Add docker cloudbuild setup #26
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| name: Continuous integration | |
| env: | |
| BASE_IMAGE_NAME: livegrep/base | |
| INDEXER_IMAGE_NAME: livegrep/indexer | |
| NGINX_IMAGE_NAME: livegrep/nginx | |
| jobs: | |
| ci: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Switch to CI bazelrc | |
| run: cp .bazelrc.ci .bazelrc | |
| - name: Cache Bazel disk cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/bazel-disk | |
| key: bazel-disk-${{ runner.os }}-${{ hashFiles('MODULE.bazel', 'MODULE.bazel.lock') }}-${{ github.sha }} | |
| restore-keys: | | |
| bazel-disk-${{ runner.os }}-${{ hashFiles('MODULE.bazel', 'MODULE.bazel.lock') }}- | |
| bazel-disk-${{ runner.os }}- | |
| - name: bazel build | |
| id: build | |
| run: | | |
| bazel build //... | |
| echo "build_output_file_name=$(./package.sh)" >> $GITHUB_ENV | |
| - name: bazel test | |
| run: bazel test --test_arg=-test.v //... | |
| # Run after building so we can use BuildBuddys fetch cache rather than | |
| # first calling bazel fetch ourselves. If a Go file ins't formatted | |
| # corectly it will only take an additional minute or so for CI to fail. | |
| - name: gofmt | |
| run: | | |
| format_errors=$(bazel run @rules_go//go -- fmt ./...) | |
| if [ "$format_errors" ]; then | |
| echo "=== misformatted files (run gofmt) ===" | |
| echo "$format_errors" | |
| exit 1 | |
| fi | |
| - name: upload build output | |
| if: ${{ github.event_name == 'push' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: "${{ env.build_output_file_name }}" | |
| path: "builds/${{ env.build_output_file_name }}.tgz" | |
| retention-days: 1 | |
| - name: Build images | |
| if: ${{ github.event_name == 'push' }} | |
| run: | | |
| docker build -t $BASE_IMAGE_NAME --file docker/base/Dockerfile --build-arg "livegrep_version=$build_output_file_name" . | |
| docker build -t $INDEXER_IMAGE_NAME . --file docker/indexer/Dockerfile | |
| docker build -t $NGINX_IMAGE_NAME . --file docker/nginx/Dockerfile | |
| - name: Push images | |
| if: ${{ github.event_name == 'push' }} | |
| run: | | |
| echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| BASE_IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$BASE_IMAGE_NAME | |
| INDEXER_IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$INDEXER_IMAGE_NAME | |
| NGINX_IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$NGINX_IMAGE_NAME | |
| # tag each image with GHCRID:VERSION | |
| VERSION=$(git rev-parse HEAD | head -c10) | |
| docker tag $BASE_IMAGE_NAME $BASE_IMAGE_ID:$VERSION | |
| docker tag $INDEXER_IMAGE_NAME $INDEXER_IMAGE_ID:$VERSION | |
| docker tag $NGINX_IMAGE_NAME $NGINX_IMAGE_ID:$VERSION | |
| # this workflow is running on "main" atm so always tag latest | |
| docker tag $BASE_IMAGE_NAME $BASE_IMAGE_ID:latest | |
| docker tag $INDEXER_IMAGE_NAME $INDEXER_IMAGE_ID:latest | |
| docker tag $NGINX_IMAGE_NAME $NGINX_IMAGE_ID:latest | |
| docker push $NGINX_IMAGE_ID:$VERSION | |
| docker push $BASE_IMAGE_ID:$VERSION | |
| docker push $INDEXER_IMAGE_ID:$VERSION | |
| # it seems like docker doesn't push all tags for an image, you need to | |
| # push each tag as if it were a seperate image -__- | |
| echo "Pushing latest images to test" | |
| docker push $NGINX_IMAGE_ID:latest | |
| docker push $BASE_IMAGE_ID:latest | |
| docker push $INDEXER_IMAGE_ID:latest |