Update builder image and support multiple stacks (#63)

* Update builder image to 20230928.2 and use cascading builder approach

* Add support for 'builderVersion' input to allow user to select builder flavor to use

* Resolve review feedback

* Update bookworm builder tag

* Update builder image tags to 20231004.1

* Add error handling for builders

* Fix boolean logic bug

README.md

@@ -161,15 +161,16 @@ For more information on the structure of the YAML configuration file, please vis
 | ------------------------- | -------- | ----------- |
 | `acrUsername`             | No       | The username used to authenticate push requests to the provided Azure Container Registry. If not provided, an access token will be generated via "az acr login" and provided to "docker login" to authenticate the requests. |
 | `acrPassword`             | No       | The password used to authenticate push requests to the provided Azure Container Registry. If not provided, an access token will be generated via "az acr login" and provided to "docker login" to authenticate the requests. |
-| `registryUsername`             | No       | The username used to authenticate push requests to the provided Container Registry using the "docker login" action. |
-| `registryPassword`             | No       | The password used to authenticate push requests to the provided Container Registry using the "docker login" action. |
+| `registryUsername`        | No       | The username used to authenticate push requests to the provided Container Registry using the "docker login" action. |
+| `registryPassword`        | No       | The password used to authenticate push requests to the provided Container Registry using the "docker login" action. |
 | `azureCredentials`        | No       | Azure credentials used by the `azure/login` action to authenticate Azure CLI requests if the user has not previously authenticated in the workflow calling this action. |
 | `imageToBuild`            | No       | The custom name of the image that is to be built, pushed to the Container Registry and deployed to the Container App by this action. _Note_: this image name should include the registry server; _e.g._, `<registryUrl>/<repo>:<tag>`. If this argument is not provided, a default image name will be constructed in the form `<registryUrl>/github-action/container-app:<github-run-id>.<github-run-attempt>` |
 | `dockerfilePath`          | No       | Relative path (_without file prefixes, see example below_) to the Dockerfile in the provided application source that should be used to build the image that is then pushed to the Container Registry and deployed to the Container App. If not provided, this action will check if there is a file named `Dockerfile` in the provided application source and use that to build the image. Otherwise, the Oryx++ Builder will be used to create the image. |
 | `containerAppName`        | No       | The name of the Container App that will be created or updated. If not provided, this value will be `github-action-container-app-<github-run-id>-<github-run-attempt>`. |
 | `resourceGroup`           | No       | The existing resource group that the Azure Container App will be created in. If not provided, this value will be `<container-app-name>-rg` and its existence will first be checked before attempting to create it. |
 | `containerAppEnvironment` | No       | The name of the Container App environment to use with the application. If not provided, an existing environment in the resource group of the Container App will be used, otherwise, an environment will be created in the formation `<container-app-name>-env`. |
 | `runtimeStack`            | No       | The platform version stack used in the final runnable application image that is deployed to the Container App. The value should be provided in the formation `<platform>:<version>`. If not provided, this value is determined by Oryx based on the contents of the provided application. Please refer to [this document](https://github.com/microsoft/Oryx/blob/main/doc/supportedRuntimeVersions.md) for more information on supported runtime stacks for Oryx. |
+| `builderStack`            | No       | The stack (OS) that should be used to build the provided application source and produce the runnable application image. You can provide a specific image tag for the stack, such as "debian-bookworm-20231004.1", or you can provide a supported stack name, such as "debian-bookworm" or "debian-bullseye", and the latest supported image tag for that stack will be used. If no stack is provided, this action will attempt to build the provided application source with each supported stack until there's a successful build. |
 | `targetPort`              | No       | The designated port for the application to run on. If no value is provided and the builder is used to build the runnable application image, the target port will be set to 80 for Python applications and 8080 for all other platform applications. If no value is provided when creating a Container App, the target port will default to 80. Note: when using this action to update a Container App, the target port may be updated if not provided based on changes to the ingress property. |
 | `location`                | No       | The location that the Container App (and other created resources) will be deployed to. To view locations suitable for creating the Container App in, please run the following: `az provider show -n Microsoft.App --query "resourceTypes[?resourceType=='containerApps'].locations"` |
 | `environmentVariables`    | No       | A list of environment variable(s) for the container. Space-separated values in 'key=value' format. Empty string to clear existing values. Prefix value with 'secretref:' to reference a secret. |

