diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml deleted file mode 100644 index 510b72d54..000000000 --- a/.github/workflows/ghcr.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: GHCR - -on: - workflow_dispatch: - push: - branches: [master] - tags: ["v*.*.*"] - -env: - REGISTRY: ghcr.io - -jobs: - build-push-image: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - - strategy: - matrix: - image: [nginx, service] - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - fetch-tags: true - submodules: recursive - - - name: Log into registry ${{ env.REGISTRY }} - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Show Docker Context - run: ./test/check-docker-context.sh --report - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/central-${{ matrix.image }} - - - name: Set up QEMU emulator for multi-arch images - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build and push ${{ matrix.image }} Docker image - uses: docker/build-push-action@v5 - with: - file: ${{ matrix.image }}.dockerfile - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - platforms: 'linux/amd64,linux/arm64' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5217a555e..511be3664 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -4,6 +4,9 @@ on: push: pull_request: +env: + REGISTRY: ghcr.io + jobs: test-misc: # quick, simple checks timeout-minutes: 2 @@ -61,3 +64,64 @@ jobs: - run: ./test/test-images.sh - if: always() run: docker compose logs + check-image-references: + if: ${{ github.ref_type == 'tag' }} + needs: + - test-images + runs-on: ubuntu-latest + strategy: + matrix: + image: [nginx, service] + steps: + - name: Check tag format + run: '[[ "${{ github.ref_name }}" = v*.*.* ]]' + - name: Checkout repository + uses: actions/checkout@v4 + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/central-${{ matrix.image }} + - name: Check release image is referenced in docker-compose.yml + run: 'grep "${{ steps.meta.outputs.tags }}" docker-compose.yml' + build-push-image: + needs: + - check-image-references + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + strategy: + matrix: + image: [nginx, service] + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true + submodules: recursive + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/central-${{ matrix.image }} + - name: Set up QEMU emulator for multi-arch images + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Build and push ${{ matrix.image }} Docker image + uses: docker/build-push-action@v5 + with: + file: ${{ matrix.image }}.dockerfile + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + platforms: 'linux/amd64,linux/arm64' diff --git a/compose-snapshots.sh b/compose-snapshots.sh new file mode 100755 index 000000000..069b4c193 --- /dev/null +++ b/compose-snapshots.sh @@ -0,0 +1,8 @@ +#!/bin/bash -eu +set -o pipefail +shopt -s inherit_errexit + +docker compose \ + --file docker-compose.yml \ + --file snapshots.docker-compose.yml \ + "$@" diff --git a/docker-compose.yml b/docker-compose.yml index 99b10b324..6f9d19083 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -34,9 +34,7 @@ services: - DKIM_KEY_PATH=/etc/exim4/dkim.key.temp restart: always service: - build: - context: . - dockerfile: service.dockerfile + image: 'ghcr.io/getodk/central-service:v2024.3.1' depends_on: - secrets - postgres14 @@ -80,9 +78,7 @@ services: logging: driver: local nginx: - build: - context: . - dockerfile: nginx.dockerfile + image: 'ghcr.io/getodk/central-nginx:v2024.3.1' depends_on: - service - enketo diff --git a/snapshots.docker-compose.yml b/snapshots.docker-compose.yml new file mode 100644 index 000000000..4635e85dc --- /dev/null +++ b/snapshots.docker-compose.yml @@ -0,0 +1,7 @@ +services: + service: + build: + dockerfile: service.dockerfile + nginx: + build: + dockerfile: nginx.dockerfile diff --git a/tag-release.sh b/tag-release.sh new file mode 100755 index 000000000..0aa40e15b --- /dev/null +++ b/tag-release.sh @@ -0,0 +1,84 @@ +#!/bin/bash -eu +set -o pipefail +shopt -s inherit_errexit + +log() { echo "[release] $*"; } + +log "Checking git branch..." +currentBranch="$(git rev-parse --abbrev-ref HEAD)" +if [[ "$currentBranch" = master ]]; then + log "!!!" + log "!!! Unexpected branch: $currentBranch" + log "!!!" + log "!!! This script should NOT be run on the master branch." + log "!!!" + exit 1 +fi +log " Git branch OK." + +log "Checking for uncommitted changes..." +gitStatus="$(git status --porcelain)" +if [[ "$gitStatus" != "" ]]; then + log "!!!" + log "!!! Your working directory is dirty. Make sure you have committed all changes." + log "!!!" + exit 1 +fi +log " No uncommitted changes found." + +log "Checking for divergence from upstream..." +upstream="$(git rev-parse --abbrev-ref '@{upstream}')" +remote="${upstream%%/*}" +log " Fetching from remote '$remote'..." +git fetch "$remote" +log " Comparing to $upstream..." +if ! git diff --exit-code "$upstream"..HEAD; then + log "!!!" + log "!!! Differences found between HEAD and tracking branch $upstream !!!" + log "!!!" + log "!!! Do you need to git push?" + log "!!!" + exit 1 +fi +log " HEAD seems to be in-line with upstream." + +year="$(date +%Y)" +if git tag | grep "^v$year\."; then + lastMinor="$(git tag | grep "^v$year" | tail -n1 | cut -d'.' -f2)" + suggestedVersion="v$year.$((lastMinor+1)).0" +else + suggestedVersion="v$year.1.0" +fi +read -r -e \ + -p "[release] Version to release: " \ + -i "$suggestedVersion" newVersion +if ! [[ "$newVersion" = v*.*.* ]]; then + log "!!!" + log "!!! Version '$newVersion' does not match expected format." + log "!!!" + exit 1 +fi + +log "Updating version numbers in docker-compose.yml ..." +tmpfile="$(mktemp)" +sed -E \ + -e "s_(image:\s+'.*/.*/central-nginx):.*'_\1:$newVersion'_" \ + -e "s_(image:\s+'.*/.*/central-service):.*'_\1:$newVersion'_" \ + docker-compose.yml > "$tmpfile" +mv "$tmpfile" docker-compose.yml + +log "Committing changes to git..." +git add docker-compose.yml +git commit -m"Release version: $newVersion" +git tag "$newVersion" + +log "Pushing release to git..." +git push && git push --tags + +echo +log "Release tagging complete. Check build progress at:" +log "" +log " https://github.com/getodk/central/actions" +log "" +log "Once GitHub Actions has uploaded all images, master branch can be updated." +echo diff --git a/test/test-images.sh b/test/test-images.sh index 2e6fcbf2c..e0c03e715 100755 --- a/test/test-images.sh +++ b/test/test-images.sh @@ -4,6 +4,10 @@ shopt -s inherit_errexit log() { echo >&2 "[$(basename "$0")] $*"; } +docker_compose() { + ./compose-snapshots.sh "$@" +} + tmp="$(mktemp)" check_path() { @@ -14,7 +18,7 @@ check_path() { for (( i=0; ; ++i )); do log "Checking response from $requestPath ..." echo -e "GET $requestPath HTTP/1.0\r\nHost: local\r\n\r\n" | - docker compose exec --no-TTY nginx \ + docker_compose exec --no-TTY nginx \ openssl s_client -quiet -connect 127.0.0.1:443 \ >"$tmp" 2>&1 || true if grep --silent --fixed-strings "$expected" "$tmp"; then @@ -44,10 +48,10 @@ SYSADMIN_EMAIL=no-reply@getodk.org' > .env touch ./files/allow-postgres14-upgrade log "Building docker containers..." -docker compose build +docker_compose build log "Starting containers..." -docker compose up --detach +docker_compose up --detach log "Verifying frontend..." check_path 60 / 'ODK Central'