ARC-1239: Setup Dockerfile & Release Flow

oviva-ag · Feb 8, 2024 · 665809e · 665809e
1 parent 36ecaa3
commit 665809e
Show file tree

Hide file tree

Showing 4 changed files with 137 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,21 @@
+version: 2
+updates:
+  - package-ecosystem: maven
+    registries: "*"
+    directory: "/"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "NA:"
+    groups:
+      maven-non-breaking-changes:
+        update-types:
+          - 'minor'
+          - 'patch'
+  - package-ecosystem: docker
+    registries: "*"
+    directory: "/"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "NA:"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,58 @@
+name: Build and Publish Application Image
+
+on:
+  push:
+    tags:
+      - 'ehealthid-relying-party/v[0-9]+.[0-9]+.[0-9]+-[a-z]+.[0-9]+'
+
+jobs:
+  deploy:
+    env:
+      DOCKER_REPO: 'europe-docker.pkg.dev/oviva-pkg/ovi/'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup Java
+        uses: actions/setup-java@v3
+        with:
+          java-version: 21
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Get version
+        id: version
+        run: |
+          echo "parsing version from ref '$GITHUB_REF'"
+          VERSION=$(echo "$GITHUB_REF" | sed -e 's|.*/ehealthid-relying-party/v\(.*\)|\1|g')
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+      - name: Update Version
+        env:
+          VERSION: ${{ steps.version.outputs.version }}
+        run: |
+          echo "updating version to '$VERSION'"
+          make update-version "VERSION=$VERSION"
+      - name: Authenticate to Google Cloud
+        id: auth
+        uses: google-github-actions/auth@v2
+        with:
+          token_format: access_token
+          workload_identity_provider: projects/155692196363/locations/global/workloadIdentityPools/github-actions-sa/providers/github-actions-sa
+          service_account: gh-wi-main-registry-writer-gh@github-actions-sa.iam.gserviceaccount.com
+      - name: Login to Google Artifact Registry
+        uses: docker/login-action@v2
+        with:
+          registry: europe-docker.pkg.dev
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Build and push Image
+        env:
+          VERSION: ${{ steps.version.outputs.version }}
+        run: |
+          make dist RELEASE_TAG=v$VERSION
+    permissions:
+      contents: read
+      id-token: write
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,29 @@
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3
+
+LABEL org.opencontainers.image.source="https://github.com/oviva-ag/outbox-relay"
+
+ARG JAVA_PACKAGE=java-21-openjdk-headless
+ARG RUN_JAVA_VERSION=1.3.8
+
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
+
+# Install java and the run-java script
+# Also set up permissions for user `1001`
+RUN microdnf -y install ca-certificates ${JAVA_PACKAGE} \
+    && microdnf -y update \
+    && microdnf clean all \
+    && mkdir /deployments \
+    && chown 1001 /deployments \
+    && chmod "g+rwX" /deployments \
+    && chown 1001:root /deployments \
+    && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh \
+    && chown 1001 /deployments/run-java.sh \
+    && chmod 540 /deployments/run-java.sh \
+    && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/conf/security/java.security \
+    && echo "securerandom.strongAlgorithms=NativePRNGNonBlocking:SUN,DRBG:SUN" >> /etc/alternatives/jre/conf/security/java.security
+
+COPY --chown=1001 ehealthid-rp/target/ehealthid-rp-jar-with-dependencies.jar /deployments/
+
+USER 1001
+
+ENTRYPOINT [ "/deployments/run-java.sh" ]
diff --git a/Makefile b/Makefile
@@ -0,0 +1,29 @@
+
+MVN=./mvnw
+IMAGE_NAME=ehealthid-relying-party
+VERSION?=$(shell $(MVN) -q -Dexec.executable=echo -Dexec.args='$${project.version}' --non-recursive exec:exec)
+export DOCKER_REPO?=europe-docker.pkg.dev/oviva-pkg/ovi/
+GIT_COMMIT=`git rev-parse HEAD`
+
+.PHONY: update-version test unit-test integration-test setup dist build clean install docker
+
+build:
+	@$(MVN) -T 8 $(MAVEN_CLI_OPTS) -am package
+
+clean:
+	@$(MVN) -T 8 $(MAVEN_CLI_OPTS) -am clean
+
+test:
+	@$(MVN) -B verify
+
+update-version:
+	@$(MVN) -B versions:set "-DnewVersion=$(VERSION)"
+
+docker: build
+	@docker build -t $(IMAGE_NAME):v$(VERSION) .
+
+dist: build
+ifndef RELEASE_TAG
+	$(error RELEASE_TAG is not set)
+endif
+	docker buildx build --push --platform linux/amd64,linux/arm64 --label git-commit=$(GIT_COMMIT) --tag "$(DOCKER_REPO)$(IMAGE_NAME):$(RELEASE_TAG)" .