9,12 +9,20 @@ on:
       - agrold-javaweb/src/**
       - agrold-javaweb/pom.xml
       - agrold-javaweb/Dockerfile
-      
+
 # This workflow will build a docker container, publish it to our private registry
 # tagged as latest and with latest commit hash (shortened)
 jobs:
   build:
     runs-on: self-hosted
+
+    env: 
+      IMAGENAME: agrolddev
+
+    outputs:
+      BUILD_DATE: ${{ steps.variables.outputs.build_date }}
+      GIT_COMMIT: ${{ steps.variables.outputs.sha_short }}
+      NAME: ${{ env.IMAGENAME }}
 
     steps:
     - name: Clone project
@@ -43,42 +51,15 @@ jobs:
         echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
         echo "build_date=$(date --rfc-3339=ns)" >> $GITHUB_OUTPUT
 
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
-      with:
-        version: latest
-        config-inline: |
-            [registry."${{ vars.DOCKER_REGISTRY_HOST }}"]
-              http = false
-              insecure = true
-              ca=["/etc/docker/certs.d/10.9.2.21/ca.crt"]
-
-    - name: "Login to private registry at: ${{ vars.DOCKER_REGISTRY_HOST }}"
-      uses: docker/[email protected]
-      with:
-        registry: ${{ vars.DOCKER_REGISTRY_HOST }}
-        username: ${{ secrets.DOCKER_REGISTRY_USER }}
-        password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
-
-    - name: Set version and build date
-      uses: actions/github-script@v4
-      id: set_version
-      with:
-        script: |
-          const build_date = new Date().toISOString()
-          core.setOutput('build_date', build_date)
-
-
-    - name: Build and push Docker image
-      uses: docker/build-push-action@v4
-      with:
-        build-args: |
-          AGROLD_NAME=agrolddev
-          AGROLD_DESCRIPTION="agrold development instance generated from commit ${GIT_COMMIT}"
-          GIT_COMMIT=${{ steps.variables.outputs.sha_short }}
-          BUILD_DATE=${{ steps.variables.outputs.build_date }}
-        allow: security.insecure # Activated because docker does not like self-signed certificates
-        push: true
-        context: ./agrold-javaweb
-        file: ./agrold-javaweb/Dockerfile
-        tags: ${{ vars.DOCKER_REGISTRY_HOST }}/agrolddev:${{ steps.variables.outputs.sha_short }},${{ vars.DOCKER_REGISTRY_HOST }}/agrolddev:latest
+  build_n_push_private:
+    needs: build
+    uses: ./.github/workflows/push_to_private_registry.yml
+    with:
+      build-args: AGROLD_NAME=${{ needs.build.outputs.NAME }} AGROLD_DESCRIPTION="Agrold from commit ${{ needs.build.outputs.GIT_COMMIT }}" GIT_COMMIT=${{ needs.build.outputs.GIT_COMMIT}} BUILD_DATE="${{ needs.build.outputs.BUILD_DATE }}"
+      context: ./agrold-javaweb
+      dockerfile: ./agrold-javaweb/Dockerfile
+      image_name: agrolddev
+      tag: ${{ needs.build.outputs.GIT_COMMIT }}
+    secrets: 
+      DOCKER_REGISTRY_USER:     ${{ secrets.DOCKER_REGISTRY_USER }}
+      DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -1,4 +1,4 @@
-name: Push to dev environment
+name: Push to production ☁️
 
 on:
   push:
@@ -9,6 +9,11 @@ jobs:
   build:
     runs-on: ubuntu-latest
 
+    outputs:
+      sha_short:  ${{ steps.variables.outputs.sha_short }}
+      build_date: ${{ steps.variables.outputs.build_date }}
+      no_v:       ${{ steps.set_version.outputs.no_v }}
+
     steps:
     - name: Clone project
       uses: actions/checkout@v3
@@ -45,6 +50,13 @@ jobs:
           const no_v = tag.replace('v', '')
           core.setOutput('no_v', no_v)
     
