├── .github ├── dependabot.yml └── workflows │ ├── codeql-analysis.yml │ ├── main-ci.yml │ ├── nightly.yml │ ├── pr-ci.yml │ └── release.yml ├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── app ├── Dockerfile ├── app.py ├── requirements.dev.txt ├── requirements.txt └── tests │ ├── conftest.py │ └── test_works.py ├── docker-compose.dev.yml ├── docker-compose.yml └── hub.png /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | # Maintain dependencies for GitHub Actions 4 | - package-ecosystem: "github-actions" 5 | directory: "/" 6 | schedule: 7 | interval: "daily" 8 | -------------------------------------------------------------------------------- /.github/workflows/codeql-analysis.yml: -------------------------------------------------------------------------------- 1 | # For most projects, this workflow file will not need changing; you simply need 2 | # to commit it to your repository. 3 | # 4 | # You may wish to alter this file to override the set of languages analyzed, 5 | # or to provide custom queries or build logic. 6 | # 7 | # ******** NOTE ******** 8 | # We have attempted to detect the languages in your repository. Please check 9 | # the `language` matrix defined below to confirm you have the correct set of 10 | # supported CodeQL languages. 11 | # 12 | name: "CodeQL" 13 | 14 | on: 15 | push: 16 | branches: [ main ] 17 | pull_request: 18 | # The branches below must be a subset of the branches above 19 | branches: [ main ] 20 | schedule: 21 | - cron: '27 9 * * 2' 22 | 23 | jobs: 24 | analyze: 25 | name: Analyze 26 | runs-on: ubuntu-latest 27 | permissions: 28 | actions: read 29 | contents: read 30 | security-events: write 31 | 32 | strategy: 33 | fail-fast: false 34 | matrix: 35 | language: [ 'python' ] 36 | # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] 37 | # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support 38 | 39 | steps: 40 | - name: Checkout repository 41 | uses: actions/checkout@v3.6.0 42 | 43 | # Initializes the CodeQL tools for scanning. 44 | - name: Initialize CodeQL 45 | uses: github/codeql-action/init@v2 46 | with: 47 | languages: ${{ matrix.language }} 48 | # If you wish to specify custom queries, you can do so here or in a config file. 49 | # By default, queries listed here will override any specified in a config file. 50 | # Prefix the list here with "+" to use these queries and those in the config file. 51 | 52 | # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs 53 | # queries: security-extended,security-and-quality 54 | 55 | 56 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). 57 | # If this step fails, then you should remove it and run the build manually (see below) 58 | - name: Autobuild 59 | uses: github/codeql-action/autobuild@v2 60 | 61 | # ℹ️ Command-line programs to run using the OS shell. 62 | # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun 63 | 64 | # If the Autobuild fails above, remove it and uncomment the following three lines. 65 | # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. 66 | 67 | # - run: | 68 | # echo "Run, Build Application using script" 69 | # ./location_of_script_within_repo/buildscript.sh 70 | 71 | - name: Perform CodeQL Analysis 72 | uses: github/codeql-action/analyze@v2 73 | -------------------------------------------------------------------------------- /.github/workflows/main-ci.yml: -------------------------------------------------------------------------------- 1 | name: Main Branch CI 2 | 3 | # For all pushes to the main branch run the tests and push the image to the 4 | # GitHub registry under an edge tag so we can use it for the nightly 5 | # integration tests 6 | on: 7 | push: 8 | branches: main 9 | 10 | jobs: 11 | docker: 12 | runs-on: ubuntu-latest 13 | steps: 14 | # GitHub Actions do not automatically checkout your projects. If you need the code 15 | # you need to check it out. 16 | - name: Checkout 17 | uses: actions/checkout@v3.6.0 18 | - name: Prepare 19 | id: prep 20 | run: | 21 | DOCKER_IMAGE=ghcr.io/metcalfc/docker-action-examples 22 | VERSION=edge 23 | if [[ $GITHUB_REF == refs/tags/* ]]; then 24 | VERSION=${GITHUB_REF#refs/tags/v} 25 | fi 26 | if [ "${{ github.event_name }}" = "schedule" ]; then 27 | VERSION=nightly 28 | fi 29 | TAGS="${DOCKER_IMAGE}:${VERSION}" 30 | if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then 31 | TAGS="$TAGS,${DOCKER_IMAGE}:latest" 32 | fi 33 | echo "tags=${TAGS}" >> $GITHUB_OUTPUT 34 | 35 | - name: Set up Docker Buildx 36 | id: buildx 37 | uses: docker/setup-buildx-action@v2 38 | 39 | - name: Login to ghcr 40 | if: github.event_name != 'pull_request' 41 | uses: docker/login-action@v2 42 | with: 43 | registry: ghcr.io 44 | username: ${{ github.repository_owner }} 45 | password: ${{ secrets.GITHUB_TOKEN }} 46 | 47 | - name: Test 48 | id: docker_test 49 | uses: docker/build-push-action@v4 50 | with: 51 | builder: ${{ steps.buildx.outputs.name }} 52 | context: ./app 53 | file: ./app/Dockerfile 54 | target: test 55 | cache-from: type=gha 56 | cache-to: type=gha,mode=max 57 | 58 | - name: Build and push 59 | id: docker_build 60 | uses: docker/build-push-action@v4 61 | with: 62 | builder: ${{ steps.buildx.outputs.name }} 63 | context: ./app 64 | file: ./app/Dockerfile 65 | target: prod 66 | push: ${{ github.event_name != 'pull_request' }} 67 | tags: ${{ steps.prep.outputs.tags }} 68 | cache-from: type=gha 69 | cache-to: type=gha,mode=max 70 | -------------------------------------------------------------------------------- /.github/workflows/nightly.yml: -------------------------------------------------------------------------------- 1 | name: Nightly Test 2 | 3 | # Run the nightly tests at at 8 AM UTC / 1 AM Pacific 4 | on: 5 | schedule: 6 | - cron: "0 8 * * *" 7 | jobs: 8 | docker: 9 | runs-on: ubuntu-latest 10 | env: 11 | PROD_IMAGE: ghcr.io/metcalfc/docker-action-examples:edge 12 | HUB_PULL_SECRET: NA 13 | steps: 14 | # GitHub Actions do not automatically checkout your projects. If you need the code 15 | # you need to check it out. 16 | - name: Checkout 17 | uses: actions/checkout@v3.6.0 18 | - name: Login to ghcr 19 | uses: docker/login-action@v2 20 | with: 21 | registry: ghcr.io 22 | username: ${{ github.repository_owner }} 23 | password: ${{ secrets.GHCR_TOKEN }} 24 | - name: Compose up 25 | run: docker-compose -f docker-compose.yml up -d 26 | - name: Check running containers 27 | run: docker ps -a 28 | - name: Check logs 29 | run: docker-compose -f docker-compose.yml logs 30 | - name: Compose down 31 | run: docker-compose -f docker-compose.yml down 32 | -------------------------------------------------------------------------------- /.github/workflows/pr-ci.yml: -------------------------------------------------------------------------------- 1 | name: PR CI 2 | 3 | # For all pushes to the main branch run the tests and push the image to the 4 | # GitHub registry under an edge tag so we can use it for the nightly 5 | # integration tests 6 | on: 7 | pull_request: 8 | branches: main 9 | 10 | jobs: 11 | docker: 12 | runs-on: ubuntu-latest 13 | steps: 14 | 15 | # GitHub Actions do not automatically checkout your projects. If you need the code 16 | # you need to check it out. 17 | - name: Checkout 18 | uses: actions/checkout@v3.6.0 19 | 20 | - name: Set up Docker Buildx 21 | id: buildx 22 | uses: docker/setup-buildx-action@v2 23 | 24 | - name: Test 25 | id: docker_test 26 | uses: docker/build-push-action@v4 27 | with: 28 | builder: ${{ steps.buildx.outputs.name }} 29 | context: ./app 30 | file: ./app/Dockerfile 31 | target: test 32 | cache-from: type=gha 33 | cache-to: type=gha,mode=max 34 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Publish Releases to Hub 2 | 3 | # When its time to do a release do a full cross platform build for all supported 4 | # architectures and push all of them to Docker Hub. 5 | # Only trigger on semver shaped tags. 6 | on: 7 | push: 8 | tags: 9 | - "v*.*.