references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-14 03:30:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5a55138f6d38f06df9f43d0752b4e83457e64bb3
openproject/.github/workflows/docker.yml
T
Oliver Günther 5a55138f6d Add use_test_registry for workflow call
2026-02-23 06:58:50 +01:00

365 lines
14 KiB
YAML
Raw Blame History

name: Docker
run-name: Build docker image from branch ${{ inputs.branch }} with tag ${{ inputs.tag }}
on:
workflow_call:
inputs:
branch:
description: "The branch or tag to checkout and build"
required: true
type: string
tag:
description: "The main docker tag to use (e.g., 'dev' or '16.3.0')"
required: true
type: string
use_test_registry:
description: "Use openproject/openproject-test registry instead (for testing)"
required: false
type: boolean
default: false
workflow_dispatch:
inputs:
branch:
description: "The branch or tag to checkout and build"
required: true
type: string
tag:
description: "The main docker tag to use (e.g., 'dev' or '16.3.0')"
required: true
type: string
use_test_registry:
description: "Use openproject/openproject-test registry instead (for testing)"
required: false
type: boolean
default: false
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
build-hocuspocus:
uses: ./.github/workflows/hocuspocus-docker.yml
with:
use_test_registry: ${{ inputs.use_test_registry }}
branch: ${{ inputs.branch }}
tag: ${{ inputs.tag }}
secrets: inherit
setup:
needs: [build-hocuspocus]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
with:
ref: ${{ inputs.branch }}
- name: Set version outputs and convert tags
id: extract_version
run: |
set -e
echo "Processing tag: ${{ inputs.tag }}"
./script/gh/docker-tags.rb "${{ inputs.tag }}" --version
./script/gh/docker-tags.rb "${{ inputs.tag }}" --format-for-docker
# Determine registry image based on workflow_dispatch input
if [ "${{ inputs.use_test_registry }}" = "true" ]; then
echo "registry_image=openproject/openproject-test" >> "$GITHUB_OUTPUT"
else
echo "registry_image=${{ vars.REGISTRY_IMAGE }}" >> "$GITHUB_OUTPUT"
fi
- name: Verify outputs
run: |
if [ -z "${{ steps.extract_version.outputs.version }}" ]; then
echo "Error: version output is empty"
exit 1
fi
if [ -z "${{ steps.extract_version.outputs.docker_tags }}" ]; then
echo "Error: docker_tags output is empty"
exit 1
fi
if [ -z "${{ steps.extract_version.outputs.registry_image }}" ]; then
echo "Error: registry_image output is empty"
exit 1
fi
echo "✓ version: ${{ steps.extract_version.outputs.version }}"
echo "✓ docker_tags: ${{ steps.extract_version.outputs.docker_tags }}"
echo "✓ registry_image: ${{ steps.extract_version.outputs.registry_image }}"
- name: Cache NPM
uses: runs-on/cache@v4
with:
path: |
frontend/node_modules
node_modules
key: nodejs-x64-${{ hashFiles('**/package-lock.json') }}
restore-keys: nodejs-x64-
- name: Cache angular
uses: runs-on/cache@v4
with:
path: frontend/.angular
key: angular-${{ github.ref }}
restore-keys: angular-
- uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- uses: actions/setup-node@v6
with:
node-version: 22.15
cache: npm
cache-dependency-path: |
package-lock.json
frontend/package-lock.json
- name: Precompile assets
run: |
./docker/prod/setup/precompile-assets.sh
# public/assets will be saved as artifact, so temporarily copying config file there as well
cp config/frontend_assets.manifest.json public/assets/frontend_assets.manifest.json
- uses: actions/upload-artifact@v6
with:
