docker yleiseksi rakenteeltaan
This commit is contained in:
moilanik
@@ -16,6 +16,10 @@ on:
|
|||||||
required: true
|
required: true
|
||||||
GIT_PAGES_PUBLISH_TOKEN:
|
GIT_PAGES_PUBLISH_TOKEN:
|
||||||
required: true
|
required: true
|
||||||
|
DOCKER_USERNAME:
|
||||||
|
required: false
|
||||||
|
DOCKER_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
env:
|
env:
|
||||||
GITEA_API_URL: ${{ fromJson(inputs.env_json).GITEA_API_URL }}
|
GITEA_API_URL: ${{ fromJson(inputs.env_json).GITEA_API_URL }}
|
||||||
@@ -23,6 +27,9 @@ env:
|
|||||||
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
||||||
GIT_PAGES_PUBLISH_TOKEN: ${{ secrets.GIT_PAGES_PUBLISH_TOKEN }}
|
GIT_PAGES_PUBLISH_TOKEN: ${{ secrets.GIT_PAGES_PUBLISH_TOKEN }}
|
||||||
REPO: ${{ github.repository }}
|
REPO: ${{ github.repository }}
|
||||||
|
DOCKER_REGISTRY: ${{ fromJson(inputs.env_json).DOCKER_REGISTRY || '' }}
|
||||||
|
DOCKER_IMAGE_TAG: ${{ fromJson(inputs.env_json).DOCKER_IMAGE_TAG || '' }}
|
||||||
|
DOCKER_UI_URL: ${{ fromJson(inputs.env_json).DOCKER_UI_URL || '' }}
|
||||||
|
|
||||||
concurrency:
|
concurrency:
|
||||||
group: ${{ github.workflow }}-${{ github.ref }}
|
group: ${{ github.workflow }}-${{ github.ref }}
|
||||||
@@ -146,7 +153,7 @@ jobs:
|
|||||||
--label "git.commit=${{ github.sha }}" \
|
--label "git.commit=${{ github.sha }}" \
|
||||||
--label "git.commitBy=${{ github.actor }}" \
|
--label "git.commitBy=${{ github.actor }}" \
|
||||||
--label "build.date=${NOW}" \
|
--label "build.date=${NOW}" \
|
||||||
-t "gitea-ci-library-test-minimal:${NEXT_VERSION}" .
|
-t "${DOCKER_IMAGE_TAG}:${NEXT_VERSION}" .
|
||||||
|
|
||||||
- name: Report status SUCCESS
|
- name: Report status SUCCESS
|
||||||
if: steps.gatekeeper.outputs.skip == 'false' && success()
|
if: steps.gatekeeper.outputs.skip == 'false' && success()
|
||||||
@@ -165,7 +172,7 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
source /tmp/build-ctx/build.env
|
source /tmp/build-ctx/build.env
|
||||||
mkdir -p /tmp/image
|
mkdir -p /tmp/image
|
||||||
docker save "gitea-ci-library-test-minimal:${NEXT_VERSION}" -o /tmp/image/artifact.tar
|
docker save "${DOCKER_IMAGE_TAG}:${NEXT_VERSION}" -o /tmp/image/artifact.tar
|
||||||
|
|
||||||
- name: Upload Docker image artifact
|
- name: Upload Docker image artifact
|
||||||
if: steps.gatekeeper.outputs.skip == 'false' && success()
|
if: steps.gatekeeper.outputs.skip == 'false' && success()
|
||||||
@@ -215,25 +222,36 @@ jobs:
|
|||||||
echo "===== gitea-ci-library - Docker Push | begin ====="
|
echo "===== gitea-ci-library - Docker Push | begin ====="
|
||||||
bash scripts/report-status.sh pending "Pushing to registry..." ci-docker-push
|
bash scripts/report-status.sh pending "Pushing to registry..." ci-docker-push
|
||||||
|
|
||||||
- name: Push to Gitea Packages
|
- name: Push to Docker Registry
|
||||||
