Skip to content

feat: publish to dockerhub #503

feat: publish to dockerhub

feat: publish to dockerhub #503

Workflow file for this run

name: Run CI
on:
push:
workflow_dispatch:
jobs:
gradle:
outputs:
success: ${{ steps.build.outcome == 'success' }}
strategy:
matrix:
# Removed windows, because build failing with docker network. "bridge" network driver is not supported for Windows containers
# os: [ ubuntu-latest, windows-latest ]
os: [ ubuntu-latest ]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Grant execute permission for Gradlew (Linux/Mac)
if: runner.os != 'Windows'
run: chmod +x ./gradlew
- name: Execute build
id: build
env:
APP_KEY: ${{ secrets.APP_KEY }}
DATASOURCE_USER: ${{ secrets.DATASOURCE_USER }}
DATASOURCE_PASSWORD: ${{ secrets.DATASOURCE_PASSWORD }}
DATASOURCE_URL: ${{ secrets.DATASOURCE_URL }}
LOCAL_KMS_DATASOURCE_USER: ${{ secrets.LOCAL_KMS_DATASOURCE_USER }}
LOCAL_KMS_DATASOURCE_PASSWORD: ${{ secrets.LOCAL_KMS_DATASOURCE_PASSWORD }}
LOCAL_KMS_DATASOURCE_URL: ${{ secrets.LOCAL_KMS_DATASOURCE_URL }}
NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }}
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
KMS_PROVIDER: local
run: |
./gradlew build
./gradlew :modules:openapi:jsPublicPackageJson
./gradlew :modules:openid-federation-common:jsPublicPackageJson
./gradlew publishJsPackageToNpmjsRegistry
./gradlew publishAllPublicationsToSphereon-opensourceRepository
auto-tag:
needs: gradle
runs-on: ubuntu-latest
outputs:
version: ${{ steps.get_version_info.outputs.new_version }}
if: github.event_name == 'repository_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged == true) || (github.event_name == 'push' && needs.gradle.outputs.success == 'true')
permissions:
contents: write
actions: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
fetch-tags: true
token: ${{ secrets.GITHUB_TOKEN }}
- name: Get version info
id: get_version_info
run: |
git config --local user.email "${GITHUB_ACTOR}@users.noreply.github.com"
git config --local user.name "${GITHUB_ACTOR}"
EVENT_NAME="${{ github.event_name }}"
if [[ "$EVENT_NAME" == "pull_request" ]]; then
BRANCH_NAME="${{ github.event.pull_request.head.ref }}"
else
BRANCH_NAME="${GITHUB_REF#refs/heads/}"
fi
if [[ $BRANCH_NAME == "develop" ]]; then
PREFIX="dev"
elif [[ $BRANCH_NAME == "main" ]]; then
PREFIX="main"
elif [[ $BRANCH_NAME == feature/* ]]; then
PREFIX="feat"
elif [[ $BRANCH_NAME == hotfix/* ]]; then
PREFIX="fix"
elif [[ $BRANCH_NAME == release/* ]]; then
PREFIX="rel"
else
PREFIX="build"
fi
GRADLE_VERSION=$(grep 'version = ' build.gradle.kts | sed 's/.*version = "\(.*\)".*/\1/')
GRADLE_VERSION=${GRADLE_VERSION%-SNAPSHOT}
COMMIT_SHA=$(git rev-parse --short HEAD)
PR_NUMBER=${{ github.event.pull_request.number }}
if [[ -n $PR_NUMBER ]]; then
NEW_VERSION="v${GRADLE_VERSION}-${PREFIX}.pr${PR_NUMBER}.${COMMIT_SHA}"
else
NEW_VERSION="v${GRADLE_VERSION}-${PREFIX}.${COMMIT_SHA}"
fi
echo "new_version=${NEW_VERSION}" >> $GITHUB_OUTPUT
git tag -a ${NEW_VERSION} -m "Release ${NEW_VERSION}"
git push origin ${NEW_VERSION}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
docker-publish:
needs: [gradle, auto-tag]
if: needs.gradle.outputs.success == 'true'
runs-on: ubuntu-latest
timeout-minutes: 20
permissions:
contents: read
packages: write
steps:
- name: Debug Event
run: |
echo "Event name: ${{ github.event_name }}"
echo "Ref type: ${{ github.ref_type }}"
echo "Ref: ${{ github.ref }}"
echo "SHA: ${{ github.sha }}"
echo "Base ref: ${{ github.base_ref }}"
echo "Head ref: ${{ github.head_ref }}"
echo "Workflow ref: ${{ github.workflow_ref }}"
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Extract metadata (federation-server)
id: meta-federation
uses: docker/metadata-action@v5
with:
images: ${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-server
tags: |
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
type=raw,value=${{ needs.auto-tag.outputs.version }}
- name: Build and push federation-server
uses: docker/build-push-action@v5
with:
context: .
file: ./.docker/federation-server/Dockerfile
push: true
tags: ${{ steps.meta-federation.outputs.tags }}
labels: ${{ steps.meta-federation.outputs.labels }}
cache-from: |
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-server:latest
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-base:latest
cache-to: |
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-server:latest,mode=max
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-base:latest,mode=max
- name: Extract metadata (admin-server)
id: meta-admin
uses: docker/metadata-action@v5
with:
images: ${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-admin-server
tags: |
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
type=raw,value=${{ needs.auto-tag.outputs.version }}
- name: Build and push admin-server
uses: docker/build-push-action@v5
with:
context: .
file: ./.docker/admin-server/Dockerfile
push: true
tags: ${{ steps.meta-admin.outputs.tags }}
labels: ${{ steps.meta-admin.outputs.labels }}
cache-from: |
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-admin-server:latest
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-base:latest
cache-to: |
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-admin-server:latest,mode=max
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-base:latest,mode=max