Update builder image and support multiple stacks

README.md

@@ -161,15 +161,16 @@ For more information on the structure of the YAML configuration file, please vis
 | ------------------------- | -------- | ----------- |
 | `acrUsername`             | No       | The username used to authenticate push requests to the provided Azure Container Registry. If not provided, an access token will be generated via "az acr login" and provided to "docker login" to authenticate the requests. |
 | `acrPassword`             | No       | The password used to authenticate push requests to the provided Azure Container Registry. If not provided, an access token will be generated via "az acr login" and provided to "docker login" to authenticate the requests. |
-| `registryUsername`             | No       | The username used to authenticate push requests to the provided Container Registry using the "docker login" action. |
-| `registryPassword`             | No       | The password used to authenticate push requests to the provided Container Registry using the "docker login" action. |
+| `registryUsername`        | No       | The username used to authenticate push requests to the provided Container Registry using the "docker login" action. |
+| `registryPassword`        | No       | The password used to authenticate push requests to the provided Container Registry using the "docker login" action. |
 | `azureCredentials`        | No       | Azure credentials used by the `azure/login` action to authenticate Azure CLI requests if the user has not previously authenticated in the workflow calling this action. |
 | `imageToBuild`            | No       | The custom name of the image that is to be built, pushed to the Container Registry and deployed to the Container App by this action. _Note_: this image name should include the registry server; _e.g._, `<registryUrl>/<repo>:<tag>`. If this argument is not provided, a default image name will be constructed in the form `<registryUrl>/github-action/container-app:<github-run-id>.<github-run-attempt>` |
 | `dockerfilePath`          | No       | Relative path (_without file prefixes, see example below_) to the Dockerfile in the provided application source that should be used to build the image that is then pushed to the Container Registry and deployed to the Container App. If not provided, this action will check if there is a file named `Dockerfile` in the provided application source and use that to build the image. Otherwise, the Oryx++ Builder will be used to create the image. |
 | `containerAppName`        | No       | The name of the Container App that will be created or updated. If not provided, this value will be `github-action-container-app-<github-run-id>-<github-run-attempt>`. |
 | `resourceGroup`           | No       | The existing resource group that the Azure Container App will be created in. If not provided, this value will be `<container-app-name>-rg` and its existence will first be checked before attempting to create it. |
 | `containerAppEnvironment` | No       | The name of the Container App environment to use with the application. If not provided, an existing environment in the resource group of the Container App will be used, otherwise, an environment will be created in the formation `<container-app-name>-env`. |
 | `runtimeStack`            | No       | The platform version stack used in the final runnable application image that is deployed to the Container App. The value should be provided in the formation `<platform>:<version>`. If not provided, this value is determined by Oryx based on the contents of the provided application. Please refer to [this document](https://github.com/microsoft/Oryx/blob/main/doc/supportedRuntimeVersions.md) for more information on supported runtime stacks for Oryx. |
+| `builderVersion`          | No       | The version of the Oryx++ builder that should be used to build the provided application source and produce the runnable application image. You can provide a specific image tag, such as "debian-bookworm-20230928.2", or you can provide a supported OS version, such as "debian-bookworm" or "debian-bullseye", and the current supported image tag for the corresponding OS version will be used. If no version is provided, this action will attempt to build the provided application source with each supported OS version until a successful build is completed. |
 | `targetPort`              | No       | The designated port for the application to run on. If no value is provided and the builder is used to build the runnable application image, the target port will be set to 80 for Python applications and 8080 for all other platform applications. If no value is provided when creating a Container App, the target port will default to 80. Note: when using this action to update a Container App, the target port may be updated if not provided based on changes to the ingress property. |
 | `location`                | No       | The location that the Container App (and other created resources) will be deployed to. To view locations suitable for creating the Container App in, please run the following: `az provider show -n Microsoft.App --query "resourceTypes[?resourceType=='containerApps'].locations"` |
 | `environmentVariables`    | No       | A list of environment variable(s) for the container. Space-separated values in 'key=value' format. Empty string to clear existing values. Prefix value with 'secretref:' to reference a secret. |