if: steps.gatekeeper.outputs.skip == 'false'
|
if: steps.gatekeeper.outputs.skip == 'false'
|
||||||
env:
|
env:
|
||||||
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME || github.actor }}
|
||||||
|
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
|
||||||
run: |
|
run: |
|
||||||
source /tmp/build-ctx/build.env
|
source /tmp/build-ctx/build.env
|
||||||
docker load -i /tmp/image/artifact.tar
|
docker load -i /tmp/image/artifact.tar
|
||||||
REGISTRY=$(echo "${{ gitea.server_url }}" | sed -e 's|^https://||' -e 's|^http://||')
|
|
||||||
IMAGE="$REGISTRY/${{ gitea.repository }}:${NEXT_VERSION}"
|
REGISTRY="${DOCKER_REGISTRY:?DOCKER_REGISTRY not set in env.conf}"
|
||||||
docker tag "gitea-ci-library-test-minimal:${NEXT_VERSION}" "$IMAGE"
|
IMAGE="${DOCKER_IMAGE_TAG:?DOCKER_IMAGE_TAG not set in env.conf}"
|
||||||
echo "$GITEA_TOKEN" | docker login "$REGISTRY" -u "${{ github.actor }}" --password-stdin
|
REGISTRY_HOST="${REGISTRY%%/*}"
|
||||||
docker push "$IMAGE"
|
|
||||||
docker logout "$REGISTRY"
|
FULL_IMAGE="${REGISTRY}/${IMAGE}:${NEXT_VERSION}"
|
||||||
|
echo "Pushing ${FULL_IMAGE} ..."
|
||||||
|
|
||||||
|
docker tag "${DOCKER_IMAGE_TAG}:${NEXT_VERSION}" "$FULL_IMAGE"
|
||||||
|
echo "$DOCKER_PASSWORD" | docker login "$REGISTRY_HOST" -u "$DOCKER_USERNAME" --password-stdin
|
||||||
|
docker push "$FULL_IMAGE"
|
||||||
|
docker logout "$REGISTRY_HOST"
|
||||||
|
|
||||||
- name: Report status SUCCESS
|
- name: Report status SUCCESS
|
||||||
if: steps.gatekeeper.outputs.skip == 'false' && success()
|
if: steps.gatekeeper.outputs.skip == 'false' && success()
|
||||||
run: |
|
run: |
|
||||||
source /tmp/build-ctx/build.env
|
source /tmp/build-ctx/build.env
|
||||||
bash scripts/report-status.sh success "Docker push $NEXT_VERSION OK" ci-docker-push
|
CONTAINER_URL=""
|
||||||
|
if [ -n "${DOCKER_UI_URL:-}" ] && [ -n "${NEXT_VERSION:-}" ]; then
|
||||||
|
CONTAINER_URL="${DOCKER_UI_URL}/${NEXT_VERSION}"
|
||||||
|
fi
|
||||||
|
bash scripts/report-status.sh success "Docker push $NEXT_VERSION OK" ci-docker-push "" "$CONTAINER_URL"
|
||||||
|
|
||||||
- name: Report status FAILURE
|
- name: Report status FAILURE
|
||||||
if: steps.gatekeeper.outputs.skip == 'false' && failure()
|
if: steps.gatekeeper.outputs.skip == 'false' && failure()
|
||||||
|
|||||||
@@ -1,2 +1,5 @@
|
|||||||
GITEA_API_URL=https://gitea.app.keskikuja.site
|
GITEA_API_URL=https://gitea.app.keskikuja.site
|
||||||
GIT_PAGES_URL=https://ci-reports.helm-dev.keskikuja.site
|
GIT_PAGES_URL=https://ci-reports.helm-dev.keskikuja.site
|
||||||
|
DOCKER_REGISTRY=gitea.app.keskikuja.site/niko
|
||||||
|
DOCKER_IMAGE_TAG=gitea-ci-library-test-image
|
||||||
|
DOCKER_UI_URL=https://gitea.app.keskikuja.site/niko/gitea-ci-library/packages
|
||||||
|
|||||||
@@ -0,0 +1,85 @@
|
|||||||
|
# Docker Registry Setup
|
||||||
|
|
||||||
|
