49466839a3
- Add Docker daemon configuration step to both backend and frontend jobs - Configure insecure-registries to allow HTTP connections to registry - Restart Docker daemon and verify configuration - Resolves HTTP error when pushing to HTTP-only registry at 192.168.241.13:8080
268 lines
10 KiB
YAML
268 lines
10 KiB
YAML
name: CD Bootstrap - Release Image Publish
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
image_tag:
|
|
description: 'Image tag (e.g., v1.0.0, latest, dev)'
|
|
required: true
|
|
default: 'latest'
|
|
type: string
|
|
build_backend:
|
|
description: 'Build backend image'
|
|
required: false
|
|
default: true
|
|
type: boolean
|
|
build_frontend:
|
|
description: 'Build frontend image'
|
|
required: false
|
|
default: true
|
|
type: boolean
|
|
|
|
env:
|
|
REGISTRY_HOST: http://192.168.241.13:8080
|
|
BACKEND_IMAGE: workclub-api
|
|
FRONTEND_IMAGE: workclub-frontend
|
|
|
|
jobs:
|
|
prepare:
|
|
name: Prepare Build Metadata
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
image_tag: ${{ steps.metadata.outputs.image_tag }}
|
|
image_sha: ${{ steps.metadata.outputs.image_sha }}
|
|
build_backend: ${{ steps.metadata.outputs.build_backend }}
|
|
build_frontend: ${{ steps.metadata.outputs.build_frontend }}
|
|
|
|
steps:
|
|
- name: Generate build metadata
|
|
id: metadata
|
|
run: |
|
|
IMAGE_TAG="${{ github.event.inputs.image_tag }}"
|
|
if [[ -z "$IMAGE_TAG" ]]; then
|
|
IMAGE_TAG="latest"
|
|
fi
|
|
|
|
IMAGE_SHA="${{ github.sha }}"
|
|
IMAGE_SHA_SHORT="${IMAGE_SHA:0:7}"
|
|
|
|
BUILD_BACKEND="${{ github.event.inputs.build_backend }}"
|
|
BUILD_FRONTEND="${{ github.event.inputs.build_frontend }}"
|
|
|
|
if [[ -z "$BUILD_BACKEND" || "$BUILD_BACKEND" == "false" ]]; then
|
|
BUILD_BACKEND="false"
|
|
else
|
|
BUILD_BACKEND="true"
|
|
fi
|
|
|
|
if [[ -z "$BUILD_FRONTEND" || "$BUILD_FRONTEND" == "false" ]]; then
|
|
BUILD_FRONTEND="false"
|
|
else
|
|
BUILD_FRONTEND="true"
|
|
fi
|
|
|
|
echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
|
|
echo "image_sha=$IMAGE_SHA_SHORT" >> $GITHUB_OUTPUT
|
|
echo "build_backend=$BUILD_BACKEND" >> $GITHUB_OUTPUT
|
|
echo "build_frontend=$BUILD_FRONTEND" >> $GITHUB_OUTPUT
|
|
|
|
echo "✅ Build configuration:"
|
|
echo " Image Tag: $IMAGE_TAG"
|
|
echo " Commit SHA: $IMAGE_SHA_SHORT"
|
|
echo " Build Backend: $BUILD_BACKEND"
|
|
echo " Build Frontend: $BUILD_FRONTEND"
|
|
|
|
backend-image:
|
|
name: Build & Push Backend Image
|
|
runs-on: ubuntu-latest
|
|
needs: [prepare]
|
|
if: needs.prepare.outputs.build_backend == 'true'
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Configure insecure registry
|
|
run: |
|
|
sudo mkdir -p /etc/docker
|
|
|
|
if [ -f /etc/docker/daemon.json ] && [ -s /etc/docker/daemon.json ]; then
|
|
echo "$(jq '. + {"insecure-registries": ["${{ env.REGISTRY_HOST }}"]}' /etc/docker/daemon.json)" | sudo tee /etc/docker/daemon.json
|
|
else
|
|
echo '{"insecure-registries": ["${{ env.REGISTRY_HOST }}"]}' | sudo tee /etc/docker/daemon.json
|
|
fi
|
|
|
|
sudo systemctl restart docker
|
|
sleep 5
|
|
docker info | grep "Insecure Registries" -A 2
|
|
|
|
- name: Login to registry (if credentials provided)
|
|
if: ${{ secrets.REGISTRY_USERNAME != '' && secrets.REGISTRY_PASSWORD != '' }}
|
|
run: |
|
|
echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_HOST }} \
|
|
--username "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
|
|
|
|
- name: Build backend image
|
|
working-directory: ./backend
|
|
run: |
|
|
docker build \
|
|
-t ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }} \
|
|
-f Dockerfile \
|
|
.
