refactor: Fix Thrift to 0.20.0 and split from main docker

Signed-off-by: Helio Chissini de Castro <[email protected]>

Author: heliocastro

.github/testForLicenseHeaders.sh

@@ -40,6 +40,7 @@ done <<< "$(git ls-files \
     | grep -v 'id_rsa' \
     | grep -v '.versions' \
     | grep -v '.github/*' \
+    | grep -v 'third-party/thrift/*' \
     | grep -v 'scripts/lint/checkstyle.xml' \
     | grep -v 'scripts/lint/google_checks.xml' \
     | grep -v 'sw360.code-workspace' \

.github/workflows/build_and_test.yml

@@ -20,6 +20,7 @@ on:
 env:
   COUCHDB_USER: sw360
   COUCHDB_PASSWORD: sw360fossie
+  THRIFT_VERSION: "0.20.0"
 
 permissions:
   contents: read
@@ -43,10 +44,6 @@ jobs:
           chmod +x .github/testForLicenseHeaders.sh
           bash .github/testForLicenseHeaders.sh
 
-      - name: Set environment variables
-        run: |
-          cat .versions >> $GITHUB_ENV
-
       - name: Setup CouchDB
         run: scripts/startCouchdbForTests.sh
 
@@ -79,8 +76,8 @@ jobs:
         run: |
           sudo apt-get update -qq
           sudo DEBIAN_FRONTEND=noninteractive apt-get install -yq build-essential libevent-dev libtool flex bison pkg-config libssl-dev git cmake
-          chmod +x scripts/install-thrift.sh
-          DESTDIR=${{ github.workspace }}/dist/thrift-${{ env.THRIFT_VERSION }} scripts/install-thrift.sh
+          chmod +x third-party/thrift/install-thrift.sh
+          DESTDIR=${{ github.workspace }}/dist/thrift-${{ env.THRIFT_VERSION }} third-party/thrift/install-thrift.sh
 
       - name: Build SW360
         run: |

.github/workflows/docker_deploy.yml renamed to .github/workflows/sw360_container.yml

@@ -11,7 +11,7 @@
 #
 # -----------------------------------------------------------------------------
 
-name: Docker Build
+name: SW360 Container
 
 on:
   schedule:
@@ -61,14 +61,18 @@ jobs:
       - name: Get revision from pom.xml
         id: pom_version
         run: |
-          echo "SW360_VERSION=$(mvn help:evaluate -Dexpression=revision -q -DforceStdout)" >> "$GITHUB_OUTPUT"
+          echo "SW360_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> "$GITHUB_ENV"
 
-  thrift_image:
-    name: Build SW360 Thrift image
+  binary_image:
+    name: SW360 Binary
+    needs: [sw360_version]
     runs-on: ubuntu-24.04
     permissions:
       packages: write
 
+    env:
+      SW360_VERSION: ${{ needs.sw360_version.outputs.sw360_version }}
+
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
@@ -77,65 +81,53 @@ jobs:
 
       - name: Checkout main repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Set environment variables
-        run: |
-          cat .versions >> $GITHUB_ENV
 
-      - name: Build thrift image
-        uses: heliocastro/docker-build-control@923d1cff454145d261107495786218d712fb4799 # v6.0
+      - name: Login to GitHub container registry
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
         with:
-          name: thrift
-          target: localthrift
-          token: ${{ secrets.GITHUB_TOKEN }}
-          version: ${{ env.THRIFT_VERSION }}
-          invalidate-cache: ${{ inputs.invalidate-cache }}
-          debug: ${{ inputs.debug }}
-          build-args: |
-            THRIFT_VERSION=${{ env.THRIFT_VERSION }}
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-  binary_image:
-    name: SW360 Binary
-    needs: [sw360_version, thrift_image]
-    runs-on: ubuntu-24.04
-    permissions:
-      packages: write
+      - name: Set up Docker build
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
 
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+      - name: Extract components metadata (tags, labels)
+        id: meta
+        uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
         with:
-          egress-policy: audit
-
-      - name: Checkout main repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Set environment variables
-        run: |
-          cat .versions >> $GITHUB_ENV
+          images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/thrift
+          tags: |
+            type=schedule,pattern={{date 'YYYYMMDD'}}
+            type=schedule,pattern=snapshot
+            type=semver,pattern={{ env.SW360_VERSION }}
+            type=raw,value=${{ env.SW360_VERSION }}
+            type=ref,event=tag
+          labels: sw360,thrift
 
-      - name: Build binary image
-        uses: heliocastro/docker-build-control@944a0451eadb63cf4f45a8ca66dba07118740faf # v5.1
+      - name: Build image
+        uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
         with:
-          name: binaries
-          version: ${{ env.SW360_VERSION }}
-          token: ${{ secrets.GITHUB_TOKEN }}
-          invalidate-cache: ${{ inputs.invalidate-cache }}
-          debug: ${{ inputs.debug }}
-          platforms: "linux/amd64,linux/arm64"
-          build-args: |
-            THRIFT_VERSION=${{ env.THRIFT_VERSION }}
-            SW360_VERSION=${{ env.SHORT_SHA }}
+          context: .
+          push: false
+          load: true
+          tags: |
+            ${{ steps.meta.outputs.tags }}
+          labels: |
+            ${{ steps.meta.outputs.labels }}
+          provenance: mode=max
+          sbom: true
           secret-files: |
             "couchdb=./config/couchdb/default_secrets"
-          build-contexts: |
-            localthrift=docker-image://${{ env.REGISTRY }}/${{ github.repository }}/thrift:${{ env.THRIFT_VERSION }}
 
