adding GHA and docker build for mock ims_service.py

NOAA-GSL · Jun 26, 2024 · f3d46e0 · f3d46e0
1 parent eb95227
commit f3d46e0
Show file tree

Hide file tree

Showing 3 changed files with 150 additions and 0 deletions.
diff --git a/.github/workflows/build-package-mock-ims.yml b/.github/workflows/build-package-mock-ims.yml
@@ -0,0 +1,103 @@
+name: Build and Package the Mock IMS Service to Dev Registry
+on:
+  push:
+    branches: [ main ]
+env:
+  DEV_REGISTRY: ghcr.io/noaa-gsl/idss/service/ims-gateway
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        app:
+          - mockims
+    steps:
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v1
+      with:
+        registry: ghcr.io
+        username: ${{github.actor}}
+        password: ${{secrets.GITHUB_TOKEN}}
+
+    - name: pull
+      run: |
+        docker pull ghcr.io/noaa-gsl/idss/commons/python/python-base:main
+
+    - name: Checkout Code
+      uses: actions/checkout@v2
+
+    - name: Set ENV Variables
+      shell: bash
+      run: |
+        DATE=$(git show -s --format=%cd --date=format:'%Y-%m-%d.%H:%M:%S.%z' ${{ github.sha }})
+          if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then
+            # PR build
+            echo "BRANCH=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
+            echo "VERSION=dev-${{ github.sha }}-$DATE" >> $GITHUB_ENV
+          elif [[ "${GITHUB_EVENT_NAME}" == "push" ]]; then
+            # Handle differences between branches/tags
+            if [[ "${GITHUB_REF}" == *"heads"* ]]; then
+              # Branch build
+              echo "BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
+              echo "VERSION=dev-${{ github.sha }}-$DATE" >> $GITHUB_ENV
+            elif [[ "${GITHUB_REF}" == *"tags"* ]]; then
+              # Tag build
+              echo "BRANCH=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+              echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+            else
+              echo "ERROR: Unanticipated Git Ref"
+              exit 1
+            fi
+          else
+            echo "ERROR: Unanticipated GitHub Event"
+            exit 1
+          fi
+
+    - name: Create App Names
+      env:
+        APP: '${{matrix.app}}'
+      run: |
+        echo "APP_LOWERCASE=${APP,,}" >> $GITHUB_ENV
+
+    - name: Build Image
+      run: |
+        docker build \
+          --build-arg APPNAME=${{matrix.app}} \
+          --build-arg BUILDVER="${{env.VERSION}}" \
+          --build-arg COMMITBRANCH=${{env.BRANCH}} \
+          --build-arg COMMITSHA=${{github.sha}} \
+          -t ${{env.DEV_REGISTRY}}/${{env.APP_LOWERCASE}}:${{env.BRANCH}} \
+          -f ./docker/mockims/dev/Dockerfile .
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: '${{env.DEV_REGISTRY}}/${{env.APP_LOWERCASE}}:${{env.BRANCH}}'
+        format: 'table'
+        #exit-code: '1'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'
+
+        # this requires public repo / additional config
+        #format: 'sarif'
+        #output: 'trivy-results.sarif'
+
+     # GSL isn't paying for this support with private repositories
+#    - name: Upload Trivy scan results to GitHub Security tab
+#      uses: github/codeql-action/upload-sarif@v2
+#      with:
+#        sarif_file: 'trivy-results.sarif'
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v1
+      with:
+        registry: ghcr.io
+        username: ${{github.actor}}
+        password: ${{secrets.GITHUB_TOKEN}}
+
+    - name: Push Image to Dev Registry
+      run: |
+        docker push ${{env.DEV_REGISTRY}}/${{env.APP_LOWERCASE}}:${{env.BRANCH}}
diff --git a/docker/mockims/dev/Dockerfile b/docker/mockims/dev/Dockerfile
@@ -0,0 +1,24 @@
+# IMS Gateway Request Service using python commons base image
+FROM ghcr.io/noaa-gsl/idss/commons/python/python-base:main
+
+ARG maintainer
+LABEL maintainer ${maintainer}
+
+# Install additional dependencies
+#RUN conda config --add channels conda-forge && \
+#    conda install -y flask=2.3.2
+
+WORKDIR /python/ims_service
+
+# Copy source files
+COPY ./python/idsse_testing/ims_service/src/ims_service.py /python/ims_service/
+
+# (TEMPORARY) Copy canned criteria files. To be removed when integration with IMS API exists
+COPY ./python/idsse_testing/ims_service/profiles/*.json /python/profiles/
+
+# The volume mapping here is kind of strange for k8s deployment, because if we map an empty volume to /criteria
+# then the temp copy of json above will get blown away by the volume mapping...just omit it for k8s deployment
+# for now.
+#VOLUME /python/profiles
+
+ENTRYPOINT [ "python3", "/python/ims_service/ims_service.py" ]
diff --git a/docker/mockims/local/Dockerfile b/docker/mockims/local/Dockerfile
@@ -0,0 +1,23 @@
+# IMS Gateway Request Service using python sci base image
+# sci is required because the use of shapely
+FROM idss.engine.commons.python-base:local
+
+ARG maintainer
+LABEL maintainer ${maintainer}
+
+# Install additional dependencies
+#RUN conda config --add channels conda-forge && \
+#    conda install -y <package>=<1.0.0>
+
+WORKDIR /python/ims_service
+
+# Copy source files
+COPY ./python/idsse_testing/ims_service/src/ims_service.py /python/ims_service/
+
+# (TEMPORARY) Copy canned criteria files. To be removed when integration with IMS API exists
+COPY ./python/idss_testing/ims_service/profiles/*.json /python/profiles/
+
+# If you need to have a local mount, otherwise service will use version controlled jsons
+#VOLUME /python/profiles
+
+ENTRYPOINT [ "python3", "/python/ims_service/ims_service.py" ]