Migrate CI to 4-job pipeline with SHA-pinned actions #4
@@ -1,47 +1,45 @@
|
||||
name: Docker Build and Push
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches: [main]
|
||||
push:
|
||||
branches: [main]
|
||||
pull_request:
|
||||
schedule:
|
||||
- cron: '0 0 * * *'
|
||||
- cron: '30 3 * * 3'
|
||||
|
||||
jobs:
|
||||
build:
|
||||
lint:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10
|
||||
- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf
|
||||
with:
|
||||
dockerfile: Dockerfile
|
||||
failure-threshold: error
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v4
|
||||
build-and-test:
|
||||
runs-on: ubuntu-latest
|
||||
needs: lint
|
||||
steps:
|
||||
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10
|
||||
- name: Build image
|
||||
run: docker build -t ci-image:${{ github.sha }} .
|
||||
- name: Run tests
|
||||
run: bash tests/test.sh ci-image:${{ github.sha }}
|
||||
|
||||
- name: Login to Docker Hub
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@v4
|
||||
push:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build-and-test
|
||||
if: github.event_name != 'pull_request'
|
||||
steps:
|
||||
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10
|
||||
- name: Build image
|
||||
run: docker build -t ci-image:${{ github.sha }} .
|
||||
- uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Docker metadata
|
||||
id: meta
|
||||
uses: docker/metadata-action@v6
|
||||
with:
|
||||
images: jcabillot/openchamber
|
||||
tags: |
|
||||
#type=ref,event=branch
|
||||
#type=ref,event=pr
|
||||
#type=sha
|
||||
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
|
||||
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v7
|
||||
with:
|
||||
context: .
|
||||
file: Dockerfile
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
pull: true
|
||||
- name: Tag and push
|
||||
run: |
|
||||
docker tag ci-image:${{ github.sha }} jcabillot/opencode-openchamber:latest
|
||||
docker push jcabillot/opencode-openchamber:latest
|
||||
|
||||
+9
-7
@@ -1,19 +1,21 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"customManagers": [
|
||||
"regexManagers": [
|
||||
{
|
||||
"customType": "regex",
|
||||
"description": "Track openchamber base Docker image FROM jcabillot/opencode",
|
||||
"managerFilePatterns": ["/^Dockerfile$/"],
|
||||
"matchStrings": ["FROM jcabillot/opencode:(?<currentValue>[^\\s]+)"],
|
||||
"fileMatch": ["^Dockerfile$"],
|
||||
"matchStrings": [
|
||||
"FROM jcabillot/opencode:(?<currentValue>[^\\s]+)"
|
||||
],
|
||||
"depNameTemplate": "jcabillot/opencode",
|
||||
"datasourceTemplate": "docker"
|
||||
},
|
||||
{
|
||||
"customType": "regex",
|
||||
"description": "Track @openchamber/web npm version from ARG in Dockerfile",
|
||||
"managerFilePatterns": ["/^Dockerfile$/"],
|
||||
"matchStrings": ["ARG OPENCHAMBER_WEB_VERSION=(?<currentValue>[^\\s]+)"],
|
||||
"fileMatch": ["^Dockerfile$"],
|
||||
"matchStrings": [
|
||||
"ARG OPENCHAMBER_WEB_VERSION=(?<currentValue>[^\\s]+)"
|
||||
],
|
||||
"depNameTemplate": "@openchamber/web",
|
||||
"datasourceTemplate": "npm",
|
||||
"versioningTemplate": "npm"
|
||||
|
||||
@@ -0,0 +1,54 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
IMAGE="$1"
|
||||
FAILED=0
|
||||
PASSED=0
|
||||
|
||||
TMPDIR="$(mktemp -d)"
|
||||
CONTAINER_NAME="test-$(echo "$IMAGE" | tr ':/' '-')-$$"
|
||||
trap 'docker rm -f "$CONTAINER_NAME" 2>/dev/null; rm -rf "$TMPDIR"' EXIT
|
||||
|
||||
DOCKER_GW=$(docker network inspect bridge --format '{{range .IPAM.Config}}{{.Gateway}}{{end}}')
|
||||
BASE_URL="http://${DOCKER_GW}:3000"
|
||||
|
||||
assert_eq() {
|
||||
local desc="$1" expected="$2" actual="$3"
|
||||
if [ "$expected" = "$actual" ]; then
|
||||
echo "PASS: $desc"
|
||||
PASSED=$((PASSED + 1))
|
||||
else
|
||||
echo "FAIL: $desc (expected '$expected', got '$actual')"
|
||||
FAILED=$((FAILED + 1))
|
||||
fi
|
||||
}
|
||||
|
||||
docker run -d --name "$CONTAINER_NAME" -p 3000:3000 "$IMAGE"
|
||||
|
||||
echo "Waiting for container..."
|
||||
READY=false
|
||||
for i in $(seq 1 30); do
|
||||
if curl -s -o /dev/null "$BASE_URL/"; then
|
||||
echo "Container ready (attempt $i)"
|
||||
READY=true
|
||||
break
|
||||
fi
|
||||
sleep 2
|
||||
done
|
||||
|
||||
if [ "$READY" = false ]; then
|
||||
echo "Container did not become ready within 60s"
|
||||
echo "=== Container logs ==="
|
||||
docker logs "$CONTAINER_NAME" 2>&1 || true
|
||||
exit 1
|
||||
fi
|
||||
|
||||
STATUS=$(curl -s -o "$TMPDIR/body" -w '%{http_code}' "$BASE_URL/")
|
||||
echo "HTTP status: $STATUS"
|
||||
assert_eq "HTTP 200" "200" "$STATUS"
|
||||
|
||||
echo ""
|
||||
echo "$PASSED/$((PASSED + FAILED)) tests passed"
|
||||
if [ "$FAILED" -gt 0 ]; then
|
||||
exit 1
|
||||
fi
|
||||
Reference in New Issue
Block a user