Skip to content

Docker

Docker #1872

Workflow file for this run

name: Docker
on:
# build dev daily
schedule:
- cron: "20 2 * * *" # Daily at 02:20
push:
tags:
- v*
workflow_dispatch:
inputs:
tag:
description: "The tag to release. Note that this happens by default on the tag push. Only run this action when something went wrong!"
required: false
permissions:
contents: read # to fetch code (actions/checkout)
env:
REGISTRY_IMAGE: openproject/openproject
jobs:
setup:
runs-on: ubuntu-latest
steps:
- name: Extract version
id: extract_version
run: |
if [[ ${{ github.event_name }} == 'push' ]]; then
TAG_REF=${GITHUB_REF#refs/tags/}
CHECKOUT_REF=$GITHUB_REF
elif [[ ${{ github.event_name }} == 'schedule' ]]; then
TAG_REF=dev
CHECKOUT_REF=refs/heads/dev
elif [[ ${{ github.event_name }} == 'workflow_dispatch' ]]; then
TAG_REF=${{ inputs.tag }}
CHECKOUT_REF=${{ inputs.tag }}
if [ -z "$TAG_REF" ]; then
TAG_REF=dev
CHECKOUT_REF=dev
fi
else
echo "Unsupported event"
exit 1
fi
if [ -z "$TAG_REF" ] || [ -z "$CHECKOUT_REF" ]; then
echo "No TAG_REF or CHECKOUT_REF set. Aborting"
exit 1
fi
VERSION=${TAG_REF#v}
echo "Version: $VERSION"
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "checkout_ref=$CHECKOUT_REF" >> "$GITHUB_OUTPUT"
- uses: actions/checkout@v4
- name: Cache NPM
uses: runs-on/cache@v4
with:
path: |
frontend/node_modules
node_modules
key: nodejs-x64-${{ hashFiles('**/package-lock.json') }}
restore-keys: nodejs-x64-
- name: Cache angular
uses: runs-on/cache@v4
with:
path: frontend/.angular
key: angular-${{ github.ref }}
restore-keys: angular-
- uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
cache-dependency-path: |
package-lock.json
frontend/package-lock.json
- name: Precompile assets
run: |
./docker/prod/setup/precompile-assets.sh
# public/assets will be saved as artifact, so temporarily copying config file there as well
cp config/frontend_assets.manifest.json public/assets/frontend_assets.manifest.json
- uses: actions/upload-artifact@v4
with:
path: public/
name: public-assets-${{ github.sha }}
overwrite: true
# Since v4.4, hidden files are excluded by default.
# We need to include public/assets/.sprockets-manifest-*.json
include-hidden-files: true
outputs:
version: ${{ steps.extract_version.outputs.version }}
checkout_ref: ${{ steps.extract_version.outputs.checkout_ref }}
build:
needs:
- setup
if: github.repository == 'opf/openproject'
runs-on:
labels:
- runs-on
- ssh=false
- run-id=${{ github.run_id }}
- ${{ matrix.runner }}
strategy:
matrix:
include:
- platform: linux/amd64
digest: amd64-slim
bim_support: true
target: slim
runner: runner=4cpu-linux-x64
- platform: linux/arm64/v8
digest: arm64-slim
bim_support: false
target: slim
runner: runner=4cpu-linux-arm64
- platform: linux/amd64
digest: amd64-aio
bim_support: true
target: all-in-one
runner: runner=4cpu-linux-x64
- platform: linux/arm64/v8
digest: arm64-aio
bim_support: false
target: all-in-one
runner: runner=4cpu-linux-arm64
- platform: linux/ppc64le
digest: ppc-aio
bim_support: false
target: all-in-one
runner: runner=4cpu-linux-x64
steps:
- name: Checkout
with:
ref: ${{ needs.setup.outputs.checkout_ref }}
uses: actions/checkout@v4
- name: Prepare docker files
run: |
cp ./docker/prod/Dockerfile ./Dockerfile
- name: Download precompiled public assets
uses: actions/download-artifact@v4
with:
name: public-assets-${{ github.sha }}
path: public/
- name: Setup precompiled assets
run: |
ls -al public/
mv public/assets/frontend_assets.manifest.json config/frontend_assets.manifest.json
ls -al config/frontend_assets.manifest.json
# allow precompiled assets to be injected into docker image
echo '' >> .dockerignore
echo '!/public/assets' >> .dockerignore
echo '!/config/frontend_assets.manifest.json' >> .dockerignore
- name: Add build information
run: |
echo "${{ needs.setup.outputs.checkout_ref }}" > PRODUCT_VERSION
echo "https://github.com/opf/openproject/commits/${{ needs.setup.outputs.checkout_ref }}" > PRODUCT_URL
date -u +"%Y-%m-%dT%H:%M:%SZ" > RELEASE_DATE
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
context: git
labels: |
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/opf/openproject/refs/heads/dev/docker/prod/README.md
io.artifacthub.package.logo-url=https://raw.githubusercontent.com/opf/openproject/refs/heads/dev/docker/prod/logo.png
org.opencontainers.image.source=https://github.com/opf/openproject
org.opencontainers.image.documentation=https://www.openproject.org/docs/installation-and-operations/installation/
org.opencontainers.image.vendor=OpenProject GmbH
tags: |