*" 10 | 11 | jobs: 12 | docker: 13 | runs-on: ubuntu-latest 14 | steps: 15 | # GitHub Actions do not automatically checkout your projects. If you need the code 16 | # you need to check it out. 17 | - name: Checkout 18 | uses: actions/checkout@v3.6.0 19 | 20 | - name: Prepare 21 | id: prep 22 | run: | 23 | DOCKER_IMAGE=metcalfc/docker-action-examples 24 | VERSION=edge 25 | if [[ $GITHUB_REF == refs/tags/* ]]; then 26 | VERSION=${GITHUB_REF#refs/tags/v} 27 | fi 28 | if [ "${{ github.event_name }}" = "schedule" ]; then 29 | VERSION=nightly 30 | fi 31 | TAGS="${DOCKER_IMAGE}:${VERSION}" 32 | if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then 33 | TAGS="$TAGS,${DOCKER_IMAGE}:latest" 34 | fi 35 | echo "tags=${TAGS}" >> $GITHUB_OUTPUT 36 | 37 | - name: Set up QEMU 38 | uses: docker/setup-qemu-action@v2 39 | with: 40 | platforms: all 41 | 42 | - name: Set up Docker Buildx 43 | id: buildx 44 | uses: docker/setup-buildx-action@v2 45 | 46 | - name: Login to DockerHub 47 | if: github.event_name != 'pull_request' 48 | uses: docker/login-action@v2 49 | with: 50 | username: ${{ secrets.DOCKER_USERNAME }} 51 | password: ${{ secrets.DOCKER_PASSWORD }} 52 | 53 | - name: Build and push 54 | id: docker_build 55 | uses: docker/build-push-action@v4 56 | with: 57 | builder: ${{ steps.buildx.outputs.name }} 58 | context: ./app 59 | file: ./app/Dockerfile 60 | target: prod 61 | platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x 62 | push: ${{ github.event_name != 'pull_request' }} 63 | tags: ${{ steps.prep.outputs.tags }} 64 | cache-from: type=gha 65 | cache-to: type=gha,mode=max 66 | 67 | - name: Image digest 68 | run: echo ${{ steps.docker_build.outputs.digest }} 69 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | pip-wheel-metadata/ 24 | share/python-wheels/ 25 | *.egg-info/ 26 | .installed.cfg 27 | *.egg 28 | MANIFEST 29 | 30 | # PyInstaller 31 | # Usually these files are written by a python script from a template 32 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 33 | *.manifest 34 | *.spec 35 | 36 | # Installer logs 37 | pip-log.txt 38 | pip-delete-this-directory.txt 39 | 40 | # Unit test / coverage reports 41 | htmlcov/ 42 | .tox/ 43 | .nox/ 44 | .coverage 45 | .coverage.* 46 | .cache 47 | nosetests.xml 48 | coverage.xml 49 | *.cover 50 | *.py,cover 51 | .hypothesis/ 52 | .pytest_cache/ 53 | 54 | # Translations 55 | *.mo 56 | *.pot 57 | 58 | # Django stuff: 59 | *.log 60 | local_settings.py 61 | db.sqlite3 62 | db.sqlite3-journal 63 | 64 | # Flask stuff: 65 | instance/ 66 | .webassets-cache 67 | 68 | # Scrapy stuff: 69 | .scrapy 70 | 71 | # Sphinx documentation 72 | docs/_build/ 73 | 74 | # PyBuilder 75 | target/ 76 | 77 | # Jupyter Notebook 78 | .ipynb_checkpoints 79 | 80 | # IPython 81 | profile_default/ 82 | ipython_config.py 83 | 84 | # pyenv 85 | .python-version 86 | 87 | # pipenv 88 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 89 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 90 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 91 | # install all needed dependencies. 92 | #Pipfile.lock 93 | 94 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow 95 | __pypackages__/ 96 | 97 | # Celery stuff 98 | celerybeat-schedule 99 | celerybeat.pid 100 | 101 | # SageMath parsed files 102 | *.sage.py 103 | 104 | # Environments 105 | .env 106 | .venv 107 | env/ 108 | venv/ 109 | ENV/ 110 | env.bak/ 111 | venv.bak/ 112 | 113 | # Spyder project settings 114 | .spyderproject 115 | .spyproject 116 | 117 | # Rope project settings 118 | .ropeproject 119 | 120 | # mkdocs documentation 121 | /site 122 | 123 | # mypy 124 | .mypy_cache/ 125 | .dmypy.json 126 | dmypy.json 127 | 128 | # Pyre type checker 129 | .pyre/ 130 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # BuildKit is a next generation container image builder. You can enable it using 2 | # an environment variable or using the Engine config, see: 3 | # https://docs.docker.com/develop/develop-images/build_enhancements/#to-enable-buildkit-builds 4 | export DOCKER_BUILDKIT=1 5 | 6 | GIT_TAG?