Skip to content
Deploy to Docker Hub

Remove cosign installation and signing steps from planning server Doc… #45

Sign in to view logs

Remove cosign installation and signing steps from planning server Doc…

Remove cosign installation and signing steps from planning server Doc… #45

Workflow file for this run

.github/workflows/planning-server-dockerhub.yml at 8e6edfc
name: Deploy to Docker Hub
on:
push:
# branches:
# - main
paths:
- typescript/packages/planning-server/**/*
- .github/workflows/planning-server-dockerhub.yml
pull_request:
workflow_dispatch:
inputs:
push:
description: "Push docker image"
required: false
type: boolean
default: false
env:
PUSH: ${{ ( github.ref == 'refs/heads/main' && github.event_name == 'push' ) || github.event.inputs.push }}
WORKING_DIRECTORY: typescript/packages/planning-server
DENO_VERSION: 1.46.3
TS_ENTRYPOINT: src/index.ts
ARTIFACT_NAME: planning-server
CONTAINER_PORT: 8000
defaults:
run:
working-directory: typescript/packages/planning-server # annoying necessity as env vars are not available in defaults
jobs:
setup:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ${{ github.workspace }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get Git commit timestamps
id: timestamp
run: echo "timestamp=$(git log -1 --pretty=%ct)" >> $GITHUB_OUTPUT
- name: Compute short hash
id: short_hash
run: echo "short_hash=$(git rev-parse --short ${{ github.sha }})" >> $GITHUB_OUTPUT
- name: Get env vars
id: vars
run: |
echo "PUSH=${{ env.PUSH }}" >> $GITHUB_OUTPUT
echo "WORKING_DIRECTORY=${{ env.WORKING_DIRECTORY }}" >> $GITHUB_OUTPUT
echo "DENO_VERSION=${{ env.DENO_VERSION }}" >> $GITHUB_OUTPUT
echo "TS_ENTRYPOINT=${{ env.TS_ENTRYPOINT }}" >> $GITHUB_OUTPUT
echo "ARTIFACT_NAME=${{ env.ARTIFACT_NAME }}" >> $GITHUB_OUTPUT
echo "CONTAINER_PORT=${{ env.CONTAINER_PORT }}" >> $GITHUB_OUTPUT
outputs:
PUSH: ${{ steps.vars.outputs.PUSH }}
WORKING_DIRECTORY: ${{ steps.vars.outputs.WORKING_DIRECTORY }}
DENO_VERSION: ${{ steps.vars.outputs.DENO_VERSION }}
TS_ENTRYPOINT: ${{ steps.vars.outputs.TS_ENTRYPOINT }}
ARTIFACT_NAME: ${{ steps.vars.outputs.ARTIFACT_NAME }}
CONTAINER_PORT: ${{ steps.vars.outputs.CONTAINER_PORT }}
SHORT_HASH: ${{ steps.short_hash.outputs.short_hash }}
TIMESTAMP: ${{ steps.timestamp.outputs.timestamp }}
test:
continue-on-error: true # TODO: remove this when tests are validated
name: Test under Deno
runs-on: ubuntu-latest
steps:
- name: cache deno installation and deno.land dependencies
uses: actions/cache@v4
with:
key: ${{ runner.os }}-deno-${{ hashFiles('**/*.ts') }}
restore-keys: ${{ runner.os }}-deno-
path: |
/home/runner/.deno
/home/runner/.cache/deno/deps/https/deno.land
- name: Checkout
uses: actions/checkout@v4
- name: Set up Deno
uses: denoland/setup-deno@v1
with:
deno-version: ${{ env.DENO_VERSION }}
- run: deno run test
compile:
# supported deno architectures:
# x86_64-unknown-linux-gnu, aarch64-unknown-linux-gnu, x86_64-pc-windows-msvc, x86_64-apple-darwin, aarch64-apple-darwin
strategy:
fail-fast: false
matrix:
include:
- host_os: ubuntu-latest
target: x86_64-unknown-linux-gnu
os: linux
arch: x86_64
- host_os: ubuntu-latest
target: aarch64-unknown-linux-gnu
os: linux
arch: aarch64
