Skip to content

Commit

Permalink
Docker workflow test
Browse files Browse the repository at this point in the history
  • Loading branch information
mephenor committed May 28, 2024
1 parent e38a676 commit 0f31d71
Show file tree
Hide file tree
Showing 4 changed files with 184 additions and 5 deletions.
86 changes: 86 additions & 0 deletions .github/workflows/ci_docker.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
# Copyright 2022-2023 Universität Tübingen, DKFZ and EMBL
# for the German Human Genome-Phenome Archive (GHGA)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: "GHGA CI action tasks"
description: "Tasks that are executed in our CI pipeline for GHGA microservices"
inputs:
dockerhub_username:
description: "The DockerHub username"
required: true
default: "ghga"
dockerhub_token:
description: "The DockerHub token used to authenticate"
required: true
dockerhub_namespace:
description: "The namespace used to publish to the registry."
required: true
default: ghga
dockerhub_platforms:
description: "Platforms passed to DockerHub build and push action."
default: "linux/amd64,linux/arm64"
working_directory:
description: "Directory which contains Dockerfile and project configuration files."
required: true
trivy_severity:
description: "Severities of vulnerabilities to scanned for and displayed."
default: "CRITICAL,HIGH"
service_name:
description: "Full, lower case hypehenated service name"
required: true
version:
description: "The version to publish to the registry."
required: true


runs:
using: "composite"
steps:
- uses: actions/checkout@v3
name: Check out code

- uses: docker/setup-qemu-action@v2
name: Set up QEMU

- uses: docker/setup-buildx-action@v2
name: Set up Docker Buildx

- uses: docker/login-action@v2
name: Login to DockerHub
with:
username: ${{ inputs.dockerhub_username }}
password: ${{ inputs.dockerhub_token }}

- uses: docker/build-push-action@v4
name: Build and push
id: docker_build
with:
push: true
platforms: "${{ inputs.dockerhub_platforms }}"
tags: "${{ inputs.dockerhub_namespace }}/${{ inputs.service_name }}:${{ inputs.version }}"
context: "${{ inputs.working_directory }}"

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/${{ inputs.dockerhub_namespace }}/${{ inputs.service_name }}:${{ inputs.version }}"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: ${{ inputs.trivy_severity }}

- name: Image digest
shell: bash
run: echo ${{ steps.docker_build.outputs.digest }}
59 changes: 59 additions & 0 deletions .github/workflows/docker_debug.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# Copyright 2022-2023 Universität Tübingen, DKFZ and EMBL
# for the German Human Genome-Phenome Archive (GHGA)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: "GHGA CI action tasks"
description: "Tasks that are executed in our CI pipeline for GHGA microservices"
inputs:
dockerhub_namespace:
description: "The namespace used to publish to the registry."
required: true
default: ghga
dockerhub_platforms:
description: "Platforms passed to DockerHub build and push action."
default: "linux/amd64,linux/arm64"
working_directory:
description: "Directory which contains Dockerfile and project configuration files."
required: true
service_name:
description: "Full, lower case hypehenated service name"
required: true
version:
description: "The version to publish to the registry."
required: true


runs:
using: "composite"
steps:
- uses: actions/checkout@v4
name: Check out code

- uses: docker/setup-qemu-action@v2
name: Set up QEMU

- uses: docker/setup-buildx-action@v2
name: Set up Docker Buildx

- uses: docker/build-push-action@v4
name: Build and push
id: docker_build
with:
platforms: "${{ inputs.dockerhub_platforms }}"
tags: "${{ inputs.dockerhub_namespace }}/${{ inputs.service_name }}:${{ inputs.version }}"
context: "${{ inputs.working_directory }}"

- name: Image digest
shell: bash
run: echo ${{ steps.docker_build.outputs.digest }}
12 changes: 7 additions & 5 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -14,19 +14,19 @@
# limitations under the License.

## creating building container
FROM python:3.10.9-slim-bullseye AS builder
FROM python:3.12-slim-bookworm AS builder
# update and install dependencies
RUN apt update
RUN apt upgrade -y
RUN pip install build
# copy code
COPY . /service
WORKDIR /service
# build wheels
RUN for svc in ./services/*; do python -m build $svc --outdir ./dist; done
# build wheel
RUN python -m build

# creating running container
FROM python:3.10.9-slim-bullseye
FROM python:3.12-slim-bookworm
# update and install dependencies
RUN apt update
RUN apt upgrade -y
Expand All @@ -43,4 +43,6 @@ RUN useradd --create-home appuser
WORKDIR /home/appuser
USER appuser
# set environment
ENV PYTHONUNBUFFERED=1
ENV PYTHONUNBUFFERED=1s

ENTRYPOINT []
32 changes: 32 additions & 0 deletions scripts/service_name.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Copyright 2021 - 2023 Universität Tübingen, DKFZ, EMBL, and Universität zu Köln
# for the German Human Genome-Phenome Archive (GHGA)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import tomllib
from stringcase import spinalcase

from script_utils.cli import run


def main(*, service: str):
with open(f"services/{service}/pyproject.toml", "rb") as pyproject:
description: str = tomllib.load(pyproject)["project"]["description"]
if "-" in description:
description = description.split("-")[0]
description = description.replace(" ", "")
print(spinalcase(description))


if __name__ == "__main__":
run(main)

0 comments on commit 0f31d71

Please sign in to comment.