-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Remove sample files that are not needed * Add new Docker Images to build * Add new workflow to build Docker Images * Push a new README * Add final state for a required check * Sure up workflow
- Loading branch information
1 parent
1a0b217
commit 9127891
Showing
14 changed files
with
228 additions
and
112 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,128 @@ | ||
name: Build & Publish Docker Images | ||
|
||
on: | ||
push: | ||
branches: [ 'main' ] | ||
pull_request: | ||
env: | ||
REGISTRY: ghcr.io | ||
NAMESPACED_REGISTRY: ghcr.io/apollographql/ci-utility-docker-images | ||
|
||
jobs: | ||
calculate-images-to-build: | ||
name: Calculate Images To Build | ||
runs-on: ubuntu-latest | ||
outputs: | ||
changed_dirs: ${{ steps.filter_config_directories.outputs.changed_dirs }} | ||
steps: | ||
- name: "Checkout repository" | ||
uses: actions/checkout@v4 | ||
- name: "Calculate changed files directories" | ||
id: calculate_changed_files | ||
uses: tj-actions/changed-files@v44 | ||
with: | ||
dir_names: true | ||
dir_names_exclude_current_dir: true | ||
json: true | ||
- name: "Filter out config directories" | ||
id: filter_config_directories | ||
run: | | ||
CHANGED_DIRS=$(echo "${{ steps.calculate_changed_files.outputs.all_changed_files }}" | jq -c '[.[] | select(. | contains(".") | not)']) | ||
echo "changed_dirs=$CHANGED_DIRS" >> "$GITHUB_OUTPUT" | ||
build-and-push-images: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: write | ||
attestations: write | ||
id-token: write | ||
needs: | ||
- calculate-images-to-build | ||
strategy: | ||
matrix: | ||
changed_dir: ${{ fromJSON(needs.calculate-images-to-build.outputs.changed_dirs ) }} | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v4 | ||
- name: Log in to the Container Registry | ||
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Extract Details From config.yml | ||
id: extract_from_config_yaml | ||
run: | | ||
echo "desired_version=$(cat ${{ github.workspace }}/${{ matrix.changed_dir }}/config.yml | yq '.version')" >> "$GITHUB_OUTPUT" | ||
echo "platforms=$(cat ${{ github.workspace }}/${{ matrix.changed_dir }}/config.yml | yq '.platforms | join(",")')" >> "$GITHUB_OUTPUT" | ||
echo "description=$(cat ${{ github.workspace }}/${{ matrix.changed_dir }}/config.yml | yq '.description')" >> "$GITHUB_OUTPUT" | ||
- name: Check Image to Build Does Not Already Exist | ||
run: | | ||
if docker manifest inspect ${{ env.NAMESPACED_REGISTRY }}/${{ matrix.changed_dir }}:${{ steps.extract_from_config_yaml.outputs.desired_version }} > /dev/null; then | ||
echo "The tag "${{ env.NAMESPACED_REGISTRY }}/${{ matrix.changed_dir }}:${{ steps.extract_from_config_yaml.outputs.desired_version }}" already exists in the repository. Do you need to bump the version in the config.yml?" | ||
exit 1 | ||
fi | ||
- name: Calculate Version | ||
id: calculate_version | ||
run: | | ||
VERSION=${{ github.event_name == 'pull_request' && format('{0}-PR{1}.{2}', steps.extract_from_config_yaml.outputs.desired_version, github.event.number, github.event.pull_request.head.sha) || steps.extract_from_config_yaml.outputs.desired_version}} | ||
echo "version=$VERSION" >> "$GITHUB_OUTPUT" | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Get Docker Metadata | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
env: | ||
DOCKER_METADATA_PR_HEAD_SHA: true | ||
with: | ||
images: ${{ env.NAMESPACED_REGISTRY }}/${{ matrix.changed_dir }} | ||
tags: | | ||
type=semver,pattern={{version}},value=v${{ steps.calculate_version.outputs.version }} | ||
type=sha,prefix= | ||
labels: | | ||
org.opencontainers.image.title=${{ matrix.changed_dir }} | ||
org.opencontainers.image.description=${{ steps.extract_from_config_yaml.outputs.description }} | ||
org.opencontainers.image.vendor=Apollo GraphQL | ||
org.opencontainers.image.licenses=MIT | ||
annotations: | | ||
org.opencontainers.image.title=${{ matrix.changed_dir }} | ||
org.opencontainers.image.description=${{ steps.extract_from_config_yaml.outputs.description }} | ||
org.opencontainers.image.vendor=Apollo GraphQL | ||
