Skip to content

Building service containers #155

Building service containers

Building service containers #155

Workflow file for this run

name: build-containers
run-name: Building service containers
on:
push:
env:
BASE_IMAGE: cccs/assemblyline-v4-service-base:4.5.stable
REGISTRY: ghcr.io
PUSH_REGISTRY: ghcr.io
BASE_TAG: 4.5.0.stable
MANIFEST_REGISTRY: ghcr.io/
jobs:
discover-services:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Discover directories with Dockerfiles
id: services
run: |
echo "services=$(find . -type f -name Dockerfile | xargs -n 1 dirname | uniq | cut -d '/' -f 2 | grep -v 'TEMPLATE' | grep -v 'al-service-with-py11' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT"
- name: Print services with Dockerfiles
run: |
echo "Services with Dockerfiles: ${{ steps.services.outputs.services }}"
outputs:
services: ${{ steps.services.outputs.services }}
build-containers:
needs: discover-services
runs-on: ubuntu-latest
if: needs.discover-services.outputs.services != '[]'
strategy:
matrix:
service: ${{ fromJson(needs.discover-services.outputs.services) }}
permissions:
contents: read
packages: write
defaults:
run:
working-directory: ${{ matrix.service }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Authorize to GitHub Packages
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Authorize to Github Docker Registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin
- name: Build container
run: |
make build
- name: Check service was changed in the commit
id: check-service-changed
run: |
git diff --quiet ${{ github.event.before }} ${{ github.event.after }} -- .
echo exit-code=$? >> $GITHUB_OUTPUT
shell: bash {0}
continue-on-error: true
# Tests based on real examples, not suitable to keep in the public repo
- name: Checkout repository with test samples
if: steps.check-service-changed.outputs.exit-code != 0 && matrix.service == 'ASTGrep'
uses: actions/checkout@v4
with:
repository: kam193/unsafe-examples
path: ASTGrep/tmp/
# sparse-checkout: |
# dangerous_examples/*
# sparse-checkout-cone-mode: false
persist-credentials: false
ssh-key: ${{ secrets.UNSAFE_SAMPLES_SSH }}
clean: false
- name: Link the test samples
if: steps.check-service-changed.outputs.exit-code != 0 && matrix.service == 'ASTGrep'
run: |
cd tests
ln -s ../tmp/dangerous_examples/ dangerous_examples
- name: Install test dependencies
if: steps.check-service-changed.outputs.exit-code != 0
run: |
sudo apt-get install -y libfuzzy-dev
make test-dependencies
- name: Run tests
if: steps.check-service-changed.outputs.exit-code != 0
run: |
make test
- name: Check if the current version has already been pushed
id: check-if-pushed
run: |
export GHCR_TOKEN=$(echo ${{ secrets.GITHUB_TOKEN }} | base64)
export TAG=$BASE_TAG$(cat VERSION)
echo manifest=$(curl -s -H "Authorization: Bearer ${GHCR_TOKEN}" https://ghcr.io/v2/kam193/$(make print)/manifests/$TAG | grep "manifest unknown") >> $GITHUB_OUTPUT
- name: Push container
if: steps.check-if-pushed.outputs.manifest
run: |
make push
echo "ghcr.io/kam193/$(make print):$BASE_TAG$(cat VERSION)" > tag.txt
cat VERSION > version.txt
- name: Upload artifact
if: steps.check-if-pushed.outputs.manifest
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: ${{ matrix.service }}
path: |
${{ matrix.service }}/tag.txt
${{ matrix.service }}/version.txt
release:
needs: build-containers
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Download artifacts
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427
with:
path: ./artifacts
- name: Gain release info
run: |
for service in $(ls -1 ./artifacts); do
output=$(cat ./artifacts/$service/tag.txt)
echo "## $service $BASE_TAG$(cat ./artifacts/$service/version.txt)" >> release_text.md
echo "Uploaded image: \`$output\`" >> release_text.md
done
- name: Check if anything to release
id: check-if-release
run: |
if [[ ! -s "release_text.md" ]]; then
echo "release=false" >> $GITHUB_OUTPUT
else
echo "This is an automated release. Following new service versions were uploaded." > release_body.md
cat release_text.md >> release_body.md
echo "release=true" >> $GITHUB_OUTPUT
echo "CURRENT_DATE=$(date +'%Y-%m-%d--%H-%M')" >> $GITHUB_ENV
fi
- name: Release changes
if: steps.check-if-release.outputs.release == 'true'
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5
with:
name: Release on ${{ env.CURRENT_DATE }}
bodyFile: release_body.md
makeLatest: true
tag: release-${{ env.CURRENT_DATE }}
generateReleaseNotes: true