.github/workflows/oci.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139

# https://github.com/marketplace/actions/build-and-push-docker-images
name: OCI
on:
  push:
    paths-ignore:
      - '.github/workflows/secondary-umbrella.yaml'
      - '.github/workflows/update-elixir-patches.yaml'
      - '.github/workflows/update-otp-patches.yaml'
  workflow_dispatch:
env:
  GENERIC_UNIX_ARCHIVE: ${{ github.workspace }}/bazel-bin/package-generic-unix.tar.xz
  RABBITMQ_VERSION: ${{ github.event.pull_request.head.sha || github.sha }}
  VERSION: ${{ github.event.pull_request.head.sha || github.sha }}
concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true
jobs:

  # This job will build one docker image per supported Erlang major version.
  # Each image will have two tags (one containing the Git commit SHA, one containing the branch name).
  #
  # For example, for Git commit SHA '111aaa' and branch name 'main' and maximum supported Erlang major version '26',
  # the following tags will be pushed to Dockerhub:
  #
  # * 111aaa-otp-min (image OTP 25)
  # * main-otp-min (image OTP 25)
  # * 111aaa-otp-max (image OTP 26)
  # * main-otp-max (image OTP 26)

  build-publish-dev-bazel:
    runs-on: ubuntu-20.04
    strategy:
      fail-fast: false
      matrix:
        include:
          - image_tag_suffix: otp-min-bazel
            otp_version_id: 25_0
          - image_tag_suffix: otp-max-bazel
            otp_version_id: 25_2
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Inject RabbitMQ Version
        run: |
          sed -i"_orig" -E '/APP_VERSION/ s/3\.[0-9]+\.[0-9]+/${{ github.event.pull_request.head.sha || github.sha }}/' rabbitmq.bzl

      - name: Mount Bazel Cache
        uses: actions/cache@v3.2.2
        with:
          path: "/home/runner/repo-cache/"
          key: repo-cache

      - name: Configure Bazel
        run: |
          if [ -n "${{ secrets.BUILDBUDDY_API_KEY }}" ]; then
          cat << EOF >> user.bazelrc
            build:buildbuddy --remote_header=x-buildbuddy-api-key=${{ secrets.BUILDBUDDY_API_KEY }}
          EOF
          fi
          cat << EOF >> user.bazelrc
            build:buildbuddy --build_metadata=ROLE=CI
            build:buildbuddy --build_metadata=VISIBILITY=PRIVATE
            build:buildbuddy --repository_cache=/home/runner/repo-cache/
            build:buildbuddy --color=yes
            build:buildbuddy --disk_cache=

            build:buildbuddy --remote_download_toplevel

            build --@io_bazel_rules_docker//transitions:enable=false
          EOF

      - name: Check OTP/Elixir versions used in RBE
        id: load-info
        run: |
          bazelisk build :otp_version :elixir_version \
            --config=rbe \
            --platforms=//bazel/platforms:erlang_linux_${{ matrix.otp_version_id }}_platform
          echo "otp=$(cat bazel-bin/otp_version.txt)" >> $GITHUB_OUTPUT
          echo "elixir=$(cat bazel-bin/elixir_version.txt)" >> $GITHUB_OUTPUT

      - name: Configure OTP & Elixir
        uses: erlef/setup-beam@v1.15
        with:
          otp-version: ${{ steps.load-info.outputs.otp }}
          elixir-version: ${{ steps.load-info.outputs.elixir }}

      - name: Configure otp for the OCI image
        run: |
          sudo npm install --global --silent @bazel/buildozer

          buildozer 'set tars ["@otp_src_${{ matrix.otp_version_id }}//file"]' \
            //packaging/docker-image:otp_source

      - name: Build
        run: |
          bazelisk build //packaging/docker-image:rabbitmq \
            --config=buildbuddy

      - name: Test
        run: |
          OCI_TESTS=$(bazel query 'tests(//packaging/docker-image/...)')
          bazelisk test ${OCI_TESTS} \
            --config=buildbuddy

      - name: Load
        run: |
          bazelisk run //packaging/docker-image:rabbitmq \
            --config=buildbuddy

      - name: Check for Push Credentials
        id: authorized
        run: |
          if [ -n "${{ secrets.DOCKERHUB_USERNAME }}" ]; then
            echo "PUSH=true" >> $GITHUB_OUTPUT
          else
            echo "PUSH=false" >> $GITHUB_OUTPUT
          fi

      - name: Login to DockerHub
        if: steps.authorized.outputs.PUSH == 'true'
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

      - name: Tag and Push
        if: steps.authorized.outputs.PUSH == 'true'
        run: |
          TAG_1="${{ github.event.pull_request.head.sha || github.sha }}-${{ matrix.image_tag_suffix }}"
          TAG_2="${GITHUB_REF##*/}-${{ matrix.image_tag_suffix }}"

          docker tag bazel/packaging/docker-image:rabbitmq \
            pivotalrabbitmq/rabbitmq:${TAG_1}
          docker tag bazel/packaging/docker-image:rabbitmq \
            pivotalrabbitmq/rabbitmq:${TAG_2}

          docker push pivotalrabbitmq/rabbitmq:${TAG_1}
          docker push pivotalrabbitmq/rabbitmq:${TAG_2}