From 040059475ee6d9d0616374026a7e9ac3fc31713d Mon Sep 17 00:00:00 2001 From: Ian Pittwood Date: Tue, 8 Aug 2023 11:05:52 -0700 Subject: [PATCH] Rebase and merge WGCW workflow into release workflow --- .../actions/build-test-scan-push/action.yaml | 16 ++++ .github/workflows/build-release.yaml | 83 ++++++++++++++++++ .../workflows/build-workbench-for-gcw.yaml | 85 ------------------- workbench-for-google-cloud-workstations/.env | 8 +- .../{Dockerfile => Dockerfile.ubuntu2004} | 2 +- .../Justfile | 23 ++++- 6 files changed, 126 insertions(+), 91 deletions(-) delete mode 100644 .github/workflows/build-workbench-for-gcw.yaml rename workbench-for-google-cloud-workstations/{Dockerfile => Dockerfile.ubuntu2004} (99%) diff --git a/.github/actions/build-test-scan-push/action.yaml b/.github/actions/build-test-scan-push/action.yaml index 333344b4..338facd6 100644 --- a/.github/actions/build-test-scan-push/action.yaml +++ b/.github/actions/build-test-scan-push/action.yaml @@ -45,6 +45,10 @@ inputs: description: Username for authentication with DockerHub required: true type: string + gcp-json: + description: JSON for authenticating Google Cloud Platform + default: "" + type: string runs: using: "composite" @@ -71,6 +75,18 @@ runs: username: ${{ inputs.dockerhub-username }} password: ${{ inputs.dockerhub-token }} + - name: Authenticate to Google Cloud + continue-on-error: true + uses: google-github-actions/auth@v1 + with: + credentials_json: '${{ inputs.gcp-json }}' + + - name: Authenticate GCAR + run: | + if [[ "${{ inputs.gcp-json }}" != "" ]]; then + gcloud auth configure-docker -q us-central1-docker.pkg.dev + fi + - name: Build id: image-build uses: docker/build-push-action@v4 diff --git a/.github/workflows/build-release.yaml b/.github/workflows/build-release.yaml index 205c4f72..13295850 100644 --- a/.github/workflows/build-release.yaml +++ b/.github/workflows/build-release.yaml @@ -318,3 +318,86 @@ jobs: dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} # End retry logic + + build-workbench-for-google-cloud-workstations: + needs: [ build-base, build-base-pro ] + runs-on: ubuntu-latest + name: build-workbench-for-google-cloud-workstations + + concurrency: + group: build-products-${{ matrix.config.product }}-${{ matrix.config.os }}-${{ github.ref }} + cancel-in-progress: true + + steps: + - name: Check Out Repo + uses: actions/checkout@v3 + + - name: Set up Just + uses: extractions/setup-just@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get Version + id: get-version + run: | + VERSION=$(just workbench-for-google-cloud-workstations/get-version) + echo "VERSION=$VERSION" >> $GITHUB_OUTPUT + + - name: Get build args + id: get-build-args + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + BUILD_ARGS=$(just workbench-for-google-cloud-workstations/get-build-args) + echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT + echo "$BUILD_ARGS" >> $GITHUB_OUTPUT + echo "$EOF" >> $GITHUB_OUTPUT + + - name: Get tags + id: get-tags + run: | + IMAGE_TAGS=$(just workbench-for-google-cloud-workstations/get-build-tags) + echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT + + - name: Build/Test/Scan/Push base pro image + id: build1 + uses: ./.github/actions/build-test-scan-push + continue-on-error: true + with: + context: ./workbench-for-google-cloud-workstations + os: ubuntu2004 + product: workbench-for-google-cloud-workstations + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + push-image: ${{ github.ref == 'refs/heads/main' }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' + + # Begin retry logic + + - name: Wait 60s on failure before retrying + if: steps.build1.outcome == 'failure' + run: sleep 60 + + - name: Retry - Build/Test/Scan/Push base pro image + id: build2 + if: steps.build1.outcome == 'failure' + uses: ./.github/actions/build-test-scan-push + with: + context: ./workbench-for-google-cloud-workstations + os: ubuntu2004 + product: workbench-for-google-cloud-workstations + image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} + build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} + push-image: ${{ github.ref == 'refs/heads/main' }} + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-org-id: ${{ secrets.SNYK_ORG_ID }} + ghcr-token: ${{ secrets.BUILD_PAT }} + dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} + dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' + + # End retry logic diff --git a/.github/workflows/build-workbench-for-gcw.yaml b/.github/workflows/build-workbench-for-gcw.yaml deleted file mode 100644 index 59825fd1..00000000 --- a/.github/workflows/build-workbench-for-gcw.yaml +++ /dev/null @@ -1,85 +0,0 @@ -on: - schedule: - - cron: "0 8 * * 1" - push: - branches: - - gcw-workbench - - main - - dev - -name: Build Workbench for Google Cloud Workstations -jobs: - build-workbench-for-gcw: - runs-on: ubuntu-latest - env: - DOTENV_FILE: ./workbench-for-google-cloud-workstations/.env - - steps: - - - name: Check Out Repo - uses: actions/checkout@v3 - - - name: Set environment variables using .env file - run: cat ${{ env.DOTENV_FILE }} >> "$GITHUB_ENV" - - - name: Set up Just - uses: extractions/setup-just@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v2 - - - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v1 - with: - credentials_json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' - - - name: Authenticate GCAR - run: | - gcloud auth configure-docker -q us-central1-docker.pkg.dev - - - name: Build - uses: docker/build-push-action@v4 - with: - context: ./workbench-for-google-cloud-workstations - load: true - cache-from: type=gha - cache-to: type=gha - build-args: | - RSW_VERSION=${{ env.RSW_VERSION }} - R_VERSION=${{ env.R_VERSION }} - R_VERSION_ALT=${{ env.R_VERSION_ALT }} - PYTHON_VERSION=${{ env.PYTHON_VERSION }} - PYTHON_VERSION_ALT=${{ env.PYTHON_VERSION_ALT }} - PYTHON_VERSION_JUPYTER=${{ env.PYTHON_VERSION }} - DRIVERS_VERSION=${{ env.DRIVERS_VERSION }} - RSW_DOWNLOAD_URL=${{ env.RSW_DOWNLOAD_URL }} - tags: | - ${{ env.IMAGE_REGISTRY_NAME }}:latest - ${{ env.IMAGE_REGISTRY_NAME }}:${{ env.RSW_TAG_VERSION }} - - - name: Test Image - run: | - just workbench-for-google-cloud-workstations/test ${{ env.IMAGE_REGISTRY_NAME }}:${{ env.RSW_TAG_VERSION }} - - - name: Push - uses: docker/build-push-action@v4 - with: - push: true - context: workbench-for-google-cloud-workstations - cache-from: type=gha - cache-to: type=gha - build-args: | - RSW_VERSION=${{ env.RSW_VERSION }} - R_VERSION=${{ env.R_VERSION }} - R_VERSION_ALT=${{ env.R_VERSION_ALT }} - PYTHON_VERSION=${{ env.PYTHON_VERSION }} - PYTHON_VERSION_ALT=${{ env.PYTHON_VERSION_ALT }} - PYTHON_VERSION_JUPYTER=${{ env.PYTHON_VERSION }} - DRIVERS_VERSION=${{ env.DRIVERS_VERSION }} - RSW_DOWNLOAD_URL=${{ env.RSW_DOWNLOAD_URL }} - tags: | - ${{ env.IMAGE_REGISTRY_NAME }}:latest - ${{ env.IMAGE_REGISTRY_NAME }}:${{ env.RSW_TAG_VERSION }} diff --git a/workbench-for-google-cloud-workstations/.env b/workbench-for-google-cloud-workstations/.env index c1788575..1a28dfba 100644 --- a/workbench-for-google-cloud-workstations/.env +++ b/workbench-for-google-cloud-workstations/.env @@ -2,11 +2,11 @@ RSW_VERSION=2023.03.2+454.pro2 RSW_TAG_VERSION=2023.03.2-454.pro2 RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/bionic/amd64 RSW_NAME=rstudio-workbench -PYTHON_VERSION=3.10.11 -PYTHON_VERSION_ALT=3.9.16 -PYTHON_VERSION_JUPYTER=3.10.11 +PYTHON_VERSION=3.10.12 +PYTHON_VERSION_ALT=3.9.17 +PYTHON_VERSION_JUPYTER=3.10.12 R_VERSION=4.2.3 R_VERSION_ALT=4.1.3 DRIVERS_VERSION=2023.05.0 -QUARTO_VERSION=1.3.324 +QUARTO_VERSION=1.3.340 IMAGE_REGISTRY_NAME=us-central1-docker.pkg.dev/posit-images/cloud-workstations/workbench diff --git a/workbench-for-google-cloud-workstations/Dockerfile b/workbench-for-google-cloud-workstations/Dockerfile.ubuntu2004 similarity index 99% rename from workbench-for-google-cloud-workstations/Dockerfile rename to workbench-for-google-cloud-workstations/Dockerfile.ubuntu2004 index a927c7ed..4edcf9cb 100644 --- a/workbench-for-google-cloud-workstations/Dockerfile +++ b/workbench-for-google-cloud-workstations/Dockerfile.ubuntu2004 @@ -1,4 +1,4 @@ -FROM us-central1-docker.pkg.dev/cloud-workstations-images/predefined/base:latest +FROM us-central1-docker.pkg.dev/cloud-workstations-images/predefined/base:public-image-current ### ARG declarations ### ARG DEBIAN_FRONTEND=noninteractive diff --git a/workbench-for-google-cloud-workstations/Justfile b/workbench-for-google-cloud-workstations/Justfile index 4514a15d..060f4f47 100644 --- a/workbench-for-google-cloud-workstations/Justfile +++ b/workbench-for-google-cloud-workstations/Justfile @@ -12,6 +12,27 @@ RSW_LICENSE_SERVER := "" _make-default-tag: echo "${IMAGE_REGISTRY_NAME}:$(just -f ../Justfile _get-tag-safe-version "${RSW_VERSION}")" +get-version: + echo "${RSW_VERSION}" + +get-build-args: + #!/usr/bin/env bash + printf "RSW_VERSION=${RSW_VERSION} + R_VERSION=${R_VERSION} + R_VERSION_ALT=${R_VERSION_ALT} + PYTHON_VERSION=${PYTHON_VERSION} + PYTHON_VERSION_ALT=${PYTHON_VERSION_ALT} + PYTHON_VERSION_JUPYTER=${PYTHON_VERSION_JUPYTER} + QUARTO_VERSION=${QUARTO_VERSION} + DRIVERS_VERSION=${DRIVERS_VERSION} + SRC_IMAGE_NAME=${SRC_IMAGE_NAME} + RSW_DOWNLOAD_URL=${RSW_DOWNLOAD_URL}" + +get-build-tags: + #!/usr/bin/env bash + echo ${IMAGE_REGISTRY_NAME}:${RSW_TAG_VERSION},\ + ${IMAGE_REGISTRY_NAME}:latest + # Build Workbench image - just build 2022.07.2+576.pro12 rstudio/rstudio-workbench-gcw:2022.07.2 build *TAGS="": #!/usr/bin/env bash @@ -45,7 +66,7 @@ build *TAGS="": --build-arg QUARTO_VERSION="${QUARTO_VERSION}" \ --build-arg DRIVERS_VERSION="${DRIVERS_VERSION}" \ --build-arg RSW_DOWNLOAD_URL="${RSW_DOWNLOAD_URL}" \ - --file=./Dockerfile . + --file=./Dockerfile.ubuntu2004 . echo ${raw_tag_array[@]}