Merge pull request #10 from LeonStoldt/feat/issue-9-arm64-image

Feat/issue 9 add arm64 image
LeonStoldt · Nov 17, 2023 · 07153cc · 07153cc
2 parents 5bfec9b + f2396c3
commit 07153cc
Show file tree

Hide file tree

Showing 10 changed files with 246 additions and 112 deletions.
diff --git a/.github/actions/build-and-push/action.yaml b/.github/actions/build-and-push/action.yaml
@@ -0,0 +1,92 @@
+name: Build and push image
+description: "Builds docker image and pushes it to registry"
+
+inputs:
+  platform:
+    description: "Platform for docker build"
+    default: "amd64"
+    required: true
+  ansible_image_tag:
+    description: "Image tag of ansible base image"
+    default: "alpine"
+    required: true
+
+outputs:
+  digests:
+    description: "Image digests"
+    value: ${{ steps.build-and-push.outputs.digest }}
+  tags:
+    description: "Image tags"
+    value: ${{ steps.meta.outputs.tags }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Install the cosign tool except on PR https://github.com/sigstore/cosign-installer
+    - name: Install cosign
+      uses: sigstore/cosign-installer@v3.2.0
+
+    - name: Set up QEMU
+      if: ${{ inputs.platform != 'amd64' }}
+      uses: docker/setup-qemu-action@v3
+      with:
+        platforms: ${{ inputs.platform }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: |
+          ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.repository }}
+          ghcr.io/${{ github.repository }}
+        tags: |
+          type=raw,value=latest,enable=${{ is_default_branch && inputs.platform == 'amd64' }}
+          type=raw,value=latest,suffix={{inputs.platform}},enable=${{ is_default_branch && inputs.platform != 'amd64' }}
+          type=sha
+
+    - name: Build and push Docker image
+      id: build-and-push
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        platforms: linux/${{ inputs.platform }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        push: true
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+    - name: Sign the published Docker image
+      shell: bash
+      env:
+        # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+        TAGS: ${{ steps.meta.outputs.tags }}
+        DIGEST: ${{ steps.build-and-push.outputs.digest }}
+      # This step uses the identity token to provision an ephemeral certificate against the sigstore community Fulcio instance.
+      run: |
+        echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+
+    - name: Set output variables
+      shell: bash
+      run: |
+        echo "digests=${{ steps.build-and-push.outputs.digest }}" >> $GITHUB_OUTPUT
+        echo "tags=${{ steps.meta.outputs.tags }}" >> $GITHUB_OUTPUT
diff --git a/.github/actions/integration-test/action.yaml b/.github/actions/integration-test/action.yaml
@@ -0,0 +1,19 @@
+name: Run integration test
+description: "Runs the ansible container as integration test and checks if all containers are up and running"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Install wait-for-it
+      shell: bash
+      run: |
+        sudo apt-get update
+          sudo apt-get install -y wait-for-it
+
+    - name: Run integration test
+      shell: bash
+      run: |
+        make test
diff --git a/.github/actions/post-run/action.yaml b/.github/actions/post-run/action.yaml
@@ -0,0 +1,39 @@
+name: Post-run
+description: "Tasks to run after pipeline is done"
+
+inputs:
+  digests:
+    description: "Digests from previous build step"
+    required: false
+  tags:
+    description: "Tags from previous build step"
+    required: false
+
+runs:
+  using: "composite"
+  steps:
+    - name: Update Docker Hub Description
+      uses: peter-evans/dockerhub-description@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    - name: Set job summary
+      shell: bash
+      run: |
+        cat >> $GITHUB_STEP_SUMMARY <<EOB
+        # Release Report
+        ## Registries
+        - **Image Name:** ghostfolio-installer
+        - [![Docker](https://img.shields.io/badge/docker-%230db7ed.svg?style=for-the-badge&logo=docker&logoColor=white)](docker_hub_url)
+        - ![GitHub](https://img.shields.io/badge/ghcr.io-%23121011.svg?style=for-the-badge&logo=github&logoColor=white)(ghcr_io_url)
+        
+        ## Image Digests
+        > ${{ inputs.tags }}"
+        
+        ## Image Digests
+        > ${{ inputs.digests }}"
+        
+        [docker_hub_url]: https://hub.docker.com/r/${{ github.repository_owner }}/${{ github.repository }}
+        [ghcr_io_url]: ${{ github.server_url}}/${{ github.repository_owner }}/${{ github.repository }}/pkgs/container/${{ github.repository }}
+        EOB
diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,63 @@
+name: Release Docker Image
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 9 * * 5'
+  push:
+    branches:
+      - main
+
+jobs:
+  integration-test:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - uses: ./.github/actions/integration-test
+
+  release:
+    needs: [integration-test]
+    name: Build and push image
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        fail-fast: false
+        include:
+          - platform: amd64
+            base_image_tag: 2.15-alpine-3.18
+          - platform: arm64
+            ansible_image_tag: alpine
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge with sigstore/fulcio when running outside of PRs.
+      id-token: write
+    outputs:
+      digests: ${{ steps.build.outputs.digests }}
+      tags: ${{ steps.build.outputs.tags }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - uses: ./.github/actions/build-and-push
+        id: build
+        with:
+          platform: ${{ matrix.platform }}
+          ansible_image_tag: ${{ matrix.ansible_image_tag }}
+
+  post-run:
+    needs: [ release ]
+    name: Post-run
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - uses: ./.github/actions/post-run
+        with:
+          digests: ${{ needs.release.outputs.digests }}
+          tags: ${{ needs.release.outputs.tags }}
diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
@@ -0,0 +1,16 @@
+name: Run integration tests
+
+on:
+  workflow_dispatch:
+  push:
+    branches-ignore:
+      - main
+
+jobs:
+  integration-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - uses: ./.github/actions/integration-test
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 .idea
-ansible/playbooks/templates/.env
+ansible/playbooks/templates/.env
+test
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,5 @@
-FROM willhallonline/ansible:2.15-alpine-3.18
+ARG ANSIBLE_CORE_TAG
+FROM willhallonline/ansible:${ANSIBLE_CORE_TAG}
 