path: public/
name: public-assets-${{ inputs.tag }}-${{ github.sha }}
overwrite: true
# Since v4.4, hidden files are excluded by default.
# We need to include public/assets/.sprockets-manifest-*.json
include-hidden-files: true
outputs:
version: ${{ steps.extract_version.outputs.version }}
docker_tags: ${{ steps.extract_version.outputs.docker_tags }}
registry_image: ${{ steps.extract_version.outputs.registry_image }}
build:
if: github.repository_owner == 'opf'
needs:
- setup
runs-on:
labels: "runs-on=${{ github.run_id }}/ssh=false/${{ matrix.runner }}"
strategy:
matrix:
include:
- platform: linux/amd64
digest: amd64-slim
bim_support: false
debian_base: trixie
target: slim
runner: runner=4cpu-linux-x64
- platform: linux/amd64
digest: amd64-bim
bim_support: true
debian_base: bookworm
target: slim-bim
runner: runner=4cpu-linux-x64
- platform: linux/arm64/v8
digest: arm64-slim
debian_base: trixie
bim_support: false
target: slim
runner: runner=4cpu-linux-arm64
- platform: linux/amd64
digest: amd64-aio
debian_base: bookworm
bim_support: true
target: all-in-one
runner: runner=4cpu-linux-x64
- platform: linux/arm64/v8
digest: arm64-aio
debian_base: trixie
bim_support: false
target: all-in-one
runner: runner=4cpu-linux-arm64
steps:
- name: Checkout
uses: actions/checkout@v6
with:
ref: ${{ inputs.branch }}
- name: Prepare docker files
run: |
cp ./docker/prod/Dockerfile ./Dockerfile
- name: Download precompiled public assets
uses: actions/download-artifact@v7
with:
name: public-assets-${{ inputs.tag }}-${{ github.sha }}
path: public/
- name: Setup precompiled assets
run: |
ls -al public/
mv public/assets/frontend_assets.manifest.json config/frontend_assets.manifest.json
ls -al config/frontend_assets.manifest.json
# allow precompiled assets to be injected into docker image
echo '' >> .dockerignore
echo '!/public/assets' >> .dockerignore
echo '!/config/frontend_assets.manifest.json' >> .dockerignore
- name: Add build information
run: |
echo "${{ inputs.branch }}" > PRODUCT_VERSION
echo "https://github.com/opf/openproject/commits/${{ inputs.branch }}" > PRODUCT_URL
date -u +"%Y-%m-%dT%H:%M:%SZ" > RELEASE_DATE
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
context: git
labels: |
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/opf/openproject/refs/heads/dev/docker/prod/README.md
io.artifacthub.package.logo-url=https://raw.githubusercontent.com/opf/openproject/refs/heads/dev/docker/prod/logo.png
org.opencontainers.image.source=https://github.com/opf/openproject
org.opencontainers.image.documentation=https://www.openproject.org/docs/installation-and-operations/installation/
org.opencontainers.image.vendor=OpenProject GmbH
tags: |
${{ needs.setup.outputs.docker_tags }}
images: |
${{ needs.setup.outputs.registry_image }}
- name: Restore vendor/bundle
id: restore-vendor-bundle
uses: actions/cache/restore@v5
with:
path: |
vendor/bundle
key: ${{ matrix.platform }}-${{ matrix.debian_base }}-vendor-bundle-${{ github.ref }}
- name: Include vendor/bundle in this build (so we can use it from the cache above)
run: |
sed -i 's/vendor\/bundle//g' .dockerignore
- name: Build image
id: build
uses: docker/build-push-action@v6
with:
context: .
