Skip to content

Allow configuring of additional domains that redirect to the frontpage #478

Allow configuring of additional domains that redirect to the frontpage

Allow configuring of additional domains that redirect to the frontpage #478

Workflow file for this run

name: Internet.nl Docker
on:
pull_request:
release:
push:
branches:
- main
- release/*
env:
registry: ghcr.io/internetstandards
jobs:
# builds all docker images in parallel
build-docker:
runs-on: ubuntu-22.04
strategy:
matrix:
include:
- image: internet.nl
dockerfile: docker/Dockerfile
target: app
- image: unbound
dockerfile: docker/Dockerfile
target: unbound
- image: linttest
dockerfile: docker/Dockerfile
target: linttest
- image: test-runner
dockerfile: docker/test-runner.Dockerfile
target:
- image: webserver
dockerfile: docker/webserver.Dockerfile
target:
- image: rabbitmq
dockerfile: docker/rabbitmq.Dockerfile
target:
- image: grafana
dockerfile: docker/grafana.Dockerfile
target:
- image: prometheus
dockerfile: docker/prometheus.Dockerfile
target:
outputs:
internetnl_version: ${{ steps.get_version.outputs.internetnl_version }}
steps:
- uses: actions/checkout@v3
# include vendor/ submodules used to build dependencies like nassl and unbound
with:
submodules: recursive
- name: Unshallow repository for version tag
run: |
# https://github.com/pypa/setuptools_scm/issues/414
git fetch --prune --unshallow
git fetch --depth=1 origin +refs/tags/*:refs/tags/*
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Generate version number
id: get_version
run: |
pip -q install setuptools_scm
# '+' is not supported in Docker Image tags
echo "internetnl_version=$(python -m setuptools_scm)" | tr '+' '-'| tee -a "$GITHUB_OUTPUT"
# login to pull images from Github registry
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build ${{ matrix.image }} (for non-forked PR's)
# build for non-forked PR's that are allowed to use the registry
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && ! startsWith(github.head_ref, 'dependabot/')
# build steps should not take longer than 15 minutes, if they do it's probably because Github Actions hangs
timeout-minutes: 15
uses: docker/build-push-action@v5
with:
context: .
file: ${{ matrix.dockerfile }}
target: ${{ matrix.target }}
# tag image with current setuptools_scm generated version
# and tag with PR source branch (eg: feature-x)
tags: |
${{ env.registry }}/${{ matrix.image }}:${{ steps.get_version.outputs.internetnl_version }}
${{ env.registry }}/${{ matrix.image }}:branch-${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref_name}}
# use latest build from main, or image previously build by this PR for caching
cache-from: |
${{ env.registry }}/${{ matrix.image }}:main
${{ env.registry }}/${{ matrix.image }}:branch-${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref_name}}
# push images to registry
push: true
# makes build images better usable as cache by allowing individual layers to be pulled from cache
# pass in version information
build-args: |
BUILDKIT_INLINE_CACHE=1
INTERNETNL_VERSION=${{ steps.get_version.outputs.internetnl_version }}
- name: Build ${{ matrix.image }} (for main)
# build for pushes to the main branch
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
# build steps should not take longer than 15 minutes, if they do it's probably because Github Actions hangs
timeout-minutes: 15
uses: docker/build-push-action@v5
with:
context: .
file: ${{ matrix.dockerfile }}
target: ${{ matrix.target }}
# tag image with current setuptools_scm generated version
# and tag with current branch name (eg: main)
tags: |
${{ env.registry }}/${{ matrix.image }}:${{ steps.get_version.outputs.internetnl_version }}
${{ env.registry }}/${{ matrix.image }}:main
# use latest build from main for caching
cache-from: |
${{ env.registry }}/${{ matrix.image }}:main
# push images to registry
push: true
# makes build images better usable as cache by allowing individual layers to be pulled from cache
# pass in version information
build-args: |
BUILDKIT_INLINE_CACHE=1
INTERNETNL_VERSION=${{ steps.get_version.outputs.internetnl_version }}
- name: Build ${{ matrix.image }} (for release)
# build for tagged releases
if: github.event_name == 'release'
# build steps should not take longer than 15 minutes, if they do it's probably because Github Actions hangs
timeout-minutes: 15
uses: docker/build-push-action@v5
with:
context: .
file: ${{ matrix.dockerfile }}
target: ${{ matrix.target }}
# tag image with current setuptools_scm generated version and tag 'latest'
tags: |
${{ env.registry }}/${{ matrix.image }}:${{ steps.get_version.outputs.internetnl_version }}
${{ env.registry }}/${{ matrix.image }}:latest
# use latest build from main for caching
cache-from: |
${{ env.registry }}/${{ matrix.image }}:main
# push images to registry
push: true
# makes build images better usable as cache by allowing individual layers to be pulled from cache
# pass in version information
build-args: |
BUILDKIT_INLINE_CACHE=1
INTERNETNL_VERSION=${{ steps.get_version.outputs.internetnl_version }}
- name: Build ${{ matrix.image }} (for forked PR's or dependabot)
# build for forked PR's that don't have permissions to push to the container registry or dependabot PR's
if: |
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) ||
(github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/'))
# build steps should not take longer than 15 minutes, if they do it's probably because Github Actions hangs
timeout-minutes: 15
uses: docker/build-push-action@v5
with:
context: .
file: ${{ matrix.dockerfile }}
target: ${{ matrix.target }}
# tag image with current setuptools_scm generated version
tags: |
${{ env.registry }}/${{ matrix.image }}:${{ steps.get_version.outputs.internetnl_version }}
# use latest build from main for caching
cache-from: |
${{ env.registry }}/${{ matrix.image }}:main
# don't push to registry due to permissions, but store in Docker so can be exported for artifacts below
load: true
# makes build images better usable as cache by allowing individual layers to be pulled from cache
# pass in version information
build-args: |
INTERNETNL_VERSION=${{ steps.get_version.outputs.internetnl_version }}
- name: Save image to disk (for forked PR's or dependabot)
# trigger only for forked PR's that don't have permissions to push to the container registry
if: |
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) ||
(github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/'))
run: docker save ${{ env.registry }}/${{ matrix.image }}:${{ steps.get_version.outputs.internetnl_version }} | gzip > "${{ matrix.image }}.tar.gz"
- name: Upload image as build artifact (for forked PR's or dependabot)
# trigger only for forked PR's that don't have permissions to push to the container registry
if: |
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) ||
(github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/'))
uses: actions/upload-artifact@v3
with:
name: "${{ matrix.image }}"
path: "${{ matrix.image }}.tar.gz"
# we don't need to keep these any longer than the subsequent jobs, this is the shortest it can be configured
retention-days: 1
docs:
runs-on: ubuntu-22.04
needs: [build-docker]
steps:
- name: Branch deployment docs
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && ! startsWith(github.head_ref, 'dependabot/')
run: |
cat >> $GITHUB_STEP_SUMMARY <<EOF
To deploy this specific build to a existing deployment run the following update commands:
export BRANCH="${{ github.sha }}" && \\
export RELEASE="${{ needs.build-docker.outputs.internetnl_version }}" && \\
cd /opt/Internet.nl/ && \\
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/\$BRANCH/docker/defaults.env && \\
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/\$BRANCH/docker/docker-compose.yml && \\
env -i RELEASE="\$RELEASE" docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env pull && \\
env -i RELEASE="\$RELEASE" docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env up --remove-orphans --wait --no-build
To deploy the latest build in this PR's branch to a existing deployment run the following update commands:
export BRANCH="${{ github.head_ref }}" && \\
export RELEASE="branch-${{ github.head_ref }}" && \\
cd /opt/Internet.nl/ && \\
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/\$BRANCH/docker/defaults.env && \\
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/\$BRANCH/docker/docker-compose.yml && \\
env -i RELEASE="\$RELEASE" docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env pull && \\
env -i RELEASE="\$RELEASE" docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env up --remove-orphans --wait --no-build
EOF
- name: Release deployment docs
if: github.event_name == 'release'
run: |
cat >> $GITHUB_STEP_SUMMARY <<EOF
To deploy this release to an existing deployment run the following update commands:
export RELEASE="${{ needs.build-docker.outputs.internetnl_version }}" && \\
export TAG="v$RELEASE" && \\
cd /opt/Internet.nl/ && \\
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/\$TAG/docker/defaults.env && \\
curl -sSfO --output-dir docker https://raw.githubusercontent.com/internetstandards/Internet.nl/\$TAG/docker/docker-compose.yml && \\
env -i RELEASE="\$RELEASE" docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env pull && \\
env -i RELEASE="\$RELEASE" docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env up --remove-orphans --wait --no-build
EOF
integration-test:
needs: [build-docker]
runs-on: ubuntu-22.04
env:
# used in `docker-compose.yml` files to determine version of images to pull
RELEASE: "${{ needs.build-docker.outputs.internetnl_version }}"
PY_COLORS: "1"
steps:
- name: Enable ip6tables in Docker
run: |
sudo bash -c 'echo "{ \"ip6tables\": true, \"experimental\":true}" > /etc/docker/daemon.json'
sudo systemctl restart docker.service
sudo ip6tables -I DOCKER-USER --dst ff00::/8 -j ACCEPT
- uses: actions/checkout@v3
# login to pull images from Github registry
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Download images from artifacts (for forked PR's or dependabot)
# trigger only for forked PR's that don't have permissions to push to the container registry
if: |
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) ||
(github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/'))
uses: actions/download-artifact@v3
with:
path: images/
- name: Load images from artifacts (for forked PR's or dependabot)
# trigger only for forked PR's that don't have permissions to push to the container registry
if: |
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) ||
(github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/'))
run: find images/ -type f -name *.tar.gz -exec sh -c 'gunzip --stdout "{}" | docker load' \;
- name: Pull docker images
# build env includes all images, this will pull additional images not loaded from artifacts for
# forked PR's/dependabot build or previously build images from the registry for non-forked PR builds
# main and release builds
run: make pull env=build pull_args=--ignore-buildable
- name: Start test instance
