From d977eb1ed885ae45deded87f589e68ddaf64ba92 Mon Sep 17 00:00:00 2001
From: NiScy - ilias Stergiou <129516686+isnetc@users.noreply.github.com>
Date: Mon, 23 Oct 2023 14:06:42 +0300
Subject: [PATCH] publish to container registry (#55)

Co-authored-by: Ilias STERGIOU (INTRASOFT) <Ilias.STERGIOU@intrasoft-intl.com>
---
 .../publish-to-container-registry.yml         | 84 +++++++++++++++++++
 build.gradle.kts                              | 13 ++-
 docker/docker-compose.yaml                    |  5 +-
 3 files changed, 98 insertions(+), 4 deletions(-)
 create mode 100644 .github/workflows/publish-to-container-registry.yml

diff --git a/.github/workflows/publish-to-container-registry.yml b/.github/workflows/publish-to-container-registry.yml
new file mode 100644
index 00000000..86d0cee0
--- /dev/null
+++ b/.github/workflows/publish-to-container-registry.yml
@@ -0,0 +1,84 @@
+name: Publish to container registry
+
+on:
+  push:
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  REGISTRY_URL: https://ghcr.io
+  REGISTRY_USERNAME: ${{ github.actor }}
+  REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+    name: Build and publish
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+      - name: Validate Gradle Wrapper
+        uses: gradle/wrapper-validation-action@v1
+
+      # login to github packages
+      # ref: https://docs.docker.com/build/ci/github-actions/push-multi-registries/
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          #username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) from git reference and github events for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5.0.0
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha
+
+      - name: Build and publish with Gradle Wrapper
+        uses: gradle/gradle-build-action@v2.4.2
+        if: github.event_name != 'pull_request'
+        env:
+          BP_OCI_CREATED: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
+          BP_OCI_DESCRIPTION: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }}
+          BP_OCI_LICENSES: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.licenses'] }}
+          BP_OCI_REVISION: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
+          BP_OCI_SOURCE: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.source'] }}
+          BP_OCI_TITLE: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.title'] }}
+          BP_OCI_URL: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.url'] }}
+          BP_OCI_VERSION: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
+          # Paketo Buildpack for Image Labels 4.5.2
+          BP_OCI_AUTHORS: "https://digital-strategy.ec.europa.eu/en/policies/electronic-identification"
+          BP_OCI_REF_NAME: ${{ github.repository }}
+          BP_OCI_VENDOR: "https://digital-strategy.ec.europa.eu/en/policies/electronic-identification"
+          # run the JLink tool and install a minimal JRE for runtime, reducing both image size and attack surface
+          BP_JVM_JLINK_ENABLED : "true"
+        with:
+          arguments: |
+            build 
+            bootBuildImage
+            --imageName=${{ fromJSON(steps.meta.outputs.json).tags[0] }}
+            --publishImage
+            --full-stacktrace
diff --git a/build.gradle.kts b/build.gradle.kts
index feed547b..64024e14 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -60,7 +60,18 @@ springBoot {
 }
 
 tasks.named<BootBuildImage>("bootBuildImage") {
-    imageName.set("$group/${project.name}")
+    imageName.set("${project.name}")
+    publish.set(false)
+    docker {
+        publishRegistry {
+            url = System.getenv("REGISTRY_URL")
+            username = System.getenv("REGISTRY_USERNAME")
+            password = System.getenv("REGISTRY_PASSWORD")
+        }
+    }
+    // get the BP_OCI_* from env, for https://github.com/paketo-buildpacks/image-labels
+    // get the BP_JVM_* from env, jlink optimisation
+    environment.set(System.getenv())
 }
 
 spotless {
diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml
index 0da3cf10..29273636 100644
--- a/docker/docker-compose.yaml
+++ b/docker/docker-compose.yaml
@@ -2,7 +2,7 @@ version: '3.3'
 
 services:
   verifier:
-    image: docker.io/build/eudi-srv-web-verifier-endpoint-23220-4-kt:latest
+    image: ghcr.io/niscy-eudiw/eudi-srv-web-verifier-endpoint-23220-4-kt:v0.1.0
     container_name: verifier-backend
     ports:
       - "8080:8080"
@@ -11,8 +11,7 @@ services:
       VERIFIER_RESPONSE_MODE: "DirectPost"
 
   verifier-ui:
-    # image: niscy-eudiw/verifier-ui:latest
-    image: docker.io/library/eudi-web-verifier
+    image: ghcr.io/niscy-eudiw/eudi-web-verifier:v0.1.0
     container_name: verifier-ui
     ports:
       - "4300:4300"