action.yml

@@ -22,13 +22,13 @@ inputs:
       access token will be generated via "az acr login" and provided to "docker login" to authenticate the requests.'
     required: false
   registryUrl:
-    description: 'The base URL of the Container Registry that the runnable application image will be pushed to.'  
+    description: 'The base URL of the Container Registry that the runnable application image will be pushed to.'
     required: false
-  registryUsername: 
-    description: 'The username used to authenticate push requests to the provided Container Registry using the "docker login" action.'  
+  registryUsername:
+    description: 'The username used to authenticate push requests to the provided Container Registry using the "docker login" action.'
     required: false
-  registryPassword: 
-    description: 'The password used to authenticate push requests to the provided Container Registry using the "docker login" action.'  
+  registryPassword:
+    description: 'The password used to authenticate push requests to the provided Container Registry using the "docker login" action.'
     required: false
   azureCredentials:
     description: |
@@ -80,6 +80,14 @@ inputs:
       runtime stacks for Oryx:
       https://github.com/microsoft/Oryx/blob/main/doc/supportedRuntimeVersions.md'
     required: false
+  builderStack:
+    description: |
+      'The stack (OS) that should be used to build the provided application source and produce the runnable application
+      image. You can provide a specific image tag for the stack, such as "debian-bullseye-20231004.1", or you can
+      provide a supported stack name, such as "debian-bookworm" or "debian-bullseye", and the latest supported image tag
+      for that stack will be used. If no stack is provided, this action will attempt to build the provided application
+      source with each supported stack until there's a successful build.'
+    required: false
   targetPort:
     description: |
       'The designated port for the application to run on. If no value is provided and the builder is used to build the
@@ -140,9 +148,9 @@ runs:
     - name: Check that an ACR name and a registry URL are not provided together
       if: ${{ inputs.acrName != '' && inputs.registryUrl != '' }}
       shell: bash
-      run: | 
+      run: |
         echo "Both 'acrName' and 'registryUrl' arguments cannot be provided together."
-        exit 1    
+        exit 1
 
     - name: Check for ACR name or any other registry url provided with application source path
       if: ${{ inputs.appSourcePath != '' && inputs.acrName == '' && inputs.registryUrl == '' }}
@@ -198,7 +206,7 @@ runs:
         username: ${{ inputs.registryUsername }}
         password: ${{ inputs.registryPassword }}
 
-    - name: Export Container Registry information to environment variable 
+    - name: Export Container Registry information to environment variable
       if: ${{ inputs.registryUrl != '' && inputs.registryUsername != '' && inputs.registryPassword != '' && env.CA_GH_ACTION_ONLY_YAML != 'true' }}
       shell: bash
       run: |
@@ -260,7 +268,7 @@ runs:
       shell: bash
       run: |
         CA_GH_ACTION_IMAGE_TO_BUILD="${{ env.CA_GH_ACTION_REGISTRY_URL }}/github-action/container-app:${{ github.run_id }}.${{ github.run_attempt }}"
-        echo "CA_GH_ACTION_IMAGE_TO_BUILD=${CA_GH_ACTION_IMAGE_TO_BUILD}" >> $GITHUB_ENV    
+        echo "CA_GH_ACTION_IMAGE_TO_BUILD=${CA_GH_ACTION_IMAGE_TO_BUILD}" >> $GITHUB_ENV
 
     - name: Export name of image to deploy to environment variable
       if: ${{ inputs.imageToDeploy != '' }}
@@ -382,27 +390,6 @@ runs:
           -n ${{ env.CA_GH_ACTION_CONTAINER_APP_ENVIRONMENT }} \
           ${{ env.CA_GH_ACTION_CONTAINER_APP_LOCATION_ARG }}
 
