upgrade to 2.28.1 (#786) #529
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-latest | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: | |
| - develop | |
| paths: | |
| - 'Dockerfile' | |
| - 'scripts/**' | |
| - 'build_data/**' | |
| - '.github/workflows/**' | |
| push: | |
| branches: | |
| - develop | |
| paths: | |
| - 'Dockerfile' | |
| - 'scripts/**' | |
| - 'build_data/**' | |
| - '.github/workflows/**' | |
| #permissions: | |
| # contents: read | |
| jobs: | |
| build-activemq-docker-image: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| if: | | |
| github.actor != 'dependabot[bot]' && | |
| !( | |
| contains(github.event.pull_request.title, '[skip-release]') || | |
| contains(github.event.comment.body, '/skiprelease') | |
| ) | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build image for testing activeqm | |
| id: docker_build_testing_image_activeqm | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./clustering/activemq-docker/ | |
| file: ./clustering/activemq-docker/Dockerfile | |
| push: false | |
| load: true | |
| tags: kartoza/activemq-docker:manual-build | |
| outputs: type=docker,dest=/tmp/activemq.tar | |
| cache-from: | | |
| type=gha,scope=test | |
| type=gha,scope=prod | |
| cache-to: type=gha,scope=test | |
| target: activemq-prod | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: kartoza-activemq | |
| path: /tmp/activemq.tar | |
| build-geoserver-docker-image: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| if: | | |
| github.actor != 'dependabot[bot]' && | |
| !( | |
| contains(github.event.pull_request.title, '[skip-release]') || | |
| contains(github.event.comment.body, '/skiprelease') | |
| ) | |
| strategy: | |
| matrix: | |
| geoserverMajorVersion: | |
| - 2 | |
| imageVersion: | |
| - image: 9.0.109-jdk17-temurin-noble | |
| javaHome: /opt/java/openjdk | |
| geoserverMinorVersion: | |
| - minor: 28 | |
| patch: 1 | |
| stablePluginBaseURL: | |
| - https://sourceforge.net/projects/geoserver/files/GeoServer | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build image for production | |
| id: docker_build_production_image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: Dockerfile | |
| push: false | |
| load: true | |
| outputs: type=docker,dest=/tmp/geoserver_production.tar | |
| build-args: | | |
| IMAGE_VERSION=${{ matrix.imageVersion.image }} | |
| JAVA_HOME=${{ matrix.imageVersion.javaHome }} | |
| GS_VERSION=${{ matrix.geoserverMajorVersion }}.${{ matrix.geoserverMinorVersion.minor }}.${{ matrix.geoserverMinorVersion.patch }} | |
| WAR_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${{ matrix.geoserverMajorVersion }}.${{ matrix.geoserverMinorVersion.minor }}.${{ matrix.geoserverMinorVersion.patch }}/geoserver-${{ matrix.geoserverMajorVersion }}.${{ matrix.geoserverMinorVersion.minor }}.${{ matrix.geoserverMinorVersion.patch }}-war.zip | |
| STABLE_PLUGIN_BASE_URL=${{ matrix.stablePluginBaseURL }} | |
| cache-from: | | |
| type=gha,scope=prod | |
| cache-to: type=gha,scope=prod | |
| target: geoserver-prod | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: kartoza-geoserver-production | |
| path: /tmp/geoserver_production.tar | |
| - name: Build image for testing | |
| id: docker_build_testing_image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: Dockerfile | |
| push: false | |
| load: true | |
| tags: kartoza/geoserver:manual-build | |
| outputs: type=docker,dest=/tmp/geoserver.tar | |
| build-args: | | |
| IMAGE_VERSION=${{ matrix.imageVersion.image }} | |
| JAVA_HOME=${{ matrix.imageVersion.javaHome }} | |
| GS_VERSION=${{ matrix.geoserverMajorVersion }}.${{ matrix.geoserverMinorVersion.minor }}.${{ matrix.geoserverMinorVersion.patch }} | |