run: make up env=test
- name: Run integration tests
run: make integration-tests-verbose env=test
- name: Check nginx config
run: make check-gixy
- name: Collect Docker Compose logs
if: always()
run: make logs-all-dump env=test > docker-compose.log
- uses: test-summary/[email protected]
with:
paths: test-results.xml
if: always()
continue-on-error: true
- name: Failure log
if: failure()
# log last few lines in case of failure for quick debugging
run: make docker-compose args="logs --tail=100" env=test
- name: Archive test results
uses: actions/upload-artifact@v3
if: always()
with:
name: Playwright integration test results (screenshots, video)
path: test-results/
if-no-files-found: ignore
- name: Archive test results
uses: actions/upload-artifact@v3
if: always()
with:
name: Integration test Docker Compose Logs
path: docker-compose.log
if-no-files-found: ignore
lintcheck:
name: lint/check
needs: [build-docker]
runs-on: ubuntu-22.04
env:
# used in `docker-compose.yml` files to determine version of images to pull
RELEASE: "${{ needs.build-docker.outputs.internetnl_version }}"
steps:
- uses: actions/checkout@v3
# login to pull images from Github registry
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Download images from artifacts (for forked PR's or dependabot)
# trigger only for forked PR's that don't have permissions to push to the container registry
if: |
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) ||
(github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/'))
uses: actions/download-artifact@v3
with:
path: images/
- name: Load images from artifacts (for forked PR's or dependabot)
# trigger only for forked PR's that don't have permissions to push to the container registry
if: |
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) ||
(github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/'))
run: find images/ -type f -name *.tar.gz -exec sh -c 'gunzip --stdout "{}" | docker load' \;
- name: Run check
run: /bin/bash -o pipefail -c 'make --silent check | tee -a $GITHUB_STEP_SUMMARY'
- name: Run lint
run: /bin/bash -o pipefail -c 'make --silent lint | tee -a $GITHUB_STEP_SUMMARY'
test:
needs: [build-docker]
runs-on: ubuntu-22.04
env:
# used in `docker-compose.yml` files to determine version of images to pull
RELEASE: "${{ needs.build-docker.outputs.internetnl_version }}"
steps:
- uses: actions/checkout@v3
# login to pull images from Github registry
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Download images from artifacts (for forked PR's or dependabot)
# trigger only for forked PR's that don't have permissions to push to the container registry
if: |
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) ||
(github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/'))
uses: actions/download-artifact@v3
with:
path: images/
- name: Load images from artifacts (for forked PR's or dependabot)
# trigger only for forked PR's that don't have permissions to push to the container registry
if: |
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) ||
(github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/'))
run: find images/ -type f -name *.tar.gz -exec sh -c 'gunzip --stdout "{}" | docker load' \;
- name: Pull docker images
# build env includes all images
run: make pull env=build pull_args=--ignore-buildable
- name: Run test
run: make test
- uses: test-summary/[email protected]
with:
paths: test-results.xml
if: always()
continue-on-error: true
development-environment-test:
needs: [build-docker]
runs-on: ubuntu-22.04
env:
# used in `docker-compose.yml` files to determine version of images to pull
RELEASE: "${{ needs.build-docker.outputs.internetnl_version }}"
steps:
- uses: actions/checkout@v3
# login to pull images from Github registry
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Download images from artifacts (for forked PR's or dependabot)
# trigger only for forked PR's that don't have permissions to push to the container registry
if: |
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) ||
(github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/'))
uses: actions/download-artifact@v3
with:
path: images/
- name: Load images from artifacts (for forked PR's or dependabot)
# trigger only for forked PR's that don't have permissions to push to the container registry
if: |
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) ||
(github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/'))
run: find images/ -type f -name *.tar.gz -exec sh -c 'gunzip --stdout "{}" | docker load' \;
- name: Pull docker images
# build env includes all images
run: make pull env=build pull_args=--ignore-buildable
- name: Start development environment
run: make up env=develop
- name: Run development environment tests
run: make develop-tests
- name: Collect Docker Compose logs
if: always()
run: make logs-all-dump env=develop > docker-compose.log
- uses: test-summary/[email protected]
with:
paths: test-results.xml
if: always()
continue-on-error: true
- name: Failure log
if: failure()
# log last few lines in case of failure for quick debugging
run: make docker-compose args="logs --tail=100" env=develop
- name: Archive test results
uses: actions/upload-artifact@v3
if: always()
with:
name: Playwright development environment test results (screenshots, video)
path: test-results/
if-no-files-found: ignore
- name: Archive test results
uses: actions/upload-artifact@v3
if: always()
with:
name: Development environment test Docker Compose Logs
path: docker-compose.log
if-no-files-found: ignore