OPSEXP-2844 Build community from forks #666
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - 'Makefile' | |
| - '.github/workflows/test-make.yml' | |
| - '.github/workflows/kics.yml' | |
| - 'README.md' | |
| pull_request: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - 'Makefile' | |
| - '.github/workflows/test-make.yml' | |
| - '.github/workflows/kics.yml' | |
| - 'README.md' | |
| env: | |
| ACS_CHART_VERSION: 8a819c9b90b9015e5ab2654c47961fef4183cbcf # v8.5.1 plus the fix for community test values | |
| ARTIFACT_NAME: alfresco-docker-images | |
| REGISTRY: ghcr.io | |
| REGISTRY_NAMESPACE: alfresco | |
| TAG: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || github.ref_name }} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name || github.run_id }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| # telemetry | |
| actions: read | |
| # ghcr push | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| jobs: | |
| pre-commit: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| with: | |
| auto-commit: "true" | |
| build: | |
| needs: pre-commit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - name: Setup nexus authentication | |
| run: | | |
| echo "machine nexus.alfresco.com" >> ~/.netrc | |
| echo "login ${{ secrets.NEXUS_USERNAME }}" >> ~/.netrc | |
| echo "password ${{ secrets.NEXUS_PASSWORD }}" >> ~/.netrc | |
| - name: Restore packages artifacts | |
| uses: actions/cache/restore@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0 | |
| id: artifacts-cache | |
| with: | |
| key: ${{ runner.os }}-packages-v2-${{ hashFiles('**/artifacts.json') }} | |
| restore-keys: ${{ runner.os }}-packages-v2- | |
| path: artifacts_cache/** | |
| - name: Fetch artifacts from nexus | |
| run: ./scripts/fetch-artifacts.sh | |
| - name: Save packages artifacts | |
| if: steps.artifacts-cache.outputs.cache-hit != 'true' | |
| uses: actions/cache/save@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0 | |
| with: | |
| key: ${{ steps.artifacts-cache.outputs.cache-primary-key }} | |
| path: artifacts_cache/** | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
| - name: Login to Quay.io | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| if: github.actor != 'dependabot[bot]' | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| if: github.actor != 'dependabot[bot]' | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Collect Workflow Telemetry | |
| uses: catchpoint/workflow-telemetry-action@94c3c3d9567a0205de6da68a76c428ce4e769af1 # v2.0.0 | |
| with: | |
| comment_on_pr: false | |
| - name: Enumerate bake targets | |
| id: bake-targets | |
| uses: docker/bake-action/subaction/list-targets@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0 | |
| with: | |
| target: default | |
| - name: Enumerate registry cache targets | |
| id: cache-targets | |
| env: | |
| CACHE_TARGET: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/bakery-cache | |
| run: | | |
| echo 'cache-set<<EOF' >> $GITHUB_OUTPUT | |
| echo '${{ steps.bake-targets.outputs.targets }}' | jq -r '.[] | '\ | |
| '"\(.).cache-from=type=registry,ref=${{ env.CACHE_TARGET }}:${{ env.TAG }}-\(.)\n'\ | |
| '\(.).cache-from=type=registry,ref=${{ env.CACHE_TARGET }}:${{ github.event.repository.default_branch }}-\(.)\n'\ | |
| '\(.).cache-to=type=registry,ref=${{ env.CACHE_TARGET }}:${{ env.TAG }}-\(.)"' >> $GITHUB_OUTPUT | |
| echo 'EOF' >> $GITHUB_OUTPUT | |
| - name: Bake Docker images | |
| env: | |
| TARGETARCH: linux/amd64,linux/arm64 | |
| DOCKER_PUSH: ${{ github.actor != 'dependabot[bot]'}} | |
| uses: docker/bake-action@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0 | |
| with: | |
| set: | | |
| *.output=type=registry,push=${{ env.DOCKER_PUSH }} | |
| ${{ steps.cache-targets.outputs.cache-set }} | |
| compose-test: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| if: github.actor != 'dependabot[bot]' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| edition: [enterprise, community] | |
| steps: | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
| - name: Verify docker-compose (${{ matrix.edition }}) | |
| id: verify_compose | |
| uses: Alfresco/alfresco-build-tools/.github/actions/dbp-charts/[email protected] | |
| timeout-minutes: 10 | |
| with: | |
| compose_file_path: test/${{ matrix.edition }}-docker-compose.yml | |
| quay_username: ${{ secrets.QUAY_USERNAME }} | |
| quay_password: ${{ secrets.QUAY_PASSWORD }} | |
| - name: Save containers logs (${{ matrix.edition }}) | |
| if: always() && steps.verify_compose.outcome != 'skipped' | |
| uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| with: | |
| output-archive-name: ${{ matrix.edition }}-logs | |
