Merge pull request #38 from entando/IT-406_MultiarchWorkflow

IT-406 Update publication workflow for multi-architecture
entando · Aug 4, 2023 · f1e785c · f1e785c
2 parents 641d679 + 641df56
commit f1e785c
Show file tree

Hide file tree

Showing 6 changed files with 172 additions and 113 deletions.
diff --git a/.github/pr-title-checker-config.json b/.github/pr-title-checker-config.json
@@ -0,0 +1,14 @@
+{
+    "LABEL": {
+        "name": "title needs correct naming convention",
+        "color": "EEEEEE"
+    },
+    "CHECKS": {
+        "regexp": "[A-Z]{2,5}-[0-9]{1,5}"
+    },
+    "MESSAGES": {
+        "success": "All OK",
+        "failure": "Failing PR test",
+        "notice": "Check the naming convention rules to naming PRs"
+    }
+}
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -94,45 +94,45 @@ jobs:
   # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   # SCANS
-  scans:
-    needs: [ 'prepare', 'full-build' ]
-    runs-on: ubuntu-latest
-    if: ${{ needs.prepare.outputs.SCAN_MATRIX != '' }}
-    strategy:
-      max-parallel: 5
-      fail-fast: false
-      matrix:
-        mtx-step: ${{fromJson(needs.prepare.outputs.SCAN_MATRIX)}}
-
-    steps:
-      #~ CHECKOUT
-      - name: "CHECKOUT"
-        run: |
-          ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }}
-          ~/ppl-run checkout-branch pr --lcd "$LOCAL_CLONE_DIR"
-      #~ SCAN
-      - name: "Run the matrix step ${{ matrix.mtx-step }}"
-        run: |
-          MTX_STEP="${{ matrix.mtx-step }}"
-
-          ~/ppl-run generic GENERATE-REQUIREMENT-SPEC "MTX_REQUIREMENT" "$MTX_STEP" >> $GITHUB_ENV
-          for spec in (("${{ env.MTX_REQUIREMENT }}")); do
-            case "${{ env.MTX_REQUIREMENT }}" in
-              ENTANDO-REQ-GITHUB-SPECIAL)
-                export GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}"
-                ;;
-              ENTANDO-REQ-SNYK)
-                export SNYK_TOKEN="${{ secrets.SNYK_TOKEN }}"
-                ;;
-              ENTANDO-REQ-POST-DEP)
-                export ENTANDO_OPT_OKD_LOGIN_TOKEN="${{ secrets.ENTANDO_OPT_OKD_LOGIN_TOKEN }}"
-                export ENTANDO_OPT_IMAGE_REGISTRY_CREDENTIALS="${{ secrets.ENTANDO_OPT_IMAGE_REGISTRY_CREDENTIALS }}"
-                export ENTANDO_OPT_DOCKER_USERNAME="${{ secrets.ENTANDO_OPT_DOCKER_USERNAME }}"
-                export ENTANDO_OPT_DOCKER_PASSWORD="${{ secrets.ENTANDO_OPT_DOCKER_PASSWORD }}"
-                export ENTANDO_OPT_TEST_TLS_CRT="${{ secrets.ENTANDO_OPT_TEST_TLS_CRT }}"
-                export ENTANDO_OPT_TEST_TLS_KEY="${{ secrets.ENTANDO_OPT_TEST_TLS_KEY }}"
-                ;;
-            esac
-          done
-
-          ~/ppl-run generic "$MTX_STEP" --id "$MTX_STEP" --lcd "$LOCAL_CLONE_DIR"
+#  scans:
+#    needs: [ 'prepare', 'full-build' ]
+#    runs-on: ubuntu-latest
+#    if: ${{ needs.prepare.outputs.SCAN_MATRIX != '' }}
+#    strategy:
+#      max-parallel: 5
+#      fail-fast: false
+#      matrix:
+#        mtx-step: ${{fromJson(needs.prepare.outputs.SCAN_MATRIX)}}
+#
+#    steps:
+#      #~ CHECKOUT
+#      - name: "CHECKOUT"
+#        run: |
+#          ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }}
+#          ~/ppl-run checkout-branch pr --lcd "$LOCAL_CLONE_DIR"
+#      #~ SCAN
+#      - name: "Run the matrix step ${{ matrix.mtx-step }}"
+#        run: |
+#          MTX_STEP="${{ matrix.mtx-step }}"
+#
+#          ~/ppl-run generic GENERATE-REQUIREMENT-SPEC "MTX_REQUIREMENT" "$MTX_STEP" >> $GITHUB_ENV
+#          for spec in (("${{ env.MTX_REQUIREMENT }}")); do
+#            case "${{ env.MTX_REQUIREMENT }}" in
+#              ENTANDO-REQ-GITHUB-SPECIAL)
+#                export GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}"
+#                ;;
+#              ENTANDO-REQ-SNYK)
+#                export SNYK_TOKEN="${{ secrets.SNYK_TOKEN }}"
+#                ;;
+#              ENTANDO-REQ-POST-DEP)
+#                export ENTANDO_OPT_OKD_LOGIN_TOKEN="${{ secrets.ENTANDO_OPT_OKD_LOGIN_TOKEN }}"
+#                export ENTANDO_OPT_IMAGE_REGISTRY_CREDENTIALS="${{ secrets.ENTANDO_OPT_IMAGE_REGISTRY_CREDENTIALS }}"
+#                export ENTANDO_OPT_DOCKER_USERNAME="${{ secrets.ENTANDO_OPT_DOCKER_USERNAME }}"
+#                export ENTANDO_OPT_DOCKER_PASSWORD="${{ secrets.ENTANDO_OPT_DOCKER_PASSWORD }}"
+#                export ENTANDO_OPT_TEST_TLS_CRT="${{ secrets.ENTANDO_OPT_TEST_TLS_CRT }}"
+#                export ENTANDO_OPT_TEST_TLS_KEY="${{ secrets.ENTANDO_OPT_TEST_TLS_KEY }}"
+#                ;;
+#            esac
+#          done
+#
+#          ~/ppl-run generic "$MTX_STEP" --id "$MTX_STEP" --lcd "$LOCAL_CLONE_DIR"
diff --git a/.github/workflows/publication.yml b/.github/workflows/publication.yml
@@ -1,84 +1,113 @@
-name: Internal Snapshot Publication
+name: PUB
 
