diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cd3e469..a45c2b0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,33 +29,7 @@ jobs: do_not_skip: '["workflow_dispatch", "schedule", "push"]' concurrent_skipping: false - lint: - runs-on: ubuntu-latest - needs: detect-noop - if: needs.detect-noop.outputs.noop != 'true' && github.ref != 'refs/heads/main' - steps: - - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - - - name: Lint Dockerfile - run: make lint - - unit-tests: - runs-on: ubuntu-latest - needs: detect-noop - if: needs.detect-noop.outputs.noop != 'true' - steps: - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Run Unit Tests (Postgres) - run: make test.unit BACKEND=postgres IMAGE_NAME=alerta-test - - - name: Run Unit Tests (MongoDB) - run: make test.unit BACKEND=mongodb IMAGE_NAME=alerta-test - publish-artifacts: - needs: [lint, unit-tests] if: ${{ needs.detect-noop.outputs.noop != 'true' && startsWith(github.ref, 'refs/tags/workable-') }} permissions: id-token: write @@ -66,6 +40,14 @@ jobs: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Check secrets availability + id: secrets_check + shell: bash + run: | + echo "has_sre=${{ secrets.SRE_GCR_SA != '' }}" >> $GITHUB_OUTPUT + echo "has_staging=${{ secrets.STAGING_GCR_SA != '' }}" >> $GITHUB_OUTPUT + echo "has_production=${{ secrets.PRODUCTION_GCR_SA != '' }}" >> $GITHUB_OUTPUT + - name: Get image tag id: container-info run: | @@ -79,9 +61,19 @@ jobs: push: false tags: Workable/alerta-base:${{ steps.container-info.outputs.image-tag }} provenance: false + build-args: | + BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") + RELEASE=9.0.4 + VERSION=${{ steps.container-info.outputs.image-tag }} # DISTRIBUTION OF SRE IMAGE + - name: Skip SRE registry push + if: ${{ steps.secrets_check.outputs.has_sre == 'false' }} + run: | + echo "::warning title=SRE Registry Push Skipped::The SRE_GCR_SA secret is missing. Skipping image push to SRE registry." + - name: Login to sre registry + if: ${{ steps.secrets_check.outputs.has_sre == 'true' }} uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: us-docker.pkg.dev @@ -89,6 +81,7 @@ jobs: password: ${{ secrets.SRE_GCR_SA }} - name: Push image to sre registry + if: ${{ steps.secrets_check.outputs.has_sre == 'true' }} env: REGISTRY: us-docker.pkg.dev/sre-artifacts-20e4/gcr.io run: | @@ -97,7 +90,13 @@ jobs: docker push ${{ env.REGISTRY }}/alerta-base:${{ steps.container-info.outputs.image-tag }} # DISTRIBUTION OF STAGING IMAGE + - name: Skip Staging registry push + if: ${{ steps.secrets_check.outputs.has_staging == 'false' }} + run: | + echo "::warning title=Staging Registry Push Skipped::The STAGING_GCR_SA secret is missing. Skipping image push to Staging registry." + - name: Login to staging registry + if: ${{ steps.secrets_check.outputs.has_staging == 'true' }} uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: us-docker.pkg.dev @@ -105,6 +104,7 @@ jobs: password: ${{ secrets.STAGING_GCR_SA }} - name: Push image to staging registry + if: ${{ steps.secrets_check.outputs.has_staging == 'true' }} env: REGISTRY: us-docker.pkg.dev/staging-artifacts-786a/gcr.io run: | @@ -113,7 +113,13 @@ jobs: docker push ${{ env.REGISTRY }}/alerta-base:${{ steps.container-info.outputs.image-tag }} # DISTRIBUTION OF PRODUCTION IMAGE + - name: Skip Production registry push + if: ${{ steps.secrets_check.outputs.has_production == 'false' }} + run: | + echo "::warning title=Production Registry Push Skipped::The PRODUCTION_GCR_SA secret is missing. Skipping image push to