-
Notifications
You must be signed in to change notification settings - Fork 10
190 lines (162 loc) · 7.31 KB
/
docker.yml
File metadata and controls
190 lines (162 loc) · 7.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
name: CWS Docker Build
# Triggers the workflow on push
on:
push:
schedule:
# trigger a build and test of CWS weekly on Monday at 5 AM PST / 12 PM UTC
- cron: '0 12 * * 1'
permissions:
contents: read
packages: write # Needed to push images to GHCR
jobs:
build-push-run:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
- name: Log in to GitHub Container Registry
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract CWS Version and Define Image Tag
id: image_info
run: |
# Assuming utils.sh is at the repository root
CWS_VER=$(grep 'export CWS_VER=' utils.sh | cut -d"'" -f2)
# Use GitHub owner and repo name for GHCR image path (lowercase)
OWNER_LOWER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
REPO_LOWER=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]')
IMAGE_NAME="ghcr.io/$OWNER_LOWER/$REPO_LOWER"
# Create timestamp for temporal tag
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
# Define tags
echo "version=$CWS_VER" >> $GITHUB_OUTPUT
echo "timestamp=$TIMESTAMP" >> $GITHUB_OUTPUT
echo "original_tag=nasa-ammos/common-workflow-service:$CWS_VER" >> $GITHUB_OUTPUT
echo "ghcr_tag=$IMAGE_NAME:$CWS_VER" >> $GITHUB_OUTPUT
echo "ghcr_tag_temporal=$IMAGE_NAME:$CWS_VER-$TIMESTAMP" >> $GITHUB_OUTPUT
working-directory: ${{ github.workspace }} # Run from repo root
- name: Download Logstash
run: |
curl -o install/logging/logstash-8.12.0.zip https://artifacts.elastic.co/downloads/logstash/logstash-8.12.0-windows-x86_64.zip
- name: Create default certs for build (certs are bundled into the docker image by build.sh)
run: |
cd cws-certs
./generate-certs.sh
# Configure Maven security (master password)
- name: Configure Maven security
run: |
mkdir -p ~/.m2
echo "<settingsSecurity>
<master>${{ secrets.MAVEN_MASTER_PASSWORD }}</master>
</settingsSecurity>" > ~/.m2/settings-security.xml
# Configure Maven settings (encrypted repo password)
- name: Configure Maven settings
run: |
echo "<settings>
<servers>
<server>
<id>${{ secrets.MAVEN_REPO_ID }}</id>
<username>${{ secrets.MAVEN_USERNAME }}</username>
<password>${{ secrets.MAVEN_ENCRYPTED_PASSWORD }}</password>
</server>
</servers>
</settings>" > ~/.m2/settings.xml
- name: Cache Maven packages
uses: actions/cache@v5
with:
path: ~/.m2/repository
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-m2-
- name: Configure Camunda Download Credentials
run: |
echo "machine downloads.camunda.cloud
login ${{ secrets.CAMUNDA_DOWNLOAD_LOGIN }}
password ${{ secrets.CAMUNDA_DOWNLOAD_PASSWORD }}" > ~/.netrc
chmod 400 ~/.netrc
- name: Write license to file
run: |
mkdir -p ~/.camunda
chmod 700 ~/.camunda
cat <<'EOF' > ~/.camunda/license.txt
${{ secrets.CAMUNDA_LICENSE }}
EOF
chmod 400 ~/.camunda/license.txt
- name: Build CWS Docker Image using script
run: |
chmod +x build.sh
# The script builds using the 'nasa-ammos/...' tag internally
# Execute the script directly now that we are in its directory
./build.sh
# Explicitly check the exit code of the script
if [ $? -ne 0 ]; then
echo "::error::Docker image build script failed."
exit 1
fi
working-directory: install/docker/cws-image # Run from the script's directory
- name: Verify and re-tag image for GHCR (with timestamp)
run: |
echo "Verifying Docker image exists..."
docker images | grep "nasa-ammos/common-workflow-service" || echo "WARNING: Image not found!"
echo "Tagging ${{ steps.image_info.outputs.original_tag }} with GHCR tags..."
# Temporal tag with timestamp (unique, never overwrites)
docker tag "${{ steps.image_info.outputs.original_tag }}" "${{ steps.image_info.outputs.ghcr_tag_temporal }}"
echo "✓ Tagged: ${{ steps.image_info.outputs.ghcr_tag_temporal }}"
- name: Push Docker images to GHCR
run: |
echo "Pushing tagged images to GHCR..."
docker push "${{ steps.image_info.outputs.ghcr_tag_temporal }}"
echo "✓ Pushed: ${{ steps.image_info.outputs.ghcr_tag_temporal }}"
- name: Update image tag in docker-compose.yml
run: |
# Escape slashes in the image tag for sed
ESCAPED_TAG=$(echo "${{ steps.image_info.outputs.ghcr_tag_temporal }}" | sed 's/\//\\\//g')
echo "Updating image tag in docker-compose.yml to $ESCAPED_TAG"
# Target both cws and cws-worker services
sed -i "s/image: nasa-ammos\/common-workflow-service:.*/image: $ESCAPED_TAG/g" docker-compose.yml
echo "docker-compose.yml after update:"
cat docker-compose.yml
working-directory: install/docker/console-db-es-ls-kibana
- name: Start Services with Docker Compose
run: |
docker compose up -d
working-directory: install/docker/console-db-es-ls-kibana
- name: Verify CWS Console Startup
run: |
echo "Waiting up to 1 minute for CWS console to become healthy..." # Updated comment
MAX_WAIT=60 # 1 minute max wait # Updated value and comment
INTERVAL=15 # Check every 15 seconds
ELAPSED=0
# Use the healthcheck URL from docker-compose.yml
HEALTHCHECK_URL="https://localhost:38443/cws-ui/login"
while true; do
# Use curl's exit code to check success (-k for self-signed cert, -f to fail on server errors, -s silent, -L follow redirects)
if curl -kfsL --output /dev/null "$HEALTHCHECK_URL"; then
echo "CWS console is up and responding at $HEALTHCHECK_URL!"
echo "Current running containers:"
docker ps
exit 0
fi
if [ $ELAPSED -ge $MAX_WAIT ]; then
echo "CWS console did not become healthy within $MAX_WAIT seconds."
echo "Current running containers:"
docker ps
echo "Docker Compose logs for cws service (cws-console):"
docker compose logs cws
exit 1
fi
sleep $INTERVAL
ELAPSED=$((ELAPSED + INTERVAL))
echo "Still waiting for CWS console... ($ELAPSED/$MAX_WAIT seconds)"
done
working-directory: install/docker/console-db-es-ls-kibana # Ensure correct context for docker-compose logs
- name: Cleanup Private files
if: always()
run: |
rm -rf ~/.camunda
rm -f ~/.netrc