+  build_n_push_prod:
+    needs: build
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v2
       with:
@@ -63,9 +75,22 @@ jobs:
         build-args: |
           AGROLD_NAME=agrold
           AGROLD_DESCRIPTION="agrold production instance"
-          GIT_COMMIT=${{ steps.set_version.outputs.no_v }}
-          BUILD_DATE=${{ steps.variables.outputs.build_date }}
+          GIT_COMMIT=${{ needs.build.outputs.sha_short }}
+          BUILD_DATE=${{ needs.build.outputs.build_date }}
         push: true
         context: ./agrold-javaweb
         file: ./agrold-javaweb/Dockerfile
-        tags: ghcr.io/southgreenplatform/agrold:${{ steps.set_version.outputs.no_v }},ghcr.io/southgreenplatform/agrold:latest
+        tags: ghcr.io/southgreenplatform/agrold:${{ needs.build.outputs.no_v }},ghcr.io/southgreenplatform/agrold:latest
+
+  build_n_push_private:
+    needs: build
+    uses: ./.github/workflows/push_to_private_registry.yml
+    with:
+      build-args: AGROLD_NAME=agrold AGROLD_DESCRIPTION="Agrold from version ${{ needs.build.outputs.no_v }}, commit ${{ needs.build.outputs.sha_short }}" GIT_COMMIT=${{ needs.build.outputs.no_v }} BUILD_DATE="${{ needs.build.outputs.build_date }}"
+      context: ./agrold-javaweb
+      dockerfile: ./agrold-javaweb/Dockerfile
+      image_name: agrolddev
+      tag: ${{ needs.build.outputs.no_v }}
+    secrets: 
+      DOCKER_REGISTRY_USER:     ${{ secrets.DOCKER_REGISTRY_USER }}
+      DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
diff --git a/.github/workflows/push_to_private.yml b/.github/workflows/push_to_private.yml
@@ -0,0 +1,83 @@
+name: Push container to private registry
+
+on:
+  workflow_call: 
+    inputs:
+      build-args:
+        type: string
+        default: ""
+        description: Build args to pass to docker build A=a B=b ...
+        required: false
+      image_name:
+        type: string
+        description: Image name to push to registry (w/o tag and host)
+        required: true
+      tag:
+        type: string
+        description: Tag to push to registry
+        required: true
+      context:
+        type: string
+        default: "."
+        description: Context to build from
+        required: true
+      dockerfile:
+        type: string
+        default: ${{ inputs.context }}/Dockerfile
+        description: Dockerfile to build
+      registry_host:
+        type: string
+        description: Docker registry host
+        required: true
+        default: "10.9.2.21:8080"
+    secrets:
+      DOCKER_REGISTRY_USER:
+        description: Docker username
+        required: true
+      DOCKER_REGISTRY_PASSWORD:
+        description: Docker password
+        required: true
+
+
+run-name: Push ${{ github.repository }} to private registry with commit 
+
+jobs:
+  job:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Normalize build args
+        id: normalize_build_args
+        # the input.build-args is a string line in the form A=a B="b c" D=d we want to convert it to a list of strings
+        run: |
+          args="$(echo "${{ inputs.build-args }}" | sed 's/ \([A-Z]\)=/\n\1=/g')"
+          echo "args=$args" >> $GITHUB_OUTPUT
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          version: latest
+          config-inline: |
+              [registry."${{ inputs.registry_host }}"]
+                http = false
+                insecure = true
+                ca=["/etc/docker/certs.d/${{ inputs.registry_host }}/ca.crt"]
+
+      - name: "Login to private registry at: ${{ inputs.registry_host }}"
+        uses: docker/[email protected]
+        with:
+          registry: ${{ inputs.registry_host }}
+          username: ${{ secrets.DOCKER_REGISTRY_USER }}
+          password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v4
+        with:
+          build-args: ${{ steps.normalize_build_args.outputs.args }}
+          allow: security.insecure # Activated because docker does not like self-signed certificates
+          push: true
+          context: ${{ inputs.context }}
+          file: ${{ inputs.dockerfile }}
+          tags: ${{ inputs.registry_host }}/${{ inputs.image_name }}:${{ inputs.tag }},${{ inputs.registry_host }}/${{ inputs.image_name }}:latest