=$(shell git describe --tags --match "v[0-9]*" 2> /dev/null) 7 | ifeq ($(GIT_TAG),) 8 | GIT_TAG=edge 9 | endif 10 | 11 | # Docker image tagging: 12 | HUB_USER?=${USER} 13 | 14 | # When you create your secret use the DockerHub in the name and this will find it 15 | HUB_PULL_SECRET?=$(shell docker secret list | grep arn | grep DockerHub | cut -f1 -d' ') 16 | REPO?=$(shell basename ${PWD}) 17 | TAG?=${GIT_TAG} 18 | DEV_IMAGE?=${REPO}:latest 19 | PROD_IMAGE?=${HUB_USER}/${REPO}:${TAG} 20 | 21 | # Local development happens here! 22 | # This starts your application and bind mounts the source into the container so 23 | # that changes are reflected in real time. 24 | # Once you see the message "Running on http://0.0.0.0:5000/", open a Web browser at 25 | # http://localhost:5000 26 | .PHONY: dev 27 | all: dev 28 | dev: 29 | @COMPOSE_DOCKER_CLI_BUILD=1 docker-compose -f docker-compose.dev.yml up --build 30 | 31 | # Run the unit tests. 32 | .PHONY: build-test unit-test test 33 | unit-test: 34 | @docker --context default build --progress plain --target test ./app 35 | 36 | test: unit-test 37 | 38 | # Build a production image for the application. 39 | .PHONY: build 40 | build: 41 | @docker --context default build --target prod --tag ${PROD_IMAGE} ./app 42 | 43 | # Push the production image to a registry. 44 | .PHONY: push 45 | push: build 46 | @docker --context default push ${PROD_IMAGE} 47 | 48 | # Run the production image either via compose or run 49 | .PHONY: deploy run 50 | deploy: build push check-env 51 | HUB_PULL_SECRET=${HUB_PULL_SECRET} PROD_IMAGE=${PROD_IMAGE} docker compose up 52 | 53 | run: build 54 | @docker --context default run -d -p 5000:5000 ${PROD_IMAGE} 55 | 56 | # Remove the dev container, dev image, test image, and clear the builder cache. 57 | .PHONY: clean 58 | clean: 59 | @docker-compose -f docker-compose.dev.yml down 60 | @docker rmi ${DEV_IMAGE} || true 61 | @docker builder prune --force --filter type=exec.cachemount --filter=unused-for=24h 62 | 63 | .PHONY: check-env 64 | check-env: 65 | ifndef HUB_PULL_SECRET 66 | $(error HUB_PULL_SECRET is undefined. Use docker ecs secret ls to find the ARN) 67 | endif 68 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Docker GitHub Action Example 2 | 3 | ![Main Branch CI](https://github.com/metcalfc/docker-action-examples/workflows/Main%20Branch%20CI/badge.svg?branch=main) ![Nightly Test](https://github.com/metcalfc/docker-action-examples/workflows/Nightly%20Test/badge.svg?branch=main) 4 | 5 | Welcome. This is a simple example application to show a common Docker specific 6 | GitHub Action setup. We have a Python Flask application that is built and 7 | deployed in Docker containers using Dockerfiles and Docker Compose. 8 | 9 | ## Docker Actions v2 10 | 11 | - 🚪 [Docker Login](https://github.com/docker/login-action) 12 | - 🛠 [Setup Buildx](https://github.com/docker/setup-buildx-action) 13 | - 🎭 [Setup Cross Platform Builds](https://github.com/docker/setup-qemu-action) 14 | - 🔨 [Docker Build](https://github.com/docker/build-push-action) 15 | 16 | ## CI Setup 17 | 18 | We want to setup CI to test: 19 | 20 | - ✒ [Every commit to `main`](https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/main-ci.yml) 21 | - ✉ [Every PR](https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/pr-ci.yml) 22 | - 🌃 [Integration tests nightly](https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/nightly.yml) 23 | - 🐳 [Releases via tags pushed to Docker Hub.](https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/release.yml) 24 | 25 | We are going to use GitHub Actions for the CI infrastructure. Since its local to 26 | GitHub Actions and free when used inside GitHub Actions we're going to [use the 27 | new GitHub Container Registry to hold a copy of a nightly Docker 28 | image.](https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/main-ci.yml#L45-L51) 29 | 30 | After CI when it comes time for