add build and publish workflow (#1102)

*** need to merge [sbl-project pr](cfpb/sbl-project#331) prior to mergeing this one *** - adding workflow for build and publish images to GHCR - updated current pattern to include new workflow
cfpb · Jan 15, 2025 · fd85f68 · fd85f68
1 parent 806d72d
commit fd85f68
Show file tree

Hide file tree

Showing 4 changed files with 151 additions and 13 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,48 @@
+name: BuildImage
+
+on:
+  workflow_call:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout GitHub Action'
+        id: checkout
+        uses: actions/checkout@v4
+
+      # not tagging with version yet, adding this in the event we start versioning
+      - name: Get Version
+        id: version
+        if: github.ref == 'refs/heads/main'
+        run: |
+          echo "TAG_VERSION=$(cat package.json | jq -r .version)" >> $GITHUB_ENV
+
+      - name: 'Build Release Image'
+        id: buildrelease
+        if: github.ref == 'refs/heads/main'
+        run: |
+          docker build -t ghcr.io/cfpb/regtech/sbl/sbl-frontend:latest -f Dockerfile .
+
+      - name: 'Build Test Image'
+        id: buildtest
+        if: github.ref != 'refs/heads/main'
+        run: |
+          docker build -t ghcr.io/cfpb/regtech/sbl/sbl-frontend:pr_test_${{ github.event.number }} -f Dockerfile .
+
+      - name: 'Login to GitHub Container Registry'
+        id: login
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{github.actor}}
+          password: ${{secrets.GITHUB_TOKEN}}
+
+      - name: 'Publish Image'
+        id: publish
+        if: steps.login.conclusion == 'success'
+        run: |
+          docker push ghcr.io/cfpb/regtech/sbl/sbl-frontend --all-tags
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -14,15 +14,23 @@ jobs:
     uses: ./.github/workflows/lint.yml
     needs: call-pre
 
+  call-build:
+    name: Build
+    if: ${{ always() }}
+    uses: ./.github/workflows/build.yml
+    needs: call-lint
+
   call-test:
     name: Test
     if: ${{ always() }}
     uses: ./.github/workflows/test.yml
-    needs: call-lint
-
+    needs: call-build
+    with:
+      use_release_images: true
+
   call-codeql:
     name: CodeQL
     if: ${{ always() }}
     uses: ./.github/workflows/codeql.yml
     needs: call-lint
-
+
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -14,15 +14,23 @@ jobs:
     uses: ./.github/workflows/lint.yml
     needs: call-pre
 
+  call-build:
+    name: Build
+    if: ${{ always() }}
+    uses: ./.github/workflows/build.yml
+    needs: call-lint
+
   call-test:
     name: Test
     if: ${{ always() }}
     uses: ./.github/workflows/test.yml
-    needs: call-lint
-
+    needs: call-build
+    with:
+      use_release_images: true
+
   call-codeql:
     name: CodeQL
     if: ${{ always() }}
     uses: ./.github/workflows/codeql.yml
     needs: call-lint
-
+
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -2,7 +2,12 @@ name: Test
 
 on:
   workflow_call:
-
+    inputs:
+      use_release_images:
+        description: 'Optionally pull images from GHCR instead of building'
+        default: false
+        required: false
+        type: boolean
 jobs:
   react:
     name: React
@@ -41,60 +46,120 @@ jobs:
         uses: actions/checkout@v4
         with:
           path: 'sbl-frontend'
+
       - name: Checkout Cleanup API
         uses: actions/checkout@v4
+        if: inputs.use_release_images != true
         with:
           repository: 'cfpb/regtech-cleanup-api'
           path: 'regtech-cleanup-api'
+
       - name: Checkout Mail API
         uses: actions/checkout@v4
+        if: inputs.use_release_images != true
         with:
           repository: 'cfpb/regtech-mail-api'
           path: 'regtech-mail-api'
+
       - name: Checkout User Fi
         uses: actions/checkout@v4
+        if: inputs.use_release_images != true
         with:
           repository: 'cfpb/regtech-user-fi-management'
           path: 'regtech-user-fi-management'
+
       - name: Checkout Filing API
         uses: actions/checkout@v4
+        if: inputs.use_release_images != true
         with:
           repository: 'cfpb/sbl-filing-api'
           path: 'sbl-filing-api'
+
       - name: Checkout SBL Project
         uses: actions/checkout@v4
         with:
           repository: 'cfpb/sbl-project'
           path: 'sbl-project'
+          ref: test/docker-compose-using-released-images
 
       # Set the environment
       - name: Set Environment
         uses: ./sbl-frontend/.github/actions/setvars
         with:
           varFilePath: ./sbl-frontend/.github/variables/.env
 
-      # Build images      
+      # Build images
       - name: Build Frontend
+        if: inputs.use_release_images != true
         run: |
           cd sbl-frontend
           docker build -t sbl-project-sbl-frontend:latest .
+
       - name: Build Cleanup API
+        if: inputs.use_release_images != true
         run: |
           cd regtech-cleanup-api
           docker build -t sbl-project-cleanup:latest .
+
       - name: Build Mail API
+        if: inputs.use_release_images != true
         run: |
           cd regtech-mail-api
           docker build -t sbl-project-mail-api:latest .
+
       - name: Build User Fi API
+        if: inputs.use_release_images != true
         run: |
           cd regtech-user-fi-management
           docker build -t sbl-project-user-fi:latest .
+
       - name: Build Filing API
+        if: inputs.use_release_images != true
         run: |
           cd sbl-filing-api
           docker build -t sbl-project-filing:latest .
 
