Merge pull request #29 from TimCsaky/pipeline

Github action for image build and push
bcgov · Jun 16, 2023 · 3cf9997 · 3cf9997
2 parents 4ada171 + 9a6db1d
commit 3cf9997
Show file tree

Hide file tree

Showing 3 changed files with 245 additions and 0 deletions.
diff --git a/.github/actions/build-push-container/action.yaml b/.github/actions/build-push-container/action.yaml
@@ -0,0 +1,87 @@
+name: Build & Push Container
+description: Builds a container from a Dockerfile and pushes to registry
+
+inputs:
+  context:
+    description: Effective Working Directory
+    required: true
+    default: "./"
+  image_name:
+    description: Image Name
+    required: true
+  github_username:
+    description: Github Container Registry Username
+    required: true
+  github_token:
+    description: Github Container Registry Authorization Token
+    required: true
+  dockerhub_username:
+    description: Dockerhub Container Registry Username
+    required: false
+  dockerhub_organization:
+    description: Dockerhub Container Registry Organization
+    required: false
+    default: bcgovimages
+  dockerhub_token:
+    description: Dockerhub Container Registry Authorization Token
+    required: false
+
+runs:
+  using: composite
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Parse Input Values
+      shell: bash
+      run: |
+        echo "GH_USERNAME=$(tr '[:upper:]' '[:lower:]' <<< '${{ inputs.github_username }}')" >> $GITHUB_ENV
+        echo "HAS_DOCKERHUB=${{ fromJson(inputs.dockerhub_username != '' && inputs.dockerhub_token != '') }}" >> $GITHUB_ENV
+
+    - name: Login to Github Container Registry
+      uses: docker/login-action@v2
+      with:
+        registry: ghcr.io
+        username: ${{ env.GH_USERNAME }}
+        password: ${{ inputs.github_token }}
+
+    - name: Login to Dockerhub Container Registry
+      if: env.HAS_DOCKERHUB == 'true'
+      uses: docker/login-action@v2
+      with:
+        registry: docker.io
+        username: ${{ inputs.dockerhub_username }}
+        password: ${{ inputs.dockerhub_token }}
+
+    - name: Prepare Container Metadata tags
+      id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: |
+          ghcr.io/${{ env.GH_USERNAME }}/${{ inputs.image_name }}
+          docker.io/${{ inputs.dockerhub_organization }}/${{ inputs.image_name }},enable=${{ env.HAS_DOCKERHUB }}
+        # Always updates the 'latest' tag
+        flavor: |
+          latest=true
+        # Creates tags based off of branch names and semver tags
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=semver,pattern={{major}}
+          type=sha
+
+    - name: Build and Push to Container Registry
+      id: builder
+      uses: docker/build-push-action@v3
+      with:
+        context: ${{ inputs.context }}
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+
+    - name: Inspect Docker Image
+      shell: bash
+      run: |
+        docker image inspect ghcr.io/${{ env.GH_USERNAME }}/${{ inputs.image_name }}:latest
diff --git a/.github/workflows/on-push.yaml b/.github/workflows/on-push.yaml
@@ -0,0 +1,109 @@
+name: Push
+
+env:
+  ACRONYM: chess
+  APP_NAME: common-hosted-email-service-showcase
+  NAMESPACE_PREFIX: 10d873
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - v*.*.*
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: Build & Push
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Build & Push
+        uses: ./.github/actions/build-push-container
+        with:
+          context: .
+          image_name: ${{ env.APP_NAME }}
+          github_username: ${{ github.repository_owner }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
+          dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }}
+
+  deploy-dev:
+    name: Deploy to Dev
+    environment:
+      name: dev
+      url: https://${{ env.ACRONYM }}-dev-master.apps.silver.devops.gov.bc.ca
+    runs-on: ubuntu-latest
+    needs: build
+    timeout-minutes: 12
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Deploy to Dev
+        uses: ./.github/actions/deploy-to-environment
+        with:
+          app_name: ${{ env.APP_NAME }}
+          acronym: ${{ env.ACRONYM }}
+          environment: dev
+          job_name: master
+          namespace_prefix: ${{ env.NAMESPACE_PREFIX }}
+          namespace_environment: dev
+          openshift_server: ${{ secrets.OPENSHIFT_SERVER }}
+          openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
+
+  deploy-test:
+    name: Deploy to Test
+    environment:
+      name: test
+      url: https://${{ env.ACRONYM }}-test-master.apps.silver.devops.gov.bc.ca
+    runs-on: ubuntu-latest
+    needs:
+      - build
+      - deploy-dev
+    timeout-minutes: 12
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Deploy to Test
+        uses: ./.github/actions/deploy-to-environment
+        with:
+          app_name: ${{ env.APP_NAME }}
+          acronym: ${{ env.ACRONYM }}
+          environment: test
+          job_name: master
+          namespace_prefix: ${{ env.NAMESPACE_PREFIX }}
+          namespace_environment: test
+          openshift_server: ${{ secrets.OPENSHIFT_SERVER }}
+          openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
+
+  deploy-prod:
+    name: Deploy to Prod
+    environment:
+      name: prod
+      url: https://${{ env.ACRONYM }}-prod-master.apps.silver.devops.gov.bc.ca
+    runs-on: ubuntu-latest
+    needs:
+      - build
+      - deploy-dev
+      - deploy-test
+    timeout-minutes: 12
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Deploy to Prod
+        uses: ./.github/actions/deploy-to-environment
+        with:
+          app_name: ${{ env.APP_NAME }}
+          acronym: ${{ env.ACRONYM }}
+          environment: prod
+          job_name: master
+          namespace_prefix: ${{ env.NAMESPACE_PREFIX }}
+          namespace_environment: prod
+          openshift_server: ${{ secrets.OPENSHIFT_SERVER }}
+          openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,49 @@
+# FROM docker.io/node:16.15.0-alpine # Last known working alpine image
+
+# RedHat Image Catalog references
+# https://catalog.redhat.com/software/containers/ubi9/nodejs-18/62e8e7ed22d1d3c2dfe2ca01
+# https://catalog.redhat.com/software/containers/ubi8/nodejs-16/615aee9fc739c0a4123a87e1
+# https://catalog.redhat.com/software/containers/ubi9/nodejs-18-minimal/62e8e919d4f57d92a9dee838
+
+#
+# Build the application
+#
+FROM registry.access.redhat.com/ubi9/nodejs-18:1-48 as application
+
+ENV NO_UPDATE_NOTIFIER=true
+
+USER 0
+COPY --chown=1001:0 app /tmp/src/app
+WORKDIR /tmp/src/app
+USER 1001
+RUN npm ci --omit=dev
+
+#
+# Build the frontend
+#
+FROM registry.access.redhat.com/ubi8/nodejs-16:1-105.1684740145 as frontend
+
+ENV NO_UPDATE_NOTIFIER=true
+USER 0
+COPY --chown=1001:0 app/frontend /tmp/src/app/frontend
+
+WORKDIR /tmp/src/app/frontend
+USER 1001
+
+RUN npm ci && npm run build
+
+#
+# Create the final container image
+#
+FROM registry.access.redhat.com/ubi9/nodejs-18-minimal:1-51
+
+ENV APP_PORT=8080 \
+    NO_UPDATE_NOTIFIER=true
+
+COPY --from=application /tmp/src/app ${HOME}
+COPY --from=frontend /tmp/src/app/frontend/dist ${HOME}/frontend/dist
+COPY .git ${HOME}/.git
+WORKDIR ${HOME}
+
+EXPOSE ${APP_PORT}
+CMD ["npm", "run", "start"]