From 652edcb2a20bff3d2ec3f92397f6a8cdf06d5f42 Mon Sep 17 00:00:00 2001 From: "Mahadik, Mukul Chandrakant" Date: Fri, 20 Sep 2024 22:23:08 -0700 Subject: [PATCH 1/6] Task A-6: Switching to step outputs instead of GITHUB_ENV Refer to details in cleanup issue: Task A-6: https://github.com/e-mission/e-mission-docs/issues/1082#issuecomment-2364335425 --- .github/workflows/image_build_push.yml | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/.github/workflows/image_build_push.yml b/.github/workflows/image_build_push.yml index 2b780f8..c3c63e5 100644 --- a/.github/workflows/image_build_push.yml +++ b/.github/workflows/image_build_push.yml @@ -18,22 +18,21 @@ jobs: build: runs-on: ubuntu-latest - env: - DOCKER_TAG_FROM_WORKFLOW_DISPATCH: ${{ github.event.inputs.docker_image_tag }} - steps: - uses: actions/checkout@v4 - - name: Set docker image tag from .env file + - name: Set docker image tags + id: set-tags run: | set -a; source .env; set +a - echo "DOCKER_TAG_FROM_PUSH=${SERVER_IMAGE_TAG}" >> $GITHUB_ENV + echo "DOCKER_TAG_FROM_PUSH=${SERVER_IMAGE_TAG}" >> "$GITHUB_OUTPUT" + echo "DOCKER_TAG_FROM_WORKFLOW_DISPATCH=${{ github.event.inputs.docker_image_tag }}" >> "$GITHUB_OUTPUT" - name: Print input docker image tag run: | echo "Event name: ${{ github.event_name }}" - echo "Latest docker image tag (push): ${{ env.DOCKER_TAG_FROM_PUSH }}" - echo "Latest docker image tag (workflow_dispatch): ${{ env.DOCKER_TAG_FROM_WORKFLOW_DISPATCH }}" + echo "Latest docker image tag (push): ${{ steps.set-tags.outputs.DOCKER_TAG_FROM_PUSH }}" + echo "Latest docker image tag (workflow_dispatch): ${{ steps.set-tags.outputs.DOCKER_TAG_FROM_WORKFLOW_DISPATCH }}" - name: docker login run: | # log into docker hub account @@ -41,7 +40,7 @@ jobs: - name: Get current date # get the date of the build id: date - run: echo "::set-output name=date::$(date +'%Y-%m-%d--%M-%S')" + run: echo "date=$(date +'%Y-%m-%d--%M-%S')" >> "$GITHUB_OUTPUT" - name: Run a one-line script run: echo running in repo ${GITHUB_REPOSITORY#*/} branch ${GITHUB_REF##*/} on ${{ steps.date.outputs.date }} @@ -49,9 +48,9 @@ jobs: - name: build docker image run: | if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then - SERVER_IMAGE_TAG=$DOCKER_TAG_FROM_WORKFLOW_DISPATCH docker compose -f docker-compose-prod.yml build + SERVER_IMAGE_TAG=${{ steps.set-tags.outputs.DOCKER_TAG_FROM_WORKFLOW_DISPATCH }} docker compose -f docker-compose-prod.yml build else - SERVER_IMAGE_TAG=$DOCKER_TAG_FROM_PUSH docker compose -f docker-compose-prod.yml build + SERVER_IMAGE_TAG=${{ steps.set-tags.outputs.DOCKER_TAG_FROM_PUSH }} docker compose -f docker-compose-prod.yml build fi docker images @@ -67,7 +66,7 @@ jobs: run: | if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then echo "Workflow_dispatch: New server image built and pushed, Updating image tag in .env" - echo "SERVER_IMAGE_TAG=$DOCKER_TAG_FROM_WORKFLOW_DISPATCH" > .env + echo "SERVER_IMAGE_TAG=${{ steps.set-tags.outputs.DOCKER_TAG_FROM_WORKFLOW_DISPATCH }}" > .env else echo "Push event: Restoring latest server image tag from .env" fi From e9be6beb51919ccbbe8c3768d6ff429fea5085f4 Mon Sep 17 00:00:00 2001 From: "Mahadik, Mukul Chandrakant" Date: Fri, 20 Sep 2024 22:48:01 -0700 Subject: [PATCH 2/6] Task A-2: Storing latest tag in .env file + Read raw .env file Refer to details in cleanup issue: Task A-2: https://github.com/e-mission/e-mission-docs/issues/1082#issuecomment-2364583414 Added .env file initialized with the current latest tag of admin-dash and server image. Internal script can read docker image tags directly from .env.tags using curl to fetch raw file contents. Storing server tag as well since admin-dash Dockerfile uses it. Removed workflow dispatch inputs No longer need inputs since reading from .env.tags in server repo directly ------ Read raw file contents directly instead of using REST API REST API endpoint returns base64 encoded data which then needs to be decoded. Can simply read the Raw file contents from the publicly available file. ----- For now not removing artifacts until the internal script is updated to handle this change. --- .env | 1 + .github/workflows/image_build_push.yml | 38 +++++++++++--------------- 2 files changed, 17 insertions(+), 22 deletions(-) diff --git a/.env b/.env index b290898..f46f271 100644 --- a/.env +++ b/.env @@ -1 +1,2 @@ +ADMIN_DASH_IMAGE_TAG=2024-09-20--11-21 SERVER_IMAGE_TAG=2024-09-20--06-45 diff --git a/.github/workflows/image_build_push.yml b/.github/workflows/image_build_push.yml index c3c63e5..3033138 100644 --- a/.github/workflows/image_build_push.yml +++ b/.github/workflows/image_build_push.yml @@ -5,10 +5,6 @@ on: branches: [ master ] workflow_dispatch: - inputs: - docker_image_tag: - description: "Latest Docker image tags passed from e-mission-server repository on image build and push" - required: true env: DOCKER_USER: ${{secrets.DOCKER_USER}} @@ -21,18 +17,24 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Fetch server image tag + id: get-server-tag + run: | + response=$(curl -s https://raw.githubusercontent.com/MukuFlash03/e-mission-server/refs/heads/cleanup-cicd/.env) + SERVER_IMAGE_TAG=$(echo "$response" | grep "SERVER_IMAGE_TAG=" | cut -d'=' -f2) + echo "SERVER_IMAGE_TAG=$SERVER_IMAGE_TAG" >> "$GITHUB_OUTPUT" + - name: Set docker image tags id: set-tags run: | set -a; source .env; set +a - echo "DOCKER_TAG_FROM_PUSH=${SERVER_IMAGE_TAG}" >> "$GITHUB_OUTPUT" - echo "DOCKER_TAG_FROM_WORKFLOW_DISPATCH=${{ github.event.inputs.docker_image_tag }}" >> "$GITHUB_OUTPUT" + echo "ADMIN_DASH_IMAGE_TAG=${ADMIN_DASH_IMAGE_TAG}" >> "$GITHUB_OUTPUT" - - name: Print input docker image tag + - name: Print input docker image tags run: | echo "Event name: ${{ github.event_name }}" - echo "Latest docker image tag (push): ${{ steps.set-tags.outputs.DOCKER_TAG_FROM_PUSH }}" - echo "Latest docker image tag (workflow_dispatch): ${{ steps.set-tags.outputs.DOCKER_TAG_FROM_WORKFLOW_DISPATCH }}" + echo "Current admin-dash image tag (push): ${{ steps.set-tags.outputs.ADMIN_DASH_IMAGE_TAG }}" + echo "Latest server image tag (${{ github.event_name }}): ${{ steps.get-server-tag.outputs.SERVER_IMAGE_TAG }}" - name: docker login run: | # log into docker hub account @@ -47,11 +49,7 @@ jobs: - name: build docker image run: | - if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then - SERVER_IMAGE_TAG=${{ steps.set-tags.outputs.DOCKER_TAG_FROM_WORKFLOW_DISPATCH }} docker compose -f docker-compose-prod.yml build - else - SERVER_IMAGE_TAG=${{ steps.set-tags.outputs.DOCKER_TAG_FROM_PUSH }} docker compose -f docker-compose-prod.yml build - fi + SERVER_IMAGE_TAG=${{ steps.get-server-tag.outputs.SERVER_IMAGE_TAG }} docker compose -f docker-compose-prod.yml build docker images - name: rename docker image @@ -64,13 +62,9 @@ jobs: - name: Update .env file run: | - if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then - echo "Workflow_dispatch: New server image built and pushed, Updating image tag in .env" - echo "SERVER_IMAGE_TAG=${{ steps.set-tags.outputs.DOCKER_TAG_FROM_WORKFLOW_DISPATCH }}" > .env - else - echo "Push event: Restoring latest server image tag from .env" - fi - + echo "ADMIN_DASH_IMAGE_TAG=${{ steps.date.outputs.date }}" > .env + echo "SERVER_IMAGE_TAG=${{ steps.get-server-tag.outputs.SERVER_IMAGE_TAG }}" >> .env + - name: Add, Commit, Push changes to .env file run: | git config --local user.email "action@github.com" @@ -79,7 +73,7 @@ jobs: echo "Latest timestamp already present in .env file, no changes to commit" else git add .env - git commit -m "Updated docker image tag in .env file to the latest timestamp" + git commit -m "Updated docker image tags in .env file to the latest timestamp" git push origin fi From d603f75092b83039ae895999704b6fae7afd5d3d Mon Sep 17 00:00:00 2001 From: "Mahadik, Mukul Chandrakant" Date: Fri, 20 Sep 2024 22:53:34 -0700 Subject: [PATCH 3/6] Task A-8: Prefix branch name + Task A-7: Removed certificates from external Task A-8: Prefixing branch name to the docker tag along with the date. In the internal script we will not need to maintain the different branch lists as the images will be completely tagged in the external workflows themselves. We can simply use the tags without modifications then. For now, not prefixing the tag to the artifact since we will be removing