Build e push de imagem OCI (#8)

* Salva para testar * Força a action executar * Corrige formato e adiciona logs * Fix nomes de variáveis * Adiciona Dockefile para testar comportamento * Teste * fix * Adiciona step de debug * Adiciona localhost * Troca na tag _ por - * Mais ajustes * Remove Dockerfile * Teste action * Fix? * Fix? * Teste * Teste * Testa o push * Tentativa de push * Teste 18.04 * Teste com redhat-actions/podman-login@v1 * Testa push para quay.io * Teste * copia configs da action do income * Adiciona registry: docker.pkg.github.com * usa o repo no nome da imagem * Adiciona logs com metadados do podman * Fix * Testa action de instalação do nix com flake * Testa build de imagem com podman do nix * Fix make dev.build * Teste com image: localhost/imobanco/python:dev-latest * Fix? * Mais uma tentativa * Remove localhost do "nome" da imagem * Adiciona docker-python-image * Teste com IMAGE_NAME=docker-python-image/python * Comenta env * Remove env * Fixa hash * Fix * Fix? * Teste com nix profile install nixpkgs#podman * Tenta dessinstalar podman via apt-get * Teste com sudo apt-get purge -y podman * Teste remoção mais agressiva * Once again sudo * Adiciona sudo apt-get -y uidmap * Usar nix para instalar as coisas deixa a gente mal acostumado * Provavelmente estava faltando os arquivos de configuração * Debug * Debug * Debug * Teste * Testa os arquivos de config * Teste antes do PR * Reduz debugs * Teste com --format oci * Teste com v2s2 * Teste v2s1 * Teste extra-args --format oci * Teste --format docker * Remove extra-args: --format docker * Limpa coisas não necessárias mais * Adiciona alguns comentários * Update .github/workflows/tests.yml Co-authored-by: Rodrigo Castro <[email protected]> * Muda registry * Remove redhat-actions/buildah-build@v2 comentada * Teste registry ghcr.io * Remove --format docker * Remove docker-python-image * Remove labels não essênciais * Teste removendo imobanco/ * Revert "Teste removendo imobanco/" This reverts commit 3575943. * Mais algumas refatorações * sobe configurações no CI a partir do make * algumas configurações alteradas * adiciona exemplo da documentação * troca pra aspas dupla * adiciona shell bash * altera steps * corrige steps * pequenos ajustes * Vários ajustes * Remove step antigo * Mais refactors * Fix? * Adiciona uses: redhat-actions/push-to-registry@v2 * Corrige make de.build -> make build * Fix CONTAINERFILE -> CONTAINERFILE_DEV * Refactor * Debug com podman images * Testa build e push * Conflito de nomes? * Cria environment * Teste * Adiciona actions/checkout@v2 * Mais um refactor, com duplicação de código * Adiciona podman images * Update .github/workflows/tests.yml Co-authored-by: Rodrigo Castro <[email protected]> * Update Makefile Co-authored-by: Rodrigo Castro <[email protected]> * Update .github/workflows/push.yml Co-authored-by: Rodrigo Castro <[email protected]> * Update .github/workflows/push.yml Co-authored-by: Rodrigo Castro <[email protected]> * Update .github/workflows/push.yml Co-authored-by: Rodrigo Castro <[email protected]> Co-authored-by: rodrigondec <[email protected]>
imobanco · Jul 28, 2021 · 7c5ad5f · 7c5ad5f
1 parent f7f899c
commit 7c5ad5f
Show file tree

