diff --git a/.github/workflows/container_app_push.yml b/.github/workflows/container_app_push.yml new file mode 100644 index 00000000000..2ea184c4f48 --- /dev/null +++ b/.github/workflows/container_app_push.yml @@ -0,0 +1,102 @@ +--- +name: Application Container Image + +on: + # We are deliberately *not* running on push events here to avoid double runs. + # Instead, push events will trigger from the base image and maven unit tests via workflow_call. + workflow_call: + pull_request: + branches: + - develop + - master + paths: + - 'src/main/docker/**' + - '.github/workflows/container_app_push.yml' + +env: + IMAGE_TAG: unstable + BASE_IMAGE_TAG: unstable + REGISTRY: "" # Empty means default to Docker Hub + PLATFORMS: "linux/amd64,linux/arm64" + +jobs: + build: + name: Build & deploy + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + pull-requests: write + # Only run in upstream repo - avoid unnecessary runs in forks + if: ${{ github.repository_owner == 'IQSS' }} + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up JDK 11 + uses: actions/setup-java@v3 + with: + java-version: "11" + distribution: 'adopt' + - name: Cache Maven packages + uses: actions/cache@v3 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 + + - name: Build app container image with local architecture + run: mvn -Pct package + + # Note: Accessing, pushing tags etc. to DockerHub or GHCR will only succeed in upstream because secrets. + + # Run this when triggered via push or schedule as reused workflow from base / maven unit tests + - if: ${{ github.event_name != 'pull_request' && github.ref_name == 'develop' }} + name: Push description to DockerHub + uses: peter-evans/dockerhub-description@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + repository: gdcc/dataverse + short-description: "Dataverse Application Container Image providing the executable" + readme-filepath: ./src/main/docker/README.md + + - if: ${{ github.event_name != 'pull_request' }} + name: Log in to Docker Hub registry + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - if: ${{ github.event_name == 'pull_request' }} + name: Login to Github Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ secrets.GHCR_USERNAME }} + password: ${{ secrets.GHCR_TOKEN }} + + - name: Set up QEMU for multi-arch builds + uses: docker/setup-qemu-action@v2 + + - name: Re-set image tag based on branch (if master) + if: ${{ github.ref_name == 'master' }} + run: | + echo "IMAGE_TAG=alpha" >> $GITHUB_ENV + echo "BASE_IMAGE_TAG=alpha" >> $GITHUB_ENV + - name: Re-set image tag and container registry when on PR + if: ${{ github.event_name == 'pull_request' }} + run: | + echo "IMAGE_TAG=$(echo "$GITHUB_HEAD_REF" | tr '\\/_:&+,;#*' '-')" >> $GITHUB_ENV + echo "REGISTRY='-Ddocker.registry=ghcr.io'" >> $GITHUB_ENV + + - name: Deploy multi-arch application container image + run: mvn -Pct deploy -Dapp.image.tag=${{ env.IMAGE_TAG }} -Dbase.image.tag=${{ env.BASE_IMAGE_TAG }} ${{ env.REGISTRY }} -Ddocker.platforms=${{ env.PLATFORMS }} + + - uses: marocchino/sticky-pull-request-comment@v2 + if: ${{ github.event_name == 'pull_request' }} + with: + header: app-registry-push + message: | + Pushed preview application image as [`ghcr.io/gdcc/dataverse:${{ env.IMAGE_TAG }}`](https://github.com/orgs/gdcc/packages/container/package/dataverse). + Use it by referencing it with its full name as printed above. diff --git a/.github/workflows/container_base_push.yml b/.github/workflows/container_base_push.yml index 8f440151d0c..5c62fb0c811 100644 --- a/.github/workflows/container_base_push.yml +++ b/.github/workflows/container_base_push.yml @@ -1,5 +1,5 @@ --- -name: Container Base Module +name: Base Container Image on: push: @@ -18,9 +18,12 @@ on: - 'modules/container-base/**' - 'modules/dataverse-parent/pom.xml' - '.github/workflows/container_base_push.yml' + schedule: + - cron: '23 3 * * 0' # Run for 'develop' every Sunday at 03:23 UTC env: IMAGE_TAG: unstable + PLATFORMS: linux/amd64,linux/arm64 jobs: build: @@ -79,7 +82,18 @@ jobs: uses: docker/setup-qemu-action@v2 - name: Re-set image tag based on branch if: ${{ github.ref_name == 'master' }} - run: echo "IMAGE_TAG=stable" + run: echo "IMAGE_TAG=alpha" >> $GITHUB_ENV - if: ${{ github.event_name != 'pull_request' }} name: Deploy multi-arch base container image to Docker Hub - run: mvn -f modules/container-base -Pct deploy -Dbase.image.tag=${{ env.IMAGE_TAG }} + run: mvn -f modules/container-base -Pct deploy -Dbase.image.tag=${{ env.IMAGE_TAG }} -Ddocker.platforms=${{ env.PLATFORMS }} + push-app-img: + name: "Rebase & Publish App Image" + permissions: + contents: read + packages: write + pull-requests: write + needs: build + # We do not release a