Skip to content
Container Images Scheduled Maintenance

Container Images Scheduled Maintenance #68

Sign in to view logs

Container Images Scheduled Maintenance

Container Images Scheduled Maintenance #68

Workflow file for this run

.github/workflows/container_maintenance.yml at 340aa5e
---
name: Container Images Scheduled Maintenance
on:
# TODO: think about adding a (filtered) push event trigger here in case we change the patches
# ---
# Allow manual workflow triggers in case we need to repair images on Docker Hub (build and replace)
workflow_dispatch:
inputs:
force_build:
type: boolean
required: false
default: false
description: "Build and deploy even if no newer Java images or package updates are found."
schedule:
- cron: '23 3 * * 0' # Run for 'develop' every Sunday at 03:23 UTC
env:
PLATFORMS: linux/amd64,linux/arm64
NUM_PAST_RELEASES: 3
jobs:
discover:
name: Discover supported releases
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
outputs:
branches: ${{ steps.discover.outputs.branches }}
develop-branch: ${{ steps.discover.outputs.develop-branch }}
steps:
- name: Discover maintained releases
id: discover
run: |
DEVELOPMENT_BRANCH=$( curl -f -sS https://api.github.com/repos/${{ github.repository }} | jq -r '.default_branch' )
echo "develop-branch=$DEVELOPMENT_BRANCH" | tee -a "${GITHUB_OUTPUT}"
SUPPORTED_BRANCHES=$( curl -f -sS https://api.github.com/repos/IQSS/dataverse/releases | jq -r " .[0:${{ env.NUM_PAST_RELEASES }}] | .[].tag_name, \"${DEVELOPMENT_BRANCH}\" " | tr "\n" " " )
echo "branches=$SUPPORTED_BRANCHES" | tee -a "${GITHUB_OUTPUT}"
base-image:
name: Base Image Matrix Build
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
# Only run in upstream repo - avoid unnecessary runs in forks
# TODO: re-enable once we are done testing in gdcc/wip-base-image project
# if: ${{ github.repository_owner == 'IQSS' }}
needs:
- discover
outputs:
# This is a JSON map with keys of branch names (supported releases & develop) and values containing an array of known image tags for the branch
# Example: {"v6.6": ["latest", "6.6-noble", "6.6-noble-r1"], "v6.5": ["6.5-noble", "6.5-noble-r5"], "v6.4": ["6.4-noble", "6.4-noble-r12"], "develop": ["unstable", "6.7-noble", "6.7-noble-p6.2025.3-j17"]}
supported_tag_matrix: ${{ steps.execute.outputs.supported_tag_matrix }}
# This is a JSON list containing a flattened map of branch names and the latest non-rolling tag
# Example: [ "v6.6=gdcc/base:6.6-noble-r1", "v6.5=gdcc/base:6.5-noble-r5", "v6.4=gdcc/base:6.4-noble-r12", "develop=gdcc/base:6.7-noble-p6.2025.3-j17" ]
rebuilt_base_images: ${{ steps.execute.outputs.rebuilt_base_images }}
steps:
- name: Checkout and Setup Maven
uses: IQSS/dataverse/.github/actions/setup-maven@develop
with:
pom-paths: modules/container-base/pom.xml
# Note: Accessing, pushing tags etc. to DockerHub will only succeed in upstream and
# on events in context of upstream because secrets. PRs run in context of forks by default!
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up QEMU for multi-arch builds
uses: docker/setup-qemu-action@v3
with:
platforms: ${{ env.PLATFORMS }}
# Execute matrix build for the discovered branches
- name: Execute build matrix script
id: execute
env:
# TODO: Remove once we are sure this works as intended
DRY_RUN: 1
run: >
FORCE_BUILD=$( [[ "${{ inputs.force_build }}" = "true" ]] && echo 1 || echo 0 )
DEVELOPMENT_BRANCH=${{ needs.discover.outputs.develop-branch }}
.github/workflows/scripts/containers/maintain-base.sh ${{ needs.discover.outputs.branches }}
# TODO: Use the needs.build.outputs.rebuilt_base_images with fromJSON() to create a matrix job.
# Must be a single rank matrix (vector), the branch and base image tag information ships as "branch=tag" string
# Will be part of working on #10618, app image versioned tags.
#push-app-img:
# name: "Rebase & Publish App Image"
# permissions:
# contents: read
# packages: write
# pull-requests: write
# secrets: inherit
# needs:
# - build
# strategy:
# fail-fast: false
# matrix:
# branch: ${{ fromJson(needs.discover.outputs.branches) }}
# uses: ./.github/workflows/container_app_push.yml
# with:
# branch: ${{ matrix.branch }}
hub-description:
name: Push description to DockerHub
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
needs: base-image
# TODO: Remove once we are sure all of this works...
if: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Render README
id: render
run: |
TAGS_JSON='${{ needs.base-image.outputs.supported_tag_matrix }}'
echo "$TAGS_JSON" | jq -r 'keys | sort | reverse | .[]' |
while IFS= read -r branch; do
echo \
"- \`$( echo "$TAGS_JSON" | jq --arg v "$branch" -r '.[$v] | join("`, `")' )\`" \
"([Dockerfile](https://github.com/IQSS/dataverse/blob/${branch}/modules/container-base/src/main/docker/Dockerfile)," \
"[Patches](https://github.com/IQSS/dataverse/blob/develop/modules/container-base/src/backports/${branch}))" \
| tee -a "${GITHUB_WORKSPACE}/tags.md"
done
sed -i -e "/<\!-- TAG BLOCK HERE -->/r ${GITHUB_WORKSPACE}/tags.md" "./modules/container-base/README.md"
- name: Push description to DockerHub
uses: peter-evans/dockerhub-description@v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
repository: gdcc/base
short-description: "Dataverse Base Container image providing Payara application server and optimized configuration"
readme-filepath: ./modules/container-base/README.md