the artifact anyways. And current internal script works with artifacts. Once I update the internal script, will come back and remove artifacts. In Dockerfile, removing hardcoded branch name, since in this change, we are already included the branch name in image tag. ---------- Task A-7: Certifcates added to internal Dockerfiles. Refer to issue comment for details: Task A-7: https://github.com/e-mission/e-mission-docs/issues/1082#issuecomment-2364315699 The certificates are relevant to our internal AWS configuration and not needed externally. They can be present externally too without having any major effect. But removing them helps keeping the base image clean. Additionally, anyone working with the code can customize with their own certificates if needed or adopt an approach which doesn't even need certificates in the first place. --- .github/workflows/image_build_push.yml | 2 +- docker/Dockerfile | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/image_build_push.yml b/.github/workflows/image_build_push.yml index 3033138..bb101fd 100644 --- a/.github/workflows/image_build_push.yml +++ b/.github/workflows/image_build_push.yml @@ -62,7 +62,7 @@ jobs: - name: Update .env file run: | - echo "ADMIN_DASH_IMAGE_TAG=${{ steps.date.outputs.date }}" > .env + echo "ADMIN_DASH_IMAGE_TAG=${GITHUB_REF##*/}_${{ steps.date.outputs.date }}" > .env echo "SERVER_IMAGE_TAG=${{ steps.get-server-tag.outputs.SERVER_IMAGE_TAG }}" >> .env - name: Add, Commit, Push changes to .env file diff --git a/docker/Dockerfile b/docker/Dockerfile index 8224c25..e589c03 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,8 +1,6 @@ ARG SERVER_IMAGE_TAG -FROM shankari/e-mission-server:master_${SERVER_IMAGE_TAG} - -ADD https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem /etc/ssl/certs/ +FROM shankari/e-mission-server:${SERVER_IMAGE_TAG} ENV DASH_DEBUG_MODE True ENV SERVER_PORT 8050 From 157a02ae2efb6d2abf166d7a51d00c50553d6933 Mon Sep 17 00:00:00 2001 From: "Mahadik, Mukul Chandrakant" Date: Mon, 23 Sep 2024 14:41:13 -0700 Subject: [PATCH 4/6] Task A-2: Removed artifact upload ; internal script updated Internal script updated as well. Internal PR must be merged as well once these external PR changes merged. --- .github/workflows/image_build_push.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/.github/workflows/image_build_push.yml b/.github/workflows/image_build_push.yml index bb101fd..94373de 100644 --- a/.github/workflows/image_build_push.yml +++ b/.github/workflows/image_build_push.yml @@ -76,16 +76,3 @@ jobs: git commit -m "Updated docker image tags in .env file to the latest timestamp" git push origin fi - - - name: Create artifact text file - run: | - echo ${{ steps.date.outputs.date }} > admin_dash_tag_file.txt - echo "Created tag text file" - - - name: Upload Artifact - uses: actions/upload-artifact@v4 - with: - name: admin-dash-image-tag - path: admin_dash_tag_file.txt - overwrite: true - From 14f32e7a5ec2a64acd447d0c276e9def3024d8b4 Mon Sep 17 00:00:00 2001 From: "Mahadik, Mukul Chandrakant" Date: Sun, 29 Sep 2024 11:46:32 -0700 Subject: [PATCH 5/6] Task A-2: Read raw .env file -> Corrected repo owner in URL --- .github/workflows/image_build_push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image_build_push.yml b/.github/workflows/image_build_push.yml index 94373de..50968f9 100644 --- a/.github/workflows/image_build_push.yml +++ b/.github/workflows/image_build_push.yml @@ -20,7 +20,7 @@ jobs: - name: Fetch server image tag id: get-server-tag run: | - response=$(curl -s https://raw.githubusercontent.com/MukuFlash03/e-mission-server/refs/heads/cleanup-cicd/.env) + response=$(curl -s https://raw.githubusercontent.com/e-mission/e-mission-server/refs/heads/cleanup-cicd/.env) SERVER_IMAGE_TAG=$(echo "$response" | grep "SERVER_IMAGE_TAG=" | cut -d'=' -f2) echo "SERVER_IMAGE_TAG=$SERVER_IMAGE_TAG" >> "$GITHUB_OUTPUT" From cd62a1d59bb064687b53938c5030e742a9b46be6 Mon Sep 17 00:00:00 2001 From: "Mahadik, Mukul Chandrakant" Date: Sun, 29 Sep 2024 12:13:06 -0700 Subject: [PATCH 6/6] Task A-5: Added reusable workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Storing a reusable