 LABEL maintainer="tech@leon-stoldt.de" \
     org.label-schema.schema-version="1.0" \
@@ -13,11 +14,8 @@ LABEL maintainer="tech@leon-stoldt.de" \
     net.unraid.docker.icon="https://avatars.githubusercontent.com/u/82473144?s=200"
 
 # Install Docker Compose
-ARG DOCKER_COMPOSE_VERSION=2.23.0
 RUN apk --no-cache add \
-        curl && \
-    curl -L "https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && \
-    chmod +x /usr/local/bin/docker-compose
+        docker-compose
 
 WORKDIR /ansible
 

diff --git a/Makefile b/Makefile
@@ -14,8 +14,18 @@ define wait_for_container
 	done
 endef
 
+define docker-build
+	docker buildx build --pull \
+		--build-arg ANSIBLE_CORE_TAG=$(1) \
+		--platform $(2) \
+		-t ghostfolio-installer .
+endef
+
 build:
-	docker build -t ghostfolio-installer .
+	$(call docker-build,"2.15-alpine-3.18","linux/amd64")
+
+build-arm:
+	$(call docker-build,"alpine","linux/arm64")
 
 run: build
 	 docker run --rm\

diff --git a/ansible/playbooks/install-ghostfolio.yml b/ansible/playbooks/install-ghostfolio.yml
@@ -38,6 +38,6 @@
         chdir: "{{ ghostfolio_dir }}"
 
     - name: Start Docker Compose
-      command: docker-compose up --wait
+      command: docker-compose up -d
       args:
         chdir: "{{ ghostfolio_dir }}"