+      # Pull images and tag as if we were building local
+      - name: 'Login to GitHub Container Registry'
+        id: login
+        uses: docker/login-action@v3
+        if: inputs.use_release_images == true
+        with:
+          registry: ghcr.io
+          username: ${{github.actor}}
+          password: ${{secrets.GITHUB_TOKEN}}
+
+      # Pull Frontend image just built and published
+      - name: Pull Frontend
+        if: inputs.use_release_images == true && steps.login.conclusion == 'success'
+        run: |
+          docker pull ghcr.io/cfpb/regtech/sbl/sbl-frontend:pr_test_${{ github.event.number }}
+          docker tag ghcr.io/cfpb/regtech/sbl/sbl-frontend:pr_test_${{ github.event.number }} sbl-project-sbl-frontend:latest
+
+      - name: Pull Cleanup API
+        if: inputs.use_release_images == true && steps.login.conclusion == 'success'
+        run: |
+          docker pull ghcr.io/cfpb/regtech/sbl/regtech-cleanup-api:latest
+          docker tag ghcr.io/cfpb/regtech/sbl/regtech-cleanup-api:latest sbl-project-cleanup:latest
+
+      - name: Pull Mail API
+        if: inputs.use_release_images == true && steps.login.conclusion == 'success'
+        run: |
+          docker pull ghcr.io/cfpb/regtech/sbl/regtech-mail-api:latest
+          docker tag ghcr.io/cfpb/regtech/sbl/regtech-mail-api:latest sbl-project-mail-api:latest
+
+      - name: Pull User Fi API
+        if: inputs.use_release_images == true && steps.login.conclusion == 'success'
+        run: |
+          docker pull ghcr.io/cfpb/regtech/sbl/regtech-user-fi-management:latest
+          docker tag ghcr.io/cfpb/regtech/sbl/regtech-user-fi-management:latest sbl-project-user-fi:latest
+
+      - name: Pull Filing API
+        if: inputs.use_release_images == true && steps.login.conclusion == 'success'
+        run: |
+          docker pull ghcr.io/cfpb/regtech/sbl/sbl-filing-api:latest
+          docker tag ghcr.io/cfpb/regtech/sbl/sbl-filing-api:latest sbl-project-filing:latest
+
       # Setup node stuff
       - name: Setup Node 20
         uses: actions/setup-node@v4
@@ -105,23 +170,31 @@ jobs:
 
       # Standup stack
       - name: Standup Stack
+        if: inputs.use_release_images != true
         run: |
           cd sbl-project
           docker compose --profile="backend" --profile="frontend" up -d --remove-orphans --build
-      
+
+      # Standup releases stack
+      - name: Standup Releases Stack
+        if: inputs.use_release_images == true
+        run: |
+          cd sbl-project
+          docker compose --profile="backend" --profile="frontend" up -d --remove-orphans
+
       - name: Check running containers
         run: |
           ls -alh /tmp/filing_uploads
           docker ps
 
       # Setup for test
       - name: Install Local Yarn Dependencies
-        run: | 
+        run: |
           cd sbl-frontend
           yarn
           yarn playwright install --with-deps
 
-      - name: Seed Database    
+      - name: Seed Database
         run: |
           cd sbl-project/dev_setup/mock_data/
           bash create_institutions.sh
@@ -138,9 +211,10 @@ jobs:
           cat ./.env.example.private >> ./.env
           yarn playwright test --workers 4
 
-      # Store artifact test results 
+      # Store artifact test results
       - name: Export docker logs
         if: '!cancelled()'
+        continue-on-error: true
         run: |
           mkdir -p docker-logs
           docker logs sbl-project-sbl-frontend-1 &> ./docker-logs/frontend.log
@@ -151,6 +225,7 @@ jobs:
           docker logs sbl-project-keycloak-1 &> ./docker-logs/keycloak.log
           docker logs sbl-project-mailpit-1 &> ./docker-logs/mailpit.log
           docker logs sbl-project-pg-1 &> ./docker-logs/postgres.log
+          ls -alt docker-logs
 
       - name: Archive Test Results
         uses: actions/upload-artifact@v4
@@ -167,4 +242,3 @@ jobs:
           name: docker-logs
           path: |
             docker-logs
-