feat: publish to dockerhub #503
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Run CI | |
on: | |
push: | |
workflow_dispatch: | |
jobs: | |
gradle: | |
outputs: | |
success: ${{ steps.build.outcome == 'success' }} | |
strategy: | |
matrix: | |
# Removed windows, because build failing with docker network. "bridge" network driver is not supported for Windows containers | |
# os: [ ubuntu-latest, windows-latest ] | |
os: [ ubuntu-latest ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 21 | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v4 | |
- name: Grant execute permission for Gradlew (Linux/Mac) | |
if: runner.os != 'Windows' | |
run: chmod +x ./gradlew | |
- name: Execute build | |
id: build | |
env: | |
APP_KEY: ${{ secrets.APP_KEY }} | |
DATASOURCE_USER: ${{ secrets.DATASOURCE_USER }} | |
DATASOURCE_PASSWORD: ${{ secrets.DATASOURCE_PASSWORD }} | |
DATASOURCE_URL: ${{ secrets.DATASOURCE_URL }} | |
LOCAL_KMS_DATASOURCE_USER: ${{ secrets.LOCAL_KMS_DATASOURCE_USER }} | |
LOCAL_KMS_DATASOURCE_PASSWORD: ${{ secrets.LOCAL_KMS_DATASOURCE_PASSWORD }} | |
LOCAL_KMS_DATASOURCE_URL: ${{ secrets.LOCAL_KMS_DATASOURCE_URL }} | |
NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }} | |
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
KMS_PROVIDER: local | |
run: | | |
./gradlew build | |
./gradlew :modules:openapi:jsPublicPackageJson | |
./gradlew :modules:openid-federation-common:jsPublicPackageJson | |
./gradlew publishJsPackageToNpmjsRegistry | |
./gradlew publishAllPublicationsToSphereon-opensourceRepository | |
auto-tag: | |
needs: gradle | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.get_version_info.outputs.new_version }} | |
if: github.event_name == 'repository_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged == true) || (github.event_name == 'push' && needs.gradle.outputs.success == 'true') | |
permissions: | |
contents: write | |
actions: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
fetch-tags: true | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get version info | |
id: get_version_info | |
run: | | |
git config --local user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
git config --local user.name "${GITHUB_ACTOR}" | |
EVENT_NAME="${{ github.event_name }}" | |
if [[ "$EVENT_NAME" == "pull_request" ]]; then | |
BRANCH_NAME="${{ github.event.pull_request.head.ref }}" | |
else | |
BRANCH_NAME="${GITHUB_REF#refs/heads/}" | |
fi | |
if [[ $BRANCH_NAME == "develop" ]]; then | |
PREFIX="dev" | |
elif [[ $BRANCH_NAME == "main" ]]; then | |
PREFIX="main" | |
elif [[ $BRANCH_NAME == feature/* ]]; then | |
PREFIX="feat" | |
elif [[ $BRANCH_NAME == hotfix/* ]]; then | |
PREFIX="fix" | |
elif [[ $BRANCH_NAME == release/* ]]; then | |
PREFIX="rel" | |
else | |
PREFIX="build" | |
fi | |
GRADLE_VERSION=$(grep 'version = ' build.gradle.kts | sed 's/.*version = "\(.*\)".*/\1/') | |
GRADLE_VERSION=${GRADLE_VERSION%-SNAPSHOT} | |
COMMIT_SHA=$(git rev-parse --short HEAD) | |
PR_NUMBER=${{ github.event.pull_request.number }} | |
if [[ -n $PR_NUMBER ]]; then | |
NEW_VERSION="v${GRADLE_VERSION}-${PREFIX}.pr${PR_NUMBER}.${COMMIT_SHA}" | |
else | |
NEW_VERSION="v${GRADLE_VERSION}-${PREFIX}.${COMMIT_SHA}" | |
fi | |
echo "new_version=${NEW_VERSION}" >> $GITHUB_OUTPUT | |
git tag -a ${NEW_VERSION} -m "Release ${NEW_VERSION}" | |
git push origin ${NEW_VERSION} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
docker-publish: | |
needs: [gradle, auto-tag] | |
if: needs.gradle.outputs.success == 'true' | |
runs-on: ubuntu-latest | |
timeout-minutes: 20 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Debug Event | |
run: | | |
echo "Event name: ${{ github.event_name }}" | |
echo "Ref type: ${{ github.ref_type }}" | |
echo "Ref: ${{ github.ref }}" | |
echo "SHA: ${{ github.sha }}" | |
echo "Base ref: ${{ github.base_ref }}" | |
echo "Head ref: ${{ github.head_ref }}" | |
echo "Workflow ref: ${{ github.workflow_ref }}" | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Extract metadata (federation-server) | |
id: meta-federation | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-server | |
tags: | | |
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} | |
type=raw,value=${{ needs.auto-tag.outputs.version }} | |
- name: Build and push federation-server | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./.docker/federation-server/Dockerfile | |
push: true | |
tags: ${{ steps.meta-federation.outputs.tags }} | |
labels: ${{ steps.meta-federation.outputs.labels }} | |
cache-from: | | |
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-server:latest | |
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-base:latest | |
cache-to: | | |
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-server:latest,mode=max | |
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-base:latest,mode=max | |
- name: Extract metadata (admin-server) | |
id: meta-admin | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-admin-server | |
tags: | | |
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} | |
type=raw,value=${{ needs.auto-tag.outputs.version }} | |
- name: Build and push admin-server | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./.docker/admin-server/Dockerfile | |
push: true | |
tags: ${{ steps.meta-admin.outputs.tags }} | |
labels: ${{ steps.meta-admin.outputs.labels }} | |
cache-from: | | |
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-admin-server:latest | |
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-base:latest | |
cache-to: | | |
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-admin-server:latest,mode=max | |
type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/openid-federation-base:latest,mode=max |