Hide file tree

Showing 4 changed files with 203 additions and 23 deletions.
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -0,0 +1,94 @@
+name: Faz push das imagens
+
+
+on:
+  push:
+    branchs:
+      - master
+
+jobs:
+  push:
+    name: Build & Push
+    runs-on: ubuntu-20.04
+
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        # Nix Flakes doesn't work on shallow clones
+        fetch-depth: 0
+
+    - uses: cachix/install-nix-action@v13
+      with:
+        install_url: https://nixos-nix-install-tests.cachix.org/serve/i6laym9jw3wg9mw6ncyrk6gjx4l34vvx/install
+        install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve'
+        extra_nix_config: |
+          experimental-features = nix-command flakes ca-references ca-derivations
+          sandbox = false
+    - run: nix flake --version
+#    - run: nix flake metadata nixpkgs
+
+    # Remove podman via apt-get
+    - run: |
+        sudo apt-get purge -y podman containers-image containers-common
+        sudo apt-get autoremove --purge
+        sudo apt-get -y clean
+        podman --version || echo podman not installed
+
+    # Instala podman usando nix
+    - run: nix profile install github:ES-Nix/podman-rootless/6a498059fc8a120ecc2f0d8e3712f43256c4ee1d
+    # Não funciona pois não vem com os arquivos de configuração
+#    - run: nix profile install nixpkgs#podman
+    - run: |
+        sudo apt-get update
+        sudo apt-get install --no-install-recommends --no-install-suggests -y uidmap
+    - run: podman --version
+#    - run: podman info --debug
+
+    - name: Faz build da imagem de dev usando podman via nix
+      run: |
+        make build
+        echo "::set-output name=REGISTRY::$(make print-GITHUB_REGISTRY)"
+        echo "::set-output name=IMAGE_NAME::$(make print-IMAGE_NAME)"
+        echo "::set-output name=IMAGE_TAG_DEV::$(make print-IMAGE_TAG_DEV)"
+      shell: bash
+      id: dev-build
+
+    - name: Faz build da imagem de prod usando podman via nix
+      run: |
+        make build.prod
+        echo "::set-output name=REGISTRY::$(make print-GITHUB_REGISTRY)"
+        echo "::set-output name=IMAGE_NAME::$(make print-IMAGE_NAME)"
+        echo "::set-output name=IMAGE_TAG_PROD::$(make print-IMAGE_TAG_PROD)"
+      shell: bash
+      id: prod-build
+
+    - name: Log in em Quay.io para push
+      uses: redhat-actions/podman-login@v1
+      with:
+          registry: ${{ steps.dev-build.outputs.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+    # Podman Login action (https://github.com/redhat-actions/podman-login) also be used to log in,
+    # in which case 'username' and 'password' can be omitted.
+    - name: Faz push para registry da imagem de dev
+      id: push-to
+      uses: redhat-actions/push-to-registry@v2
+      with:
+        image: ${{ steps.dev-build.outputs.IMAGE_NAME }}
+        registry: ${{ steps.dev-build.outputs.REGISTRY }}
+        tags: ${{ steps.dev-build.outputs.IMAGE_TAG_DEV }}
+    - name: Print image url
+      run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
+
+    - name: Faz push para registry da imagem de prod
+      uses: redhat-actions/push-to-registry@v2
+      with:
+        image: ${{ steps.prod-build.outputs.IMAGE_NAME }}
+        registry: ${{ steps.prod-build.outputs.REGISTRY }}
+        tags: ${{ steps.prod-build.outputs.IMAGE_TAG_PROD }}
+    - name: Print image url
+      run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
+
+    - name: Lista imagens
+      run: podman images
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -1,5 +1,6 @@
 name: Test builds
 
+
 on:
   pull_request:
     branchs:
@@ -8,19 +9,60 @@ on:
       - 'release/**'
 