platforms: ${{ matrix.platform }}
target: ${{ matrix.target }}
build-args: |
DEBIAN_BASE=${{ matrix.debian_base }}
BIM_SUPPORT=${{ matrix.bim_support }}
BUILDKIT_PROGRESS=plain
pull: true
load: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=s3,blobs_prefix=cache/${{ github.repository }}/${{ matrix.debian_base }},manifests_prefix=cache/${{ github.repository }}/${{ matrix.debian_base }},region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }}
cache-to: type=s3,blobs_prefix=cache/${{ github.repository }}/${{ matrix.debian_base }},manifests_prefix=cache/${{ github.repository }}/${{ matrix.debian_base }},region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }},mode=max
- name: Extract vendor/bundle from container
run: |
docker create --name bundle ${{ steps.build.outputs.imageid }}
if [ -d vendor/bundle ]; then
mv vendor/bundle vendor/bundle.bak
fi
docker cp bundle:/app/vendor/bundle vendor/bundle
docker rm bundle
- name: Save vendor/bundle
id: save-vendor-bundle
uses: actions/cache/save@v5
with:
path: |
vendor/bundle
key: ${{ steps.restore-vendor-bundle.outputs.cache-primary-key }}
- name: Restore pre-build vendor/bundle to prevent 2nd build from scratch during push
run: |
rm -rf vendor/bundle
if [ -d vendor/bundle.bak ]; then
mv vendor/bundle.bak vendor/bundle
fi
- name: Validate image
run: |
./script/ci/docker_validate_image.sh \
--image "${{ steps.build.outputs.imageid }}" \
--target "${{ matrix.target }}" \
--platform "${{ matrix.platform }}"
- name: Push image
id: push
uses: docker/build-push-action@v6
with:
context: .
platforms: ${{ matrix.platform }}
target: ${{ matrix.target }}
build-args: |
DEBIAN_BASE=${{ matrix.debian_base }}
BIM_SUPPORT=${{ matrix.bim_support }}
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,name=${{ needs.setup.outputs.registry_image }},push-by-digest=true,name-canonical=true,push=true
cache-from: type=s3,blobs_prefix=cache/${{ github.repository }}/${{ matrix.debian_base }},manifests_prefix=cache/${{ github.repository }}/${{ matrix.debian_base }},region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }}
cache-to: type=s3,blobs_prefix=cache/${{ github.repository }}/${{ matrix.debian_base }},manifests_prefix=cache/${{ github.repository }}/${{ matrix.debian_base }},region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }},mode=max
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.push.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v6
with:
name: digests-${{ inputs.tag }}-${{ matrix.target }}--${{ matrix.digest }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
runs-on: ubuntu-latest
strategy:
matrix:
target: [slim, slim-bim, all-in-one]
needs:
- setup
- build
steps:
- name: Merge digests
uses: actions/upload-artifact/merge@v6
with:
pattern: "digests-${{ inputs.tag }}-${{ matrix.target }}--*"
overwrite: true
name: "merged-digests-${{ inputs.tag }}-${{ matrix.target }}-${{ github.run_number }}-${{ github.run_attempt }}"
- name: Download digests
uses: actions/download-artifact@v7
with:
name: "merged-digests-${{ inputs.tag }}-${{ matrix.target }}-${{ github.run_number }}-${{ github.run_attempt }}"
path: /tmp/digests
- name: Set suffix
id: set_suffix
run: |
suffix="-${{ matrix.target }}"
if [ "$suffix" = "-all-in-one" ]; then suffix="" ; fi
echo "suffix=$suffix" >> "$GITHUB_OUTPUT"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ needs.setup.outputs.registry_image }}
labels: |
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/opf/openproject/refs/heads/dev/docker/prod/README.md
io.artifacthub.package.logo-url=https://raw.githubusercontent.com/opf/openproject/refs/heads/dev/docker/prod/logo.png
org.opencontainers.image.source=https://github.com/opf/openproject
org.opencontainers.image.documentation=https://www.openproject.org/docs/installation-and-operations/installation/
org.opencontainers.image.vendor=OpenProject GmbH
flavor: |
latest=false
suffix=${{ steps.set_suffix.outputs.suffix }}
tags: |
${{ needs.setup.outputs.docker_tags }}
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ needs.setup.outputs.registry_image }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ needs.setup.outputs.registry_image }}:${{ steps.meta.outputs.version }}
notify-failure:
needs: [setup, build, merge]
if: ${{ always() && contains(needs.*.result, 'failure') }}
uses: ./.github/workflows/email-notification.yml
secrets: inherit
with:
subject: "Docker build failed"
body: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
Reference in New Issue View Git Blame Copy Permalink