-
Notifications
You must be signed in to change notification settings - Fork 34
103 lines (89 loc) · 3.73 KB
/
Copy path_build_docker.yaml
File metadata and controls
103 lines (89 loc) · 3.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# Copyright (c) 2023 - 2026, Oracle and/or its affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
# This is a reuseable workflow to build and test the Docker image. Note that this workflow does not
# push the built Docker image. This reuseable workflow needs two mandatory inputs:
# artifact-name: The name of the artifact to download. This is the same artifact generated by _build.yaml
# artifact-sha256: The hash to verify against the downloaded artifact.
name: Build and push Docker image
on:
workflow_call:
inputs:
artifact-name:
required: true
type: string
artifact-sha256:
required: true
type: string
permissions:
contents: read
jobs:
build-docker:
runs-on: ubuntu-latest
permissions:
packages: read
steps:
- name: Check out repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
# The Docker integration tests require Python 3.11.
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.11'
- name: Download artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: ${{ inputs.artifact-name }}
path: dist
# Verify hashes by first computing hashes for the artifacts and then comparing them
# against the hashes for the artifact.
- name: Verify the artifact hash
env:
ARTIFACT_HASH: ${{ inputs.artifact-sha256 }}
run: |
set -euo pipefail
echo "Hash of package should be $ARTIFACT_HASH."
echo "$ARTIFACT_HASH" | base64 --decode | sha256sum --strict --check --status || exit 1
# Login so the docker build has access to the internal dependencies image
- name: Log in to GitHub Container Registry
run: docker login ghcr.io --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
# Build the Docker image without pushing it.
- name: Build the Docker image
env:
IMAGE_NAME: ghcr.io/oracle/macaron
run: make build-docker
# Export the built image so downstream jobs/workflows can load and reuse
# the exact same image without pushing to a registry.
- name: Export test Docker image
run: docker save ghcr.io/oracle/macaron:test --output /tmp/macaron-test-image.tar
# Upload the image tarball for the reusable action test workflow.
- name: Upload test Docker image artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: macaron-test-image
path: /tmp/macaron-test-image.tar
if-no-files-found: error
retention-days: 1
# Install helper tooling used by integration test utilities that validate
# the built Docker image behavior.
- name: Install dependencies for integration test utility
run: make setup-integration-test-utility-for-docker
# Run the integration tests against the built Docker image.
- name: Test the Docker image
env:
# This environment variable will be picked up by run_macaron.sh.
MACARON_IMAGE_TAG: test
DOCKER_PULL: never
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: make integration-test-docker
test-macaron-action:
# Reuse the action test workflow against the exact Docker image built above.
# The image is transferred via artifact to avoid pushing to a registry.
needs: [build-docker]
permissions:
contents: read
uses: ./.github/workflows/test_macaron_action.yaml
with:
docker_image_artifact_name: macaron-test-image
macaron_image_tag: test