Pipeline rakentaa Docker-kontin ja pushee sen haluttuun registryyn. Konfigurointi `gitea-env.conf`issa, tunnukset repository Secrets -muuttujina.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 1. `gitea-env.conf` — Docker-kentät
|
||||||
|
|
||||||
|
| Kenttä | Pakollinen | Kuvaus | Esimerkki |
|
||||||
|
|---|---|---|---|
|
||||||
|
| `DOCKER_REGISTRY` | **kyllä** | Registry + mahdollinen organisaatio. Koko etuliite ennen kuvan nimeä. Login käyttää ensimmäistä `/`-edeltävää osaa | `gitea.app.keskikuja.site/niko` |
|
||||||
|
| `DOCKER_IMAGE_TAG` | **kyllä** | Pelkkä kuvan nimi (ilman tagia, ilman rekisteriä, ilman organisaatiota) | `gitea-ci-library-test-image` |
|
||||||
|
| `DOCKER_UI_URL` | ei | Base-URL kontin UI-sivulle. Workflow liittää perään `/VERSION` | `https://gitea.app.keskikuja.site/-/packages/container/niko/gitea-ci-library` |
|
||||||
|
|
||||||
|
**Koko image-ref:** `${DOCKER_REGISTRY}/${DOCKER_IMAGE_TAG}:${VERSION}`
|
||||||
|
Esimerkki: `gitea.app.keskikuja.site/niko/gitea-ci-library-test-image:0.1.0`
|
||||||
|
|
||||||
|
**Paikallinen build-tagi:** `${DOCKER_IMAGE_TAG}:${VERSION}`
|
||||||
|
Esimerkki: `gitea-ci-library-test-image:0.1.0`
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 2. Gitea Secrets — tunnukset
|
||||||
|
|
||||||
|
Workflow tekee `docker login -u "$DOCKER_USERNAME" --password-stdin`. Mitä arvoja laitetaan, riippuu registrystä:
|
||||||
|
|
||||||
|
| Registry | `DOCKER_USERNAME` | `DOCKER_PASSWORD` | Mistä saadaan |
|
||||||
|
|---|---|---|---|
|
||||||
|
| Gitea Packages | `${{ github.actor }}` (automaattinen) | **PAT** scope `write:packages` | User Settings → Applications → Generate Token |
|
||||||
|
| Docker Hub | Docker Hub -käyttäjä | Access Token (ei salasana) | Hub Account Settings → Security → Access Tokens |
|
||||||
|
| Artifactory | service account -tunnus | API-token | Artifactory Admin → Users → käyttäjä → token |
|
||||||
|
|
||||||
|
`DOCKER_USERNAME` on optionaalinen — jos sitä ei ole asetettu, workflow käyttää `${{ github.actor }}` (workflowin käynnistäjä). Riittää asettaa vain `DOCKER_PASSWORD`.
|
||||||
|
|
||||||
|
**Asetus:** Repository → Settings → Actions → Secrets → **Add new secret**
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 3. Esimerkkejä
|
||||||
|
|
||||||
|
### 3a. Gitea Packages
|
||||||
|
|
||||||
|
```
|
||||||
|
DOCKER_REGISTRY=gitea.app.keskikuja.site/niko
|
||||||
|
DOCKER_IMAGE_TAG=gitea-ci-library-test-image
|
||||||
|
DOCKER_UI_URL=https://gitea.app.keskikuja.site/-/packages/container/niko/gitea-ci-library
|
||||||
|
```
|
||||||
|
|
||||||
|
- `DOCKER_USERNAME` = Gitea-käyttäjätunnus
|
||||||
|
- `DOCKER_PASSWORD` = **PAT** (User Settings → Applications → Generate Token, scope `write:packages`)
|
||||||
|
|
||||||
|
> Runnerin automaattinen `GITEA_TOKEN` ei yleensä sisällä `write:packages`-scopea. Tarvitaan erillinen PAT.