production we want to use Docker's new Amazon 31 | ECS integration to deploy from Docker Compose directly to Amazon ECS with 32 | Fargate. So we will [push our release tagged images to Docker Hub](https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/release.yml) 33 | which is integrated directly Amazon ECS [via Docker Compose.](https://github.com/metcalfc/docker-action-examples/blob/main/docker-compose.yml) 34 | 35 | The [Dockerfile](https://github.com/metcalfc/docker-action-examples/blob/main/app/Dockerfile) is setup to use multi stage builds. We have stages for 36 | [`test`](https://github.com/metcalfc/docker-action-examples/blob/main/app/Dockerfile#L9-L12) 37 | and [`prod`](https://github.com/metcalfc/docker-action-examples/blob/main/app/Dockerfile#L14-L16). 38 | This means we'll need Docker Buildx and we can use the a preview of the 39 | new Docker Buildx Action. This is going to let us achieve a couple awesome outcomes: 40 | 41 | - We are going to use the buildx backend by default. Buildx out of the box brings a 42 | number of improvements over the default `docker build`. [Here.](https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/release.yml#L40-L42) 43 | - We are going to setup buildx caching to take advantage of the GitHub Action Cache. 44 | You should see build performance improvements when repeating builds with common 45 | layers. [Here.](https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/release.yml#L44-L50) 46 | [Here.](https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/release.yml#L70-L71) 47 | - We are going to setup QEMU to do cross platform builds. In the example, we'll 48 | build this application for every Linux architecture that Docker Hub supports. [Here.](https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/release.yml#L35-L38) [Here.](https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/release.yml#L67) 49 | 50 |

51 | 52 |

53 | 54 | I'm not going to have GitHub Action manage the deployment side of this example. 55 | Mostly because I don't want to leave an Amazon ECS cluster running. But you can 56 | see a demo of this in one of my past streams: https://www.youtube.com/watch?v=RfQrgZFq_P0 57 | 58 | ## GitHub Container Registry FAQ 59 | 60 | ### I thought GHCR had anonymous pulls? 61 | 62 | Its a beta product so the documentation doesn't really exist yet. If you dig around on 63 | [GitHub's Community site](https://github.community/tag/ghcr) you can find some answers. 64 | Thats a pain so here is what I've found. 65 | 66 | `ghcr.io` is private by default. You'll notice in the [nightly.yml](.github/workflows/nightly.yml) I had to do a login to be able to pull the image. 67 | 68 | You can see what packages you have by going here (change the username): https://github.com/USERNAME?tab=packages&visibility=private 69 | 70 | You can make it public going to the packages settings (change the username and project name): https://github.com/users/USERNAME/packages/container/PROJECTNAME/settings 71 | 72 | ## Compose sample application 73 | 74 | ### Python/Flask application 75 | 76 | Project structure: 77 | 78 | ``` 79 | . 80 | ├── docker-compose.yaml 81 | ├── app 82 |    ├── Dockerfile 83 |    ├── requirements.txt 84 |    └── app.py 85 | 86 | ``` 87 | 88 | [_docker-compose.yaml_](docker-compose.yaml) 89 | 90 | ``` 91 | services: 92 | web: 93 | build: app 94 | ports: 95 | - '5000:5000' 96 | ``` 97 | 98 | ## Deploy with docker-compose 99 | 100 | ``` 101 | $ docker-compose up -d 102 | Creating network "flask_default" with the default driver 103 | Building web 104 | Step 1/6 : FROM python:3.7-alpine 105 | ... 106 | ... 107 | Status: Downloaded newer image for python:3.7-alpine 108 | Creating flask_web_1 ... done 109 | 110 | ``` 111 | 112 | ## Expected result 113 | 114 | Listing containers must show one container running and the port mapping as below: 115 | 116 | ``` 117 | $ docker ps 118 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 119 | c126411df522 flask_web "python3 app.py" About a minute ago Up About a minute 0.0.0.0:5000->5000/tcp flask_web_1 120 | ``` 121 | 122 | After the application starts, navigate to `http://localhost:5000` in your web browser or run: 123 | 124 | ``` 125 | $ curl localhost:5000 126 | Hello Docker and GitHub! 