|
|
|
|
- name: Tag with commit SHA
|
|
run: |
|
|
docker tag \
|
|
${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }} \
|
|
${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}
|
|
|
|
- name: Push images to registry
|
|
run: |
|
|
docker push ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}
|
|
docker push ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}
|
|
|
|
- name: Capture push evidence
|
|
run: |
|
|
mkdir -p .sisyphus/evidence
|
|
cat > .sisyphus/evidence/task-31-backend-push.json <<EOF
|
|
{
|
|
"scenario": "backend_image_push",
|
|
"result": "success",
|
|
"timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
|
|
"details": {
|
|
"image": "${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}",
|
|
"version_tag": "${{ needs.prepare.outputs.image_tag }}",
|
|
"sha_tag": "sha-${{ needs.prepare.outputs.image_sha }}",
|
|
"registry": "${{ env.REGISTRY_HOST }}"
|
|
}
|
|
}
|
|
EOF
|
|
|
|
- name: Upload backend push evidence
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: backend-push-evidence
|
|
path: .sisyphus/evidence/task-31-backend-push.json
|
|
retention-days: 30
|
|
|
|
frontend-image:
|
|
name: Build & Push Frontend Image
|
|
runs-on: ubuntu-latest
|
|
needs: [prepare]
|
|
if: needs.prepare.outputs.build_frontend == 'true'
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Configure insecure registry
|
|
run: |
|
|
sudo mkdir -p /etc/docker
|
|
|
|
if [ -f /etc/docker/daemon.json ] && [ -s /etc/docker/daemon.json ]; then
|
|
echo "$(jq '. + {"insecure-registries": ["${{ env.REGISTRY_HOST }}"]}' /etc/docker/daemon.json)" | sudo tee /etc/docker/daemon.json
|
|
else
|
|
echo '{"insecure-registries": ["${{ env.REGISTRY_HOST }}"]}' | sudo tee /etc/docker/daemon.json
|
|
fi
|
|
|
|
sudo systemctl restart docker
|
|
sleep 5
|
|
docker info | grep "Insecure Registries" -A 2
|
|
|
|
- name: Login to registry (if credentials provided)
|
|
if: ${{ secrets.REGISTRY_USERNAME != '' && secrets.REGISTRY_PASSWORD != '' }}
|
|
run: |
|
|
echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_HOST }} \
|
|
--username "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
|
|
|
|
- name: Build frontend image
|
|
working-directory: ./frontend
|
|
run: |
|
|
docker build \
|
|
-t ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }} \
|
|
-f Dockerfile \
|
|
.
|
|
|
|
- name: Tag with commit SHA
|
|
run: |
|
|
docker tag \
|
|
${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }} \
|
|
${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}
|
|
|
|
- name: Push images to registry
|
|
run: |
|
|
docker push ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}
|
|
docker push ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}
|
|
|
|
- name: Capture push evidence
|
|
run: |
|
|
mkdir -p .sisyphus/evidence
|
|
cat > .sisyphus/evidence/task-32-frontend-push.json <<EOF
|
|
{
|
|
"scenario": "frontend_image_push",
|
|
"result": "success",
|
|
"timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
|
|
"details": {
|
|
"image": "${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}",
|
|
"version_tag": "${{ needs.prepare.outputs.image_tag }}",
|
|
"sha_tag": "sha-${{ needs.prepare.outputs.image_sha }}",
|
|
"registry": "${{ env.REGISTRY_HOST }}"
|
|
}
|
|
}
|
|
EOF
|
|
|
|
- name: Upload frontend push evidence
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: frontend-push-evidence
|
|
path: .sisyphus/evidence/task-32-frontend-push.json
|
|
retention-days: 30
|
|
|
|
release-summary:
|
|
name: Create Release Summary Evidence
|
|
runs-on: ubuntu-latest
|
|
needs: [prepare, backend-image, frontend-image]
|
|
if: always()
|
|
|
|
steps:
|
|
- name: Generate release summary
|
|
run: |
|
|
mkdir -p .sisyphus/evidence
|
|
|
|
# Task 33 evidence: CD bootstrap release summary
|
|
cat > .sisyphus/evidence/task-33-cd-bootstrap-release.json <<EOF
|
|
{
|
|
"release_tag": "${{ needs.prepare.outputs.image_tag }}",
|
|
"commit_sha": "${{ needs.prepare.outputs.image_sha }}",
|
|
"backend_image": "${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}",
|
|
"frontend_image": "${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}",
|
|
"backend_job_conclusion": "${{ needs.backend-image.result }}",
|
|
"frontend_job_conclusion": "${{ needs.frontend-image.result }}",
|
|
"timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)"
|
|
}
|
|
EOF
|
|
|
|
- name: Upload all evidence artifacts
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: cd-bootstrap-evidence
|
|
path: .sisyphus/evidence/*.json
|
|
retention-days: 30
|
|
|
|
- name: Summary report
|
|
run: |
|
|
echo "## 🚀 CD Bootstrap Release Summary" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "**Release Tag:** ${{ needs.prepare.outputs.image_tag }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "**Commit SHA:** ${{ needs.prepare.outputs.image_sha }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "### Published Images" >> $GITHUB_STEP_SUMMARY
|
|
echo "- **Backend:** \`${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}\`" >> $GITHUB_STEP_SUMMARY
|
|
echo "- **Backend SHA:** \`${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}\`" >> $GITHUB_STEP_SUMMARY
|
|
echo "- **Frontend:** \`${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}\`" >> $GITHUB_STEP_SUMMARY
|
|
echo "- **Frontend SHA:** \`${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}\`" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "### Job Results" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Backend Image: ${{ needs.backend-image.result }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Frontend Image: ${{ needs.frontend-image.result }}" >> $GITHUB_STEP_SUMMARY
|