You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by mi...@apache.org on 2024/03/04 19:46:19 UTC
(superset) 01/01: fix: docker should always run, even in forks (#26801)
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch test-ci
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 7ac656f6eaf484ae56b2517970cb44980c50133f
Author: Maxime Beauchemin <ma...@gmail.com>
AuthorDate: Thu Jan 25 11:33:51 2024 -0800
fix: docker should always run, even in forks (#26801)
---
.github/workflows/docker.yml | 43 +++++++++++-
scripts/docker_build_push.sh | 156 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 196 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index ae54835e0f..2d96be91b5 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -3,7 +3,7 @@ name: Docker
on:
push:
branches:
- - 'master'
+ - "master"
pull_request:
types: [synchronize, opened, reopened, ready_for_review]
@@ -45,5 +45,42 @@ jobs:
DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
run: |
- pip install click
- ./scripts/build_docker.py ${{ matrix.build_preset }} ${{ github.event_name }} --platform ${{ matrix.platform }}
+ ./scripts/docker_build_push.sh "" ${{ matrix.target }} ${{ matrix.platform }}
+
+ ephemeral-docker-build:
+ name: docker-build
+ runs-on: ubuntu-latest
+ steps:
+ - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+ uses: actions/checkout@v4
+ with:
+ persist-credentials: false
+
+ - name: Set up QEMU
+ uses: docker/setup-qemu-action@v3
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v3
+
+ - name: Build ephemeral env image
+ if: github.event_name == 'pull_request'
+ run: |
+ mkdir -p ./build
+ echo ${{ github.sha }} > ./build/SHA
+ echo ${{ github.event.pull_request.number }} > ./build/PR-NUM
+ docker buildx build --target ci \
+ --load \
+ --cache-from=type=registry,ref=apache/superset:lean \
+ -t ${{ github.sha }} \
+ -t "pr-${{ github.event.pull_request.number }}" \
+ --platform linux/amd64 \
+ --label "build_actor=${GITHUB_ACTOR}" \
+ .
+ docker save ${{ github.sha }} | gzip > ./build/${{ github.sha }}.tar.gz
+
+ - name: Upload build artifacts
+ if: github.event_name == 'pull_request'
+ uses: actions/upload-artifact@v4
+ with:
+ name: build
+ path: build/
diff --git a/scripts/docker_build_push.sh b/scripts/docker_build_push.sh
new file mode 100755
index 0000000000..3d0271cb2b
--- /dev/null
+++ b/scripts/docker_build_push.sh
@@ -0,0 +1,156 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+set -eo pipefail
+
+GITHUB_RELEASE_TAG_NAME="$1"
+TARGET="$2"
+BUILD_PLATFORM="$3" # should be either 'linux/amd64' or 'linux/arm64'
+
+# Common variables
+SHA=$(git rev-parse HEAD)
+REPO_NAME="apache/superset"
+DOCKER_ARGS="--load" # default args, change as needed
+DOCKER_CONTEXT="."
+
+
+if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then
+ REFSPEC=$(echo "${GITHUB_HEAD_REF}" | sed 's/[^a-zA-Z0-9]/-/g' | head -c 40)
+ PR_NUM=$(echo "${GITHUB_REF}" | sed 's:refs/pull/::' | sed 's:/merge::')
+ LATEST_TAG="pr-${PR_NUM}"
+elif [[ "${GITHUB_EVENT_NAME}" == "release" ]]; then
+ REFSPEC=$(echo "${GITHUB_REF}" | sed 's:refs/tags/::' | head -c 40)
+ LATEST_TAG="${REFSPEC}"
+else
+ REFSPEC=$(echo "${GITHUB_REF}" | sed 's:refs/heads/::' | sed 's/[^a-zA-Z0-9]/-/g' | head -c 40)
+ LATEST_TAG="${REFSPEC}"
+fi
+
+
+if [[ "${REFSPEC}" == "master" ]]; then
+ LATEST_TAG="master"