Production registry." + - name: Login to production registry + if: ${{ steps.secrets_check.outputs.has_production == 'true' }} uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: us-docker.pkg.dev @@ -121,6 +127,7 @@ jobs: password: ${{ secrets.PRODUCTION_GCR_SA }} - name: Push image to production registry + if: ${{ steps.secrets_check.outputs.has_production == 'true' }} env: REGISTRY: us-docker.pkg.dev/production-artifacts-0b0d/gcr.io run: | diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index c77a24e..8c00b2a 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -89,7 +89,7 @@ echo Alerta WebUI ${WEBUI_VERSION} nginx -v echo uwsgi $(uwsgi --version) -mongo --version | grep MongoDB +mongosh --version psql --version python3 --version /venv/bin/pip list diff --git a/workable-Dockerfile b/workable-Dockerfile index 0995d82..fe86cfa 100644 --- a/workable-Dockerfile +++ b/workable-Dockerfile @@ -1,6 +1,6 @@ -FROM python:3.9-slim-trixie +FROM python:3.9-slim-bookworm -ENV PYTHONUNBUFFERED 1 +ENV PYTHONUNBUFFERED=1 ENV PIP_DISABLE_PIP_VERSION_CHECK=1 ENV PIP_NO_CACHE_DIR=1 @@ -53,8 +53,8 @@ RUN apt-get update && \ apt-get -y autoremove && \ rm -rf /var/lib/apt/lists/* -RUN curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add - && \ - echo "deb https://nginx.org/packages/debian/ buster nginx" | tee /etc/apt/sources.list.d/nginx.list && \ +RUN curl -fsSL https://nginx.org/keys/nginx_signing.key | gpg --dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg && \ + echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/debian/ bookworm nginx" | tee /etc/apt/sources.list.d/nginx.list && \ apt-get update && \ apt-get install -y --no-install-recommends \ nginx && \ @@ -63,11 +63,11 @@ RUN curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add - && \ rm -rf /var/lib/apt/lists/* # hadolint ignore=DL3008 -RUN curl -fsSL https://www.mongodb.org/static/pgp/server-4.2.asc | apt-key add - && \ - echo "deb https://repo.mongodb.org/apt/debian buster/mongodb-org/4.2 main" | tee /etc/apt/sources.list.d/mongodb-org-4.2.list && \ +RUN curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | gpg --dearmor -o /usr/share/keyrings/mongodb-archive-keyring.gpg && \ + echo "deb [signed-by=/usr/share/keyrings/mongodb-archive-keyring.gpg] https://repo.mongodb.org/apt/debian bookworm/mongodb-org/7.0 main" | tee /etc/apt/sources.list.d/mongodb-org-7.0.list && \ apt-get update && \ apt-get install -y --no-install-recommends \ - mongodb-org-shell && \ + mongodb-mongosh && \ apt-get -y clean && \ apt-get -y autoremove && \ rm -rf /var/lib/apt/lists/* @@ -80,7 +80,7 @@ RUN pip install --no-cache-dir pip virtualenv jinja2 && \ /venv/bin/pip install --no-cache-dir --upgrade setuptools && \ /venv/bin/pip install --no-cache-dir --requirement /app/requirements.txt && \ /venv/bin/pip install --no-cache-dir --requirement /app/requirements-docker.txt -ENV PATH $PATH:/venv/bin +ENV PATH=$PATH:/venv/bin RUN /venv/bin/pip install alerta==${CLIENT_VERSION} alerta-server==${SERVER_VERSION} COPY install-plugins.sh /app/install-plugins.sh @@ -91,9 +91,9 @@ ADD https://github.com/alerta/alerta-webui/releases/download/v${WEBUI_VERSION}/a RUN tar zxvf /tmp/webui.tar.gz -C /tmp && \ mv /tmp/dist /web -ENV ALERTA_SVR_CONF_FILE /app/alertad.conf -ENV ALERTA_CONF_FILE /app/alerta.conf -ENV ALERTA_WEB_CONF_FILE /web/config.json +ENV ALERTA_SVR_CONF_FILE=/app/alertad.conf +ENV ALERTA_CONF_FILE=/app/alerta.conf +ENV ALERTA_WEB_CONF_FILE=/web/config.json COPY config/templates/app/ /app COPY config/templates/web/ /web