-    - name: Export runtime stack to environment variable
-      if: ${{ inputs.runtimeStack != '' && env.CA_GH_ACTION_ONLY_YAML != 'true' }}
-      shell: bash
-      run: |
-        CA_GH_ACTION_RUNTIME_STACK="${{ inputs.runtimeStack }}"
-        echo "CA_GH_ACTION_RUNTIME_STACK=${CA_GH_ACTION_RUNTIME_STACK}" >> $GITHUB_ENV
-
-    - name: Determine runtime stack if not provided
-      if: ${{ inputs.appSourcePath != '' && inputs.runtimeStack == '' }}
-      shell: bash
-      run: |
-        docker run \
-          --rm \
-          -v ${{ inputs.appSourcePath }}:/app \
-          mcr.microsoft.com/oryx/cli:builder-debian-buster-20230208.1 \
-          /bin/bash \
-          -c "oryx dockerfile /app | head -n 1 | sed 's/ARG RUNTIME=//' >> /app/oryx-runtime.txt"
-        CA_GH_ACTION_RUNTIME_STACK=$(head -n 1 ${{ inputs.appSourcePath }}/oryx-runtime.txt)
-        echo "CA_GH_ACTION_RUNTIME_STACK=${CA_GH_ACTION_RUNTIME_STACK}" >> $GITHUB_ENV
-        rm ${{ inputs.appSourcePath }}/oryx-runtime.txt
-
     - name: Export disabled ingress value to environment variable
       if: ${{ inputs.ingress == 'disabled' && env.CA_GH_ACTION_YAML_PROVIDED != 'true' }}
       shell: bash
@@ -435,11 +422,12 @@ runs:
         CA_GH_ACTION_TARGET_PORT="${{ inputs.targetPort }}"
         echo "CA_GH_ACTION_TARGET_PORT=${CA_GH_ACTION_TARGET_PORT}" >> $GITHUB_ENV
 
-    - name: Determine default target port if not provided and no Dockerfile provided/found
+    - name: Default to target port 80 if one wasn't provided and no Dockerfile provided/found with the application source
       if: ${{ env.CA_GH_ACTION_INGRESS_ENABLED == 'true' && inputs.targetPort == '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && inputs.appSourcePath != '' && env.CA_GH_ACTION_YAML_PROVIDED != 'true' }}
       shell: bash
       run: |
-        if [[ "${{ env.CA_GH_ACTION_RUNTIME_STACK }}" == "python:"* ]]; then echo "CA_GH_ACTION_TARGET_PORT=80" >> $GITHUB_ENV; else echo "CA_GH_ACTION_TARGET_PORT=8080" >> $GITHUB_ENV; fi
+        CA_GH_ACTION_TARGET_PORT="80"
+        echo "CA_GH_ACTION_TARGET_PORT=${CA_GH_ACTION_TARGET_PORT}" >> $GITHUB_ENV
 
     - name: Default to target port 80 if one wasn't provided or found, and ingress is enabled, and the Container App doesn't exist (prevent overriding)
       if: ${{ env.CA_GH_ACTION_INGRESS_ENABLED == 'true' && env.CA_GH_ACTION_RESOURCE_EXISTS == 'false' && env.CA_GH_ACTION_TARGET_PORT == '' && env.CA_GH_ACTION_YAML_PROVIDED != 'true' }}
@@ -472,21 +460,26 @@ runs:
     - name: Install pack CLI on non-Windows runner
       if: ${{ runner.os != 'Windows' && inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' }}
       shell: bash
-      run: (curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.27.0/pack-v0.27.0-${{ runner.os }}.tgz" | sudo tar -C /usr/local/bin/ --no-same-owner -xzv pack)
+      run: (curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.31.0/pack-v0.31.0-${{ runner.os }}.tgz" | sudo tar -C /usr/local/bin/ --no-same-owner -xzv pack)
 
     - name: Install pack CLI on Windows runner
       if: ${{ runner.os == 'Windows' && inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' }}
       shell: bash
       run: |
           mkdir -p $PWD/pack && cd $PWD/pack
-          curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.27.0/pack-v0.27.0-windows.zip" -o "pack-windows.zip"
+          curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.31.0/pack-v0.31.0-windows.zip" -o "pack-windows.zip"
           7z x pack-windows.zip > /dev/null 2>&1
           rm pack-windows.zip && echo "$PWD" >> $GITHUB_PATH
 