action.yml

@@ -22,13 +22,13 @@ inputs:
       access token will be generated via "az acr login" and provided to "docker login" to authenticate the requests.'
     required: false
   registryUrl:
-    description: 'The base URL of the Container Registry that the runnable application image will be pushed to.'  
+    description: 'The base URL of the Container Registry that the runnable application image will be pushed to.'
     required: false
-  registryUsername: 
-    description: 'The username used to authenticate push requests to the provided Container Registry using the "docker login" action.'  
+  registryUsername:
+    description: 'The username used to authenticate push requests to the provided Container Registry using the "docker login" action.'
     required: false
-  registryPassword: 
-    description: 'The password used to authenticate push requests to the provided Container Registry using the "docker login" action.'  
+  registryPassword:
+    description: 'The password used to authenticate push requests to the provided Container Registry using the "docker login" action.'
     required: false
   azureCredentials:
     description: |
@@ -80,6 +80,14 @@ inputs:
       runtime stacks for Oryx:
       https://github.com/microsoft/Oryx/blob/main/doc/supportedRuntimeVersions.md'
     required: false
+  builderVersion:
+    description: |
+      'The version of the Oryx++ builder that should be used to build the provided application source and produce the
+      runnable application image. You can provide a specific image tag, such as "debian-bookworm-20230928.2", or you
+      can provide a supported OS version, such as "debian-bookworm" or "debian-bullseye", and the latest supported
+      image tag for the corresponding OS version will be used. If no version is provided, this action will attempt to
+      build the provided application source with each supported OS version until a successful build is completed.'
+    required: false
   targetPort:
     description: |
       'The designated port for the application to run on. If no value is provided and the builder is used to build the
@@ -140,9 +148,9 @@ runs:
     - name: Check that an ACR name and a registry URL are not provided together
       if: ${{ inputs.acrName != '' && inputs.registryUrl != '' }}
       shell: bash
-      run: | 
+      run: |
         echo "Both 'acrName' and 'registryUrl' arguments cannot be provided together."
-        exit 1    
+        exit 1
 
     - name: Check for ACR name or any other registry url provided with application source path
       if: ${{ inputs.appSourcePath != '' && inputs.acrName == '' && inputs.registryUrl == '' }}
@@ -198,7 +206,7 @@ runs:
         username: ${{ inputs.registryUsername }}
         password: ${{ inputs.registryPassword }}
 
-    - name: Export Container Registry information to environment variable 
+    - name: Export Container Registry information to environment variable
       if: ${{ inputs.registryUrl != '' && inputs.registryUsername != '' && inputs.registryPassword != '' && env.CA_GH_ACTION_ONLY_YAML != 'true' }}
       shell: bash
       run: |
@@ -260,7 +268,7 @@ runs:
       shell: bash
       run: |
         CA_GH_ACTION_IMAGE_TO_BUILD="${{ env.CA_GH_ACTION_REGISTRY_URL }}/github-action/container-app:${{ github.run_id }}.${{ github.run_attempt }}"
-        echo "CA_GH_ACTION_IMAGE_TO_BUILD=${CA_GH_ACTION_IMAGE_TO_BUILD}" >> $GITHUB_ENV    
+        echo "CA_GH_ACTION_IMAGE_TO_BUILD=${CA_GH_ACTION_IMAGE_TO_BUILD}" >> $GITHUB_ENV
 
     - name: Export name of image to deploy to environment variable
       if: ${{ inputs.imageToDeploy != '' }}
@@ -382,27 +390,6 @@ runs:
           -n ${{ env.CA_GH_ACTION_CONTAINER_APP_ENVIRONMENT }} \
           ${{ env.CA_GH_ACTION_CONTAINER_APP_LOCATION_ARG }}
 
-    - name: Export runtime stack to environment variable
-      if: ${{ inputs.runtimeStack != '' && env.CA_GH_ACTION_ONLY_YAML != 'true' }}
-      shell: bash
-      run: |
-        CA_GH_ACTION_RUNTIME_STACK="${{ inputs.runtimeStack }}"
-        echo "CA_GH_ACTION_RUNTIME_STACK=${CA_GH_ACTION_RUNTIME_STACK}" >> $GITHUB_ENV
-
-    - name: Determine runtime stack if not provided
-      if: ${{ inputs.appSourcePath != '' && inputs.runtimeStack == '' }}
-      shell: bash
-      run: |
-        docker run \
-          --rm \
-          -v ${{ inputs.appSourcePath }}:/app \
-          mcr.microsoft.com/oryx/cli:builder-debian-buster-20230208.1 \
-          /bin/bash \
-          -c "oryx dockerfile /app | head -n 1 | sed 's/ARG RUNTIME=//' >> /app/oryx-runtime.txt"
-        CA_GH_ACTION_RUNTIME_STACK=$(head -n 1 ${{ inputs.appSourcePath }}/oryx-runtime.txt)
-        echo "CA_GH_ACTION_RUNTIME_STACK=${CA_GH_ACTION_RUNTIME_STACK}" >> $GITHUB_ENV
-        rm ${{ inputs.appSourcePath }}/oryx-runtime.txt
-
     - name: Export disabled ingress value to environment variable
       if: ${{ inputs.ingress == 'disabled' && env.CA_GH_ACTION_YAML_PROVIDED != 'true' }}
       shell: bash
@@ -439,7 +426,8 @@ runs:
       if: ${{ env.CA_GH_ACTION_INGRESS_ENABLED == 'true' && inputs.targetPort == '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && inputs.appSourcePath != '' && env.CA_GH_ACTION_YAML_PROVIDED != 'true' }}
       shell: bash
       run: |
-        if [[ "${{ env.CA_GH_ACTION_RUNTIME_STACK }}" == "python:"* ]]; then echo "CA_GH_ACTION_TARGET_PORT=80" >> $GITHUB_ENV; else echo "CA_GH_ACTION_TARGET_PORT=8080" >> $GITHUB_ENV; fi
+        CA_GH_ACTION_TARGET_PORT="8080"
+        echo "CA_GH_ACTION_TARGET_PORT=${CA_GH_ACTION_TARGET_PORT}" >> $GITHUB_ENV
 
