Merge pull request #10001 from DSpace/dependabot/maven/spring-7df0a12786 #1429
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# DSpace Docker image build for hub.docker.com | |
name: Docker images | |
# Run this Build for all pushes to 'main' or maintenance branches, or tagged releases. | |
# Also run for PRs to ensure PR doesn't break Docker build process | |
# NOTE: uses "reusable-docker-build.yml" to actually build each of the Docker images. | |
on: | |
push: | |
branches: | |
- main | |
- 'dspace-**' | |
tags: | |
- 'dspace-**' | |
pull_request: | |
permissions: | |
contents: read # to fetch code (actions/checkout) | |
jobs: | |
#################################################### | |
# Build/Push the 'dspace/dspace-dependencies' image. | |
# This image is used by all other DSpace build jobs. | |
#################################################### | |
dspace-dependencies: | |
# Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace' | |
if: github.repository == 'dspace/dspace' | |
uses: ./.github/workflows/reusable-docker-build.yml | |
with: | |
build_id: dspace-dependencies | |
image_name: dspace/dspace-dependencies | |
dockerfile_path: ./Dockerfile.dependencies | |
secrets: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }} | |
####################################### | |
# Build/Push the 'dspace/dspace' image | |
####################################### | |
dspace: | |
# Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace' | |
if: github.repository == 'dspace/dspace' | |
# Must run after 'dspace-dependencies' job above | |
needs: dspace-dependencies | |
uses: ./.github/workflows/reusable-docker-build.yml | |
with: | |
build_id: dspace-prod | |
image_name: dspace/dspace | |
dockerfile_path: ./Dockerfile | |
secrets: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }} | |
# Enable redeploy of sandbox & demo if the branch for this image matches the deployment branch of | |
# these sites as specified in reusable-docker-build.xml | |
REDEPLOY_SANDBOX_URL: ${{ secrets.REDEPLOY_SANDBOX_URL }} | |
REDEPLOY_DEMO_URL: ${{ secrets.REDEPLOY_DEMO_URL }} | |
############################################################# | |
# Build/Push the 'dspace/dspace' image ('-test' tag) | |
############################################################# | |
dspace-test: | |
# Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace' | |
if: github.repository == 'dspace/dspace' | |
# Must run after 'dspace-dependencies' job above | |
needs: dspace-dependencies | |
uses: ./.github/workflows/reusable-docker-build.yml | |
with: | |
build_id: dspace-test | |
image_name: dspace/dspace | |
dockerfile_path: ./Dockerfile.test | |
# As this is a test/development image, its tags are all suffixed with "-test". Otherwise, it uses the same | |
# tagging logic as the primary 'dspace/dspace' image above. | |
tags_flavor: suffix=-test | |
secrets: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }} | |
########################################### | |
# Build/Push the 'dspace/dspace-cli' image | |
########################################### | |
dspace-cli: | |
# Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace' | |
if: github.repository == 'dspace/dspace' | |
# Must run after 'dspace-dependencies' job above | |
needs: dspace-dependencies | |
uses: ./.github/workflows/reusable-docker-build.yml | |
with: | |
build_id: dspace-cli | |
image_name: dspace/dspace-cli | |
dockerfile_path: ./Dockerfile.cli | |
secrets: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }} | |
########################################### | |
# Build/Push the 'dspace/dspace-solr' image | |
########################################### | |
dspace-solr: | |
# Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace' | |
if: github.repository == 'dspace/dspace' | |
uses: ./.github/workflows/reusable-docker-build.yml | |
with: | |
build_id: dspace-solr | |
image_name: dspace/dspace-solr | |
dockerfile_path: ./dspace/src/main/docker/dspace-solr/Dockerfile | |
# Must pass solrconfigs to the Dockerfile so that it can find the required Solr config files | |
dockerfile_additional_contexts: 'solrconfigs=./dspace/solr/' | |
secrets: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }} | |
# Enable redeploy of sandbox & demo SOLR instance whenever dspace-solr image changes for deployed branch. | |
# These URLs MUST use different secrets than 'dspace/dspace' image build above as they are deployed separately. | |
REDEPLOY_SANDBOX_URL: ${{ secrets.REDEPLOY_SANDBOX_SOLR_URL }} | |
REDEPLOY_DEMO_URL: ${{ secrets.REDEPLOY_DEMO_SOLR_URL }} | |
########################################################### | |
# Build/Push the 'dspace/dspace-postgres-pgcrypto' image | |
########################################################### | |
dspace-postgres-pgcrypto: | |
# Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace' | |
if: github.repository == 'dspace/dspace' | |
uses: ./.github/workflows/reusable-docker-build.yml | |
with: | |
build_id: dspace-postgres-pgcrypto-prod | |
image_name: dspace/dspace-postgres-pgcrypto | |
# Must build out of subdirectory to have access to install script for pgcrypto. | |
# NOTE: this context will build the image based on the Dockerfile in the specified directory | |
dockerfile_context: ./dspace/src/main/docker/dspace-postgres-pgcrypto/ | |
secrets: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }} | |
######################################################################## | |