     - name: Set Oryx++ Builder as default builder
       if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' }}
       shell: bash
-      run: pack config default-builder mcr.microsoft.com/oryx/builder:20230208.1
+      run: pack config default-builder mcr.microsoft.com/oryx/builder:debian-bullseye-20231004.1
+
+    - name: Enable experimental features for Oryx++ Builder
+      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' }}
+      shell: bash
+      run: pack config experimental true
 
     - name: Set telemetry for Oryx++ Builder
       if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && inputs.disableTelemetry == 'false' }}
@@ -502,16 +495,77 @@ runs:
         CA_GH_ACTION_ORYX_BUILDER_TELEMETRY_ARG='--env "ORYX_DISABLE_TELEMETRY=true"'
         echo "CA_GH_ACTION_ORYX_BUILDER_TELEMETRY_ARG=${CA_GH_ACTION_ORYX_BUILDER_TELEMETRY_ARG}" >> $GITHUB_ENV
 
-    - name: Create runnable application image using Oryx++ Builder
-      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' }}
+    - name: Parse the given runtime stack input and export the platform and version to environment variables
+      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && inputs.runtimeStack != '' }}
+      shell: bash
+      run: |
+        IFS=':' read -ra CA_GH_ACTION_RUNTIME_STACK <<< "${{ inputs.runtimeStack }}"
+        CA_GH_ACTION_RUNTIME_STACK_PLATFORM=${CA_GH_ACTION_RUNTIME_STACK[0]}
+        CA_GH_ACTION_RUNTIME_STACK_VERSION=${CA_GH_ACTION_RUNTIME_STACK[1]}
+        if [[ CA_GH_ACTION_RUNTIME_STACK_PLATFORM == "dotnetcore" ]]; then CA_GH_ACTION_RUNTIME_STACK_PLATFORM="dotnet"; fi
+        echo "CA_GH_ACTION_RUNTIME_STACK_PLATFORM=${CA_GH_ACTION_RUNTIME_STACK_PLATFORM}" >> $GITHUB_ENV
+        echo "CA_GH_ACTION_RUNTIME_STACK_VERSION=${CA_GH_ACTION_RUNTIME_STACK_VERSION}" >> $GITHUB_ENV
+
+    - name: Set platform environment variables for builder invocation
+      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && inputs.runtimeStack != '' }}
+      shell: bash
+      run: |
+        CA_GH_ACTION_ORYX_BUILDER_ENV_ARG="--env ORYX_PLATFORM_NAME=${{ env.CA_GH_ACTION_RUNTIME_STACK_PLATFORM }} --env ORYX_PLATFORM_VERSION=${{ env.CA_GH_ACTION_RUNTIME_STACK_VERSION }}"
+        echo "CA_GH_ACTION_ORYX_BUILDER_ENV_ARG=${CA_GH_ACTION_ORYX_BUILDER_ENV_ARG}" >> $GITHUB_ENV
+
+    - name: Set port environment variable for builder invocation
+      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && env.CA_GH_ACTION_TARGET_PORT != '' }}
+      shell: bash
+      run: |
+        CA_GH_ACTION_ORYX_BUILDER_ENV_ARG="${CA_GH_ACTION_ORYX_BUILDER_ENV_ARG} --env ORYX_RUNTIME_PORT=${{ env.CA_GH_ACTION_TARGET_PORT }}"
+        echo "CA_GH_ACTION_ORYX_BUILDER_ENV_ARG=${CA_GH_ACTION_ORYX_BUILDER_ENV_ARG}" >> $GITHUB_ENV
+
+    - name: Create runnable application image using bullseye Oryx++ Builder
+      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && (inputs.builderStack == '' || inputs.builderStack == 'debian-bullseye') }}
+      shell: bash
+      run: |
+        pack build \
+          ${{ env.CA_GH_ACTION_IMAGE_TO_DEPLOY }} \
+          --path ${{ inputs.appSourcePath }} \