 on:
   push:
     tags:
-      - 'v*'
+      - "v*"
 
 env:
-  ENTANDO_OPT_USE_PPL_TAG: "v1.4.1"
-  ENTANDO_OPT_DATA_REPO: "${{ secrets.ENTANDO_OPT_DATA_REPO }}"
-  ENTANDO_OPT_DATA_REPO_TOKEN: "${{ secrets.ENTANDO_OPT_DATA_REPO_TOKEN }}"
-  ENTANDO_OPT_ENVIRONMENT_NAMES: "${{ secrets.ENTANDO_OPT_ENVIRONMENT_NAMES }}"
-  ENTANDO_OPT_FEATURES: "${{ secrets.ENTANDO_OPT_FEATURES }}"
-  ENTANDO_OPT_GLOBAL_FEATURES: "${{ secrets.ENTANDO_OPT_GLOBAL_FEATURES }}"
-  ENTANDO_OPT_LOG_LEVEL: "${{ secrets.ENTANDO_OPT_LOG_LEVEL }}"
-  ENTANDO_OPT_CUSTOM_ENV: "${{ secrets.ENTANDO_OPT_CUSTOM_ENV }}"
-  ENTANDO_RHT_DOCKER_USERNAME: "${{ secrets.ENTANDO_RHT_DOCKER_USERNAME }}"
-  ENTANDO_RHT_DOCKER_PASSWORD: "${{ secrets.ENTANDO_RHT_DOCKER_PASSWORD }}"
-  ENTANDO_RHT_DOCKER_REGISTRY: "${{ secrets.ENTANDO_RHT_DOCKER_REGISTRY }}"
-  PPL_CONTEXT: ${{ toJson(github) }}
-  LOCAL_CLONE_DIR: "local-checkout"
+  PPL_TEMPLATE_VERSION: "v2.0.0"
+  ENTANDO_BOT_TOKEN: ${{ secrets.ENTANDO_BOT_TOKEN }}
+  PR_CHECKER_PATH: ".github/pr-title-checker-config.json"
 
