Merge pull request #719 from NBISweden/hotfix/productions-bugs #1715
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Create packages | |
on: | |
push: | |
tags: | |
- "v*" # Trigger on version tags | |
branches: | |
- "main" | |
- "master" | |
- "develop" | |
- "production" | |
- "test-prod" | |
paths-ignore: | |
- "**.md" | |
- "docs/**" | |
- ".gitignore" | |
- "LICENSE" | |
jobs: | |
changes: | |
runs-on: ubuntu-latest | |
outputs: | |
frontend: ${{ steps.filter.outputs.frontend }} | |
main: ${{ steps.filter.outputs.main }} | |
r-api: ${{ steps.filter.outputs.r-api }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dorny/paths-filter@v2 | |
id: filter | |
with: | |
filters: | | |
frontend: | |
- 'frontend/**' | |
- '.docker/frontend' | |
main: | |
- 'app/**' | |
- '.docker/main' | |
r-api: | |
- 'R/**' | |
- '.docker/r-api' | |
build: | |
needs: changes | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Update tags.json version | |
uses: jossef/[email protected] | |
with: | |
file: frontend/src/tags.json | |
field: gitBranch | |
value: ${{ github.ref_name }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_USER }} | |
password: ${{ secrets.GHCR_PAT }} | |
- name: Prepare .docker files | |
run: | | |
for p in .docker/*.default ; do | |
mv "$p" "${p%.default}" | |
done | |
# Pull existing images for layer caching | |
- name: Pull existing images | |
run: | | |
# Sanitize branch name for docker tags | |
branch="${{ github.ref_name }}" | |
safe_branch="${branch//\//-}" # Replace / with - | |
for image in herdbook_r-api herdbook_main herdbook_frontend; do | |
docker pull "ghcr.io/nbisweden/$image:latest" || true | |
docker pull "ghcr.io/nbisweden/$image:$safe_branch" || true | |
done | |
# Build images using docker compose | |
- name: Build images | |
env: | |
DOCKER_BUILDKIT: 1 | |
COMPOSE_DOCKER_CLI_BUILD: 1 | |
run: | | |
# For tags, we rebuild frontend and main with the correct version | |
# For production, we build fresh | |
# For other branches, we build only changed components | |
if [[ "${{ github.ref_type }}" == "tag" ]]; then | |
echo "Tag detected - rebuilding frontend and main with version ${{ github.ref_name }}" | |
# Pull production image for r-api | |
docker pull "ghcr.io/nbisweden/herdbook_r-api:production" | |
# Build frontend and main with new version | |
docker compose build --build-arg BUILDKIT_INLINE_CACHE=1 \ | |
--build-arg COMMIT_SHA="${{ github.sha }}" \ | |
herdbook-frontend main | |
elif [[ "${{ github.ref_name }}" == "production" ]]; then | |
echo "Production branch - building fresh images" | |
docker compose build --no-cache --build-arg BUILDKIT_INLINE_CACHE=1 \ | |
--build-arg COMMIT_SHA="${{ github.sha }}" \ | |
herdbook-frontend main | |
else | |
# For other branches, only build changed images and their dependents | |
if [[ "${{ needs.changes.outputs.frontend }}" == "true" ]]; then | |
docker compose build --build-arg BUILDKIT_INLINE_CACHE=1 \ | |
--build-arg COMMIT_SHA="${{ github.sha }}" \ | |
herdbook-frontend main | |
elif [[ "${{ needs.changes.outputs.main }}" == "true" ]]; then | |
docker compose build --build-arg BUILDKIT_INLINE_CACHE=1 \ | |
--build-arg COMMIT_SHA="${{ github.sha }}" \ | |
main | |
fi | |
if [[ "${{ needs.changes.outputs.r-api }}" == "true" ]]; then | |
docker compose build --build-arg BUILDKIT_INLINE_CACHE=1 r-api | |
fi | |
fi | |
# Push images | |
- name: Push images | |
run: | | |
# Sanitize branch name for docker tags | |
branch="${{ github.ref_name }}" | |
safe_branch="${branch//\//-}" # Replace / with - | |
# Function to push an image if it was built or if we're tagging | |
push_if_built() { | |
local image="$1" | |
local is_tag="${2:-false}" | |
# For tags, try to pull the production image first and verify commit SHA | |
if [[ "$is_tag" == "true" ]]; then | |
echo "Pulling production image for $image..." | |
docker pull "ghcr.io/nbisweden/$image:production" || { echo "Failed to pull production image"; return 1; } | |
# Extract commit SHA from production image label | |
prod_sha=$(docker inspect "ghcr.io/nbisweden/$image:production" --format '{{index .Config.Labels "org.opencontainers.image.revision"}}') | |
current_sha="${{ github.sha }}" | |
echo "Production image commit: $prod_sha" | |
echo "Tag commit: $current_sha" | |
if [[ "$prod_sha" != "$current_sha" ]]; then | |
echo "Error: Production image was not built from the same commit as this tag" | |
echo "Production commit: $prod_sha" | |
echo "Tag commit: $current_sha" | |
return 1 | |
fi | |
docker tag "ghcr.io/nbisweden/$image:production" "$image:latest" | |
fi | |
if docker image inspect "$image:latest" >/dev/null 2>&1; then | |
docker tag "$image:latest" "ghcr.io/nbisweden/$image:$safe_branch" | |
docker push "ghcr.io/nbisweden/$image:$safe_branch" | |
if [[ "${{ github.ref_type }}" == "tag" || "$branch" == "main" || "$branch" == "master" || "$branch" == "develop" || "$branch" == "production" || "$branch" == "test-prod" ]]; then | |
docker tag "$image:latest" "ghcr.io/nbisweden/$image:latest" | |
docker push "ghcr.io/nbisweden/$image:latest" | |
fi | |
fi | |
} | |
# For tags, retag production images. For production, push built images | |
if [[ "${{ github.ref_type }}" == "tag" ]]; then | |
# Frontend and main were rebuilt with new version | |
push_if_built "herdbook_frontend" | |
push_if_built "herdbook_main" | |
# R-API uses production image | |
docker tag "ghcr.io/nbisweden/herdbook_r-api:production" "ghcr.io/nbisweden/herdbook_r-api:$safe_branch" | |
docker tag "ghcr.io/nbisweden/herdbook_r-api:production" "ghcr.io/nbisweden/herdbook_r-api:latest" | |
docker push "ghcr.io/nbisweden/herdbook_r-api:$safe_branch" | |
docker push "ghcr.io/nbisweden/herdbook_r-api:latest" | |
elif [[ "${{ github.ref_name }}" == "production" ]]; then | |
push_if_built "herdbook_frontend" | |
push_if_built "herdbook_main" | |
else | |
# For other branches, push only the images that were built | |
if [[ "${{ needs.changes.outputs.frontend }}" == "true" ]]; then | |
push_if_built "herdbook_frontend" | |
fi | |
if [[ "${{ needs.changes.outputs.main }}" == "true" || "${{ needs.changes.outputs.frontend }}" == "true" ]]; then | |
push_if_built "herdbook_main" | |
fi | |
if [[ "${{ needs.changes.outputs.r-api }}" == "true" ]]; then | |
push_if_built "herdbook_r-api" | |
fi | |
fi |