Update workflows to build and publish images

Author: stephen-vakil

.github/actions/build_docker/action.yml

@@ -0,0 +1,80 @@
+name: Docker build and push
+description: Build the image and pushes to registry
+
+inputs:
+  version:
+    description: The version to use for the Docker image
+    required: true
+  dockerfile_path:
+    description: Dockerfile location
+    required: true
+  image_name:
+    description: The Docker image name, with the registry prefix
+    required: true
+  registry_dev:
+    description: Docker registry dev
+    required: true
+  registry_prod:
+    description: Docker registry prod
+    required: true
+  registry_username:
+    description: Docker registry username
+    required: true
+  registry_password:
+    description: Docker registry password
+    required: true
+  build_args:
+    description: Arguments to pass to docker build
+    required: false
+    default: ''
+
+
+runs:
+  using: composite
+  steps:
+    - name: Setup up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Generate Date Version
+      id: date-version
+      uses: StackEng/CoreEngineering.CITools/actions/date_version@v1
+
+    - name: Docker Image Metadata
+      id: metadata
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ inputs.image_name }}
+        # https://github.com/docker/metadata-action/tree/master?tab=readme-ov-file#priority-attribute
+        # The default priority of sha is 100, and for custom/raw tags is 200. The highest the most priority.
+        # We want the sha tag to be the one used for the OCI label and the version output, so we set the priority of the custom date tag to the lowest.
+        tags: |
+          type=sha,priority=100
+          ${{ inputs.version }},priority=1
+          ${{ github.ref_name == 'main' && '' || format('pr-{0}', github.event.pull_request.number) }}
+        flavor: latest=false
+
+    - name: Login to Docker Registry - dev
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ inputs.registry_dev }}
+        username: ${{ inputs.registry_username }}
+        password: ${{ inputs.registry_password }}
+
+    - name: Login to Docker Registry - prod
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ inputs.registry_prod }}
+        username: ${{ inputs.registry_username }}
+        password: ${{ inputs.registry_password }}
+
+    - name: Build Image
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        context: .
+        file: ${{ inputs.dockerfile_path }}
+        tags: ${{ steps.metadata.outputs.tags }}
+        labels: ${{ steps.metadata.outputs.labels }}
+        provenance: true
+        build-args: |
+          DOTNET_VERSION=${{ env.DOTNET_VERSION }}

.github/workflows/build_app_docker_image.yml

@@ -0,0 +1,60 @@
+name: Build docker
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        type: string
+        required: true
+    secrets:
+      registry_username:
+        required: true
+      registry_password:
+        required: true
+      nuget_user:
+        required: true
+      nuget_password:
+        required: true
+
+env:
+    BUILDKIT_PROGRESS: plain
+    SERVICE_IMAGE_NAME: ${{ github.ref_name == 'main' && vars.CLOUDSMITH_DOCKER_REGISTRY_PROD || vars.CLOUDSMITH_DOCKER_REGISTRY_DEV }}/stackeng/opserver/opserver
+
+jobs:
+  build_docker:
+    name: Docker build and push
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0 #Fetch entire history for NerdBank to calculate the version
+        
+    - name: Setup NuGet access
+      uses: StackEng/PlatEngTools/actions/nuget-sources@main
+      with:
+        GH_NUGET_FEED: ${{ vars.CLOUDSMITH_NUGET }}
+        GH_NUGET_USER: ${{ secrets.nuget_user }}
+        GH_NUGET_RO_PAT: ${{ secrets.nuget_password }}
+        NUGET_CLEANUP_FEEDS: ProGet
+
+    - uses: ./.github/actions/build_docker
+      id: image
+      with:
+        version: ${{ inputs.version }}
+        dockerfile_path: ./Dockerfile
+        image_name: ${{ env.SERVICE_IMAGE_NAME }}
+        registry_dev: ${{ vars.CLOUDSMITH_DOCKER_REGISTRY_DEV }}
+        registry_prod: ${{ vars.CLOUDSMITH_DOCKER_REGISTRY_PROD }}
+        registry_username: ${{ secrets.registry_username }}
+        registry_password: ${{ secrets.registry_password }}        
+        scan_image: true
+    
+    - name: Await opserver docker image to be ready in Cloudsmith
+      uses: StackEng/TeamsScaleTools/actions/cloudsmith-awaiter@main
+      with:
+        cloudsmith_api_key: ${{ secrets.registry_password }}
+        cloudsmith_org: stackoverflow
+        cloudsmith_repo: ${{ github.ref_name == 'main' && 'cr' || 'cr-dev' }}
+        cloudsmith_query: "name:opserver tag:${{ inputs.version }}"
+