org.opencontainers.image.licenses=MIT | ||
- name: Build and Push Docker image | ||
id: push | ||
uses: docker/build-push-action@v6 | ||
with: | ||
context: ${{ github.workspace }}/${{ matrix.changed_dir }} | ||
file: ${{ github.workspace }}/${{ matrix.changed_dir }}/Dockerfile | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
annotations: ${{ steps.meta.outputs.annotations }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
platforms: ${{ steps.extract_from_config_yaml.outputs.platforms }} | ||
- name: Create Git Tag | ||
uses: mathieudutour/[email protected] | ||
with: | ||
github_token: ${{ secrets.GITHUB_TOKEN }} | ||
default_bump: false | ||
default_prerelease_bump: false | ||
custom_tag: ${{ matrix.changed_dir }}/v${{ steps.calculate_version.outputs.version }} | ||
dry_run: ${{ github.event_name == 'pull_request' }} | ||
tag_prefix: "" | ||
- name: Create GitHub Release | ||
if: ${{ github.event_name != 'pull_request' }} | ||
uses: comnoco/[email protected] | ||
with: | ||
tag_name: ${{ matrix.changed_dir }}/v${{ steps.calculate_version.outputs.version }} | ||
release_name: ${{ matrix.changed_dir }} - v${{ steps.calculate_version.outputs.version }} | ||
check-builds-all-completes: | ||
name: Docker Images Built & Pushed | ||
if: ${{ always() }} | ||
runs-on: ubuntu-latest | ||
needs: | ||
- build-and-push-images | ||
steps: | ||
- run: | | ||
exit ${{ (contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped')) && 1 || 0 }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,4 @@ | ||
node_modules | ||
package-lock.json | ||
.DS_Store | ||
.dist | ||
*.swp | ||
.idea/** |
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1 @@ | ||
# This file was automatically generated by the Apollo SecOps team | ||
# Please customize this file as needed prior to merging. | ||
|
||
* @abernix | ||
* @apollographql/betelgeuse |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,32 +1,9 @@ | ||
# Spec Template | ||
# CI Utility Docker Images | ||
|
||
## Getting Started | ||
This repo allows building of images that are used in other apollographl repos for **CI only** | ||
|
||
1. Click the "Use this template" button on this repository to create a copy of it and name the new repository `specs-{{spec_name}}`, per convention. | ||
1. Search for usages of `%%SPEC-.*?%%` tokens within this repository and replace them with appropriate names (e.g., `%%SPEC-NAME%%`, `%%SPEC-TITLE%%` and `%%SPEC-VERSION%%`). | ||
1. Setup the new repository with Netlify (estimated about 5 minutes) | ||
1. Go to [Netlify App](https://app.netlify.com/teams/apollo/sites) | ||
1. Click “New Site From Git” button | ||
1. Choose GitHub | ||
1. Authorize | ||
1. Choose `apollographql` org | ||
1. Search for `specs-{{spec_name}}` | ||
1. It probably won’t come up | ||
1. Choose “Configure Netlify on GitHub” | ||
1. On the “Install Netlify” screen choose `apollographql` | ||
1. Scroll to the bottom of the App page to where you see the option for “Only select repositories” inside “Repository access” | ||
1. Click “Select repositories” | ||
1. Type `specs-{{spec_name}}` again, then click the matching name. | ||
1. Click on “Save” | ||
1. Then, back on Netlify, click on “specs-tag” in the “Continuous Deployment: GitHub App” box. | ||
1. Leave all the defaults as they are and press “Deploy site” | ||
1. Click on “Site Settings” | ||
1. Press “Change Site Name” | ||
1. Type `apollo-specs-{{spec_name}}` as the name and press “Save” | ||
1. The site should now work at `https://apollo-specs-{{spec_name}}.netlify.app/` | ||
1. Click on “Build and Deploy” on the left menu | ||
1. Under “Branches” press “Edit Settings” | ||
1. Change the “Branch deploys” option to “All” and press “Save” | ||
1. Setup proxying redirects to the new sub-spec site [on the `specs` repo](https://github.com/apollographql/specs/blob/main/_redirects). This will make it available at `https://specs.apollo.dev/{{spec_name}}`. | ||
1. Run `npm run dev` to watch and rebuild. Just use a browser to view `.dist/index.html` to see the rendered page. | ||
1. Write the actual specifications. _Use other specifications (like [the `core` specification](https://github.com/apollographql/specs-core)) as your guide._ | ||
