From 065c7f7c8bf4d9a71466158c8b5159d5e407eee7 Mon Sep 17 00:00:00 2001 From: Julio Barreto Date: Mon, 13 May 2024 10:40:03 -0300 Subject: [PATCH 1/5] Change build-push-image action --- build-push-image/README.md | 35 +++++++----- build-push-image/action.yml | 103 ++++++++++++++++++++++++++---------- 2 files changed, 98 insertions(+), 40 deletions(-) diff --git a/build-push-image/README.md b/build-push-image/README.md index bf85459..da135ff 100644 --- a/build-push-image/README.md +++ b/build-push-image/README.md @@ -12,15 +12,22 @@ This GH Action builds a Docker image and pushes to google cloud. The list of arguments, that are used in GH Action: -| name | type | required | default | description | -| ---------------- | ----------------------------------------------------------- | -------- | -------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | -| `sha` | string | ✅ | | Commit hash that will be used as a tag for the Docker image | -| `image-name` | string | ✅ | | Name of the Docker image. Might be used in the next steps (for ex.: deploy a Docker image) | -| `environment` | enum<
`temploy`,
`staging`,
`production`,
> | | staging | Determines additional procedures while creating a Docker image. | -| `build-args` | string | ✅ | | Multiline string to describe build arguments that will be used during dockerization | -| `docker-file` | string | | ./davinci/packages/ci/src/configs/docker/Dockerfile.gha-deploy | pathname to Docker file | -| `davinci-branch` | string | | master | Custom davinci branch | -| `node-version` | string | | 18 | Node.js version used. The action is guaranteed to work only with Node.js@18 (default value) | +| name | type | required | default | description | +| ------------------ | ----------------------------------------------------------- | -------- | ------------------------------------------------ | ------------------------------------------------------------------------------------------ | +| `sha` | string | | ${{ github.sha }} | Commit hash that will be used as a tag for the Docker image | +| `image-name` | string | ✅ | | Name of the Docker image. Might be used in the next steps (for ex.: deploy a Docker image) | +| `build-args` | string | | | Multiline string to describe build arguments that will be used during dockerization | +| `environment` | enum<
`temploy`,
`staging`,
`production`,
> | | staging | Determines additional procedures while creating a Docker image. | +| `docker-file` | string | | Dockerfile | pathname to Dockerfile | +| `davinci-branch` | string | | master | Custom davinci branch | +| `labels` | string | | | List of metadata for the Docker image | +| `context` | string | | . | Build context | +| `push` | string | | false | Push the image to the registry | +| `platforms` | string | | linux/amd64 | List of target platforms for build | +| `tags` | string | | | Additional tags for the Docker image | +| `target` | string | | | Sets the target stage to build | +| `checkout-davinci` | string | | false | Checkout davinci repository | +| `registry-name` | string | | us-central1-docker.pkg.dev/toptal-hub/containers | Registry to push the builded image | ### Outputs @@ -31,10 +38,12 @@ Not specified All ENV Variables, defined in a GH Workflow are also passed to a GH Action. It means, the might be reused as is. This is a list of ENV Variables that are used in GH Action: -| name | description | -| ----------------- | -------------------------------------------------- | -| `GITHUB_TOKEN` | GitHub token. Is used to checkout `davinci` branch | -| `GCR_ACCOUNT_KEY` | Necessary token to push image to Google cloud | +| name | description | +| -------------------------- | -------------------------------------------------- | +| `DOCKER_BUILDX_ENDPOINT` | Docker buildx endpoint | +| `GCR_ACCOUNT_KEY` | Necessary token to push image to Google cloud | +| `GITHUB_TOKEN` | GitHub token. Is used to checkout `davinci` branch | +| `TOPTAL_BUILD_BOT_SSH_KEY` | SSH key to access Google cloud | ### Usage diff --git a/build-push-image/action.yml b/build-push-image/action.yml index 5cf4d7f..a23f973 100644 --- a/build-push-image/action.yml +++ b/build-push-image/action.yml @@ -3,88 +3,137 @@ description: | Builds release image of a project and pushes to cloud **** envInputs: - GITHUB_TOKEN: GitHub token. Is used to checkout `davinci` branch + DOCKER_BUILDX_ENDPOINT: Docker buildx endpoint GCR_ACCOUNT_KEY: Necessary token to push image to Google cloud + GITHUB_TOKEN: GitHub token. Is used to checkout `davinci` branch + TOPTAL_BUILD_BOT_SSH_KEY: SSH key to access Google cloud inputs: sha: - required: true + required: false description: 'Commit hash that will be used as a tag for the Docker image' + default: ${{ github.sha }} image-name: required: true description: 'Name of the Docker image. Might be used in the next steps (for ex.: deploy a Docker image)' + build-args: + required: false + description: 'Multiline string to describe build arguments that will be used during dockerization' environment: required: false default: staging description: 'Determines additional procedures while creating a Docker image. || enum<
`temploy`,
`staging`,
`production`,
>' - build-args: - required: true - description: 'Multiline string to describe build arguments that will be used during dockerization' docker-file: - description: 'pathname to Docker file' required: false - default: ./davinci/packages/ci/src/configs/docker/Dockerfile.gha-deploy + description: 'pathname to Dockerfile' + default: Dockerfile davinci-branch: - description: 'Custom davinci branch' required: false + description: 'Custom davinci branch' default: 'master' - node-version: + labels: + required: false + description: 'List of metadata for the Docker image' + default: '' + context: required: false - default: 18 - description: 'Node.js version used. The action is guaranteed to work only with Node.js@18 (default value)' + description: 'Build context' + default: '.' + push: + required: false + description: 'Push the image to the registry' + default: 'false' + platforms: + required: false + description: 'List of target platforms for build' + default: 'linux/amd64' + tags: + required: false + description: 'Additional tags for the Docker image' + target: + required: false + description: 'Sets the target stage to build' + checkout-davinci: + required: false + description: 'Checkout davinci repository' + default: 'false' + registry-name: + required: false + description: 'Registry to push the builded image' + default: 'us-central1-docker.pkg.dev/toptal-hub/containers' runs: using: composite steps: - name: Check out davinci - uses: actions/checkout@v3 + if: ${{ inputs.checkout-davinci == 'true' }} + uses: actions/checkout@v4 with: repository: toptal/davinci token: ${{ env.GITHUB_TOKEN }} path: davinci + sparse-checkout: | + /packages/ci/src/configs/docker/Dockerfile.gha-deploy + /packages/ci/src/configs/docker/env-runtime.entrypoint.sh + /packages/davinci/docker/nginx-vhost.conf + sparse-checkout-cone-mode: false ref: ${{ inputs.davinci-branch }} - - name: Set up node - uses: actions/setup-node@v3.2.0 - with: - node-version: ${{ inputs.node-version }} - - - id: meta-latest + - id: meta-build shell: bash env: ENVIRONMENT: ${{ inputs.environment }} + REGISTRY: ${{ inputs.registry-name }} run: | latest=$(if [[ $ENVIRONMENT == 'temploy' ]]; then echo false; else echo true; fi) echo latest=$latest >> $GITHUB_OUTPUT + echo REGISTRY_REGION=$(echo $REGISTRY | awk -F'/' '{print $1}') >> $GITHUB_OUTPUT - name: Docker meta + uses: docker/metadata-action@v5 id: meta - uses: docker/metadata-action@v5.2.0 with: images: | - us-central1-docker.pkg.dev/toptal-hub/containers/${{ inputs.image-name }} + ${{ inputs.registry-name }}/${{ inputs.image-name }} tags: | type=raw,enable=true,priority=200,prefix=,suffix=,value=${{ inputs.sha }} + ${{ inputs.tags }} flavor: | - latest=${{ steps.meta-latest.outputs.latest }} + latest=${{ steps.meta-build.outputs.latest }} + + - name: Use SSH key + uses: toptal/ssh-agent@v0.4.1 + with: + ssh-private-key: ${{ env.TOPTAL_BUILD_BOT_SSH_KEY }} - name: Login to Google Artifact Registry - GAR uses: docker/login-action@v3 with: - registry: us-central1-docker.pkg.dev + registry: ${{ steps.meta-build.outputs.REGISTRY_REGION }} username: _json_key password: ${{ env.GCR_ACCOUNT_KEY }} - - name: Set up Docker Buildx - id: buildx + - name: Set up Dcoker Buildx - CI custom runners + if: contains(runner.name, 'inf-gha-runners-runners') + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: ${{ env.DOCKER_BUILDX_ENDPOINT }} + + - name: Set up Docker Buildx - GH runners + if: "!contains(runner.name, 'inf-gha-runners-runners')" uses: docker/setup-buildx-action@v3 - name: Build and push release image - uses: docker/build-push-action@v5.1.0 + uses: docker/build-push-action@v5 with: provenance: false + platforms: ${{ inputs.platforms }} tags: ${{ steps.meta.outputs.tags }} - push: true - context: . + target: ${{ inputs.target }} + push: ${{ inputs.push }} + context: ${{ inputs.context }} + labels: ${{ inputs.labels }} file: ${{ inputs.docker-file }} build-args: ${{ inputs.build-args }} + ssh: default From 4cb6561364cf405fbdb5bd1d20cd8bd6ea807609 Mon Sep 17 00:00:00 2001 From: Julio Barreto Date: Wed, 29 May 2024 15:59:51 -0300 Subject: [PATCH 2/5] Add changeset --- .changeset/curvy-shrimps-doubt.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .changeset/curvy-shrimps-doubt.md diff --git a/.changeset/curvy-shrimps-doubt.md b/.changeset/curvy-shrimps-doubt.md new file mode 100644 index 0000000..52bbcca --- /dev/null +++ b/.changeset/curvy-shrimps-doubt.md @@ -0,0 +1,11 @@ +--- +'davinci-github-actions': major +--- + +- change build-push-image action to encapsulate steps needed to use CI buildx instance when using custom runners. + +- by using the CI buildx we can cache the intermediate docker image layers, saving time for the next runs, and also + saving with Cloud NAT, since we don't need to download packages for each run. + +Breaking changes: +We added some new inputs and also removed the node-version input. From 0c247e4543c3be8e9663dcababa31b3dcd9e0239 Mon Sep 17 00:00:00 2001 From: Julio Barreto Date: Wed, 29 May 2024 16:14:22 -0300 Subject: [PATCH 3/5] Update README.md --- build-push-image/README.md | 4 ++-- build-push-image/action.yml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/build-push-image/README.md b/build-push-image/README.md index da135ff..355fe6f 100644 --- a/build-push-image/README.md +++ b/build-push-image/README.md @@ -48,11 +48,11 @@ This is a list of ENV Variables that are used in GH Action: ### Usage ```yaml - - uses: toptal/davinci-github-actions/build-push-image@v4.4.2 + - uses: toptal/davinci-github-actions/build-push-image@v15.0.0 with: - sha: 7042976bc3db21012fe38602bb643618a95aa2d0 image-name: my-image-name environment: staging + checkout-davinci: true docker-file: ./davinci/packages/ci/src/configs/docker/Dockerfile.gha-deploy build-args: | ENV_RUNTIME_ENTRYPOINT=./davinci/packages/ci/src/configs/docker/env-runtime.entrypoint.sh diff --git a/build-push-image/action.yml b/build-push-image/action.yml index a23f973..38bcc51 100644 --- a/build-push-image/action.yml +++ b/build-push-image/action.yml @@ -53,6 +53,7 @@ inputs: target: required: false description: 'Sets the target stage to build' + # Set checkout davinci to true if you want to checkout davinci repository files checkout-davinci: required: false description: 'Checkout davinci repository' From 4f544d4f5977efc175778d6b8d4659c4f7ff7e4e Mon Sep 17 00:00:00 2001 From: Julio Barreto Date: Thu, 30 May 2024 11:34:17 -0300 Subject: [PATCH 4/5] Fix typo --- build-push-image/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-push-image/action.yml b/build-push-image/action.yml index 38bcc51..1a9b1cd 100644 --- a/build-push-image/action.yml +++ b/build-push-image/action.yml @@ -114,7 +114,7 @@ runs: username: _json_key password: ${{ env.GCR_ACCOUNT_KEY }} - - name: Set up Dcoker Buildx - CI custom runners + - name: Set up Docker Buildx - CI custom runners if: contains(runner.name, 'inf-gha-runners-runners') uses: docker/setup-buildx-action@v3 with: From 9af99ccdd29b1e90d80bc6b5a6860657f86f3dbb Mon Sep 17 00:00:00 2001 From: Julio Barreto Date: Mon, 3 Jun 2024 08:10:13 -0300 Subject: [PATCH 5/5] Change PR review recommendations --- build-push-image/README.md | 57 +++++++++++++++---------------------- build-push-image/action.yml | 7 ++--- 2 files changed, 26 insertions(+), 38 deletions(-) diff --git a/build-push-image/README.md b/build-push-image/README.md index 153a833..df41f5c 100644 --- a/build-push-image/README.md +++ b/build-push-image/README.md @@ -12,34 +12,22 @@ This GH Action builds a Docker image and pushes to google cloud. The list of arguments, that are used in GH Action: -<<<<<<< ci-3516-change-build-push-image-action -| name | type | required | default | description | -| ------------------ | ----------------------------------------------------------- | -------- | ------------------------------------------------ | ------------------------------------------------------------------------------------------ | -| `sha` | string | | ${{ github.sha }} | Commit hash that will be used as a tag for the Docker image | -| `image-name` | string | ✅ | | Name of the Docker image. Might be used in the next steps (for ex.: deploy a Docker image) | -| `build-args` | string | | | Multiline string to describe build arguments that will be used during dockerization | -| `environment` | enum<
`temploy`,
`staging`,
`production`,
> | | staging | Determines additional procedures while creating a Docker image. | -| `docker-file` | string | | Dockerfile | pathname to Dockerfile | -| `davinci-branch` | string | | master | Custom davinci branch | -| `labels` | string | | | List of metadata for the Docker image | -| `context` | string | | . | Build context | -| `push` | string | | false | Push the image to the registry | -| `platforms` | string | | linux/amd64 | List of target platforms for build | -| `tags` | string | | | Additional tags for the Docker image | -| `target` | string | | | Sets the target stage to build | -| `checkout-davinci` | string | | false | Checkout davinci repository | -| `registry-name` | string | | us-central1-docker.pkg.dev/toptal-hub/containers | Registry to push the builded image | -======= -| name | type | required | default | description | -| ---------------- | ----------------------------------------------------------- | -------- | -------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | -| `sha` | string | ✅ | | Commit hash that will be used as a tag for the Docker image | -| `image-name` | string | ✅ | | Name of the Docker image. Might be used in the next steps (for ex.: deploy a Docker image) | -| `environment` | enum<
`temploy`,
`staging`,
`production`,
> | | staging | Determines additional procedures while creating a Docker image. | -| `build-args` | string | ✅ | | Multiline string to describe build arguments that will be used during dockerization | -| `docker-file` | string | | ./davinci/packages/ci/src/configs/docker/Dockerfile.gha-deploy | pathname to Docker file | -| `davinci-branch` | string | | master | Custom davinci branch | -| `node-versionв` | string | | 20 | Node.js version used. The action is guaranteed to work only with Node.js@20 (default value) | ->>>>>>> master +| name | type | required | default | description | +| ------------------ | ----------------------------------------------------------- | -------- | ----------------- | ------------------------------------------------------------------------------------------ | +| `sha` | string | | ${{ github.sha }} | Commit hash that will be used as a tag for the Docker image | +| `image-name` | string | ✅ | | Name of the Docker image. Might be used in the next steps (for ex.: deploy a Docker image) | +| `build-args` | string | | | Multiline string to describe build arguments that will be used during dockerization | +| `environment` | enum<
`temploy`,
`staging`,
`production`,
> | | staging | Determines additional procedures while creating a Docker image. | +| `docker-file` | string | | Dockerfile | pathname to Dockerfile | +| `davinci-branch` | string | | master | Custom davinci branch | +| `labels` | string | | | List of metadata for the Docker image | +| `context` | string | | . | Build context | +| `push` | string | | true | Push the image to the registry | +| `platforms` | string | | linux/amd64 | List of target platforms for build | +| `tags` | string | | | Additional tags for the Docker image | +| `target` | string | | | Sets the target stage to build | +| `checkout-davinci` | string | | false | Checkout davinci repository | +| `registry-name` | string | ✅ | | Registry to push the builded image | ### Outputs @@ -50,12 +38,12 @@ Not specified All ENV Variables, defined in a GH Workflow are also passed to a GH Action. It means, the might be reused as is. This is a list of ENV Variables that are used in GH Action: -| name | description | -| -------------------------- | -------------------------------------------------- | -| `DOCKER_BUILDX_ENDPOINT` | Docker buildx endpoint | -| `GCR_ACCOUNT_KEY` | Necessary token to push image to Google cloud | -| `GITHUB_TOKEN` | GitHub token. Is used to checkout `davinci` branch | -| `TOPTAL_BUILD_BOT_SSH_KEY` | SSH key to access Google cloud | +| name | description | +| -------------------------- | --------------------------------------------------------- | +| `DOCKER_BUILDX_ENDPOINT` | Docker buildx endpoint (Optional if using for GH runners) | +| `GCR_ACCOUNT_KEY` | Necessary token to push image to Google cloud | +| `GITHUB_TOKEN` | GitHub token. Is used to checkout `davinci` branch | +| `TOPTAL_BUILD_BOT_SSH_KEY` | SSH key to access Google cloud | ### Usage @@ -66,6 +54,7 @@ This is a list of ENV Variables that are used in GH Action: environment: staging checkout-davinci: true docker-file: ./davinci/packages/ci/src/configs/docker/Dockerfile.gha-deploy + registry-name: ${{ steps.parse_secrets.outputs.TOPTAL_DEFAULT_REGISTRY }} build-args: | ENV_RUNTIME_ENTRYPOINT=./davinci/packages/ci/src/configs/docker/env-runtime.entrypoint.sh DIST_FOLDER=./dist diff --git a/build-push-image/action.yml b/build-push-image/action.yml index 1a9b1cd..0b0113a 100644 --- a/build-push-image/action.yml +++ b/build-push-image/action.yml @@ -3,7 +3,7 @@ description: | Builds release image of a project and pushes to cloud **** envInputs: - DOCKER_BUILDX_ENDPOINT: Docker buildx endpoint + DOCKER_BUILDX_ENDPOINT: Docker buildx endpoint (Optional if using for GH runners) GCR_ACCOUNT_KEY: Necessary token to push image to Google cloud GITHUB_TOKEN: GitHub token. Is used to checkout `davinci` branch TOPTAL_BUILD_BOT_SSH_KEY: SSH key to access Google cloud @@ -42,7 +42,7 @@ inputs: push: required: false description: 'Push the image to the registry' - default: 'false' + default: 'true' platforms: required: false description: 'List of target platforms for build' @@ -59,9 +59,8 @@ inputs: description: 'Checkout davinci repository' default: 'false' registry-name: - required: false + required: true description: 'Registry to push the builded image' - default: 'us-central1-docker.pkg.dev/toptal-hub/containers' runs: using: composite