workflow in the e-mission-server repo. Can decide where to place it in a central location. https://docs.github.com/en/actions/sharing-automations/reusing-workflows It essentially works like a function call in normal programming. The advantage is that we have no repeated code the image build process. All the other repos (join, admin-dash, public-dash) reuse the same workflow file. Additionally, on for future GitHub actions, workflow file related changes, will no longer need to have 3 additional PRs for each repo (join, admin-dash, public-dash). Can simply modify the reusable workflow file as this is the core “function” workflow that is being called. I have added conditional checks that check for the repo name in the reusable workflow file that determine which statements to execute depending on for which repo the workflow is running. This is used for both push events specific to a repo as well as for the workflow dispatch events triggered on pushes to server repo. --- .github/workflows/image_build_push.yml | 76 +++----------------------- 1 file changed, 7 insertions(+), 69 deletions(-) diff --git a/.github/workflows/image_build_push.yml b/.github/workflows/image_build_push.yml index 50968f9..5f6b24d 100644 --- a/.github/workflows/image_build_push.yml +++ b/.github/workflows/image_build_push.yml @@ -6,73 +6,11 @@ on: workflow_dispatch: -env: - DOCKER_USER: ${{secrets.DOCKER_USER}} - DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}} - jobs: - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - - name: Fetch server image tag - id: get-server-tag - run: | - response=$(curl -s https://raw.githubusercontent.com/e-mission/e-mission-server/refs/heads/cleanup-cicd/.env) - SERVER_IMAGE_TAG=$(echo "$response" | grep "SERVER_IMAGE_TAG=" | cut -d'=' -f2) - echo "SERVER_IMAGE_TAG=$SERVER_IMAGE_TAG" >> "$GITHUB_OUTPUT" - - - name: Set docker image tags - id: set-tags - run: | - set -a; source .env; set +a - echo "ADMIN_DASH_IMAGE_TAG=${ADMIN_DASH_IMAGE_TAG}" >> "$GITHUB_OUTPUT" - - - name: Print input docker image tags - run: | - echo "Event name: ${{ github.event_name }}" - echo "Current admin-dash image tag (push): ${{ steps.set-tags.outputs.ADMIN_DASH_IMAGE_TAG }}" - echo "Latest server image tag (${{ github.event_name }}): ${{ steps.get-server-tag.outputs.SERVER_IMAGE_TAG }}" - - - name: docker login - run: | # log into docker hub account - docker login -u $DOCKER_USER -p $DOCKER_PASSWORD - - - name: Get current date # get the date of the build - id: date - run: echo "date=$(date +'%Y-%m-%d--%M-%S')" >> "$GITHUB_OUTPUT" - - - name: Run a one-line script - run: echo running in repo ${GITHUB_REPOSITORY#*/} branch ${GITHUB_REF##*/} on ${{ steps.date.outputs.date }} - - - name: build docker image - run: | - SERVER_IMAGE_TAG=${{ steps.get-server-tag.outputs.SERVER_IMAGE_TAG }} docker compose -f docker-compose-prod.yml build - docker images - - - name: rename docker image - run: | - docker image tag e-mission/opdash:0.0.1 $DOCKER_USER/${GITHUB_REPOSITORY#*/}:${GITHUB_REF##*/}_${{ steps.date.outputs.date }} - - - name: push docker image - run: | - docker push $DOCKER_USER/${GITHUB_REPOSITORY#*/}:${GITHUB_REF##*/}_${{ steps.date.outputs.date }} - - - name: Update .env file - run: | - echo "ADMIN_DASH_IMAGE_TAG=${GITHUB_REF##*/}_${{ steps.date.outputs.date }}" > .env - echo "SERVER_IMAGE_TAG=${{ steps.get-server-tag.outputs.SERVER_IMAGE_TAG }}" >> .env - - - name: Add, Commit, Push changes to .env file - run: | - git config --local user.email "action@github.com" - git config --local user.name "Github Actions bot to update .env with latest tags" - if git diff --quiet; then - echo "Latest timestamp already present in .env file, no changes to commit" - else - git add .env - git commit -m "Updated docker image tags in .env file to the latest timestamp" - git push origin - fi + build: + if: ${{ !contains(github.event.head_commit.author.name, 'Github Actions bot to update .env with latest tags') }} + uses: e-mission/e-mission-server/.github/workflows/reusable_image_build_push.yml@master + with: + repo: ${{ github.event.repository.name }} + branch: ${{ github.ref_name }} + secrets: inherit