|
||||||
|
|
||||||
|
### 3b. Docker Hub
|
||||||
|
|
||||||
|
```
|
||||||
|
DOCKER_REGISTRY=docker.io/library
|
||||||
|
DOCKER_IMAGE_TAG=oma-kuva
|
||||||
|
DOCKER_UI_URL=https://hub.docker.com/r/library/oma-kuva
|
||||||
|
```
|
||||||
|
|
||||||
|
- `DOCKER_USERNAME` = Docker Hub -käyttäjätunnus
|
||||||
|
- `DOCKER_PASSWORD` = Docker Hub Access Token (suositeltu) tai salasana
|
||||||
|
|
||||||
|
### 3c. Artifactory (kuten legacy Jenkins)
|
||||||
|
|
||||||
|
```
|
||||||
|
DOCKER_REGISTRY=ngdo-docker.artifactorypro.shared.pub.tds.tieto.com
|
||||||
|
DOCKER_IMAGE_TAG=microservice-temperature-store
|
||||||
|
DOCKER_UI_URL=https://artifactorypro.shared.pub.tds.tieto.com/ui/repos/tree/General/ngdo-docker.artifactorypro.shared.pub.tds.tieto.com/microservice-temperature-store
|
||||||
|
```
|
||||||
|
|
||||||
|
- `DOCKER_USERNAME` = Artifactory-käyttäjätunnus
|
||||||
|
- `DOCKER_PASSWORD` = Artifactoryn API-token
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 4. Tarkistuslista
|
||||||
|
|
||||||
|
- [ ] `DOCKER_REGISTRY` asetettu (registry + org)
|
||||||
|
- [ ] `DOCKER_IMAGE_TAG` asetettu (pelkkä nimi)
|
||||||
|
- [ ] (tarvittaessa) `DOCKER_USERNAME`-secret — oletus `github.actor`
|
||||||
|
- [ ] `DOCKER_PASSWORD`-secret luotu repoon (PAT/token/salasana)
|
||||||
|
- [ ] Tokenilla/salasanalla oikeus **pushata** registryyn
|
||||||
|
- [ ] (valinnainen) `DOCKER_UI_URL` asetettu → commit status linkkaa kontin UI-sivulle
|
||||||
@@ -7,13 +7,16 @@ STATE="${1:-}"
|
|||||||
DESCRIPTION="${2:-}"
|
DESCRIPTION="${2:-}"
|
||||||
KEY="${3:-commit-${GITHUB_SHA:0:8}}"
|
KEY="${3:-commit-${GITHUB_SHA:0:8}}"
|
||||||
SUITE="${4:-}"
|
SUITE="${4:-}"
|
||||||
|
CUSTOM_URL="${5:-}"
|
||||||
|
|
||||||
[ -z "$STATE" ] && echo "ERROR: state argument is required" >&2 && exit 1
|
[ -z "$STATE" ] && echo "ERROR: state argument is required" >&2 && exit 1
|
||||||
[ -z "$DESCRIPTION" ] && echo "ERROR: description argument is required" >&2 && exit 1
|
[ -z "$DESCRIPTION" ] && echo "ERROR: description argument is required" >&2 && exit 1
|
||||||
[ -z "${GITEA_API_URL:-}" ] && echo "ERROR: GITEA_API_URL is not set" >&2 && exit 1
|
[ -z "${GITEA_API_URL:-}" ] && echo "ERROR: GITEA_API_URL is not set" >&2 && exit 1
|
||||||
[ -z "${GITEA_TOKEN:-}" ] && echo "ERROR: GITEA_TOKEN is not set" >&2 && exit 1
|
[ -z "${GITEA_TOKEN:-}" ] && echo "ERROR: GITEA_TOKEN is not set" >&2 && exit 1
|
||||||
|
|
||||||
if [ -n "$SUITE" ]; then
|
if [ -n "$CUSTOM_URL" ]; then
|
||||||
|
URL="$CUSTOM_URL"
|
||||||
|
elif [ -n "$SUITE" ]; then
|
||||||
SUITE="${SUITE%/}/"
|
SUITE="${SUITE%/}/"
|
||||||
URL="${GIT_PAGES_URL}/${GITHUB_REPOSITORY}/reports/${GITHUB_SHA:0:8}/${SUITE}"
|
URL="${GIT_PAGES_URL}/${GITHUB_REPOSITORY}/reports/${GITHUB_SHA:0:8}/${SUITE}"
|
||||||
else
|
else
|
||||||
|
|||||||
Reference in New Issue
Block a user