+          --builder mcr.microsoft.com/oryx/builder:debian-bullseye-20231004.1 \
+          ${{ env.CA_GH_ACTION_ORYX_BUILDER_ENV_ARG }} \
+          ${{ env.CA_GH_ACTION_ORYX_BUILDER_TELEMETRY_ARG }} &&
+        echo "CA_GH_ACTION_BUILDER_FAILED=false" >> $GITHUB_ENV || \
+        (echo "CA_GH_ACTION_BUILDER_FAILED=true" >> $GITHUB_ENV && \
+        echo "CA_GH_ACTION_USE_BOOKWORM_BUILDER=true" >> $GITHUB_ENV)
+
+    - name: Create runnable application image using bookworm Oryx++ Builder
+      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && ((inputs.builderStack == '' && env.CA_GH_ACTION_USE_BOOKWORM_BUILDER == 'true') || inputs.builderStack == 'debian-bookworm') }}
       shell: bash
       run: |
         pack build \
           ${{ env.CA_GH_ACTION_IMAGE_TO_DEPLOY }} \
           --path ${{ inputs.appSourcePath }} \
-          --builder mcr.microsoft.com/oryx/builder:20230208.1 \
-          --run-image mcr.microsoft.com/oryx/${{ env.CA_GH_ACTION_RUNTIME_STACK }} \
-          ${{ env.CA_GH_ACTION_ORYX_BUILDER_TELEMETRY_ARG }}
+          --builder mcr.microsoft.com/oryx/builder:debian-bookworm-20231004.1 \
+          ${{ env.CA_GH_ACTION_ORYX_BUILDER_ENV_ARG }} \
+          ${{ env.CA_GH_ACTION_ORYX_BUILDER_TELEMETRY_ARG }} && \
+        echo "CA_GH_ACTION_BUILDER_FAILED=false" >> $GITHUB_ENV || \
+        echo "CA_GH_ACTION_BUILDER_FAILED=true" >> $GITHUB_ENV
+
+    - name: Create runnable application image using builder version specified by input
+      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && inputs.builderStack != '' && inputs.builderStack != 'debian-bookworm' && inputs.builderStack != 'debian-bullseye' }}
+      shell: bash
+      run: |
+        pack build \
+          ${{ env.CA_GH_ACTION_IMAGE_TO_DEPLOY }} \
+          --path ${{ inputs.appSourcePath }} \
+          --builder mcr.microsoft.com/oryx/builder:${{ inputs.builderStack }} \
+          ${{ env.CA_GH_ACTION_ORYX_BUILDER_ENV_ARG }} \
+          ${{ env.CA_GH_ACTION_ORYX_BUILDER_TELEMETRY_ARG }} && \
+        echo "CA_GH_ACTION_BUILDER_FAILED=false" >> $GITHUB_ENV || \
+        echo "CA_GH_ACTION_BUILDER_FAILED=true" >> $GITHUB_ENV
+
+    - name: Check if no builder was able to build the provided application source
+      if: ${{ env.CA_GH_ACTION_BUILDER_FAILED == 'true' }}
+      shell: bash
+      run: |
+        echo "No builder was able to build the provided application source. Please visit the following page for more information on supported platform versions: https://aka.ms/SourceToCloudSupportedVersions"
+        exit 1
 
     - name: Create runnable application image using provided Dockerfile
       if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH != '' }}
@@ -665,6 +719,6 @@ runs:
       run: |
         docker run \
           --rm \
-          mcr.microsoft.com/oryx/cli:debian-buster-20230207.2 \
+          mcr.microsoft.com/oryx/cli:builder-debian-bullseye-20230926.1 \
           /bin/bash \
           -c "oryx telemetry --event-name 'ContainerAppsGitHubAction' ${{ env.CA_GH_ACTION_LENGTH_MILLISECONDS_ARG }} ${{ env.CA_GH_ACTION_SCENARIO_ARG }} ${{ env.CA_GH_ACTION_RESULT_ARG }}"