127 | ``` 128 | 129 | Stop and remove the containers 130 | 131 | ``` 132 | $ docker-compose down 133 | ``` 134 | 135 | ## Troubleshooting 136 | 137 | The most common error we have seen in the issues is a build failure with the error: 138 | 139 | ```buildx failed with: error: unable to prepare context: path "./yourprojectfolder" not found``` 140 | 141 | This is due to some issue with access to the code. Often the code has not been checked out. Its 142 | important to remember that GitHub Actions do not automatically check out a copy of the project. 143 | You will need to use the [checkout action](https://github.com/actions/checkout). For example: 144 | 145 | ``` 146 | - name: Checkout 147 | uses: actions/checkout@v2 148 | ``` 149 | -------------------------------------------------------------------------------- /app/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.7-alpine AS base 2 | WORKDIR /app 3 | COPY requirements.txt /app 4 | RUN pip3 install -r requirements.txt 5 | 6 | FROM base as src 7 | COPY . /app 8 | 9 | FROM src as test 10 | COPY requirements.dev.txt /app 11 | RUN pip3 install -r requirements.dev.txt 12 | RUN python3 -m pytest 13 | 14 | FROM src as prod 15 | ENTRYPOINT ["python3"] 16 | CMD ["app.py"] 17 | -------------------------------------------------------------------------------- /app/app.py: -------------------------------------------------------------------------------- 1 | from flask import Flask 2 | app = Flask(__name__) 3 | 4 | @app.route('/') 5 | def hello(): 6 | return "Hello Docker and GitHub!" 7 | 8 | if __name__ == '__main__': 9 | app.run(host='0.0.0.0') 10 | -------------------------------------------------------------------------------- /app/requirements.dev.txt: -------------------------------------------------------------------------------- 1 | pytest==6.0.1 2 | -------------------------------------------------------------------------------- /app/requirements.txt: -------------------------------------------------------------------------------- 1 | flask==2.2.5 2 | -------------------------------------------------------------------------------- /app/tests/conftest.py: -------------------------------------------------------------------------------- 1 | import pytest 2 | 3 | from app import app as flask_app 4 | 5 | 6 | @pytest.fixture 7 | def app(): 8 | yield flask_app 9 | 10 | 11 | @pytest.fixture 12 | def client(app): 13 | return app.test_client() 14 | -------------------------------------------------------------------------------- /app/tests/test_works.py: -------------------------------------------------------------------------------- 1 | def test_index(app, client): 2 | res = client.get('/') 3 | assert res.status_code == 200 4 | assert res.get_data(as_text=True) == "Hello Docker and GitHub!" 5 | -------------------------------------------------------------------------------- /docker-compose.dev.yml: -------------------------------------------------------------------------------- 1 | version: "3.8" 2 | services: 3 | web: 4 | build: 5 | context: ./app 6 | target: prod 7 | environment: 8 | - FLASK_ENV=development 9 | volumes: 10 | - "${PWD}/app:/app" 11 | ports: 12 | - "5000:5000" 13 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.8" 2 | services: 3 | web: 4 | image: ${PROD_IMAGE} 5 | x-aws-pull_credentials: ${HUB_PULL_SECRET} 6 | ports: 7 | - "5000:5000" 8 | -------------------------------------------------------------------------------- /hub.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/metcalfc/docker-action-examples/22a763c2a2ec33f998d3e1816b41c2046ab40dc0/hub.png --------------------------------------------------------------------------------