219 lines
7.3 KiB
YAML
219 lines
7.3 KiB
YAML
name: Regional Docker Builds
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- 'devops/docker/**'
|
|
- 'devops/compose/docker-compose.*.yml'
|
|
- 'etc/appsettings.crypto.*.yaml'
|
|
- 'etc/crypto-plugins-manifest.json'
|
|
- 'src/__Libraries/StellaOps.Cryptography.Plugin.**'
|
|
- '.gitea/workflows/docker-regional-builds.yml'
|
|
pull_request:
|
|
paths:
|
|
- 'devops/docker/**'
|
|
- 'devops/compose/docker-compose.*.yml'
|
|
- 'etc/appsettings.crypto.*.yaml'
|
|
- 'etc/crypto-plugins-manifest.json'
|
|
- 'src/__Libraries/StellaOps.Cryptography.Plugin.**'
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
REGISTRY: registry.stella-ops.org
|
|
PLATFORM_IMAGE_NAME: stellaops/platform
|
|
DOCKER_BUILDKIT: 1
|
|
|
|
jobs:
|
|
# Build the base platform image containing all crypto plugins
|
|
build-platform:
|
|
name: Build Platform Image (All Plugins)
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ gitea.actor }}
|
|
password: ${{ secrets.GITEA_TOKEN }}
|
|
|
|
- name: Extract metadata (tags, labels)
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY }}/${{ env.PLATFORM_IMAGE_NAME }}
|
|
tags: |
|
|
type=ref,event=branch
|
|
type=ref,event=pr
|
|
type=semver,pattern={{version}}
|
|
type=semver,pattern={{major}}.{{minor}}
|
|
type=sha,prefix={{branch}}-
|
|
type=raw,value=latest,enable={{is_default_branch}}
|
|
|
|
- name: Build and push platform image
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: ./devops/docker/Dockerfile.platform
|
|
target: runtime-base
|
|
push: ${{ github.event_name != 'pull_request' }}
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.PLATFORM_IMAGE_NAME }}:buildcache
|
|
cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.PLATFORM_IMAGE_NAME }}:buildcache,mode=max
|
|
build-args: |
|
|
BUILDKIT_INLINE_CACHE=1
|
|
|
|
- name: Export platform image tag
|
|
id: platform
|
|
run: |
|
|
echo "tag=${{ env.REGISTRY }}/${{ env.PLATFORM_IMAGE_NAME }}:${{ github.sha }}" >> $GITHUB_OUTPUT
|
|
|
|
outputs:
|
|
platform-tag: ${{ steps.platform.outputs.tag }}
|
|
|
|
# Build regional profile images for each service
|
|
build-regional-profiles:
|
|
name: Build Regional Profiles
|
|
runs-on: ubuntu-latest
|
|
needs: build-platform
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
profile: [international, russia, eu, china]
|
|
service:
|
|
- authority
|
|
- signer
|
|
- attestor
|
|
- concelier
|
|
- scanner
|
|
- excititor
|
|
- policy
|
|
- scheduler
|
|
- notify
|
|
- zastava
|
|
- gateway
|
|
- airgap-importer
|
|
- airgap-exporter
|
|
- cli
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ gitea.actor }}
|
|
password: ${{ secrets.GITEA_TOKEN }}
|
|
|
|
- name: Extract metadata
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY }}/stellaops/${{ matrix.service }}
|
|
tags: |
|
|
type=raw,value=${{ matrix.profile }},enable={{is_default_branch}}
|
|
type=raw,value=${{ matrix.profile }}-${{ github.sha }}
|
|
type=raw,value=${{ matrix.profile }}-pr-${{ github.event.pull_request.number }},enable=${{ github.event_name == 'pull_request' }}
|
|
|
|
- name: Build and push regional service image
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: ./devops/docker/Dockerfile.crypto-profile
|
|
target: ${{ matrix.service }}
|
|
push: ${{ github.event_name != 'pull_request' }}
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
build-args: |
|
|
CRYPTO_PROFILE=${{ matrix.profile }}
|
|
BASE_IMAGE=${{ needs.build-platform.outputs.platform-tag }}
|
|
SERVICE_NAME=${{ matrix.service }}
|
|
|
|
# Validate regional configurations
|
|
validate-configs:
|
|
name: Validate Regional Configurations
|
|
runs-on: ubuntu-latest
|
|
needs: build-regional-profiles
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
profile: [international, russia, eu, china]
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Validate crypto configuration YAML
|
|
run: |
|
|
# Install yq for YAML validation
|
|
sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
|
|
sudo chmod +x /usr/local/bin/yq
|
|
|
|
# Validate YAML syntax
|
|
yq eval 'true' etc/appsettings.crypto.${{ matrix.profile }}.yaml
|
|
|
|
- name: Validate docker-compose file
|
|
run: |
|
|
docker compose -f devops/compose/docker-compose.${{ matrix.profile }}.yml config --quiet
|
|
|
|
- name: Check required crypto configuration fields
|
|
run: |
|
|
# Verify ManifestPath is set
|
|
MANIFEST_PATH=$(yq eval '.StellaOps.Crypto.Plugins.ManifestPath' etc/appsettings.crypto.${{ matrix.profile }}.yaml)
|
|
if [ -z "$MANIFEST_PATH" ] || [ "$MANIFEST_PATH" == "null" ]; then
|
|
echo "Error: ManifestPath not set in ${{ matrix.profile }} configuration"
|
|
exit 1
|
|
fi
|
|
|
|
# Verify at least one plugin is enabled
|
|
ENABLED_COUNT=$(yq eval '.StellaOps.Crypto.Plugins.Enabled | length' etc/appsettings.crypto.${{ matrix.profile }}.yaml)
|
|
if [ "$ENABLED_COUNT" -eq 0 ]; then
|
|
echo "Error: No plugins enabled in ${{ matrix.profile }} configuration"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Configuration valid: ${{ matrix.profile }}"
|
|
|
|
# Summary job
|
|
summary:
|
|
name: Build Summary
|
|
runs-on: ubuntu-latest
|
|
needs: [build-platform, build-regional-profiles, validate-configs]
|
|
if: always()
|
|
|
|
steps:
|
|
- name: Generate summary
|
|
run: |
|
|
echo "## Regional Docker Builds Summary" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "Platform image built successfully: ${{ needs.build-platform.result == 'success' }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "Regional profiles built: ${{ needs.build-regional-profiles.result == 'success' }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "Configurations validated: ${{ needs.validate-configs.result == 'success' }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "### Build Details" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Commit: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Branch: ${{ github.ref_name }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Event: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY
|