-
Notifications
You must be signed in to change notification settings - Fork 112
[CLIENT-3813] CI/CD: Check if custom server image was built for the base image already. Also add workflow to build server docker image for dev tests #849
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft
juliannguyen4
wants to merge
13
commits into
dev
Choose a base branch
from
CLIENT-3813-cicd-add-workflow-to-build-server-docker-image-for-dev-tests
base: dev
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit
Hold shift + click to select a range
05e8890
Add workflow to build and publish custom server image to ghcr.io
juliannguyen4 62b5d3b
register workflow
juliannguyen4 bdc0896
Revert "register workflow"
juliannguyen4 c763995
Only build server docker image if the custom image doesn't exist
juliannguyen4 7a8da84
Merge remote-tracking branch 'origin/dev' into CLIENT-3813-cicd-add-w…
juliannguyen4 ffe6b11
Finish logic that checks for custom image before rebuilding Dockerfile
juliannguyen4 ffce368
Just revert
juliannguyen4 d1b46f3
Fix. log into ghcr to upload server docker image
juliannguyen4 5d0019d
Composite action can't access GITHUB_TOKEN directly
juliannguyen4 2bfc9be
fix
juliannguyen4 35d0f71
fix.
juliannguyen4 7d63a8a
Make easier to debug
juliannguyen4 02085a3
Merge remote-tracking branch 'origin/dev' into CLIENT-3813-cicd-add-w…
juliannguyen4 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| base-image-name: | ||
| type: string | ||
| description: "Server base image name" | ||
| required: true | ||
| default: 'aerospike/aerospike-server-enterprise' | ||
| base-image-tag: | ||
| type: string | ||
| description: "Server base image tag" | ||
| required: true | ||
| default: 'latest' | ||
| new-image-tag: | ||
| type: string | ||
| description: "New image tag" | ||
| required: true | ||
| default: 'latest' | ||
|
|
||
| env: | ||
| TLS_PORT: 4333 | ||
| REGISTRY: ghcr.io | ||
|
|
||
| jobs: | ||
| build-image: | ||
| runs-on: ubuntu-24.04 | ||
| steps: | ||
| - name: Log into Github's Docker registry to upload our custom server Docker image | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Set new Docker image name and tag | ||
| uses: docker/metadata-action@v5 | ||
| id: meta | ||
| with: | ||
| images: ${{ env.REGISTRY }}/aerospike/aerospike-server-enterprise | ||
| flavor: | | ||
| latest=false | ||
| type=raw,value=${{ inputs.new-image-tag }} | ||
|
|
||
| - name: Build Aerospike server EE Docker image for testing | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| # Don't want to use default Git context or else it will clone the whole Python client repo again | ||
| context: .github/workflows/docker-build-context | ||
| build-args: | | ||
| SERVER_IMAGE=${{ inputs.base-image-name }}:${{ inputs.base-image-tag }} | ||
| TLS_PORT=${{ env.TLS_PORT }} | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| # setup-buildx-action configures Docker to use the docker-container build driver | ||
| # This driver doesn't publish an image locally by default | ||
| # so we have to manually enable it | ||
| load: true | ||
| push: true | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Copilot Autofix
AI about 1 month ago
To fix the problem, an explicit
permissionsblock should be added at either the workflow or job level to limit theGITHUB_TOKEN's permissions to only what is strictly needed. For this workflow, pushing Docker images to the GitHub Container Registry and accessing repository content are required. Thus, settingpermissionstocontents: readandpackages: writesuffices. The recommended best practice is to setpermissionsat the top level of the workflow unless specific jobs require broader or different permissions.Change required:
Add the following at the root of
.github/workflows/build-server-ee-image-for-dev-tests.yml, directly after theon:orenv:keys (typically afteron:and beforeenv:):No additional imports, method definitions, or variable definitions are required.