diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml new file mode 100644 index 0000000..a7abf59 --- /dev/null +++ b/.github/workflows/push.yml @@ -0,0 +1,94 @@ +name: Faz push das imagens + + +on: + push: + branchs: + - master + +jobs: + push: + name: Build & Push + runs-on: ubuntu-20.04 + + steps: + - uses: actions/checkout@v2 + with: + # Nix Flakes doesn't work on shallow clones + fetch-depth: 0 + + - uses: cachix/install-nix-action@v13 + with: + install_url: https://nixos-nix-install-tests.cachix.org/serve/i6laym9jw3wg9mw6ncyrk6gjx4l34vvx/install + install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve' + extra_nix_config: | + experimental-features = nix-command flakes ca-references ca-derivations + sandbox = false + - run: nix flake --version +# - run: nix flake metadata nixpkgs + + # Remove podman via apt-get + - run: | + sudo apt-get purge -y podman containers-image containers-common + sudo apt-get autoremove --purge + sudo apt-get -y clean + podman --version || echo podman not installed + + # Instala podman usando nix + - run: nix profile install github:ES-Nix/podman-rootless/6a498059fc8a120ecc2f0d8e3712f43256c4ee1d + # Não funciona pois não vem com os arquivos de configuração +# - run: nix profile install nixpkgs#podman + - run: | + sudo apt-get update + sudo apt-get install --no-install-recommends --no-install-suggests -y uidmap + - run: podman --version +# - run: podman info --debug + + - name: Faz build da imagem de dev usando podman via nix + run: | + make build + echo "::set-output name=REGISTRY::$(make print-GITHUB_REGISTRY)" + echo "::set-output name=IMAGE_NAME::$(make print-IMAGE_NAME)" + echo "::set-output name=IMAGE_TAG_DEV::$(make print-IMAGE_TAG_DEV)" + shell: bash + id: dev-build + + - name: Faz build da imagem de prod usando podman via nix + run: | + make build.prod + echo "::set-output name=REGISTRY::$(make print-GITHUB_REGISTRY)" + echo "::set-output name=IMAGE_NAME::$(make print-IMAGE_NAME)" + echo "::set-output name=IMAGE_TAG_PROD::$(make print-IMAGE_TAG_PROD)" + shell: bash + id: prod-build + + - name: Log in em Quay.io para push + uses: redhat-actions/podman-login@v1 + with: + registry: ${{ steps.dev-build.outputs.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Podman Login action (https://github.com/redhat-actions/podman-login) also be used to log in, + # in which case 'username' and 'password' can be omitted. + - name: Faz push para registry da imagem de dev + id: push-to + uses: redhat-actions/push-to-registry@v2 + with: + image: ${{ steps.dev-build.outputs.IMAGE_NAME }} + registry: ${{ steps.dev-build.outputs.REGISTRY }} + tags: ${{ steps.dev-build.outputs.IMAGE_TAG_DEV }} + - name: Print image url + run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" + + - name: Faz push para registry da imagem de prod + uses: redhat-actions/push-to-registry@v2 + with: + image: ${{ steps.prod-build.outputs.IMAGE_NAME }} + registry: ${{ steps.prod-build.outputs.REGISTRY }} + tags: ${{ steps.prod-build.outputs.IMAGE_TAG_PROD }} + - name: Print image url + run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" + + - name: Lista imagens + run: podman images diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ebf97e3..050e7f4 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,5 +1,6 @@ name: Test builds + on: pull_request: branchs: @@ -8,19 +9,60 @@ on: - 'release/**' jobs: - build-dev: - runs-on: ubuntu-18.04 - steps: - - uses: actions/checkout@v2 - - name: Prints podman --version - run: podman --version - - name: Build dev - run: make dev.build - - build-prod: - runs-on: ubuntu-18.04 + build: + name: Build + runs-on: ubuntu-20.04 + steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2 + with: + # Nix Flakes