 jobs:
-  build-dev:
-    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v2
-      - name: Prints podman --version
-        run: podman --version
-      - name: Build dev
-        run: make dev.build
-
-  build-prod:
-    runs-on: ubuntu-18.04
+  build:
+    name: Build
+    runs-on: ubuntu-20.04
+
     steps:
-      - uses: actions/checkout@v2
+    - uses: actions/checkout@v2
+      with:
+        # Nix Flakes doesn't work on shallow clones
+        fetch-depth: 0
+
+    - uses: cachix/install-nix-action@v13
+      with:
+        install_url: https://nixos-nix-install-tests.cachix.org/serve/i6laym9jw3wg9mw6ncyrk6gjx4l34vvx/install
+        install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve'
+        extra_nix_config: |
+          experimental-features = nix-command flakes ca-references ca-derivations
+          sandbox = false
+    - run: nix flake --version
+#    - run: nix flake metadata nixpkgs
+
+    # Remove podman via apt-get
+    - run: |
+        sudo apt-get purge -y podman containers-image containers-common
+        sudo apt-get autoremove --purge
+        sudo apt-get -y clean
+        podman --version || echo podman not installed
+
+    # Instala podman usando nix
+    - run: nix profile install github:ES-Nix/podman-rootless/6a498059fc8a120ecc2f0d8e3712f43256c4ee1d
+    # Não funciona pois não vem com os arquivos de configuração
+#    - run: nix profile install nixpkgs#podman
+    - run: |
+        sudo apt-get update
+        sudo apt-get install --no-install-recommends --no-install-suggests -y uidmap
+    - run: podman --version
+#    - run: podman info --debug
+
+    - name: Faz build da imagem de dev usando podman via nix
+      run: |
+        make build
+        echo "::set-output name=REGISTRY::$(make print-GITHUB_REGISTRY)"
+        echo "::set-output name=IMAGE_NAME::$(make print-IMAGE_NAME)"
+        echo "::set-output name=IMAGE_TAG_DEV::$(make print-IMAGE_TAG_DEV)"
+      shell: bash
+      id: dev-build
+
+    - name: Faz build da imagem de prod usando podman via nix
+      run: |
+        make build.prod
+        echo "::set-output name=REGISTRY::$(make print-GITHUB_REGISTRY)"
+        echo "::set-output name=IMAGE_NAME::$(make print-IMAGE_NAME)"
+        echo "::set-output name=IMAGE_TAG_PROD::$(make print-IMAGE_TAG_PROD)"
+      shell: bash
+      id: prod-build
 
-      - name: Build prod
-        run: make prod.build
+    - name: Lista imagens
+      run: podman images
diff --git a/Containerfile.prod b/Containerfile.prod
@@ -0,0 +1,31 @@
+FROM python:3.8.3-slim-buster
+
+# Set python environment variables
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONUNBUFFERED 1
+ENV PIP_NO_CACHE_DIR 0
+ENV PIP_DISABLE_PIP_VERSION_CHECK 1
+
+ENV USER app_user
+
+WORKDIR /home/app_user
+
+RUN apt-get update \
+ && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --no-install-suggests -y \
+    ca-certificates \
+ && apt-get -y autoremove \
+ && apt-get -y clean  \
+ && rm -rf /var/lib/apt/lists/*
+
+RUN addgroup app_group \
+ && adduser \
+    --quiet \
+    --disabled-password \
+    --shell /bin/bash \
+    --home /home/app_user \
+    --gecos "User" app_user \
+    --ingroup app_group \
+ && chmod 0700 /home/app_user \
+ && chown --recursive app_user:app_group /home/app_user
+
+CMD ["/bin/bash"]
diff --git a/Makefile b/Makefile
@@ -1,12 +1,25 @@
-REGISTRY=imobanco
-IMAGE_NAME=python
-IMAGE_TAG=dev-latest
-INCOME_API_IMAGE=$(REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG)
+GITHUB_REGISTRY=ghcr.io
+IMAGE_NAME=imobanco/python
+IMAGE_TAG_DEV=dev-latest
+IMAGE_TAG_PROD=prod-latest
+IMAGE_DEV=$(GITHUB_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG_DEV)
+IMAGE_PROD=$(GITHUB_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG_PROD)
+CONTAINERFILE_DEV=Containerfile.dev
+CONTAINERFILE_PROD=Containerfile.prod
 
+print-%  : ; @echo $($*)
 
-dev.build:
-	podman build --file Containerfile.dev --tag $(INCOME_API_IMAGE) .
+build:
+	podman build --file $(CONTAINERFILE_DEV) --tag $(IMAGE_DEV) .
 
-prod.build:
-	docker build -f Dockerfile.prod .
-
+pull:
+	podman pull $(IMAGE_DEV)
+
+build.prod:
+	podman build --file $(CONTAINERFILE_PROD) --tag $(IMAGE_PROD) .
+
+login.github_registry:
+	podman login $(GITHUB_REGISTRY)
+
+logout.github_registry:
+	podman logout $(GITHUB_REGISTRY)