# Build/Push the 'dspace/dspace-postgres-pgcrypto' image (-loadsql tag) | |
######################################################################## | |
dspace-postgres-pgcrypto-loadsql: | |
# Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace' | |
if: github.repository == 'dspace/dspace' | |
uses: ./.github/workflows/reusable-docker-build.yml | |
with: | |
build_id: dspace-postgres-pgcrypto-loadsql | |
image_name: dspace/dspace-postgres-pgcrypto | |
# Must build out of subdirectory to have access to install script for pgcrypto. | |
# NOTE: this context will build the image based on the Dockerfile in the specified directory | |
dockerfile_context: ./dspace/src/main/docker/dspace-postgres-pgcrypto-curl/ | |
# Suffix all tags with "-loadsql". Otherwise, it uses the same | |
# tagging logic as the primary 'dspace/dspace-postgres-pgcrypto' image above. | |
tags_flavor: suffix=-loadsql | |
secrets: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }} | |
######################################################################## | |
# Test Deployment via Docker to ensure images are working properly | |
######################################################################## | |
docker-deploy: | |
# Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace' | |
if: github.repository == 'dspace/dspace' | |
runs-on: ubuntu-latest | |
# Must run after all major images are built | |
needs: [dspace, dspace-test, dspace-cli, dspace-postgres-pgcrypto, dspace-solr] | |
env: | |
# Override defaults dspace.server.url because backend starts at http://127.0.0.1:8080 | |
dspace__P__server__P__url: http://127.0.0.1:8080/server | |
# If this is a PR, force using "pr-testing" version of all Docker images. Otherwise, for branch commits, use the | |
# "latest" tag. NOTE: the "pr-testing" tag is a temporary tag that we assign to all PR-built docker images in | |
# reusabe-docker-build.yml | |
DSPACE_VER: ${{ github.event_name == 'pull_request' && 'pr-testing' || 'latest' }} | |
steps: | |
# Checkout our codebase (to get access to Docker Compose scripts) | |
- name: Checkout codebase | |
uses: actions/checkout@v4 | |
# For PRs, download Docker image artifacts (built by reusable-docker-build.yml for all PRs) | |
- name: Download Docker image artifacts (for PRs) | |
if: github.event_name == 'pull_request' | |
uses: actions/download-artifact@v4 | |
with: | |
# Download all Docker images (TAR files) into the /tmp/docker directory | |
pattern: docker-image-* | |
path: /tmp/docker | |
merge-multiple: true | |
# For PRs, load each of the images into Docker by calling "docker image load" for each. | |
# This ensures we are using the images built from this PR & not the prior versions on DockerHub | |
- name: Load all downloaded Docker images (for PRs) | |
if: github.event_name == 'pull_request' | |
run: | | |
find /tmp/docker -type f -name "*.tar" -exec docker image load --input "{}" \; | |
docker image ls -a | |
# Start backend using our compose script in the codebase. | |
- name: Start backend in Docker | |
run: | | |
docker compose -f docker-compose.yml up -d | |
sleep 10 | |
docker container ls | |
# Create a test admin account. Load test data from a simple set of AIPs as defined in cli.ingest.yml | |
- name: Load test data into Backend | |
run: | | |
docker compose -f docker-compose-cli.yml run --rm dspace-cli create-administrator -e [email protected] -f admin -l user -p admin -c en | |
docker compose -f docker-compose-cli.yml -f dspace/src/main/docker-compose/cli.ingest.yml run --rm dspace-cli | |
# Verify backend started successfully. | |
# 1. Make sure root endpoint is responding (check for dspace.name defined in docker-compose.yml) | |
# 2. Also check /collections endpoint to ensure the test data loaded properly (check for a collection name in AIPs) | |
- name: Verify backend is responding properly | |
run: | | |
result=$(wget -O- -q http://127.0.0.1:8080/server/api) | |
echo "$result" | |
echo "$result" | grep -oE "\"DSpace Started with Docker Compose\"," | |
result=$(wget -O- -q http://127.0.0.1:8080/server/api/core/collections) | |
echo "$result" | |
echo "$result" | grep -oE "\"Dog in Yard\"," | |
# Verify Handle Server can be stared and is working properly | |
# 1. First generate the "[dspace]/handle-server" folder with the sitebndl.zip | |
# 2. Start the Handle Server (and wait 20 seconds to let it start up) | |
# 3. Verify logs do NOT include "Exception" in the text (as that means an error occurred) | |
# 4. Check that Handle Proxy HTML page is responding on default port (8000) | |
- name: Verify Handle Server is working properly | |
run: | | |
docker exec -i dspace /dspace/bin/make-handle-config | |
echo "Starting Handle Server..." | |
docker exec -i dspace /dspace/bin/start-handle-server | |
sleep 20 | |
echo "Checking for errors in error.log" | |
result=$(docker exec -i dspace sh -c "cat /dspace/handle-server/logs/error.log* || echo ''") | |
echo "$result" | |
echo "$result" | grep -vqz "Exception" | |
echo "Checking for errors in handle-server.log..." | |
result=$(docker exec -i dspace cat /dspace/log/handle-server.log) | |
echo "$result" | |
echo "$result" | grep -vqz "Exception" | |
echo "Checking to see if Handle Proxy webpage is available..." | |
result=$(wget -O- -q http://127.0.0.1:8000/) | |
echo "$result" | |
echo "$result" | grep -oE "Handle Proxy" | |
# Shutdown our containers | |
- name: Shutdown Docker containers | |
run: | | |
docker compose -f docker-compose.yml down |