Fix and Refactor Github Workflows (#970)

Solves the failing DockerHub workflow, and refactors the workflow variables
to work on personal accounts as well as organization accounts.

.github/workflows/client.yml

@@ -100,7 +100,7 @@ jobs:
     needs: [client, get_version]
     uses: ./.github/workflows/docker-ghcr.yml
     with: 
-      image-name: into-cps-association/dtaas-web
+      image-name: dtaas-web
       version: ${{ needs.get_version.outputs.version }}
       dockerfile: client.dockerfile
     secrets: inherit
@@ -114,10 +114,11 @@ jobs:
     needs: [client, get_version]
     uses: ./.github/workflows/docker-dockerhub.yml
     with: 
-      image-name: intocps/dtaas-web
+      image-name: dtaas-web
       version: ${{ needs.get_version.outputs.version }}
       dockerfile: client.dockerfile
       readme-file: client/DOCKER.md
     secrets:
       DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+      DOCKERHUB_SCOPE: ${{ secrets.DOCKERHUB_SCOPE }}
       DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

.github/workflows/docker-dockerhub.yml

@@ -1,7 +1,14 @@
 # Reusable workflow for building and pushing a Docker Image to DockerHub.
 # 
-# Username is taken from the repository secret, "DOCKERHUB_USERNAME"
+# Auth username is taken from the repository secret, "DOCKERHUB_USERNAME"
+# Publish username is taken from the repository secret, "DOCKERHUB_SCOPE"
 # Password is taken from the repository secret, "DOCKERHUB_TOKEN"
+# 
+# NOTE: DockerHub currently does not provide PATs for organizations.
+# Users belonging to the org must use their own, which is why we need a
+# username to publish through: DOCKERHUB_USERNAME, and a username to publish
+# under: DOCKERHUB_SCOPE.
+# You may use the same username for both.
 
 name: Build and Push Docker Image (DockerHub)
 
@@ -22,14 +29,21 @@ on:
         required: true
         type: string
     secrets:
+      # Username used for DockerHub authorization
       DOCKERHUB_USERNAME:
         required: true
+      # Username under which the image will be published
+      DOCKERHUB_SCOPE:
+        required: true
+      # Personal Access Token created by the user `DOCKERHUB_USERNAME`
+      # Must have read, write and delete permissions
       DOCKERHUB_TOKEN:
         required: true
 
 env:
   registry: docker.io
   username: ${{ secrets.DOCKERHUB_USERNAME }}
+  dockerhub-scope: ${{ secrets.DOCKERHUB_SCOPE }}
   password: ${{ secrets.DOCKERHUB_TOKEN }}
 
 jobs:
@@ -54,7 +68,7 @@ jobs:
       - name: Check if version exists
         id: check_version
         run: |
-          if docker manifest inspect ${{ env.registry }}/${{ env.username }}/${{ inputs.image-name }}:${{ inputs.version }} > /dev/null 2>&1; then
+          if docker manifest inspect ${{ env.registry }}/${{ env.dockerhub-scope }}/${{ inputs.image-name }}:${{ inputs.version }} > /dev/null 2>&1; then
             echo "Version ${{ inputs.version }} already exists."
             echo "exists=true" >> $GITHUB_ENV
           else
@@ -69,12 +83,12 @@ jobs:
           context: .
           file: ./docker/${{ inputs.dockerfile }}
           push: true
-          tags: ${{ env.registry }}/${{ env.username }}/${{ inputs.image-name }}:${{ inputs.version }}, ${{ env.registry }}/${{ env.username }}/${{ inputs.image-name }}:latest
+          tags: ${{ env.registry }}/${{ env.dockerhub-scope }}/${{ inputs.image-name }}:${{ inputs.version }}, ${{ env.registry }}/${{ env.dockerhub-scope }}/${{ inputs.image-name }}:latest
 
       - name: Docker Hub Description
         uses: peter-evans/dockerhub-description@v4
         with:
           username: ${{ env.username }}
           password: ${{ env.password }}
-          repository: ${{ env.username }}/${{ inputs.image-name }}
+          repository: ${{ env.dockerhub-scope }}/${{ inputs.image-name }}
           readme-filepath: ${{ inputs.readme-file }}

