kennyh
/
emqx4.3


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209
							name: Build and push docker images

concurrency:
  group: docker-build-${{ github.event_name }}-${{ github.ref }}
  cancel-in-progress: true

on:
  workflow_call:
    inputs:
      profile:
        required: true
        type: string
      latest:
        required: true
        type: string
      publish:
        required: true
        type: boolean
      build_from:
        required: true
        type: string
      run_from:
        required: true
        type: string
    secrets:
      DOCKER_HUB_USER:
        required: true
      DOCKER_HUB_TOKEN:
        required: true
      AWS_ACCESS_KEY_ID:
        required: true
      AWS_SECRET_ACCESS_KEY:
        required: true
  workflow_dispatch:
    inputs:
      ref:
        required: false
      profile:
        required: false
        type: string
        default: 'emqx'
      latest:
        required: false
        type: boolean
        default: false
      publish:
        required: false
        type: boolean
        default: false
      build_from:
        required: false
        type: string
        default: ghcr.io/emqx/emqx-builder/5.3-9:1.15.7-26.2.5-3-debian12
      run_from:
        default: public.ecr.aws/debian/debian:stable-20240612-slim

permissions:
  contents: read

jobs:
  build:
    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON(format('["self-hosted","ephemeral","linux","{0}"]', matrix.arch)) || 'ubuntu-22.04' }}
    container: ${{ inputs.build_from }}
    outputs:
      PKG_VSN: ${{ steps.build.outputs.PKG_VSN }}

    strategy:
      fail-fast: false
      matrix:
        profile:
          - ${{ inputs.profile }}
          - ${{ inputs.profile }}-elixir
        arch:
          - x64
          - arm64

    steps:
      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
        with:
          ref: ${{ github.event.inputs.ref }}
      - run: git config --global --add safe.directory "$PWD"
      - name: build release tarball
        id: build
        run: |
          make ${{ matrix.profile }}-tgz
      - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
        with:
          name: "${{ matrix.profile }}-${{ matrix.arch }}.tar.gz"
          path: "_packages/emqx*/emqx-*.tar.gz"
          retention-days: 7
          overwrite: true
          if-no-files-found: error

  docker:
    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
    needs:
      - build
    defaults:
      run:
        shell: bash

    strategy:
      fail-fast: false
      matrix:
        profile:
          - ["${{ inputs.profile }}", "${{ inputs.profile == 'emqx' && 'docker.io,public.ecr.aws' || 'docker.io' }}"]
          - ["${{ inputs.profile }}-elixir", "${{ inputs.profile == 'emqx' && 'docker.io,public.ecr.aws' || 'docker.io' }}"]

    steps:
      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
        with:
          ref: ${{ github.event.inputs.ref }}
      - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
        with:
          pattern: "${{ matrix.profile[0] }}-*.tar.gz"
          path: _packages
          merge-multiple: true

      - name: Move artifacts to root directory
        env:
          PROFILE: ${{ inputs.profile }}
        run: |
          ls -lR _packages/$PROFILE
          mv _packages/$PROFILE/*.tar.gz ./
      - name: Enable containerd image store on Docker Engine
        run: |
          echo "$(jq '. += {"features": {"containerd-snapshotter": true}}' /etc/docker/daemon.json)" > daemon.json
          sudo mv daemon.json /etc/docker/daemon.json
          sudo systemctl restart docker

      - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
      - uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0

      - name: Login to hub.docker.com
        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
        if: inputs.publish && contains(matrix.profile[1], 'docker.io')
        with:
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_TOKEN }}

      - name: Login to AWS ECR
        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
        if: inputs.publish && contains(matrix.profile[1], 'public.ecr.aws')
        with:
          registry: public.ecr.aws
          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          ecr: true

      - name: Build docker image for smoke test
        env:
          PROFILE: ${{ matrix.profile[0] }}
          DOCKER_REGISTRY: ${{ matrix.profile[1] }}
          DOCKER_ORG: ${{ github.repository_owner }}
          DOCKER_LATEST: ${{ inputs.latest }}
          DOCKER_PUSH: false
          DOCKER_BUILD_NOCACHE: true
          BUILD_FROM: ${{ inputs.build_from }}
          RUN_FROM: ${{ inputs.run_from }}
          PKG_VSN: ${{ needs.build.outputs.PKG_VSN }}
          EMQX_SOURCE_TYPE: tgz
        run: |
          ./build ${PROFILE} docker
          echo "Built tags:"
          echo "==========="
          cat .emqx_docker_image_tags
          echo "==========="
          echo "_EMQX_DOCKER_IMAGE_TAG=$(head -n 1 .emqx_docker_image_tags)" >> $GITHUB_ENV

      - name: smoke test
        timeout-minutes: 1
        run: |
          for tag in $(cat .emqx_docker_image_tags); do
            CID=$(docker run -d -p 18083:18083 $tag)
            HTTP_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "18083/tcp") 0).HostPort}}' $CID)
            ./scripts/test/emqx-smoke-test.sh localhost $HTTP_PORT
            docker rm -f $CID
          done
      - name: dashboard tests
        working-directory: ./scripts/ui-tests
        timeout-minutes: 5
        run: |
          set -eu
          docker compose up --abort-on-container-exit --exit-code-from selenium
          docker compose rm -fsv
      - name: test node_dump
        run: |
          CID=$(docker run -d -P $_EMQX_DOCKER_IMAGE_TAG)
          docker exec -t -u root -w /root $CID bash -c 'apt-get -y update && apt-get -y install net-tools'
          docker exec -t -u root $CID node_dump
          docker rm -f $CID

      - name: Build and push docker image
        if: inputs.publish || github.repository_owner != 'emqx'
        env:
          PROFILE: ${{ matrix.profile[0] }}
          DOCKER_REGISTRY: ${{ matrix.profile[1] }}
          DOCKER_ORG: ${{ github.repository_owner }}
          DOCKER_LATEST: ${{ inputs.latest }}
          DOCKER_PUSH: true
          DOCKER_BUILD_NOCACHE: false
          DOCKER_PLATFORMS: linux/amd64,linux/arm64
          DOCKER_LOAD: false
          BUILD_FROM: ${{ inputs.build_from }}
          RUN_FROM: ${{ inputs.run_from }}
          PKG_VSN: ${{ needs.build.outputs.PKG_VSN }}
          EMQX_SOURCE_TYPE: tgz
        run: |
          ./build ${PROFILE} docker