From 3eb340796969bd9f9cef70cde7a4a1beaa553b55 Mon Sep 17 00:00:00 2001 From: lenkan <5889538+lenkan@users.noreply.github.com> Date: Wed, 29 Oct 2025 19:30:27 +0100 Subject: [PATCH] Setup automatic push to docker registry --- .github/workflows/publish-keria.yml | 85 ++++++++++++++++----------- .github/workflows/python-app-ci.yml | 13 ++-- images/keria.dockerfile => Dockerfile | 0 Makefile | 37 +----------- README.md | 17 +----- docker-compose.yaml | 4 +- 6 files changed, 60 insertions(+), 96 deletions(-) rename images/keria.dockerfile => Dockerfile (100%) diff --git a/.github/workflows/publish-keria.yml b/.github/workflows/publish-keria.yml index 6def72be..77021e2b 100644 --- a/.github/workflows/publish-keria.yml +++ b/.github/workflows/publish-keria.yml @@ -1,61 +1,76 @@ name: Publish Docker image +permissions: + contents: read + packages: write + +env: + DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY || 'docker.io' }} + DOCKER_IMAGE_NAME: ${{ vars.DOCKER_IMAGE_NAME || 'weboftrust/keria' }} + on: + push: + branches: + - "main" workflow_dispatch: inputs: version: + description: "Version to publish (e.g. 0.2.0)" required: true + latest: + description: "Publish :latest tag" + type: boolean + required: false + default: false + dryrun: + description: "Dry run, don't push" + type: boolean + required: false + default: false + jobs: push_to_registry: - name: Push Docker image to Docker Hub - runs-on: ubuntu-latest + name: Push Docker image + runs-on: ubuntu-24.04 steps: - - name: Check out the repo + - name: Checkout out the repo uses: actions/checkout@v4 - - name: Log in to Docker Hub - uses: docker/login-action@v2 + - name: Log in to container registry ${{ env.DOCKER_REGISTRY }} + uses: docker/login-action@v3 with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + # Uses github tokens for GHCR, otherwise configured repository secrets + # This way, forks can be configured to push their own images without + # having to modify the workflow. + registry: ${{ env.DOCKER_REGISTRY }} + username: ${{ env.DOCKER_REGISTRY == 'ghcr.io' && github.actor || secrets.DOCKER_USERNAME }} + password: ${{ env.DOCKER_REGISTRY == 'ghcr.io' && secrets.GITHUB_TOKEN || secrets.DOCKER_PASSWORD }} - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v4 - with: - images: weboftrust/keria - - # For multi-arch - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker buildx - id: buildx uses: docker/setup-buildx-action@v3 - - name: Cache Docker Layers - uses: actions/cache@v3 + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 with: - path: /tmp/.buildx-cache - key: keri-${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - keri-${{ runner.os }}-buildx- + images: | + name=${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_NAME }} + tags: | + type=ref,event=branch + type=sha + type=raw,value=${{ github.run_id }},prefix=build- + type=raw,value=latest,enable=${{ github.event_name == 'workflow_dispatch' && inputs.latest == true }} + type=raw,value=${{ inputs.version }},enable=${{ github.event_name == 'workflow_dispatch' && inputs.version != '' }} - name: Build and push Docker image uses: docker/build-push-action@v6 with: - context: . - file: images/keria.dockerfile platforms: linux/amd64,linux/arm64 - push: true - tags: | - weboftrust/keria:${{ github.event.inputs.version }} - weboftrust/keria:latest - labels: ${{ github.event.inputs.version }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max - - - name: Move Docker cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache + push: ${{ github.event_name != 'workflow_dispatch' || inputs.dryrun != true }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/.github/workflows/python-app-ci.yml b/.github/workflows/python-app-ci.yml index b511348e..ee953189 100644 --- a/.github/workflows/python-app-ci.yml +++ b/.github/workflows/python-app-ci.yml @@ -1,12 +1,8 @@ -# This workflow will install Python dependencies, run tests and lint with a single version of Python -# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions - name: GitHub Actions for KERIA on: push: branches: - "main" - - "development" pull_request: workflow_dispatch: @@ -16,24 +12,29 @@ jobs: strategy: fail-fast: false matrix: - os: [macos-13, ubuntu-latest] + os: [macos-13, ubuntu-22.04, ubuntu-24.04, ubuntu-latest] steps: - uses: actions/checkout@v4 + - name: Set up Python 3.12.8 uses: actions/setup-python@v5 with: python-version: 3.12.8 + - name: Install uv uses: astral-sh/setup-uv@v3 with: version: "0.9.5" - name: Install dependencies run: make install-dev + - name: Lint changes run: make lint + - name: Check formatting run: make format-check + - name: Run core KERIA tests run: make test @@ -46,7 +47,7 @@ jobs: run: docker compose up --build --wait coverage: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: Set up Python 3.12.8 diff --git a/images/keria.dockerfile b/Dockerfile similarity index 100% rename from images/keria.dockerfile rename to Dockerfile diff --git a/Makefile b/Makefile index ec8d7e1d..718c163a 100644 --- a/Makefile +++ b/Makefile @@ -1,36 +1,8 @@ -.PHONY: build-keria - -VERSION=0.2.0 -IMAGE_NAME=weboftrust/keria -VERSION_TAG=$(IMAGE_NAME):$(VERSION) -LATEST_TAG=$(IMAGE_NAME):latest - -define DOCKER_WARNING -In order to use the multi-platform build enable the containerd image store -The containerd image store is not enabled by default. -To enable the feature for Docker Desktop: - Navigate to Settings in Docker Desktop. - In the General tab, check Use containerd for pulling and storing images. - Select Apply and Restart." -endef +.PHONY: build-wheel install install-dev test build-wheel: @uv build -build-keria: .warn - @docker build \ - --build-arg KERI_AGENT_CORS=false \ - --platform=linux/amd64,linux/arm64 \ - --no-cache \ - -f images/keria.dockerfile \ - -t $(LATEST_TAG) \ - -t $(VERSION_TAG) \ - . - -publish-keria: - @docker push $(VERSION_TAG) && docker push $(LATEST_TAG) - -# UV development targets install: @uv sync @@ -59,10 +31,3 @@ clean: @rm -rf build/ dist/ *.egg-info/ @find . -type d -name __pycache__ -delete @find . -type f -name "*.pyc" -delete - -.warn: - @echo -e ${RED}"$$DOCKER_WARNING"${NO_COLOUR} - -RED="\033[0;31m" -NO_COLOUR="\033[0m" -export DOCKER_WARNING diff --git a/README.md b/README.md index a0c2b42d..cc36a170 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ uv run keria start --config-dir scripts --config-file demo-witness-oobis * Build KERIA docker image: ```bash - make build-keria + docker build . ``` #### Run with docker @@ -88,18 +88,3 @@ You can see a [working example here](https://github.com/WebOfTrust/signify-ts/bl ```bash make test-coverage ``` - -## Publishing containers - -Enable the containerd image store - -The containerd image store isn't enabled by default. To enable the feature for Docker Desktop: - -Navigate to Settings in Docker Desktop. -In the General tab, check Use containerd for pulling and storing images. -Select Apply & Restart. - -```shell -make build-keri -make publish-keri -``` diff --git a/docker-compose.yaml b/docker-compose.yaml index f2290934..2358afe3 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,8 +1,6 @@ services: keria: - build: - context: . - dockerfile: ./images/keria.dockerfile + build: ./ healthcheck: test: curl http://localhost:3902/health interval: 5s