+  DOCKER_KEYCLOAK_IMAGE_BASE_NAME: entando/entando-keycloak
+  DOCKER_SSO_IMAGE_BASE_NAME: entando/entando-redhat-sso
+  DOCKER_KEYCLOAK_IMAGE_ARCHITECTURE: linux/amd64,linux/arm64
+  DOCKER_SSO_IMAGE_ARCHITECTURE: linux/amd64
+  DOCKER_IMAGE_CONTEXT: .
+  DOCKER_KEYCLOAK_IMAGE_FILE: Dockerfile.keycloak
+  DOCKER_SSO_IMAGE_FILE: Dockerfile.redhat-sso
+  DOCKER_IMAGE_PUSH: true
 
 jobs:
-  # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-  # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-  # PUBLICATION
+
+  check-pr:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: thehanimo/[email protected]
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          pass_on_octokit_error: false
+          configuration_path: ${{ env.PR_CHECKER_PATH }}
 
   publication:
-    outputs:
-      POST_PUB_DOCKER_SCAN: ${{ steps.START.outputs.POST_PUB_DOCKER_SCAN }}
-      POST_DEP_TESTS: ${{ steps.START.outputs.POST_DEP_TESTS }}
-    env:
-      ENTANDO_BOT_TOKEN: ${{ secrets.ENTANDO_BOT_TOKEN }}
     runs-on: ubuntu-latest
     steps:
-      - name: "PR PIPELINE START"
-        id: START
-        run: |
-          ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }}
-          ~/ppl-run status-report
-      #~ CHECKOUT
-      - name: "CHECKOUT"
-        id: CHECKOUT
-        run: |
-          ~/ppl-run \
-            .. checkout-branch --id "CHECKOUT FOR PUBLICATION" \
-                  --lcd "$LOCAL_CLONE_DIR" \
-                  --token "$ENTANDO_BOT_TOKEN" \
-            .. pr-preflight-checks --only flags --lcd "$LOCAL_CLONE_DIR" \
-          ;
-          ~/ppl-run generic GENERATE-BUILD-CACHE-KEY "BUILD_CACHE_KEY" --lcd "$LOCAL_CLONE_DIR" >> $GITHUB_ENV
-          ~/ppl-run generic GENERATE-BUILD-TARGET-DIR "BUILD_TARGET_DIR" --lcd "$LOCAL_CLONE_DIR" >> $GITHUB_ENV
-      #~ BUILD CACHE
-      #- name: "Cache Build Dir"
-        #id: build-cache
-        #uses: actions/cache@v2
-        #with:
-          #path: "${{ env.LOCAL_CLONE_DIR}}/${{ env.BUILD_TARGET_DIR }}/"
-          #key: "${{ runner.os }}-enp-build-${{ env.BUILD_CACHE_KEY }}"
-      #~ PUBLISH THE ARTIFACT
-      - name: "Publish package"
-        run: |
-          ~/ppl-run generic PUBLISH \
-            --id "PUBLICATION" \
-            --lcd "$LOCAL_CLONE_DIR"
-        env:
-          NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }}
-          NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
-      #~ PUBLISH TO DOCKER
-      - name: "Publish image"
-        env:
-          ENTANDO_OPT_DOCKER_PASSWORD: "${{ secrets.ENTANDO_OPT_DOCKER_PASSWORD }}"
-          ENTANDO_OPT_DOCKER_ALT_PASSWORD: "${{ secrets.ENTANDO_OPT_DOCKER_ALT_PASSWORD }}"
-        run: |
-          ~/ppl-run generic PUBLISH-IMAGE --lcd "$LOCAL_CLONE_DIR"
 