doesn't work on shallow clones + fetch-depth: 0 + + - uses: cachix/install-nix-action@v13 + with: + install_url: https://nixos-nix-install-tests.cachix.org/serve/i6laym9jw3wg9mw6ncyrk6gjx4l34vvx/install + install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve' + extra_nix_config: | + experimental-features = nix-command flakes ca-references ca-derivations + sandbox = false + - run: nix flake --version +# - run: nix flake metadata nixpkgs + + # Remove podman via apt-get + - run: | + sudo apt-get purge -y podman containers-image containers-common + sudo apt-get autoremove --purge + sudo apt-get -y clean + podman --version || echo podman not installed + + # Instala podman usando nix + - run: nix profile install github:ES-Nix/podman-rootless/6a498059fc8a120ecc2f0d8e3712f43256c4ee1d + # Não funciona pois não vem com os arquivos de configuração +# - run: nix profile install nixpkgs#podman + - run: | + sudo apt-get update + sudo apt-get install --no-install-recommends --no-install-suggests -y uidmap + - run: podman --version +# - run: podman info --debug + + - name: Faz build da imagem de dev usando podman via nix + run: | + make build + echo "::set-output name=REGISTRY::$(make print-GITHUB_REGISTRY)" + echo "::set-output name=IMAGE_NAME::$(make print-IMAGE_NAME)" + echo "::set-output name=IMAGE_TAG_DEV::$(make print-IMAGE_TAG_DEV)" + shell: bash + id: dev-build + + - name: Faz build da imagem de prod usando podman via nix + run: | + make build.prod + echo "::set-output name=REGISTRY::$(make print-GITHUB_REGISTRY)" + echo "::set-output name=IMAGE_NAME::$(make print-IMAGE_NAME)" + echo "::set-output name=IMAGE_TAG_PROD::$(make print-IMAGE_TAG_PROD)" + shell: bash + id: prod-build - - name: Build prod - run: make prod.build + - name: Lista imagens + run: podman images diff --git a/Containerfile.prod b/Containerfile.prod new file mode 100644 index 0000000..c3117e3 --- /dev/null +++ b/Containerfile.prod @@ -0,0 +1,31 @@ +FROM python:3.8.3-slim-buster + +# Set python environment variables +ENV PYTHONDONTWRITEBYTECODE 1 +ENV PYTHONUNBUFFERED 1 +ENV PIP_NO_CACHE_DIR 0 +ENV PIP_DISABLE_PIP_VERSION_CHECK 1 + +ENV USER app_user + +WORKDIR /home/app_user + +RUN apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --no-install-suggests -y \ + ca-certificates \ + && apt-get -y autoremove \ + && apt-get -y clean \ + && rm -rf /var/lib/apt/lists/* + +RUN addgroup app_group \ + && adduser \ + --quiet \ + --disabled-password \ + --shell /bin/bash \ + --home /home/app_user \ + --gecos "User" app_user \ + --ingroup app_group \ + && chmod 0700 /home/app_user \ + && chown --recursive app_user:app_group /home/app_user + +CMD ["/bin/bash"] diff --git a/Makefile b/Makefile index 1daa33e..0ed59f6 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,25 @@ -REGISTRY=imobanco -IMAGE_NAME=python -IMAGE_TAG=dev-latest -INCOME_API_IMAGE=$(REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG) +GITHUB_REGISTRY=ghcr.io +IMAGE_NAME=imobanco/python +IMAGE_TAG_DEV=dev-latest +IMAGE_TAG_PROD=prod-latest +IMAGE_DEV=$(GITHUB_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG_DEV) +IMAGE_PROD=$(GITHUB_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG_PROD) +CONTAINERFILE_DEV=Containerfile.dev +CONTAINERFILE_PROD=Containerfile.prod +print-% : ; @echo $($*) -dev.build: - podman build --file Containerfile.dev --tag $(INCOME_API_IMAGE) . +build: + podman build --file $(CONTAINERFILE_DEV) --tag $(IMAGE_DEV) . -prod.build: - docker build -f Dockerfile.prod . - +pull: + podman pull $(IMAGE_DEV) + +build.prod: + podman build --file $(CONTAINERFILE_PROD) --tag $(IMAGE_PROD) . + +login.github_registry: + podman login $(GITHUB_REGISTRY) + +logout.github_registry: + podman logout $(GITHUB_REGISTRY)