-  runtime_image:
+  sw360_image:
     name: SW360 Runtime image
     needs: [sw360_version, binary_image]
     runs-on: ubuntu-24.04
     permissions:
       packages: write
+    env:
+      SW360_VERSION: ${{ needs.sw360_version.outputs.sw360_version }}
 
     steps:
       - name: Harden Runner
@@ -146,20 +138,19 @@ jobs:
       - name: Checkout main repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Set environment variables
-        run: |
-          cat .versions >> $GITHUB_ENV
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
-
       - name: Login to GitHub Container Registry
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
+
       - name: Extract components metadata (tags, labels) runtime image
         id: meta_runtime
         uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
@@ -173,7 +164,7 @@ jobs:
             type=sha,enable=true,prefix=sha-,format=short
             type=ref,event=tag
 
-      - name: Build image
+      - name: Assembly image
         uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           context: .

.github/workflows/thrift_container.yml

@@ -0,0 +1,91 @@
+# -----------------------------------------------------------------------------
+# Copyright Helio Chissini de Castro 2022.
+# Copyright Cariad SE 2024
+# Part of the SW360 Project.
+#
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+# -----------------------------------------------------------------------------
+
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - "third-party/thrift/Dockerfile"
+
+permissions:
+  contents: read
+
+env:
+  REGISTRY: ghcr.io
+  THRIFT_VERSION: "0.20.0" # Will be override but post step. Kept it here for minimal version
+
+jobs:
+  thrift_image:
+    name: SW360 Thrift Container
+    runs-on: ubuntu-24.04
+    permissions:
+      packages: write
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout main repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Login to GitHub container registry
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
+
+      - name: Set up Docker build
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
+
+      - name: Get assigned Thrift version
+        shell: bash
+        run: |
+          THRIFT_VERSION="$(cat third-party/thrift/version)"
+          echo "THRIFT_VERSION=$THRIFT_VERSION" >> $GITHUB_ENV
+          echo "Thrift is set to version $THRIFT_VERSION"
+
+      - name: Extract components metadata (tags, labels)
+        id: meta
+        uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/thrift
+          tags: |
+            type=schedule,pattern={{date 'YYYYMMDD'}}
+            type=schedule,pattern=snapshot
+            type=semver,pattern={{version}}
+            type=raw,value=${{ env.THRIFT_VERSION }}
+            type=ref,event=tag
+          labels: sw360,thrift
+
+      - name: Build image
+        uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
+        with:
+          context: .
+          platforms: "linux/amd64,linux/arm64"
+          push: true
+          load: false
+          file: third-party/thrift/Dockerfile
+          build-args: |
+            THRIFT_VERSION=${{ env.THRIFT_VERSION }}
+          tags: |
+            ${{ steps.meta.outputs.tags }}
+          labels: |
+            ${{ steps.meta.outputs.labels }}
+          provenance: mode=max
+          sbom: true

.versions

@@ -10,49 +10,6 @@
 #
 # SPDX-License-Identifier: EPL-2.0
 
-#--------------------------------------------------------------------------------------------------
-# Thrift
-# Ubuntu Noble image
-FROM ubuntu@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782 AS sw360thriftbuild
-
-ARG BASEDIR="/build"
-ARG DESTDIR="/"
-ARG THRIFT_VERSION
-
-RUN rm -f /etc/apt/apt.conf.d/docker-clean
-RUN --mount=type=cache,mode=0755,target=/var/cache/apt \
-    apt-get -qq update \
-    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-    bison \
-    build-essential \
-    ca-certificates \
-    cmake \
-    curl \
-    flex \
-    libevent-dev \
-    libtool \
-    pkg-config \
-    && rm -rf /var/lib/apt/lists/*
-
-COPY ./scripts/install-thrift.sh build_thrift.sh
-
-RUN --mount=type=tmpfs,target=/build \
-    --mount=type=cache,target=/var/cache/deps \
-    ./build_thrift.sh
-
-FROM scratch AS localthrift
-COPY --from=sw360thriftbuild /usr/local/bin/thrift /usr/local/bin/thrift
-
-#--------------------------------------------------------------------------------------------------
-# SW360 Build Test image
-
-# 3-eclipse-temurin-21
-FROM maven@sha256:70591cb7a67e12414b16603c6e89d95625e802667f2a0932d5362c459f362fff AS sw360test
-
-COPY --from=localthrift /usr/local/bin/thrift /usr/bin
-
-SHELL ["/bin/bash", "-c"]
-
 #--------------------------------------------------------------------------------------------------
 # SW360
 # We build sw360 and create real image after everything is ready
@@ -83,7 +40,7 @@ COPY scripts/docker-config/set_proxy.sh /usr/local/bin/setup_maven_proxy
 RUN chmod a+x /usr/local/bin/setup_maven_proxy \
     && setup_maven_proxy
 
-COPY --from=localthrift /usr/local/bin/thrift /usr/bin
+COPY --from=ghcr.io/eclipse-sw360/thrift:0.20.0 /usr/local/bin/thrift /usr/bin
 
 WORKDIR /build/sw360