trigger docker build w/ jdk 17

CMSgov · Feb 11, 2025 · d731f7a · d731f7a
1 parent 56e1f2f
commit d731f7a
Showing 1 changed file with 241 additions and 0 deletions.
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -0,0 +1,241 @@
+name: Docker Build
+
+on:
+  workflow_dispatch:
+  workflow_call:
+    outputs:
+      ecr_image_tag:
+        description: "Tag for associated docker images"
+        value: ${{ jobs.generate_docker_tag.outputs.docker_tag }}
+  push:
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  VAULT_PW: ${{ secrets.VAULT_PW }}
+  REPORT_COVERAGE: true
+  DPC_CA_CERT: ${{ secrets.DPC_CA_CERT }}
+  ENV: "github-ci"
+
+jobs:
+  generate_docker_tag:
+    runs-on: self-hosted
+    outputs:
+      docker_tag: ${{ steps.output_docker_tag.outputs.docker_tag }}
+    steps:
+      - name: generate a tag with UTC date and GitHub run_id
+        id: output_docker_tag
+        run: |
+          DOCKER_TAG="rls-$(date -u +'%Y%m%d%H%M')-${{ github.run_id }}"
+          echo "docker_tag=$DOCKER_TAG" >> $GITHUB_OUTPUT
+      - name: print tag to STDOUT
+        run: echo "$DOCKER_TAG"
+
+  docker_build_rails_apps:
+    runs-on: self-hosted
+    strategy:
+      matrix:
+        ecr_repository: [ web-portal, web-admin, web ]
+        include:
+          # note this is confusing, but make ci-web-portal points to dpc-web-portal-test.sh which runs
+          # docker compose -p ... dpc_web
+          - ecr_repository: web-portal
+            make_command: make ci-portal
+          - ecr_repository: web-admin
+            make_command: make ci-admin-portal
+          - ecr_repository: web
+            make_command: make ci-web-portal
+    steps:
+      - name: Assert Ownership
+        run: sudo chmod -R 777 .
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+      - name: Cleanup Runner
+        run: ./scripts/cleanup-docker.sh
+
+      - name: Install python3
+        run: sudo dnf install python3
+
+      - name: Install docker compose manually
+        run: |
+          sudo mkdir -p /usr/local/lib/docker/cli-plugins
+          sudo curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
+          sudo chown root:root /usr/local/lib/docker/cli-plugins/docker-compose
+          sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
+
+      - name: Build specified app
+        run: ${{ matrix.make_command }}
+
+      - name: gzip the image
+        run: docker save dpc-${{ matrix.ecr_repository }}:latest | gzip > ${{ runner.temp }}/dpc_${{ matrix.ecr_repository }}_latest.tar.gz
+      - name: upload tar artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: dpc-${{ matrix.ecr_repository }}
+          path: ${{ runner.temp }}/dpc_${{ matrix.ecr_repository }}_latest.tar.gz
+          retention-days: 1
+
+  docker_build_java: # builds dpc-api, dpc-attribution, dpc-aggregation, and dpc-consent
+    runs-on: self-hosted
+    steps:
+      - name: "Set up Ansible"
+        run: |
+          sudo dnf -y install python3 python3-pip
+          pip install ansible
+
+      - name: "Install npm for Postman tests"
+        run: |
+          sudo dnf -y install nodejs
+          npm --version
+
+      - name: Install docker compose manually
+        run: |
+          sudo mkdir -p /usr/local/lib/docker/cli-plugins
+          sudo curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
+          sudo chown root:root /usr/local/lib/docker/cli-plugins/docker-compose
+          sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
+
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+
+      - name: Assert Ownership
+        run: sudo chmod -R 777 .