-      #~ POST SCAN
-      - name: "Post-scan container"
-        env:
-          SNYK_ORG: "${{ secrets.SNYK_ORG }}"
-          SNYK_TOKEN: "${{ secrets.SNYK_TOKEN }}"
-        run: |
-          ~/ppl-run generic SCAN-IMAGE --lcd "$LOCAL_CLONE_DIR"
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Docker meta-keycloak
+        id: meta-keycloak
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ${{ env.DOCKER_KEYCLOAK_IMAGE_BASE_NAME }}
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr,value={{base_ref}}
+            type=ref,event=tag
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+            type=raw,event=pr,value={{base_ref}}
+
+      - name: Docker meta-sso
+        id: meta-sso
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ${{ env.DOCKER_SSO_IMAGE_BASE_NAME }}
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=ref,event=tag
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+            type=raw,event=pr,value={{branch}}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: ${{ env.DOCKER_KEYCLOAK_IMAGE_ARCHITECTURE }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.ENTANDO_OPT_DOCKER_USERNAME }}
+          password: ${{ secrets.ENTANDO_OPT_DOCKER_PASSWORD }}
+
+      - name: Login to RHT
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ secrets.ENTANDO_RHT_DOCKER_REGISTRY }}
+          username: ${{ secrets.ENTANDO_RHT_DOCKER_USERNAME }}
+          password: ${{ secrets.ENTANDO_RHT_DOCKER_PASSWORD }}
+
+      - name: Build keycloak
+        uses: docker/build-push-action@v4
+        with:
+          context: ${{ env.DOCKER_IMAGE_CONTEXT }}
+          file: ${{ env.DOCKER_KEYCLOAK_IMAGE_FILE }}
+          push: ${{ env.DOCKER_IMAGE_PUSH }}
+          tags: ${{ steps.meta-keycloak.outputs.tags }}
+          labels: ${{ steps.meta-keycloak.outputs.labels }}
+          platforms: ${{ env.DOCKER_KEYCLOAK_IMAGE_ARCHITECTURE }}
+
+      - name: Build sso
+        uses: docker/build-push-action@v4
+        with:
+          context: ${{ env.DOCKER_IMAGE_CONTEXT }}
+          file: ${{ env.DOCKER_SSO_IMAGE_FILE }}
+          push: ${{ env.DOCKER_IMAGE_PUSH }}
+          tags: ${{ steps.meta-sso.outputs.tags }}
+          labels: ${{ steps.meta-sso.outputs.labels }}
+          platforms: ${{ env.DOCKER_SSO_IMAGE_ARCHITECTURE }}
diff --git a/Dockerfile.keycloak b/Dockerfile.keycloak
@@ -10,7 +10,9 @@ LABEL name="Entando Keycloak" \
 COPY LICENSE /licences/entando-lgpl.txt
 
 COPY themes /opt/jboss/keycloak/themes
-COPY cli /opt/jboss/keycloak/tools/cli
+COPY --chown=jboss:root cli /opt/jboss/tools/cli/
+COPY --chown=jboss:root jboss-tools/standalone-configuration.cli /opt/jboss/tools/cli/standalone-configuration.cli
+COPY --chown=jboss:root jboss-tools/standalone-ha-configuration.cli /opt/jboss/tools/cli/standalone-ha-configuration.cli
 
 ARG ORACLE_JDBC_DRIVER_VERSION=21.4.0.0.1
 RUN export KEYCLOAK_HTTP_PORT=8080 && \

diff --git a/jboss-tools/standalone-configuration.cli b/jboss-tools/standalone-configuration.cli
@@ -0,0 +1,7 @@
+embed-server --server-config=standalone.xml --std-out=echo
+run-batch --file=/opt/jboss/tools/cli/databases/oracle/change-database.cli
+run-batch --file=/opt/jboss/tools/cli/loglevel.cli
+run-batch --file=/opt/jboss/tools/cli/proxy.cli
+run-batch --file=/opt/jboss/tools/cli/hostname.cli
+run-batch --file=/opt/jboss/tools/cli/theme.cli
+stop-embedded-server
diff --git a/jboss-tools/standalone-ha-configuration.cli b/jboss-tools/standalone-ha-configuration.cli
@@ -0,0 +1,7 @@
+embed-server --server-config=standalone-ha.xml --std-out=echo
+run-batch --file=/opt/jboss/tools/cli/databases/oracle/change-database.cli
+run-batch --file=/opt/jboss/tools/cli/loglevel.cli
+run-batch --file=/opt/jboss/tools/cli/proxy.cli
+run-batch --file=/opt/jboss/tools/cli/hostname.cli
+run-batch --file=/opt/jboss/tools/cli/theme.cli
+stop-embedded-server