Merge pull request #800 from crazy-max/e2e-local

e2e: local harbor and nexus
This commit is contained in:
CrazyMax 2023-02-10 17:36:20 +01:00 committed by GitHub
commit 70cc701b9c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 264 additions and 12 deletions

8
.github/e2e/harbor/env vendored Normal file
View file

@ -0,0 +1,8 @@
REGISTRY_FQDN=localhost:8081
REGISTRY_USER=admin
REGISTRY_PASSWORD=Harbor12345
REGISTRY_SLUG=localhost:8081/test-docker-action/test-docker-action
HARBOR_HOST=localhost
HARBOR_PORT=8081
HARBOR_PROJECT=test-docker-action

79
.github/e2e/harbor/install.sh vendored Executable file
View file

@ -0,0 +1,79 @@
#!/usr/bin/env bash
set -eu
: "${HARBOR_VERSION:=v2.7.0}"
: "${HARBOR_HOST:=localhost}"
: "${HARBOR_PORT:=49154}"
: "${REGISTRY_USER:=admin}"
: "${REGISTRY_PASSWORD:=Harbor12345}"
: "${HARBOR_PROJECT:=test-docker-action}"
project_post_data() {
cat <<EOF
{
"project_name": "$HARBOR_PROJECT",
"public": true
}
EOF
}
export TERM=xterm
# download
echo "::group::Downloading Harbor $HARBOR_VERSION"
(
cd /tmp
set -x
wget -q "https://github.com/goharbor/harbor/releases/download/${HARBOR_VERSION}/harbor-offline-installer-${HARBOR_VERSION}.tgz" -O harbor-online-installer.tgz
tar xvf harbor-online-installer.tgz
)
echo "::endgroup::"
# config
echo "::group::Configuring Harbor"
(
cd /tmp/harbor
set -x
cp harbor.yml.tmpl harbor.yml
harborConfig="$(harborHost="$HARBOR_HOST" harborPort="$HARBOR_PORT" harborPwd="$REGISTRY_PASSWORD" yq --no-colors '.hostname = env(harborHost) | .http.port = env(harborPort) | .harbor_admin_password = env(harborPwd) | del(.https)' harbor.yml)"
tee harbor.yml <<<"$harborConfig" >/dev/null
yq --no-colors harbor.yml
)
echo "::endgroup::"
# install and start
echo "::group::Installing Harbor"
(
cd /tmp/harbor
set -x
./install.sh
sleep 10
netstat -aptn
)
echo "::endgroup::"
# compose config
echo "::group::Compose config"
(
cd /tmp/harbor
set -x
docker compose config
)
echo "::endgroup::"
# create project
echo "::group::Creating project"
(
set -x
curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -X POST -H "Content-Type: application/json" -d "$(project_post_data)" "http://$HARBOR_HOST:$HARBOR_PORT/api/v2.0/projects"
)
echo "::endgroup::"
# list projects
echo "::group::List projects"
(
set -x
curl --fail -s -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -H "Content-Type: application/json" "http://$HARBOR_HOST:$HARBOR_PORT/api/v2.0/projects" | jq
)
echo "::endgroup::"

8
.github/e2e/nexus/docker-compose.yml vendored Normal file
View file

@ -0,0 +1,8 @@
services:
nexus:
image: sonatype/nexus3:${NEXUS_VERSION:-latest}
volumes:
- "./data:/nexus-data"
ports:
- "8081:8081"
- "8082:8082"

9
.github/e2e/nexus/env vendored Normal file
View file

@ -0,0 +1,9 @@
REGISTRY_FQDN=localhost:8082
REGISTRY_USER=admin
REGISTRY_PASSWORD=Nexus12345
REGISTRY_SLUG=localhost:8082/test-docker-action
NEXUS_HOST=localhost
NEXUS_PORT=8081
NEXUS_REGISTRY_PORT=8082
NEXUS_REPO=test-docker-action

93
.github/e2e/nexus/install.sh vendored Executable file
View file

@ -0,0 +1,93 @@
#!/usr/bin/env bash
set -eu
SCRIPT_DIR=$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd)
: "${NEXUS_VERSION:=3.47.1}"
: "${NEXUS_HOST:=localhost}"
: "${NEXUS_PORT:=8081}"
: "${NEXUS_REGISTRY_PORT:=8082}"
: "${REGISTRY_USER:=admin}"
: "${REGISTRY_PASSWORD:=Nexus12345}"
: "${NEXUS_REPO:=test-docker-action}"
createrepo_post_data() {
cat <<EOF
{
"name": "${NEXUS_REPO}",
"online": true,
"storage": {
"blobStoreName": "default",
"strictContentTypeValidation": true,
"writePolicy": "ALLOW"
},
"docker": {
"v1Enabled": false,
"forceBasicAuth": true,
"httpPort": ${NEXUS_REGISTRY_PORT},
"httpsPort": null,
"subdomain": null
}
}
EOF
}
export NEXUS_VERSION
mkdir -p /tmp/nexus/data
chown 200:200 /tmp/nexus/data
cp "${SCRIPT_DIR}/docker-compose.yml" /tmp/nexus/docker-compose.yml
echo "::group::Pulling Nexus $NEXUS_VERSION"
(
cd /tmp/nexus
set -x
docker compose pull
)
echo "::endgroup::"
echo "::group::Compose config"
(
cd /tmp/nexus
set -x
docker compose config
)
echo "::endgroup::"
echo "::group::Running Nexus"
(
cd /tmp/nexus
set -x
docker compose up -d
)
echo "::endgroup::"
echo "::group::Running Nexus"
(
cd /tmp/nexus
set -x
docker compose up -d
)
echo "::endgroup::"
echo "::group::Waiting for Nexus to be ready"
until $(curl --output /dev/null --silent --head --fail "http://$NEXUS_HOST:$NEXUS_PORT"); do
printf '.'
sleep 5
done
echo "::endgroup::"
echo "::group::Change user's password"
(
set -x
curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$(cat /tmp/nexus/data/admin.password)" -X PUT -H 'Content-Type: text/plain' -d "$REGISTRY_PASSWORD" "http://$NEXUS_HOST:$NEXUS_PORT/service/rest/v1/security/users/$REGISTRY_USER/change-password"
)
echo "::endgroup::"
echo "::group::Create Docker repository"
(
set -x
curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -X POST -H 'Content-Type: application/json' -d "$(createrepo_post_data)" "http://$NEXUS_HOST:$NEXUS_PORT/service/rest/v1/repositories/docker/hosted"
)
echo "::endgroup::"