- host_os: windows-latest
target: x86_64-pc-windows-msvc
os: windows
arch: x86_64
- host_os: macos-latest
target: x86_64-apple-darwin
os: macos
arch: x86_64
- host_os: macos-latest
target: aarch64-apple-darwin
os: macos
arch: aarch64
runs-on: ${{ matrix.host_os }}
env:
DESTINATION: dist/bin/${{ matrix.os }}/${{ matrix.arch }}/$ARTIFACT_NAME
name: Compile ${{ matrix.os }} ${{ matrix.arch }} binary
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Cache deno installation and deno.land dependencies
uses: actions/cache@v4
with:
key: ${{ runner.os }}-deno-${{ hashFiles('**/*.ts') }}
restore-keys: ${{ runner.os }}-deno-
path: |
/home/runner/.deno
/home/runner/.cache/deno/deps/https/deno.land
- name: Set up Deno
uses: denoland/setup-deno@v1
with:
deno-version: ${{ env.DENO_VERSION }}
- name: Compile Deno entrypoint
run: deno compile --output ${{ env.DESTINATION }} --target ${{ matrix.target }} --allow-all ${{ env.TS_ENTRYPOINT }}
- name: List all files recursively in dist directory (Unix or macOS)
if: ${{ runner.os != 'Windows' }}
run: ls -R $(dirname ${{ env.DESTINATION }})
- name: List all files recursively in dist directory (Windows)
if: ${{ runner.os == 'Windows' }}
run: dir $(dirname ${{ env.DESTINATION }})
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
if-no-files-found: error
name: planning-server-${{ matrix.target }}
path: typescript/packages/planning-server/${{ env.DESTINATION }}${{ runner.os == 'Windows' && '.exe' || '' }}
docker_test:
needs:
- setup
name: Build Docker image${{ needs.setup.outputs.PUSH && ' and push to Docker Hub' || '' }}
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
env:
PUSH: ${{ needs.setup.outputs.PUSH }}
WORKING_DIRECTORY: ${{ needs.setup.outputs.WORKING_DIRECTORY }}
DENO_VERSION: ${{ needs.setup.outputs.DENO_VERSION }}
TS_ENTRYPOINT: ${{ needs.setup.outputs.TS_ENTRYPOINT }}
ARTIFACT_NAME: ${{ needs.setup.outputs.ARTIFACT_NAME }}
CONTAINER_PORT: ${{ needs.setup.outputs.CONTAINER_PORT }}
services:
registry:
image: registry
ports:
- 5000:5000
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3 # https://github.com/docker/setup-qemu-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 # https://github.com/docker/setup-buildx-action
with:
driver-opts: network=host # required for local registry. see: https://docs.docker.com/build/ci/github-actions/local-registry/
- name: Compute full image tag path
id: image_path
run: |
IMAGE_NAME="local/${{ needs.setup.outputs.ARTIFACT_NAME }}:${{ needs.setup.outputs.SHORT_HASH }}"
echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV
echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_OUTPUT
IMAGE_PATH="localhost:5000/$IMAGE_NAME"
echo "IMAGE_PATH=${IMAGE_PATH}" >> $GITHUB_ENV
echo "IMAGE_PATH=${IMAGE_PATH}" >> $GITHUB_OUTPUT
- id: tar_path
run: |
TAR_PATH=/tmp/image.tar
echo "TAR_PATH=${TAR_PATH}" >> $GITHUB_ENV
echo "TAR_PATH=${TAR_PATH}" >> $GITHUB_OUTPUT
- uses: docker/build-push-action@v6 # https://github.com/docker/build-push-action
id: build
env:
SOURCE_DATE_EPOCH: ${{ needs.setup.outputs.TIMESTAMP }} # see https://docs.docker.com/build/ci/github-actions/reproducible-builds
name: Build and locally push Docker image
with:
build-args: |