.github/workflows/build_cnab.yml

@@ -0,0 +1,38 @@
+name: Build CNAB invocation image
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        description: The version to use for the Octopus release
+        type: string
+        required: true
+    secrets:
+      registry_username:
+        required: true
+      registry_password:
+        required: true
+
+env:
+  CNAB_IMAGE_NAME: ${{ github.ref_name == 'main' && vars.CLOUDSMITH_DOCKER_REGISTRY_PROD || vars.CLOUDSMITH_DOCKER_REGISTRY_DEV }}/stackeng/opserver/opserver-cnab
+
+jobs:
+  build_image:
+    name: Build and release CNAB invocation image
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - uses: ./.github/actions/build_docker
+      with:
+        version: ${{ inputs.version }}
+        dockerfile_path: ./cnab/build/Dockerfile
+        image_name: ${{ env.CNAB_IMAGE_NAME }}
+        registry_dev: ${{ vars.CLOUDSMITH_DOCKER_REGISTRY_DEV }}
+        registry_prod: ${{ vars.CLOUDSMITH_DOCKER_REGISTRY_PROD }}
+        registry_username: ${{ secrets.registry_username }}
+        registry_password: ${{ secrets.registry_password }}
+  

.github/workflows/docker.yml

@@ -0,0 +1,54 @@
+name: Build images and create Octopus release
+run-name: 'Build images and create release'
+
+on:
+  workflow_dispatch:
+  pull_request:
+    paths-ignore:
+      - README.md
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - README.md
+
+jobs:
+  generate_date_version:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.date-version.outputs.version }}
+    steps: 
+    - name: Generate Date Version
+      id: date-version
+      uses: StackEng/CoreEngineering.CITools/actions/date_version@v1
+
+  build_docker:
+    needs: [generate_date_version]
+    uses: ./.github/workflows/build_app_docker_image.yml
+    with:
+      version: ${{ needs.generate_date_version.outputs.version }}
+    secrets:
+      registry_username: ${{ secrets.CLOUDSMITH_API_ACCOUNT }}
+      registry_password: ${{ secrets.CLOUDSMITH_API_KEY }}
+      nuget_user: ${{ secrets.CLOUDSMITH_API_ACCOUNT }}
+      nuget_password: ${{ secrets.CLOUDSMITH_API_KEY }}
+
+  build_migrations:
+    needs: [generate_date_version]
+    uses: ./.github/workflows/build_migrations_image.yml
+    with:
+      version: ${{ needs.generate_date_version.outputs.version }}
+    secrets:
+      registry_username: ${{ secrets.CLOUDSMITH_API_ACCOUNT }}
+      registry_password: ${{ secrets.CLOUDSMITH_API_KEY }}
+      nuget_user: ${{ secrets.CLOUDSMITH_API_ACCOUNT }}
+      nuget_password: ${{ secrets.CLOUDSMITH_API_KEY }}
+
+  build_cnab:
+    uses: ./.github/workflows/build_cnab.yml
+    needs: [generate_date_version]
+    with:
+      version: ${{ needs.generate_date_version.outputs.version }}
+    secrets:
+      registry_username: ${{ secrets.CLOUDSMITH_API_ACCOUNT }}
+      registry_password: ${{ secrets.CLOUDSMITH_API_KEY }}