View file

@ -25,69 +25,124 @@ on:
env:
BUILDX_VERSION: latest
BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1
HARBOR_VERSION: v2.7.0
NEXUS_VERSION: 3.47.1
jobs:
docker:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
-
name: Docker Hub
registry: ''
slug: ghactionstest/ghactionstest
username_secret: DOCKERHUB_USERNAME
password_secret: DOCKERHUB_TOKEN
type: remote
-
name: GitHub
registry: ghcr.io
slug: ghcr.io/docker-ghactiontest/test
username_secret: GHCR_USERNAME
password_secret: GHCR_PAT
type: remote
-
name: GitLab
registry: registry.gitlab.com
slug: registry.gitlab.com/test1716/test
username_secret: GITLAB_USERNAME
password_secret: GITLAB_TOKEN
type: remote
-
name: AWS ECR
registry: 175142243308.dkr.ecr.us-east-2.amazonaws.com
slug: 175142243308.dkr.ecr.us-east-2.amazonaws.com/sandbox/test-docker-action
username_secret: AWS_ACCESS_KEY_ID
password_secret: AWS_SECRET_ACCESS_KEY
type: remote
-
name: AWS ECR Public
registry: public.ecr.aws
slug: public.ecr.aws/q3b5f1u4/test-docker-action
username_secret: AWS_ACCESS_KEY_ID
password_secret: AWS_SECRET_ACCESS_KEY
type: remote
-
name: Google Artifact Registry
registry: us-east4-docker.pkg.dev
slug: us-east4-docker.pkg.dev/sandbox-298914/docker-official-github-actions/test-docker-action
username_secret: GAR_USERNAME
password_secret: GAR_JSON_KEY
type: remote
-
name: Google Container Registry
registry: gcr.io
slug: gcr.io/sandbox-298914/test-docker-action
username_secret: GCR_USERNAME
password_secret: GCR_JSON_KEY
type: remote
-
name: Azure Container Registry
registry: officialgithubactions.azurecr.io
slug: officialgithubactions.azurecr.io/test-docker-action
username_secret: AZURE_CLIENT_ID
password_secret: AZURE_CLIENT_SECRET
type: remote
-
name: Quay
registry: quay.io
slug: quay.io/crazymax/build-push-action
username_secret: QUAY_USERNAME
password_secret: QUAY_TOKEN
type: remote
-
name: Harbor
id: harbor
type: local
-
name: Nexus
id: nexus
type: local
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up env
if: matrix.type == 'local'
run: |
cat ./.github/e2e/${{ matrix.id }}/env >> $GITHUB_ENV
-
name: Set up BuildKit config
run: |
touch /tmp/buildkitd.toml
if [ "${{ matrix.type }}" = "local" ]; then
echo -e "[registry.\"${{ env.REGISTRY_FQDN }}\"]\nhttp = true\ninsecure = true" > /tmp/buildkitd.toml
fi
-
name: Set up Docker daemon
if: matrix.type == 'local'
run: |
if [ ! -e /etc/docker/daemon.json ]; then
echo '{}' | tee /etc/docker/daemon.json >/dev/null
fi
DOCKERD_CONFIG=$(jq '.+{"insecure-registries":["http://${{ env.REGISTRY_FQDN }}"]}' /etc/docker/daemon.json)
sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null
sudo service docker restart
-
name: Install ${{ matrix.name }}
if: matrix.type == 'local'
run: |
sudo -E bash ./.github/e2e/${{ matrix.id }}/install.sh
-
name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ matrix.slug }}
images: ${{ env.REGISTRY_SLUG || matrix.slug }}
tags: |
type=ref,event=branch
type=ref,event=tag
@ -100,17 +155,19 @@ jobs:
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
buildkitd-flags: --debug
config: /tmp/buildkitd.toml
buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
network=host
-
name: Login to Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
registry: ${{ matrix.registry }}
username: ${{ secrets[matrix.username_secret] }}
password: ${{ secrets[matrix.password_secret] }}
registry: ${{ env.REGISTRY_FQDN || matrix.registry }}
username: ${{ env.REGISTRY_USER || secrets[matrix.username_secret] }}
password: ${{ env.REGISTRY_PASSWORD || secrets[matrix.password_secret] }}
-
name: Build and push
uses: ./
@ -121,16 +178,14 @@ jobs:
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ matrix.slug }}:master
cache-from: type=registry,ref=${{ env.REGISTRY_SLUG || matrix.slug }}:master
cache-to: type=inline
-
name: Inspect image
if: github.event_name != 'pull_request'
run: |
docker pull ${{ matrix.slug }}:${{ steps.meta.outputs.version }}
docker image inspect ${{ matrix.slug }}:${{ steps.meta.outputs.version }}
docker pull ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }}
docker image inspect ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }}
-
name: Check manifest
if: github.event_name != 'pull_request'
run: |
docker buildx imagetools inspect ${{ matrix.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}'
docker buildx imagetools inspect ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}'