+      - name: Cleanup Runner
+        run: ./scripts/cleanup-docker.sh
+
+      - name: "Set up JDK 17"
+        uses: actions/setup-java@v3
+        with:
+          java-version: "17"
+          distribution: "corretto"
+          cache: maven
+
+      - name: Install Maven 3.6.3
+        run: |
+          export PATH="$PATH:/opt/maven/bin"
+          echo "PATH=$PATH" >> $GITHUB_ENV
+          if mvn -v; then echo "Maven already installed" && exit 0; else echo "Installing Maven"; fi
+          tmpdir="$(mktemp -d)"
+          curl -LsS https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz | tar xzf - -C "$tmpdir"
+          sudo rm -rf /opt/maven
+          sudo mv "$tmpdir/apache-maven-3.6.3" /opt/maven
+
+      - name: Clean maven
+        run: mvn -ntp -U clean
+
+      - name: Build ci app
+        id: api-build
+        run: |
+          export PATH=$PATH:~/.local/bin
+          make ci-app
+
+      # add extra commands to log docker containers during failure
+      - name: Consent Logs
+        if: ${{ failure() && steps.api-build.outcome == 'failure' }}
+        run: docker logs start-v1-app-consent-1
+      - name: Attribution Logs
+        if: ${{ failure() && steps.api-build.outcome == 'failure' }}
+        run: docker logs start-v1-app-attribution-1
+      - name: Aggregation Logs
+        if: ${{ failure() && steps.api-build.outcome == 'failure' }}
+        run: docker logs start-v1-app-aggregation-1
+      - name: Api Logs
+        if: ${{ failure() && steps.api-build.outcome == 'failure' }}
+        run: docker logs start-v1-app-api-1
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/dpc-dev-github-actions
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: gzip image (1 of 4) - API
+        run: docker save ${{ steps.login-ecr.outputs.registry }}/dpc-api:latest | gzip > ${{ runner.temp }}/dpc_api_latest.tar.gz
+      - name: upload tar artifact (1 of 4) - API
+        uses: actions/upload-artifact@v4
+        with:
+          name: dpc-api
+          path: ${{ runner.temp }}/dpc_api_latest.tar.gz
+          retention-days: 1
+
+      - name: gzip image (2 of 4) - Attribution
+        run: docker save ${{ steps.login-ecr.outputs.registry }}/dpc-attribution:latest | gzip > ${{ runner.temp }}/dpc_attribution_latest.tar.gz
+      - name: upload tar artifact (2 of 4) - Attribution
+        uses: actions/upload-artifact@v4
+        with:
+          name: dpc-attribution
+          path: ${{ runner.temp }}/dpc_attribution_latest.tar.gz
+          retention-days: 1
+
+      - name: gzip image (3 of 4) - Aggregation
+        run: docker save ${{ steps.login-ecr.outputs.registry }}/dpc-aggregation:latest | gzip > ${{ runner.temp }}/dpc_aggregation_latest.tar.gz
+      - name: upload tar artifact (3 of 4) - Aggregation
+        uses: actions/upload-artifact@v4
+        with:
+          name: dpc-aggregation
+          path: ${{ runner.temp }}/dpc_aggregation_latest.tar.gz
+          retention-days: 1
+
+      - name: gzip image (4 of 4) - Consent
+        run: docker save ${{ steps.login-ecr.outputs.registry }}/dpc-consent:latest | gzip > ${{ runner.temp }}/dpc_consent_latest.tar.gz
+      - name: upload tar artifact (4 of 4) - Consent
+        uses: actions/upload-artifact@v4
+        with:
+          name: dpc-consent
+          path: ${{ runner.temp }}/dpc_consent_latest.tar.gz
+          retention-days: 1
+
+  docker_push_all_apps:
+    runs-on: self-hosted
+    strategy:
+      matrix:
+        ecr_repository: [ web-portal, web-admin, web, api, attribution, aggregation, consent ]
+    env:
+      ECR_REPOSITORY: ${{ matrix.ecr_repository }}
+    needs: [ docker_build_rails_apps, docker_build_java, generate_docker_tag ]
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: dpc-${{ matrix.ecr_repository }}
+          path: ${{ runner.temp }}
+      - name: Load docker image from artifact download
+        run: |
+          docker load --input ${{ runner.temp }}/dpc_${{ matrix.ecr_repository }}_latest.tar.gz
+          docker image ls -a
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/dpc-dev-github-actions
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Push to ECR
+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          IMAGE_TAG: ${{ needs.generate_docker_tag.outputs.docker_tag }}
+        run: |
+          if [ ${{ matrix.ecr_repository }} == 'api' ] || \
+             [ ${{ matrix.ecr_repository }} == 'attribution' ] || \
+             [ ${{ matrix.ecr_repository }} == 'aggregation' ] || \
+             [ ${{ matrix.ecr_repository }} == 'consent' ]; then
+            echo "using image with registry as part of name for java app: ${{ matrix.ecr_repository }}"
+            docker tag $REGISTRY/dpc-$ECR_REPOSITORY $REGISTRY/dpc-$ECR_REPOSITORY:latest
+            docker tag $REGISTRY/dpc-$ECR_REPOSITORY $REGISTRY/dpc-$ECR_REPOSITORY:$IMAGE_TAG
+            docker push $REGISTRY/dpc-$ECR_REPOSITORY:$IMAGE_TAG
+            docker push $REGISTRY/dpc-$ECR_REPOSITORY:latest
+          else
+            docker tag dpc-$ECR_REPOSITORY:latest $REGISTRY/dpc-$ECR_REPOSITORY:latest
+            docker tag dpc-$ECR_REPOSITORY:latest $REGISTRY/dpc-$ECR_REPOSITORY:$IMAGE_TAG
+            docker push $REGISTRY/dpc-$ECR_REPOSITORY:$IMAGE_TAG
+            docker push $REGISTRY/dpc-$ECR_REPOSITORY:latest
+          fi