| WAR_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${{ matrix.geoserverMajorVersion }}.${{ matrix.geoserverMinorVersion.minor }}.${{ matrix.geoserverMinorVersion.patch }}/geoserver-${{ matrix.geoserverMajorVersion }}.${{ matrix.geoserverMinorVersion.minor }}.${{ matrix.geoserverMinorVersion.patch }}-war.zip | |
| DOWNLOAD_ALL_STABLE_EXTENSIONS=${{ matrix.downloadAllStableExtensions }} | |
| DOWNLOAD_ALL_COMMUNITY_EXTENSIONS=${{ matrix.downloadAllCommunityExtensions }} | |
| STABLE_PLUGIN_BASE_URL=${{ matrix.stablePluginBaseURL }} | |
| cache-from: | | |
| type=gha,scope=prod | |
| cache-to: type=gha,scope=test | |
| target: geoserver-test | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: kartoza-geoserver | |
| path: /tmp/geoserver.tar | |
| scan_image: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| if: | | |
| github.actor != 'dependabot[bot]' && | |
| !( | |
| contains(github.event.pull_request.title, '[skip-release]') || | |
| contains(github.event.comment.body, '/skiprelease') | |
| ) | |
| #needs: [run-scenario-tests] | |
| needs: [build-geoserver-docker-image] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v7 | |
| with: | |
| name: kartoza-geoserver | |
| path: /tmp | |
| - name: Load image | |
| run: | | |
| docker load --input /tmp/geoserver.tar | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| format: 'sarif' | |
| ignore-unfixed: true | |
| image-ref: kartoza/geoserver:manual-build | |
| output: 'trivy-results.sarif' | |
| severity: 'CRITICAL,HIGH' | |
| vuln-type: 'os,library' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| run-scenario-tests: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| if: | | |
| github.actor != 'dependabot[bot]' && | |
| !( | |
| contains(github.event.pull_request.title, '[skip-release]') || | |
| contains(github.event.comment.body, '/skiprelease') | |
| ) | |
| needs: [ build-geoserver-docker-image, build-activemq-docker-image] | |
| strategy: | |
| matrix: | |
| scenario: | |
| - gwc | |
| - login | |
| - stores | |
| - context | |
| - disk-quota | |
| # - clustering | |
| - jdbconfig | |
| - libjpeg | |
| # - backup_restore | |
| - logging_profile | |
| - metrics | |
| - telemetry | |
| - upgrade | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v7 | |
| with: | |
| name: kartoza-geoserver | |
| path: /tmp | |
| - name: Load image | |
| run: | | |
| docker load --input /tmp/geoserver.tar | |
| - name: Download ActiveMQ artifact | |
| if: matrix.scenario == 'clustering' | |
| uses: actions/download-artifact@v7 | |
| with: | |
| name: kartoza-activemq | |
| path: /tmp | |
| - name: Load ActiveMQ image | |
| if: matrix.scenario == 'clustering' | |
| run: | | |
| docker load --input /tmp/activemq.tar | |
| - name: Run scenario test ${{ matrix.scenario }} | |
| working-directory: scenario_tests/${{ matrix.scenario }} | |
| env: | |
| COMPOSE_INTERACTIVE_NO_CLI: 1 | |
| PRINT_TEST_LOGS: 1 | |
| run: | | |
| # Use the built Docker image to run scenario tests | |
| bash ./test.sh | |
| push-internal-pr-images: | |
| if: | | |
| github.event_name == 'pull_request' && | |
| github.event.pull_request.base.repo.url == github.event.pull_request.head.repo.url && | |
| github.actor != 'dependabot[bot]' && | |
| !( | |
| contains(github.event.pull_request.title, '[skip-release]') || | |
| contains(github.event.comment.body, '/skiprelease') | |
| ) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| needs: [ build-geoserver-docker-image, run-scenario-tests ] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v7 | |
| with: | |
| name: kartoza-geoserver-production | |
| path: /tmp | |
| - name: Load image | |
| run: | | |
| docker load --input /tmp/geoserver_production.tar | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Docker meta | |
| id: docker_meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ secrets.DOCKERHUB_REPO}}/geoserver | |
| tags: | | |
| type=semver,pattern=\d.\d.\d | |
| type=ref,event=branch | |