## Adding a new image | ||
|
||
To add a new image, the easiest method is to copy an existing folder at the top level of the repo. | ||
Then you can change its name and update the Dockerfile to allow it to build your new image. The automated | ||
CI checks should take care of everything else. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
# The SHA below is rockylinux:8.9.20231119, fixing to a specific SHA | ||
# rather than a mutable tag, stops rebuilds completely changing the | ||
# contents of the container without us realising. | ||
FROM rockylinux@sha256:9794037624aaa6212aeada1d28861ef5e0a935adaf93e4ef79837119f2a2d04c | ||
|
||
ARG RUST_VERSION=1.80.1 | ||
ARG NODE_VERSION=20.15.1 | ||
|
||
# Add .cargo/bin to PATH | ||
ENV VOLTA_HOME=/root/.volta | ||
ENV PATH="$VOLTA_HOME/bin:/root/.cargo/bin:${PATH}" | ||
|
||
# First update all the installed packages | ||
RUN yum -y update | ||
|
||
# Add the Development Tools | ||
RUN yum groupinstall -y "Development Tools" | ||
|
||
# Add some extra utilities for building in Rust | ||
RUN yum install -y perl-core openssl-devel cmake | ||
|
||
# Install RustUp and add specific target | ||
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain=$RUST_VERSION | ||
|
||
RUN case $TARGETPLATFORM in \ | ||
linux/amd64) \ | ||
rustup add target x86_64-unknown-linux-gnu \ | ||
;; \ | ||
linux/arm64) \ | ||
rustup add target aarch64-unknown-linux-gnu \ | ||
;; \ | ||
*) \ | ||
echo "TARGETPLATFORM $TARGETPLATFORM not recognised, not installing a target" \ | ||
;; \ | ||
esac | ||
|
||
# Install Volta (and Node) | ||
RUN curl https://get.volta.sh | bash | ||
RUN volta install node@$NODE_VERSION |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# Binary Builder (`glibc`) | ||
|
||
The image contained herein is an image that should be used | ||
to _build_ Rust binaries at Apollo. | ||
|
||
It contains RockyLinux (https://rockylinux.org/) at version | ||
8.9, which specifically contains `glibc` 2.28. | ||
|
||
Using images like this ensures compatability with the broadest | ||
range of Linux distributions that are currently under an LTS policy, | ||
and ensures compliance with our new standards for Rust binary building. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
version: 0.1.0 | ||
description: Builder image for Rust binaries that must be built with glibc 2.28 | ||
platforms: | ||
- linux/arm64 | ||
- linux/amd64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# The SHA below is rust:1.80.1-alpine3.19, fixing to a specific SHA | ||
# rather than a mutable tag, stops rebuilds completely changing the | ||
# contents of the container without us realising. | ||
FROM rust@sha256:b3ac1f65cf33390407c9b90558eb41e7a8311c47d836fca5800960f1aa2d11d5 | ||
|
||
# Update packages and package manager to keep us current | ||
RUN apk update && apk upgrade | ||
|
||
# Add tools to enable `musl` compilation and other utilities when building in Rust | ||
RUN apk add musl-dev curl cmake openssl gcc nodejs | ||
|
||
# Add the specific `musl` target to make sure we don't build for `glibc` by accident | ||
RUN case $TARGETPLATFORM in \ | ||
linux/amd64) \ | ||
rustup add target x86_64-unknown-linux-musl \ | ||
;; \ | ||
linux/arm64) \ | ||
rustup add target aarch64-unknown-linux-musl \ | ||
;; \ | ||
*) \ | ||
echo "TARGETPLATFORM $TARGETPLATFORM not recognised, not installing a target" \ | ||
;; \ | ||
esac |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# Binary Builder (`musl`) | ||
|
||
The image contained herein is an image that should be used | ||
to _build_ Rust binaries at Apollo. | ||
|
||
It contains Alpine 3.19, and Rust at version 1.80.1 and is based on the published rust images. | ||
|
||
Using images like this ensures compliance with our new standards for Rust binary building. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
version: 0.1.0 | ||
description: Builder image for Rust binaries that must be built with musl | ||
platforms: | ||
- linux/arm64 | ||
- linux/amd64 |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.