| helm-test: | |
| needs: build | |
| runs-on: ${{ matrix.arch == 'arm64' && 'alfrescoARM-ubuntu2404-16G-4CPU' || 'alfrescoPub-ubuntu2204-16G-4CPU' }} | |
| if: github.actor != 'dependabot[bot]' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: [arm64, amd64] | |
| edition: [enterprise, community] | |
| steps: | |
| - name: Setup cluster | |
| uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| with: | |
| ingress-nginx-ref: controller-v1.8.2 | |
| metrics: "true" | |
| - name: Checkout | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 | |
| with: | |
| version: "3.15.2" | |
| - name: Login to Quay.io | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create registries auth secret | |
| run: >- | |
| kubectl create secret generic regcred | |
| --from-file=.dockerconfigjson=$HOME/.docker/config.json | |
| --type=kubernetes.io/dockerconfigjson | |
| - name: Create configmaps for adf apps | |
| run: | | |
| kubectl create configmap acc-config --from-file=app.config.json=test/configs/acc.json | |
| kubectl create configmap adw-config --from-file=app.config.json=test/configs/adw.json | |
| - name: Checkout acs-deployment sources | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| with: | |
| repository: Alfresco/acs-deployment | |
| ref: ${{ env.ACS_CHART_VERSION }} | |
| path: acs-deployment | |
| - name: Setup helm repository | |
| working-directory: acs-deployment/helm/alfresco-content-services | |
| run: | | |
| helm repo add self https://alfresco.github.io/alfresco-helm-charts/ | |
| helm repo add activiti https://activiti.github.io/activiti-cloud-helm-charts | |
| helm repo add bitnami https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami/ | |
| helm repo add elastic https://helm.elastic.co | |
| helm dependency build | |
| - name: Preprocess test-overrides.yaml | |
| env: | |
| OVERRIDES_VALUES_FILE: test/helm/test-overrides.yaml | |
| run: | | |
| sed -i "s|localhost/alfresco/|${REGISTRY}/${REGISTRY_NAMESPACE}/|g" ${{ env.OVERRIDES_VALUES_FILE }} | |
| sed -i "s|tag: latest|tag: ${TAG}|g" ${{ env.OVERRIDES_VALUES_FILE }} | |
| if [ "${{ matrix.edition }}" = "community" ]; then | |
| sed -i "s|/alfresco-content-repository|/alfresco-content-repository-community|g" ${{ env.OVERRIDES_VALUES_FILE }} | |
| sed -i "s|/alfresco-share|/alfresco-share-community|g" ${{ env.OVERRIDES_VALUES_FILE }} | |
| fi | |
| cat ${{ env.OVERRIDES_VALUES_FILE }} | |
| - name: Helm install | |
| id: helm_install | |
| run: | | |
| helm install acs ./acs-deployment/helm/alfresco-content-services \ | |
| --set global.search.sharedSecret="$(openssl rand -hex 24)" \ | |
| --set global.known_urls=http://localhost \ | |
| --set global.alfrescoRegistryPullSecrets=regcred \ | |
| --values ./acs-deployment/helm/alfresco-content-services/${{ matrix.edition == 'community' && 'community_' || '' }}values.yaml \ | |
| --values ./acs-deployment/test/${{ matrix.edition }}-integration-test-values.yaml \ | |
| --values test/helm/test-overrides.yaml \ | |
| --values test/helm/test-overrides-${{ matrix.edition }}.yaml | |
| - name: Watch Helm deployment | |
| env: | |
| HELM_INSTALL_TIMEOUT: 10m | |
| run: | | |
| kubectl get pods --watch & | |
| KWPID=$! | |
| kubectl wait --timeout=${{ env.HELM_INSTALL_TIMEOUT }} --all=true --for=condition=Ready pods | |
| kill $KWPID | |
| if [ "${{ matrix.edition }}" = "enterprise" ]; then | |
| echo "Waiting for Enterprise Search Reindexing job to complete... " | |
| kubectl wait --timeout=5m --for=condition=complete job/acs-alfresco-search-enterprise-reindexing | |
| fi | |
| - name: Debug cluster status after install | |
| if: always() && steps.helm_install.outcome != 'skipped' | |
| run: | | |
| helm ls --all-namespaces --all | |
| kubectl get all --all-namespaces | |
| kubectl describe pod | |
| - name: Run helm test | |
| id: helm_test | |
| run: helm test acs | |
| - name: Debug cluster status after helm test | |
| if: always() && steps.helm_test.outcome != 'skipped' | |
| run: | | |
| kubectl logs -l app.kubernetes.io/component=dtas --tail=-1 | |
| kubectl get all --all-namespaces | |
| kubectl describe pod | |
| - name: Collect logs from all containers | |
| if: always() && steps.helm_install.outcome != 'skipped' | |
| run: | | |
| mkdir -p logs | |
| for pod in $(kubectl get pods -n default -o jsonpath='{.items[*].metadata.name}'); do | |
| kubectl logs $pod -n default > logs/${pod}.log | |
| done | |
| - name: Upload logs as artifact | |
| if: always() && steps.helm_install.outcome != 'skipped' | |
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 #v4.4.0 | |
| with: | |
| name: k8s-logs-${{ matrix.arch }}-${{ matrix.edition }} | |
| path: logs |