type=semver,pattern={{version}},value=${{ needs.setup.outputs.version }}
images: |
${{ env.REGISTRY_IMAGE }}
- name: Build image
id: build
uses: docker/build-push-action@v6
with:
context: .
platforms: ${{ matrix.platform }}
target: ${{ matrix.target }}
build-args: |
BIM_SUPPORT=${{ matrix.bim_support }}
pull: true
load: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=s3,blobs_prefix=cache/${{ github.repository }}/,manifests_prefix=cache/${{ github.repository }}/,region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }}
cache-to: type=s3,blobs_prefix=cache/${{ github.repository }}/,manifests_prefix=cache/${{ github.repository }}/,region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }},mode=max
- name: Test
# We only test the native container. If that fails the builds for the others
# will be cancelled as well.
if: matrix.platform == 'linux/amd64' && matrix.target == 'all-in-one'
run: |
docker run \
--name openproject \
-d -p 8080:80 --platform ${{ matrix.platform }} \
-e SUPERVISORD_LOG_LEVEL=debug \
-e OPENPROJECT_LOGIN__REQUIRED=false \
-e OPENPROJECT_HTTPS=false \
${{ steps.build.outputs.imageid }}
sleep 60
docker logs openproject --tail 100
wget -O- --retry-on-http-error=503,502 --retry-connrefused http://localhost:8080/api/v3
- name: Push image
id: push
uses: docker/build-push-action@v6
with:
context: .
platforms: ${{ matrix.platform }}
target: ${{ matrix.target }}
build-args: |
BIM_SUPPORT=${{ matrix.bim_support }}
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
cache-from: type=s3,blobs_prefix=cache/${{ github.repository }}/,manifests_prefix=cache/${{ github.repository }}/,region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }}
cache-to: type=s3,blobs_prefix=cache/${{ github.repository }}/,manifests_prefix=cache/${{ github.repository }}/,region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }},mode=max
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.push.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ matrix.target }}-${{ matrix.digest }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
runs-on: ubuntu-latest
strategy:
matrix:
target: [slim, all-in-one]
needs:
- setup
- build
steps:
- name: Merge digests
uses: actions/upload-artifact/merge@v4
with:
pattern: "digests-${{ matrix.target }}-*"
overwrite: true
name: "merged-digests-${{ matrix.target }}-${{ github.run_number }}-${{ github.run_attempt }}"
- name: Download digests
uses: actions/download-artifact@v4
with:
name: "merged-digests-${{ matrix.target }}-${{ github.run_number }}-${{ github.run_attempt }}"
path: /tmp/digests
- name: Set suffix
id: set_suffix
run: |
suffix="-${{ matrix.target }}"
if [ "$suffix" = "-all-in-one" ]; then suffix="" ; fi
echo "suffix=$suffix" >> "$GITHUB_OUTPUT"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_IMAGE }}
labels: |
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/opf/openproject/refs/heads/dev/docker/prod/README.md
io.artifacthub.package.logo-url=https://raw.githubusercontent.com/opf/openproject/refs/heads/dev/docker/prod/logo.png
org.opencontainers.image.source=https://github.com/opf/openproject
org.opencontainers.image.documentation=https://www.openproject.org/docs/installation-and-operations/installation/
org.opencontainers.image.vendor=OpenProject GmbH
flavor: |
latest=false
suffix=${{ steps.set_suffix.outputs.suffix }}
tags: |
type=semver,pattern={{version}},value=${{ needs.setup.outputs.version }}
type=semver,pattern={{major}}.{{minor}},value=${{ needs.setup.outputs.version }}
type=semver,pattern={{major}},value=${{ needs.setup.outputs.version }}
type=raw,value=dev,priority=200,enable={{is_default_branch}}
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
notify:
needs: [setup, build, merge]
if: ${{ always() && contains(needs.*.result, 'failure') }}
uses: ./.github/workflows/email-notification.yml
secrets: inherit
with:
subject: "Docker build failed"
body: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
trigger_helm_release:
needs: [setup, build, merge]
permissions:
contents: none
if: ${{ github.repository == 'opf/openproject' && inputs.tag != '' }}
runs-on: ubuntu-latest
steps:
- name: Trigger Helm charts release
env:
TOKEN: ${{ secrets.OPENPROJECT_CI_TOKEN }}
REPOSITORY: opf/helm-charts
WORKFLOW_ID: core_release.yml
run: |
curl -i --fail-with-body -H"authorization: Bearer $TOKEN" \
-XPOST -H"Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/$REPOSITORY/actions/workflows/$WORKFLOW_ID/dispatches \
-d '{"ref": "main", "inputs": { "tag" : "${{ needs.setup.outputs.version }}" }}'