Moved checksum check for _toolbar.html.erb into test step #35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build / Test / Push | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| workflow_dispatch: | |
| env: | |
| BUILD_SUFFIX: -build-${{ github.run_id }}_${{ github.run_attempt }} | |
| DOCKER_METADATA_SET_OUTPUT_ENV: 'true' | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.runner }} | |
| outputs: | |
| image-arm64: ${{ steps.gen-output.outputs.image-arm64 }} | |
| image-x64: ${{ steps.gen-output.outputs.image-x64 }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| runner: | |
| - ubuntu-24.04 | |
| - ubuntu-24.04-arm | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: build-meta | |
| name: Docker meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: type=sha,suffix=${{ env.BUILD_SUFFIX }} | |
| # Build cache is shared among all builds of the same architecture | |
| - id: cache-meta | |
| name: Docker meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: type=raw,value=buildcache-${{ runner.arch }} | |
| - id: get-registry | |
| name: Get the sanitized registry name | |
| run: | | |
| echo "registry=$(echo '${{ steps.build-meta.outputs.tags }}' | cut -f1 -d:)" | tee -a "$GITHUB_OUTPUT" | |
| - id: build | |
| name: Build/push the arch-specific image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| cache-from: type=registry,ref=${{ steps.cache-meta.outputs.tags }} | |
| cache-to: type=registry,ref=${{ steps.cache-meta.outputs.tags }},mode=max | |
| labels: ${{ steps.build-meta.outputs.labels }} | |
| provenance: mode=max | |
| sbom: true | |
| tags: ${{ steps.get-registry.outputs.registry }} | |
| outputs: type=image,push-by-digest=true,push=true | |
| - id: gen-output | |
| name: Write arch-specific image digest to outputs | |
| run: | | |
| echo "image-${RUNNER_ARCH,,}=${{ steps.get-registry.outputs.registry }}@${{ steps.build.outputs.digest }}" | tee -a "$GITHUB_OUTPUT" | |
| merge: | |
| runs-on: ubuntu-24.04 | |
| needs: build | |
| env: | |
| DOCKER_APP_IMAGE_ARM64: ${{ needs.build.outputs.image-arm64 }} | |
| DOCKER_APP_IMAGE_X64: ${{ needs.build.outputs.image-x64 }} | |
| outputs: | |
| image: ${{ steps.meta.outputs.tags }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: meta | |
| name: Generate tag for the app image | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: type=sha,suffix=${{ env.BUILD_SUFFIX }} | |
| - name: Push the multi-platform app image | |
| run: | | |
| docker buildx imagetools create \ | |
| --tag "$DOCKER_METADATA_OUTPUT_TAGS" \ | |
| "$DOCKER_APP_IMAGE_ARM64" "$DOCKER_APP_IMAGE_X64" | |
| test: | |
| runs-on: ubuntu-24.04 | |
| needs: merge | |
| env: | |
| COMPOSE_FILE: compose.yml:compose.ci.yml | |
| DOCKER_APP_IMAGE: ${{ needs.merge.outputs.image }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Compose | |
| uses: docker/setup-compose-action@v1 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup the stack | |
| run: | | |
| cp .env.example .env | |
| docker compose config | |
| docker compose build | |
| docker compose pull | |
| docker compose up --wait | |
| docker compose exec -u root app chown archivesspace:archivesspace artifacts | |
| - name: Verify deployed resource toolbar matches upstream | |
| run: | | |
| set -euo pipefail | |
| csum="$(docker compose exec -T app sh -lc "diff /opt/app/data/tmp/jetty-0_0_0_0-8080-frontend_war-_-any-*/webapp/WEB-INF/app/views/resources/_toolbar.html.erb /opt/app/plugins/local/frontend/views/resources/_toolbar.html.erb | sha256sum | cut -f1 -d' '")" | |
| if [[ "$csum" != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" ]]; then | |
| echo "resources/toolbar.html.erb checksum differs. We override this file in plugins so probably needs to be compared and updated" | |
| exit 1 | |
| fi | |
| - name: Query the ASpace home page | |
| run: | | |
| curl --location --fail --retry 30 --retry-all-errors http://localhost:8080/ | |
| - name: Copy out artifacts | |
| if: ${{ always() }} | |
| run: | | |
| docker compose cp app:/opt/app/artifacts ./ || mkdir artifacts | |
| docker compose logs > artifacts/compose-services.log | |
| docker compose config > artifacts/compose.merged.yml | |
| - name: Upload the build report | |
| if: ${{ always() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ASpace Build Report (${{ github.run_id }}_${{ github.run_attempt }}) | |
| path: artifacts/* | |
| if-no-files-found: error | |
| push: | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - build | |
| - test | |
| env: | |
| DOCKER_APP_IMAGE_ARM64: ${{ needs.build.outputs.image-arm64 }} | |
| DOCKER_APP_IMAGE_X64: ${{ needs.build.outputs.image-x64 }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Produce permanent image tags | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=sha | |
| type=ref,event=branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Retag and push the image | |
| run: | | |
| docker buildx imagetools create \ | |
| $(jq -cr '.tags | map("--tag " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $DOCKER_APP_IMAGE_ARM64 $DOCKER_APP_IMAGE_X64 |