     - name: Default to target port 80 if one wasn't provided or found, and ingress is enabled, and the Container App doesn't exist (prevent overriding)
       if: ${{ env.CA_GH_ACTION_INGRESS_ENABLED == 'true' && env.CA_GH_ACTION_RESOURCE_EXISTS == 'false' && env.CA_GH_ACTION_TARGET_PORT == '' && env.CA_GH_ACTION_YAML_PROVIDED != 'true' }}
@@ -472,21 +460,26 @@ runs:
     - name: Install pack CLI on non-Windows runner
       if: ${{ runner.os != 'Windows' && inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' }}
       shell: bash
-      run: (curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.27.0/pack-v0.27.0-${{ runner.os }}.tgz" | sudo tar -C /usr/local/bin/ --no-same-owner -xzv pack)
+      run: (curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.31.0/pack-v0.31.0-${{ runner.os }}.tgz" | sudo tar -C /usr/local/bin/ --no-same-owner -xzv pack)
 
     - name: Install pack CLI on Windows runner
       if: ${{ runner.os == 'Windows' && inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' }}
       shell: bash
       run: |
           mkdir -p $PWD/pack && cd $PWD/pack
-          curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.27.0/pack-v0.27.0-windows.zip" -o "pack-windows.zip"
+          curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.31.0/pack-v0.31.0-windows.zip" -o "pack-windows.zip"
           7z x pack-windows.zip > /dev/null 2>&1
           rm pack-windows.zip && echo "$PWD" >> $GITHUB_PATH
 
     - name: Set Oryx++ Builder as default builder
       if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' }}
       shell: bash
-      run: pack config default-builder mcr.microsoft.com/oryx/builder:20230208.1
+      run: pack config default-builder mcr.microsoft.com/oryx/builder:debian-bookworm-20230928.2
+
+    - name: Enable experimental features for Oryx++ Builder
+      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' }}
+      shell: bash
+      run: pack config experimental true
 
     - name: Set telemetry for Oryx++ Builder
       if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && inputs.disableTelemetry == 'false' }}
@@ -502,15 +495,68 @@ runs:
         CA_GH_ACTION_ORYX_BUILDER_TELEMETRY_ARG='--env "ORYX_DISABLE_TELEMETRY=true"'
         echo "CA_GH_ACTION_ORYX_BUILDER_TELEMETRY_ARG=${CA_GH_ACTION_ORYX_BUILDER_TELEMETRY_ARG}" >> $GITHUB_ENV
 