.github/workflows/docker-ghcr.yml

@@ -21,7 +21,7 @@ on:
 
 env:
   registry: ghcr.io
-  username: ${{ github.actor }}
+  ghcr-scope: ${{ github.repository_owner }}
   password: ${{ secrets.GITHUB_TOKEN }}
 
 jobs:
@@ -40,13 +40,13 @@ jobs:
         uses: docker/login-action@v3
         with:
           registry: ${{ env.registry }}
-          username: ${{ env.username }}
+          username: ${{ github.actor }}
           password: ${{ env.password }}
 
       - name: Check if version exists
         id: check_version
         run: |
-          if docker manifest inspect ${{ env.registry }}/${{ env.username }}/${{ inputs.image-name }}:${{ inputs.version }} > /dev/null 2>&1; then
+          if docker manifest inspect ${{ env.registry }}/${{ env.ghcr-scope }}/${{ inputs.image-name }}:${{ inputs.version }} > /dev/null 2>&1; then
             echo "Version ${{ inputs.version }} already exists."
             echo "exists=true" >> $GITHUB_ENV
           else
@@ -61,4 +61,4 @@ jobs:
           context: .
           file: ./docker/${{ inputs.dockerfile }}
           push: true
-          tags: ${{ env.registry }}/${{ env.username }}/${{ inputs.image-name }}:${{ inputs.version }}, ${{ env.registry }}/${{ env.username }}/${{ inputs.image-name }}:latest
+          tags: ${{ env.registry }}/${{ env.ghcr-scope }}/${{ inputs.image-name }}:${{ inputs.version }}, ${{ env.registry }}/${{ env.ghcr-scope }}/${{ inputs.image-name }}:latest

.github/workflows/lib-ms.yml

@@ -171,7 +171,7 @@ jobs:
     needs: [get_version, test-lib-ms]
     uses: ./.github/workflows/docker-ghcr.yml
     with: 
-      image-name: into-cps-association/libms
+      image-name: libms
       version: ${{ needs.get_version.outputs.version }}
       dockerfile: libms.dockerfile
     secrets: inherit
@@ -185,10 +185,11 @@ jobs:
     needs: [get_version, test-lib-ms]
     uses: ./.github/workflows/docker-dockerhub.yml
     with: 
-      image-name: intocps/libms
+      image-name: libms
       version: ${{ needs.get_version.outputs.version }}
       dockerfile: libms.dockerfile
       readme-file: servers/lib/DOCKER.md
     secrets:
       DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+      DOCKERHUB_SCOPE: ${{ secrets.DOCKERHUB_SCOPE }}
       DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

docs/developer/github-actions.md

@@ -0,0 +1,14 @@
+# Secrets for Github Action
+
+The Github actions require the following secrets to be obtained
+from [docker hub](hub.docker.com):
+
+| Secret Name | Explanation |
+|:---|:---|
+| `DOCKERHUB_SCOPE` | Username or organization name on docker hub |
+| `DOCKERHUB_USERNAME` | Username on docker hub |
+| `DOCKERHUB_TOKEN` | API token to publish images to docker hub, with `Read`, `Write` and `Delete` permissions |
+
+Remember to add these secrets to
+[Github Secrets Setting](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository)
+of your fork.

servers/lib/README.md

@@ -40,37 +40,6 @@ your Github username and the password is your Github
 In order for the npm to download the package, your personal access token
 needs to have _read:packages_ scope.
 
-## Use in Docker Environment
-
-### Adjust Configuration (Optional)
-
-The microservices require configuration,
-see the [Configure](#gear-configure) section for more info.
-
-The docker version of the microservices uses the configuration
-file available in `config/.env.default`.
-If you would like to adjust the configuration, please change this file.
-
-### Use
-
-The commands to start and stop the appliation are:
-
-```bash
-git clone https://github.com/INTO-CPS-Association/DTaaS.git
-cd servers/lib
-docker compose -f compose.lib.yml up -d
-```
-
-This command brings up the lib docker container and makes
-the website available at <http://localhost:4001>.
-The `config/.env.default` file is used as the microservice configuration.
-If the configuration values are changed, please restart the container.
-
-```bash
-docker compose -f compose.lib.yml down
-docker compose -f compose.lib.yml up -d
-```
-
 ## :gear: Configure
 
 The microservices requires config specified in INI format.