DENO_VERSION=${{ needs.setup.outputs.DENO_VERSION }}
TS_ENTRYPOINT=${{ needs.setup.outputs.TS_ENTRYPOINT }}
ARTIFACT_NAME=${{ needs.setup.outputs.ARTIFACT_NAME }}
context: ${{ needs.setup.outputs.WORKING_DIRECTORY }}
tags: |
${{ steps.image_path.outputs.IMAGE_PATH }}
cache-from: type=gha
cache-to: type=gha,mode=max
outputs: |
type=docker,dest=${{ steps.tar_path.outputs.TAR_PATH }}
- name: Load image from tarball
run: |
docker load --input "${{ steps.tar_path.outputs.TAR_PATH }}"
docker image ls -a
- name: Launch image in local registry
run: docker run -d --rm -p $CONTAINER_PORT:$CONTAINER_PORT $IMAGE_PATH
- name: Container identity
id: container_id
run: |
CONTAINER_ID=$(docker ps --format "{{.ID}}" --filter "ancestor=$IMAGE_PATH")
echo "CONTAINER_ID=${CONTAINER_ID}" >> $GITHUB_ENV
echo "CONTAINER_ID=${CONTAINER_ID}" >> $GITHUB_OUTPUT
- name: Wait until the container port is open
run: |
for i in {1..10}; do
if nc -z localhost $CONTAINER_PORT; then
echo "Server is up"
break
fi
sleep 1
done
- name: Verify curl is installed
run: curl --version
- name: Test the container
id: test
run: |
curl 'http://localhost:8000/' \
-H 'Content-Type: application/json' \
--data-raw $'{"action":"create","system":"You say 42 to any message","message":"What is the meaning of life?","activeTools":[]}'
continue-on-error: true
- name: Get Docker logs
if: steps.test.outcome == 'failure'
run: docker ps -q | xargs -L 1 docker logs
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
if-no-files-found: error
name: planning-server-image
path: ${{ steps.tar_path.outputs.TAR_PATH }}
outputs:
IMAGE_NAME: ${{ steps.image_path.outputs.IMAGE_NAME }}
IMAGE_PATH: ${{ steps.image_path.outputs.IMAGE_PATH }}
IMAGE_DIGEST: ${{ steps.build.outputs.digest }}
docker:
needs:
- setup
- docker_test
name: Push Docker image to Docker Hub
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Download artifact
id: download
uses: actions/download-artifact@v4
with:
if-no-files-found: error
name: planning-server-image
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Load image from tarball
run: |
ls -l ${{ steps.download.outputs.download-path }}
docker load --input ${{ steps.download.outputs.download-path }}/image.tar
docker image ls -a
- name: Compute image path
id: image_path
run: |
IMAGE_PATH="${{ secrets.DOCKERHUB_USERNAME }}/${{ needs.setup.outputs.ARTIFACT_NAME }}:${{ needs.setup.outputs.SHORT_HASH }}"
echo "IMAGE_PATH=${IMAGE_PATH}" >> $GITHUB_ENV
echo "IMAGE_PATH=${IMAGE_PATH}" >> $GITHUB_OUTPUT
- uses: docker/build-push-action@v6
id: build
env:
SOURCE_DATE_EPOCH: ${{ needs.setup.outputs.TIMESTAMP }} # see https://docs.docker.com/build/ci/github-actions/reproducible-builds
name: Build and push Docker image
with:
build-args: |
DENO_VERSION=${{ needs.setup.outputs.DENO_VERSION }}
TS_ENTRYPOINT=${{ needs.setup.outputs.TS_ENTRYPOINT }}
ARTIFACT_NAME=${{ needs.setup.outputs.ARTIFACT_NAME }}
context: ${{ needs.setup.outputs.WORKING_DIRECTORY }}
push: true
tags: |
${{ steps.image_path.outputs.IMAGE_PATH }}
${{ steps.image_path.outputs.IMAGE_NAME }}:latest
cache-from: |
${{ needs.docker_test.outputs.IMAGE_NAME }}
type=gha
cache-to: type=gha,mode=max
provenance: mode=max