-    - name: Create runnable application image using Oryx++ Builder
-      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' }}
+    - name: Parse the given runtime stack input and export the platform and version to environment variables
+      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && inputs.runtimeStack != '' }}
+      shell: bash
+      run: |
+        IFS=':' read -ra CA_GH_ACTION_RUNTIME_STACK <<< "${{ inputs.runtimeStack }}"
+        CA_GH_ACTION_RUNTIME_STACK_PLATFORM=${CA_GH_ACTION_RUNTIME_STACK[0]}
+        CA_GH_ACTION_RUNTIME_STACK_VERSION=${CA_GH_ACTION_RUNTIME_STACK[1]}
+        if [[ CA_GH_ACTION_RUNTIME_STACK_PLATFORM == "dotnetcore" ]]; then CA_GH_ACTION_RUNTIME_STACK_PLATFORM="dotnet"; fi
+        echo "CA_GH_ACTION_RUNTIME_STACK_PLATFORM=${CA_GH_ACTION_RUNTIME_STACK_PLATFORM}" >> $GITHUB_ENV
+        echo "CA_GH_ACTION_RUNTIME_STACK_VERSION=${CA_GH_ACTION_RUNTIME_STACK_VERSION}" >> $GITHUB_ENV
+
+    - name: Set environment variables for builder invocation
+      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && inputs.runtimeStack != '' }}
+      shell: bash
+      run: |
+        CA_GH_ACTION_ORYX_BUILDER_ENV_ARG="--env ORYX_PLATFORM_NAME=${{ env.CA_GH_ACTION_RUNTIME_STACK_PLATFORM }} --env ORYX_PLATFORM_VERSION=${{ env.CA_GH_ACTION_RUNTIME_STACK_VERSION }}"
+        echo "CA_GH_ACTION_ORYX_BUILDER_ENV_ARG=${CA_GH_ACTION_ORYX_BUILDER_ENV_ARG}" >> $GITHUB_ENV
+
+    - name: Create runnable application image using bookworm Oryx++ Builder
+      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && (inputs.builderVersion == '' || inputs.builderVersion == 'debian-bookworm') }}
+      shell: bash
+      run: |
+        pack build \
+          ${{ env.CA_GH_ACTION_IMAGE_TO_DEPLOY }} \
+          --path ${{ inputs.appSourcePath }} \
+          --builder mcr.microsoft.com/oryx/builder:debian-bookworm-20230928.2 \
+          ${{ env.CA_GH_ACTION_ORYX_BUILDER_ENV_ARG }} \
+          ${{ env.CA_GH_ACTION_ORYX_BUILDER_TELEMETRY_ARG }} || \
+          echo "CA_GH_ACTION_USE_BULLSEYE_BUILDER=true" >> $GITHUB_ENV
+
+    - name: Create runnable application image using bullseye Oryx++ Builder
+      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && ((inputs.builderVersion == '' && env.CA_GH_ACTION_USE_BULLSEYE_BUILDER == 'true') || inputs.builderVersion == 'debian-bullseye') }}
+      shell: bash
+      run: |
+        pack build \
+          ${{ env.CA_GH_ACTION_IMAGE_TO_DEPLOY }} \
+          --path ${{ inputs.appSourcePath }} \
+          --builder mcr.microsoft.com/oryx/builder:debian-bullseye-20230928.2 \
+          ${{ env.CA_GH_ACTION_ORYX_BUILDER_ENV_ARG }} \
+          ${{ env.CA_GH_ACTION_ORYX_BUILDER_TELEMETRY_ARG }} || \
+          echo "CA_GH_ACTION_USE_BUSTER_BUILDER=true" >> $GITHUB_ENV
+
+    - name: Create runnable application image using buster Oryx++ Builder
+      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && ((inputs.builderVersion == '' && env.CA_GH_ACTION_USE_BUSTER_BUILDER == 'true') || inputs.builderVersion == 'debian-buster') }}
+      shell: bash
+      run: |
+        pack build \
+          ${{ env.CA_GH_ACTION_IMAGE_TO_DEPLOY }} \
+          --path ${{ inputs.appSourcePath }} \
+          --builder mcr.microsoft.com/oryx/builder:debian-buster-20230928.2 \
+          ${{ env.CA_GH_ACTION_ORYX_BUILDER_ENV_ARG }} \
+          ${{ env.CA_GH_ACTION_ORYX_BUILDER_TELEMETRY_ARG }}
+
+    - name: Create runnable application image using builder version specified by input
+      if: ${{ inputs.appSourcePath != '' && env.CA_GH_ACTION_DOCKERFILE_PATH == '' && inputs.builderVersion != '' && inputs.builderVersion != 'debian-bookworm' && inputs.builderVersion != 'debian-bullseye' && inputs.builderVersion != 'debian-buster' }}
       shell: bash
       run: |
         pack build \
           ${{ env.CA_GH_ACTION_IMAGE_TO_DEPLOY }} \
           --path ${{ inputs.appSourcePath }} \
-          --builder mcr.microsoft.com/oryx/builder:20230208.1 \
-          --run-image mcr.microsoft.com/oryx/${{ env.CA_GH_ACTION_RUNTIME_STACK }} \
+          --builder mcr.microsoft.com/oryx/builder:${{ inputs.builderVersion }} \
+          ${{ env.CA_GH_ACTION_ORYX_BUILDER_ENV_ARG }} \
           ${{ env.CA_GH_ACTION_ORYX_BUILDER_TELEMETRY_ARG }}
 
     - name: Create runnable application image using provided Dockerfile
@@ -665,6 +711,6 @@ runs:
       run: |
         docker run \
           --rm \
-          mcr.microsoft.com/oryx/cli:debian-buster-20230207.2 \
+          mcr.microsoft.com/oryx/cli:builder-debian-bookworm-20230926.1 \
           /bin/bash \
           -c "oryx telemetry --event-name 'ContainerAppsGitHubAction' ${{ env.CA_GH_ACTION_LENGTH_MILLISECONDS_ARG }} ${{ env.CA_GH_ACTION_SCENARIO_ARG }} ${{ env.CA_GH_ACTION_RESULT_ARG }}"