new base image for pull requests, so do not trigger. + if: ${{ github.event_name != 'pull_request' }} + uses: ./.github/workflows/container_app_push.yml + secrets: inherit diff --git a/.github/workflows/maven_unit_test.yml b/.github/workflows/maven_unit_test.yml index e2048f73431..629a45a6c2c 100644 --- a/.github/workflows/maven_unit_test.yml +++ b/.github/workflows/maven_unit_test.yml @@ -51,4 +51,13 @@ jobs: env: CI_NAME: github COVERALLS_SECRET: ${{ secrets.GITHUB_TOKEN }} - run: mvn -V -B jacoco:report coveralls:report -DrepoToken=${COVERALLS_SECRET} -DpullRequest=${{ github.event.number }} \ No newline at end of file + run: mvn -V -B jacoco:report coveralls:report -DrepoToken=${COVERALLS_SECRET} -DpullRequest=${{ github.event.number }} + push-app-img: + name: Publish App Image + permissions: + contents: read + packages: write + pull-requests: write + needs: unittest + uses: ./.github/workflows/container_app_push.yml + secrets: inherit diff --git a/doc/sphinx-guides/source/container/base-image.rst b/doc/sphinx-guides/source/container/base-image.rst index 1f289ec0883..ed06314ef0e 100644 --- a/doc/sphinx-guides/source/container/base-image.rst +++ b/doc/sphinx-guides/source/container/base-image.rst @@ -31,7 +31,7 @@ upstream branches: - The ``unstable`` tag corresponds to the ``develop`` branch, where pull requests are merged. (`Dockerfile `__) -- The ``stable`` tag corresponds to the ``master`` branch, where releases are cut from. +- The ``alpha`` tag corresponds to the ``master`` branch, where releases are cut from. (`Dockerfile `__) @@ -108,13 +108,19 @@ AMD64 (Windows/Linux/...) and ARM64 (Apple M1/M2), by using `Maven Docker Plugin Building the image via ``mvn -Pct package`` or ``mvn -Pct install`` as above will only build for the architecture of the Docker machine's CPU. -Only ``mvn -Pct deploy`` will trigger building on all enabled architectures. -Yet, to enable building with non-native code on your build machine, you will need to setup a cross-platform builder. +Only ``mvn -Pct deploy`` will trigger building on all enabled architectures (and will try to push the images to a +registry, which is Docker Hub by default). + +You can specify which architectures you would like to build for and include by them as a comma separated list: +``mvn -Pct deploy -Ddocker.platforms="linux/amd64,linux/arm64"``. The shown configuration is the default and may be omitted. + +Yet, to enable building with non-native code on your build machine, you will need to setup a cross-platform builder! On Linux, you should install `qemu-user-static `__ (preferably via your package management) on the host and run ``docker run --rm --privileged multiarch/qemu-user-static --reset -p yes`` to enable that builder. The Docker plugin will setup everything else for you. +The upstream CI workflows publish images supporting AMD64 and ARM64 (see e.g. tag details on Docker Hub) .. _base-tunables: diff --git a/modules/container-base/README.md b/modules/container-base/README.md index 15011d5c6f4..dc4d185bbb5 100644 --- a/modules/container-base/README.md +++ b/modules/container-base/README.md @@ -7,7 +7,9 @@ Adding basic functionality like executing scripts at container boot, monitoring, at this layer. Application images building from this very base focus on adding deployable Dataverse code and actual scripts. -*Note:* Currently, there is no application image. Please watch https://github.com/IQSS/dataverse/issues/8934 +There is a community based [application image](https://hub.docker.com/r/gdcc/dataverse) +([docs](https://guides.dataverse.org/en/latest/container/app-image.html)), but you may create your own or even reuse +this image for other purposes than the Dataverse application. ## Quick Reference @@ -23,8 +25,8 @@ provides in-depth information about content, building, tuning and so on for this **Where to get help and ask questions:** IQSS will not offer support on how to deploy or run it. Please reach out to the community for help on using it. -You can join the Community Chat on Matrix at https://chat.dataverse.org or the Community Slack at -https://dataversecommunity.slack.com to ask for help and guidance. +You can join the Community Chat on Matrix at https://chat.dataverse.org and https://groups.google.com/g/dataverse-community +to ask for help and guidance. ## Supported Image Tags @@ -34,7 +36,7 @@ happens there (again, by the community). Community-supported image tags are base - The `unstable` tag corresponds to the `develop` branch, where pull requests are merged. ([`Dockerfile`](https://github.com/IQSS/dataverse/tree/develop/modules/container-base/src/main/docker/Dockerfile)) -- The `stable` tag corresponds to the `master` branch, where releases are cut from. +- The `alpha` tag corresponds to the `master` branch, where releases are cut from. ([`Dockerfile`](https://github.com/IQSS/dataverse/tree/master/modules/container-base/src/main/docker/Dockerfile)) Within the main repository, you may find the base image files at `/modules/container-base`. diff --git a/modules/container-base/pom.xml b/modules/container-base/pom.xml index bbee6ad67d5..fc672696df4 100644 --- a/modules/container-base/pom.xml +++ b/modules/container-base/pom.xml @@ -44,6 +44,7 @@ eclipse-temurin:${target.java.version}-jre 1000 1000 + linux/amd64,linux/arm64 @@ -94,8 +95,8 @@ - linux/arm64 - linux/amd64 + + ${docker.platforms} ${project.build.directory}/buildx-state diff --git a/modules/dataverse-parent/pom.xml b/modules/dataverse-parent/pom.xml index c538b1ff337..27a0f1377c5 100644 --- a/modules/dataverse-parent/pom.xml +++ b/modules/dataverse-parent/pom.xml @@ -189,7 +189,7 @@ 3.1.2 - 0.42.0 + 0.42.1 @@ -345,8 +345,9 @@ - 5.2022.4 + 5.2022.5 diff --git a/src/main/docker/README.md b/src/main/docker/README.md new file mode 100644 index 00000000000..06e2769ed6e --- /dev/null +++ b/src/main/docker/README.md @@ -0,0 +1,62 @@ +# Dataverse Application Container Image + +The "application image" offers you a deployment-ready Dataverse application running on the underlying +application server, which is provided by the [base image](https://hub.docker.com/r/gdcc/base). +Its sole purpose is to bundle the application and any additional material necessary to successfully jumpstart +the application. + +Note: Until all :ref:`jvm-options` are *MicroProfile Config* enabled, it also adds the necessary scripting glue to +configure the applications domain during booting the application server. See :ref:`app-tunables`. + +## Quick Reference + +**Maintained by:** + +This image is created, maintained and supported by the Dataverse community on a best-effort basis. + +**Where to find documentation:** + +The [Dataverse Container Guide - Application Image](https://guides.dataverse.org/en/latest/container/app-image.html) +provides in-depth information about content, building, tuning and so on for this image. You should also consult +the [Dataverse Container Guide - Base Image](https://guides.dataverse.org/en/latest/container/base-image.html) page +for more details on tunable settings, locations, etc. + +**Where to get help and ask questions:** + +IQSS will not offer support on how to deploy or run it. Please reach out to the community for help on using it. +You can join the Community Chat on Matrix at https://chat.dataverse.org and https://groups.google.com/g/dataverse-community +to ask for help and guidance. + +## Supported Image Tags + +This image is sourced within the main upstream code [repository of the Dataverse software](https://github.com/IQSS/dataverse). +Development and maintenance of the [image's code](https://github.com/IQSS/dataverse/tree/develop/src/main/docker) +happens there (again, by the community). Community-supported image tags are based on the two most important branches: + +- The `unstable` tag corresponds to the `develop` branch, where pull requests are merged. + ([`Dockerfile`](https://github.com/IQSS/dataverse/tree/develop/src/main/docker/Dockerfile)) +- The `alpha` tag corresponds to the `master` branch, where releases are cut from. + ([`Dockerfile`](https://github.com/IQSS/dataverse/tree/master/src/main/docker/Dockerfile)) + +Within the main repository, you may find the application image files at `/src/main/docker`. +This Maven module uses the [Maven Docker Plugin](https://dmp.fabric8.io) to build and ship the image. +You may use, extend, or alter this image to your liking and/or host in some different registry if you want to. + +**Supported architectures:** This image is created as a "multi-arch image", supporting the most common architectures +Dataverse usually runs on: AMD64 (Windows/Linux/...) and ARM64 (Apple M1/M2). + +## License + +Image content created by the community is licensed under [Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0), +like the [main Dataverse project](https://github.com/IQSS/dataverse/blob/develop/LICENSE.md). + +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and limitations under the License. + +As with all Docker images, all images likely also contain other software which may be under other licenses (such as +[Payara Server](https://github.com/payara/Payara/blob/master/LICENSE.txt), Bash, etc., from the base +distribution, along with any direct or indirect (Java) dependencies contained). + +As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies +with any relevant licenses for all software contained within.