GitHub workflow action: create docker images on release (#7)

open-eid · Sep 4, 2024 · 7b16600 · 7b16600
1 parent f216a51
commit 7b16600
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 3 deletions.
diff --git a/.github/workflows/maven-release.yml b/.github/workflows/maven-release.yml
@@ -9,7 +9,6 @@ on:
 
 jobs:
   publish:
-
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -28,3 +27,44 @@ jobs:
         run: mvn deploy -s $GITHUB_WORKSPACE/settings.xml
         env:
           GITHUB_TOKEN: ${{ github.token }}
+
+      # test if username and password are correct (may still fail if no write access or wrong package name)
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
+      - name: Build Docker/OCI images and publish to GH Container registry (ghcr.io)
+        run: |
+          mvn spring-boot:build-image -f get-server \
+            -s $GITHUB_WORKSPACE/settings.xml \
+            -Dmaven.test.skip=true \
+            -Dspring-boot.build-image.publish=true \
+            -Ddocker.publishRegistry.url=${REGISTRY} \
+            -Ddocker.publishRegistry.username=${USERNAME} \
+            -Ddocker.publishRegistry.password=${GITHUB_TOKEN} \
+            -Dspring-boot.build-image.imageName=${REGISTRY}/${GITHUB_REPOSITORY_OWNER}/cdoc2-get-server:${TAG}-${GITHUB_SHA} \
+            -Dspring-boot.build-image.tags=${REGISTRY}/${GITHUB_REPOSITORY_OWNER}/cdoc2-get-server:latest
+          mvn spring-boot:build-image -f put-server \
+            -s $GITHUB_WORKSPACE/settings.xml \
+            -Dmaven.test.skip=true \
+            -Dspring-boot.build-image.publish=true \
+            -Ddocker.publishRegistry.url=${REGISTRY} \
+            -Ddocker.publishRegistry.username=${USERNAME} \
+            -Ddocker.publishRegistry.password=${GITHUB_TOKEN} \
+            -Dspring-boot.build-image.imageName=${REGISTRY}/${GITHUB_REPOSITORY_OWNER}/cdoc2-put-server:${TAG}-${GITHUB_SHA} \
+            -Dspring-boot.build-image.tags=${REGISTRY}/${GITHUB_REPOSITORY_OWNER}/cdoc2-put-server:latest
+        env:
+          REGISTRY: ghcr.io
+          USERNAME: ${{ github.actor }}
+          GITHUB_TOKEN: ${{ github.token }}
+          # Note: git tag can contain more symbols than Container registry, allowed for docker tag:
+          # lowercase and uppercase letters, digits, underscores, periods, and hyphens.
+          # Note: imageName tag is built from git tag which can be different from module version
+          TAG: ${{ github.event.release.tag_name }}
+          # use open-eid Maven repo for dependencies download, see pom.xml
+          MAVEN_REPO: open-eid/cdoc2-capsule-server
+
+
diff --git a/README.md b/README.md
@@ -73,15 +73,23 @@ by [defining repository variable](https://docs.github.com/en/actions/writing-wor
 
 See [getting-started.md](getting-started.md) and [admin-guide.md](admin-guide.md)
 
+### Running pre-built Docker/OCI images
+
+Download `cdoc2-put-server` and `cdoc2-get-server` images from [open-eid Container registry](https://github.com/open-eid?ecosystem=container&tab=packages)
+
+[ghcr.io login](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-with-a-personal-access-token-classic)
+
+TODO: Configuring Docker images
 
 ## Releasing and versioning
 
 See [VERSIONING.md](https://github.com/open-eid/cdoc2-java-ref-impl/blob/master/VERSIONING.md)
 
 ### GitHub release
 
-[Create release](https://docs.github.com/en/repositories/releasing-projects-on-github/managing-releases-in-a-repository#creating-a-release) on tag done by VERSIONING.md process. It will trigger `maven-release.yml` workflow that
-will deploy Maven packages to GitHub Maven package repository.
+[Create release](https://docs.github.com/en/repositories/releasing-projects-on-github/managing-releases-in-a-repository#creating-a-release) on tag done by [VERSIONING.md](https://github.com/open-eid/cdoc2-java-ref-impl/blob/master/VERSIONING.md) process. 
+It will trigger `maven-release.yml` workflow that will deploy Maven packages to GitHub Maven package repository
+and build & publish Docker/OCI images.
 
 
 ## Related projects

diff --git a/cdoc2-shared-crypto/pom.xml b/cdoc2-shared-crypto/pom.xml
@@ -111,6 +111,13 @@
                 </configuration>
             </plugin>
 
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-deploy-plugin</artifactId>
+                <version>3.1.3</version>
+            </plugin>
+
+
         </plugins>
     </build>
 

diff --git a/get-server/pom.xml b/get-server/pom.xml
@@ -417,10 +417,23 @@
 						<env>
 							<BP_JVM_VERSION>${java.version}</BP_JVM_VERSION>
 							<BP_SPRING_CLOUD_BINDINGS_DISABLED>true</BP_SPRING_CLOUD_BINDINGS_DISABLED>
+							<!--suppress UnresolvedMavenProperty -->
 							<BP_DEPENDENCY_MIRROR>${bp.dependency.mirror}</BP_DEPENDENCY_MIRROR>
 							<BPL_SPRING_CLOUD_BINDINGS_DISABLED>true</BPL_SPRING_CLOUD_BINDINGS_DISABLED>
 						</env>
+						<!--suppress UnresolvedMavenProperty -->
+						<tags>${spring-boot.build-image.tags}</tags>
 					</image>
+					<docker>
+						<publishRegistry>
+							<!--suppress UnresolvedMavenProperty -->
+							<url>${docker.publishRegistry.url}</url>
+							<!--suppress UnresolvedMavenProperty -->
+							<username>${docker.publishRegistry.username}</username>
+							<!--suppress UnresolvedMavenProperty -->
+							<password>${docker.publishRegistry.password}</password>
+						</publishRegistry>
+					</docker>
 				</configuration>
 				<executions>
 					<execution>

diff --git a/put-server/pom.xml b/put-server/pom.xml
@@ -416,10 +416,23 @@
 						<env>
 							<BP_JVM_VERSION>${java.version}</BP_JVM_VERSION>
 							<BP_SPRING_CLOUD_BINDINGS_DISABLED>true</BP_SPRING_CLOUD_BINDINGS_DISABLED>
+							<!--suppress UnresolvedMavenProperty -->
 							<BP_DEPENDENCY_MIRROR>${bp.dependency.mirror}</BP_DEPENDENCY_MIRROR>
 							<BPL_SPRING_CLOUD_BINDINGS_DISABLED>true</BPL_SPRING_CLOUD_BINDINGS_DISABLED>
 						</env>
+						<!--suppress UnresolvedMavenProperty -->
+						<tags>${spring-boot.build-image.tags}</tags>
 					</image>
+					<docker>
+						<publishRegistry>
+							<!--suppress UnresolvedMavenProperty -->
+							<url>${docker.publishRegistry.url}</url>
+							<!--suppress UnresolvedMavenProperty -->
+							<username>${docker.publishRegistry.username}</username>
+							<!--suppress UnresolvedMavenProperty -->
+							<password>${docker.publishRegistry.password}</password>
+						</publishRegistry>
+					</docker>
 				</configuration>
 				<executions>
 					<execution>