+fi
+
+# get the latest release tag
+if [ -n "${GITHUB_RELEASE_TAG_NAME}" ]; then
+ output=$(source ./scripts/tag_latest_release.sh "${GITHUB_RELEASE_TAG_NAME}" --dry-run) || true
+ SKIP_TAG=$(echo "${output}" | grep "SKIP_TAG" | cut -d'=' -f2)
+ if [[ "${SKIP_TAG}" == "SKIP_TAG::false" ]]; then
+ LATEST_TAG="latest"
+ fi
+fi
+
+if [[ "${TEST_ENV}" == "true" ]]; then
+ # don't run the build in test environment
+ echo "LATEST_TAG is ${LATEST_TAG}"
+ exit 0
+fi
+
+# for the dev image, it's ok to tag master as latest-dev
+# for production, we only want to tag the latest official release as latest
+if [ "${LATEST_TAG}" = "master" ]; then
+ DEV_TAG="${REPO_NAME}:latest-dev"
+else
+ DEV_TAG="${REPO_NAME}:${LATEST_TAG}-dev"
+fi
+
+BUILD_ARG="3.9-slim-bookworm"
+
+# Replace '/' with '-' in BUILD_PLATFORM
+SAFE_BUILD_PLATFORM=$(echo "${BUILD_PLATFORM}" | sed 's/\//-/g')
+MAIN_UNIQUE_TAG="${REPO_NAME}:${SHA}-${TARGET}-${SAFE_BUILD_PLATFORM}-${BUILD_ARG}"
+
+case "${TARGET}" in
+ "dev")
+ DOCKER_TAGS="-t ${MAIN_UNIQUE_TAG} -t ${REPO_NAME}:${SHA}-dev -t ${REPO_NAME}:${REFSPEC}-dev -t ${DEV_TAG}"
+ BUILD_TARGET="dev"
+ ;;
+ "lean")
+ DOCKER_TAGS="-t ${MAIN_UNIQUE_TAG} -t ${REPO_NAME}:${SHA} -t ${REPO_NAME}:${REFSPEC} -t ${REPO_NAME}:${LATEST_TAG}"
+ BUILD_TARGET="lean"
+ ;;
+ "lean310")
+ DOCKER_TAGS="-t ${MAIN_UNIQUE_TAG} -t ${REPO_NAME}:${SHA}-py310 -t ${REPO_NAME}:${REFSPEC}-py310 -t ${REPO_NAME}:${LATEST_TAG}-py310"
+ BUILD_TARGET="lean"
+ BUILD_ARG="3.10-slim-bookworm"
+ ;;
+ "websocket")
+ DOCKER_TAGS="-t ${MAIN_UNIQUE_TAG} -t ${REPO_NAME}:${SHA}-websocket -t ${REPO_NAME}:${REFSPEC}-websocket -t ${REPO_NAME}:${LATEST_TAG}-websocket"
+ BUILD_TARGET=""
+ DOCKER_CONTEXT="superset-websocket"
+ ;;
+ "dockerize")
+ DOCKER_TAGS="-t ${MAIN_UNIQUE_TAG} -t ${REPO_NAME}:dockerize"
+ BUILD_TARGET=""
+ DOCKER_CONTEXT="-f dockerize.Dockerfile ."
+ ;;
+ *)
+ echo "Invalid TARGET: ${TARGET}"
+ exit 1
+ ;;
+esac
+
+cat<<EOF
+ Rolling with tags:
+ - $MAIN_UNIQUE_TAG
+ - ${REPO_NAME}:${SHA}
+ - ${REPO_NAME}:${REFSPEC}
+ - ${REPO_NAME}:${LATEST_TAG}
+EOF
+
+if [ -z "${DOCKERHUB_TOKEN}" ]; then
+ # Skip if secrets aren't populated -- they're only visible for actions running in the repo (not on forks)
+ echo "Skipping Docker push"
+ # By default load it back
+ DOCKER_ARGS="--load"
+else
+ # Login and push
+ docker logout
+ docker login --username "${DOCKERHUB_USER}" --password "${DOCKERHUB_TOKEN}"
+ DOCKER_ARGS="--push"
+fi
+set -x
+
+TARGET_ARGUMENT=""
+if [[ -n "${BUILD_TARGET}" ]]; then
+ TARGET_ARGUMENT="--target ${BUILD_TARGET}"
+fi
+
+# Building the cache settings
+CACHE_REF="${REPO_NAME}-cache:${TARGET}-${BUILD_ARG}"
+CACHE_REF=$(echo "${CACHE_REF}" | tr -d '.')
+CACHE_FROM_ARG="--cache-from=type=registry,ref=${CACHE_REF}"
+CACHE_TO_ARG=""
+if [ -n "${DOCKERHUB_TOKEN}" ]; then
+ # need to be logged in to push to the cache
+ CACHE_TO_ARG="--cache-to=type=registry,mode=max,ref=${CACHE_REF}"
+fi
+
+docker buildx build \
+ ${TARGET_ARGUMENT} \
+ ${DOCKER_ARGS} \
+ ${DOCKER_TAGS} \
+ ${CACHE_FROM_ARG} \
+ ${CACHE_TO_ARG} \
+ --platform ${BUILD_PLATFORM} \
+ --label "sha=${SHA}" \
+ --label "built_at=$(date)" \
+ --label "target=${TARGET}" \
+ --label "base=${PY_VER}" \
+ --label "build_actor=${GITHUB_ACTOR}" \
+ ${BUILD_ARG:+--build-arg PY_VER="${BUILD_ARG}"} \
+ ${DOCKER_CONTEXT}