Container Images Scheduled Maintenance #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Container Images Scheduled Maintenance | |
| on: | |
| # TODO: think about adding a (filtered) push event trigger here in case we change the patches | |
| # --- | |
| # Allow manual workflow triggers in case we need to repair images on Docker Hub (build and replace) | |
| workflow_dispatch: | |
| inputs: | |
| force_build: | |
| type: boolean | |
| required: false | |
| default: false | |
| description: "Build and deploy even if no newer Java images or package updates are found." | |
| schedule: | |
| - cron: '23 3 * * 0' # Run for 'develop' every Sunday at 03:23 UTC | |
| env: | |
| PLATFORMS: linux/amd64,linux/arm64 | |
| NUM_PAST_RELEASES: 3 | |
| jobs: | |
| build: | |
| name: Build image | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: read | |
| # TODO: re-enable for final PR | |
| # Only run in upstream repo - avoid unnecessary runs in forks | |
| #if: ${{ github.repository_owner == 'IQSS' }} | |
| steps: | |
| - name: Checkout and Setup Maven | |
| # TODO: change to upstream location in final PR | |
| # Necessary as the checked out release branch might not contain the action as files | |
| uses: gdcc/wip-dataverse-base-image/.github/actions/setup-maven@10478-version-base-img | |
| with: | |
| pom-paths: modules/container-base/pom.xml | |
| # Note: Accessing, pushing tags etc. to DockerHub will only succeed in upstream and | |
| # on events in context of upstream because secrets. PRs run in context of forks by default! | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Set up QEMU for multi-arch builds | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: ${{ env.PLATFORMS }} | |
| # Discover the releases we want to maintain | |
| - name: Discover maintained releases | |
| id: discover | |
| run: | | |
| DEVELOPMENT_BRANCH=$( curl -f -sS https://api.github.com/repos/${{ github.repository }} | jq -r '.default_branch' ) | |
| echo "DEVELOPMENT_BRANCH=$DEVELOPMENT_BRANCH" | tee -a "$GITHUB_ENV" | |
| echo "branches=$( curl -f -sS https://api.github.com/repos/IQSS/dataverse/releases | jq -r " .[0:${{ env.NUM_PAST_RELEASES }}] | .[].tag_name, \"${DEVELOPMENT_BRANCH}\" " | tr "\n" " " )" | tee -a "${GITHUB_OUTPUT}" | |
| # Execute matrix build for the discovered branches | |
| - name: Execute build matrix script | |
| id: execute | |
| run: | | |
| echo "force_build=${{ inputs.force_build }}" | |
| .github/workflows/scripts/maintenance-job.sh ${{ steps.discover.outputs.branches }} | |
| # TODO: This job should become part of the matrix as an action, so we don't need to fiddle with matrix outputs hacks | |
| #push-app-img: | |
| # name: "Rebase & Publish App Image" | |
| # permissions: | |
| # contents: read | |
| # packages: write | |
| # pull-requests: write | |
| # secrets: inherit | |
| # needs: | |
| # - discover | |
| # - build | |
| # strategy: | |
| # fail-fast: false | |
| # matrix: | |
| # branch: ${{ fromJson(needs.discover.outputs.branches) }} | |
| # uses: ./.github/workflows/container_app_push.yml | |
| # with: | |
| # branch: ${{ matrix.branch }} | |
| # TODO: job to update the docker hub description with supported tags and all | |
| # - name: Push description to DockerHub | |
| # uses: peter-evans/dockerhub-description@v3 | |
| # with: | |
| # username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| # password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # repository: gdcc/base | |
| # short-description: "Dataverse Base Container image providing Payara application server and optimized configuration" | |
| # readme-filepath: ./modules/container-base/README.md |