From e5dc3be11938829324434b6451a4a920c02c0323 Mon Sep 17 00:00:00 2001 From: Oliver Pajonk Date: Wed, 23 Jul 2025 13:51:56 +0000 Subject: [PATCH 1/9] Rework Container CI - Avoid double-building of container for test and publication - Simplify the manual creation and testing of container --- .github/workflows/ci.yaml | 17 ++++++++++------- .github/workflows/release.yaml | 14 ++++++++++---- README.md | 11 +++++------ scripts/build.sh | 2 +- scripts/publish.sh | 10 ++++++++++ 5 files changed, 36 insertions(+), 18 deletions(-) create mode 100755 scripts/publish.sh diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 65d218a..3427d00 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,5 +1,5 @@ name: 'Validate DevContainer' -description: 'This workflow is checking that updates do not break stuff. If on main branch, publish to latest tag.' +description: 'This workflow is checking that updates do not break stuff. If on main branch, publish to "latest" tag.' on: pull_request: push: @@ -34,6 +34,9 @@ jobs: - name: Check, Build, Test uses: devcontainers/ci@v0.3 with: + # The .devcontainer is never published as pre-built container. + # We want to only use it for building and testing the actual container, which resides in src/s-core-devcontainer. + push: "never" runCmd: | # Check pre-commit run --show-diff-on-failure --color=always --all-files || exit -1 @@ -47,10 +50,10 @@ jobs: # Upload devcontainer from src/s-core-devcontainer - name: Publish uses: devcontainers/ci@v0.3 + if: github.ref == 'refs/heads/main' with: - cacheFrom: ghcr.io/eclipse-score/devcontainer - imageName: ghcr.io/eclipse-score/devcontainer - # publish latest from main branch; tags are handled in release workflow - imageTag: latest - refFilterForPush: 'refs/heads/main' - subFolder: src/s-core-devcontainer + # We do not use the push feature of devcontainers/ci here, since that would push the wrong container. + # Instead, we use the publish script which pushes the correct container (residing in src/s-core-devcontainer). + push: "never" + runCmd: | + ./scripts/publish.sh "latest" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index eb08357..7124936 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -29,6 +29,9 @@ jobs: - name: Check, Build, Test uses: devcontainers/ci@v0.3 with: + # The .devcontainer is never published as pre-built container. + # We want to only use it for building and testing the actual container, which resides in src/s-core-devcontainer. + push: "never" runCmd: | # Check pre-commit run --show-diff-on-failure --color=always --all-files || exit -1 @@ -43,7 +46,10 @@ jobs: - name: Publish uses: devcontainers/ci@v0.3 with: - imageName: ghcr.io/eclipse-score/devcontainer - cacheFrom: ghcr.io/eclipse-score/devcontainer - imageTag: ${{ github.ref_name }} - subFolder: src/s-core-devcontainer + # We do not use the push feature of devcontainers/ci here, since that would push the wrong container. + # Instead, we use the publish script which pushes the correct container (residing in src/s-core-devcontainer). + push: "never" + runCmd: | + # Note: "${{ github.ref_name }}" will be the tag name, e.g., "1.0.0" + ./scripts/publish.sh "${{ github.ref_name }}" + diff --git a/README.md b/README.md index b6e44f7..669051a 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ They are used by the CI, but especially the build and test scripts can be run al ````console $ ./scripts/build.sh [... build output..] -{"outcome":"success","imageName":["vsc-s-core-devcontainer-209943ec6ff795f57b20cdf85a70c904d1e3b4a329d1e01c79f0ffea615c6e40-features"]} +{"outcome":"success","imageName":["ghcr.io/eclipse-score/devcontainer"]} $ ./scripts/test.sh [... test output...] @@ -112,16 +112,15 @@ So in order to execute `S-CORE DevContainer` on your host (and test it as part o * export this newly built S-CORE DevContainer image * import the image on your host machine -* use the image name in the `.devcontainer/devcontainer.json` of the targeted S-CORE module +* use the image name and tag `latest` in the `.devcontainer/devcontainer.json` of the targeted S-CORE module Concretely, this can be done as follows: -* Run `docker save > export.img` in `Development Container A`. -For example, given above build output, this would be `docker save vsc-s-core-devcontainer-209943ec6ff795f57b20cdf85a70c904d1e3b4a329d1e01c79f0ffea615c6e40-features > export.img` +* Run `docker save "ghcr.io/eclipse-score/devcontainer" > export.img` in `Development Container A`. * On your **host machine** (!!), open a console and run `docker load < /path/to/export.img`. -* In the working copy of the targeted S-CORE module, edit the file `.devcontainer/devcontainer.json` and change the `"image": "..."` entry to `"image": ""`. -Given above build output, this would be `"image": "vsc-s-core-devcontainer-209943ec6ff795f57b20cdf85a70c904d1e3b4a329d1e01c79f0ffea615c6e40-features"`. +* In the working copy of the targeted S-CORE module, edit the file `.devcontainer/devcontainer.json` and change the `"image": "..."` entry to `"image": "ghcr.io/eclipse-score/devcontainer:latest"` (if not already set like this). The Visual Studio Code instance related to the targeted S-CORE module will now ask you to rebuild the DevContainer. +If not, press Ctrl + Shift + p and run from there "Dev Containers: Rebuilt Container Without Cache". Do so, and you have a running instance of `S-CORE DevContainer` related to the targeted S-CORE module. ### Version Pinning diff --git a/scripts/build.sh b/scripts/build.sh index 7146afa..d8c570f 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -1,4 +1,4 @@ #!/usr/bin/env bash set -euxo pipefail -devcontainer build --workspace-folder src/s-core-devcontainer +devcontainer build --workspace-folder src/s-core-devcontainer --image-name ghcr.io/eclipse-score/devcontainer:latest --cache-from ghcr.io/eclipse-score/devcontainer diff --git a/scripts/publish.sh b/scripts/publish.sh new file mode 100755 index 0000000..b8e7ad7 --- /dev/null +++ b/scripts/publish.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +set -euxo pipefail + +TAG="${1:-latest}" + +if [[ "$TAG" != "latest" ]]; then + docker tag "ghcr.io/eclipse-score/devcontainer:latest" "ghcr.io/eclipse-score/devcontainer:${TAG}" +fi + +docker push "ghcr.io/eclipse-score/devcontainer:${TAG}" From ccdfb89b3642cd1a76adec40b17694bae6a078ab Mon Sep 17 00:00:00 2001 From: Oliver Pajonk Date: Wed, 23 Jul 2025 13:52:04 +0000 Subject: [PATCH 2/9] remove redundant code --- scripts/test.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/scripts/test.sh b/scripts/test.sh index f20ffe0..bdbc32b 100755 --- a/scripts/test.sh +++ b/scripts/test.sh @@ -15,10 +15,6 @@ devcontainer up \ --workspace-folder "${PROJECT_DIR}/src/${IMAGE}/" \ --remove-existing-container -CONTAINER_ID=$(docker container ls --filter "label=${ID_LABEL}" --quiet) -IMAGE_NAME=$(docker container inspect --format '{{ .Config.Image }}' "${CONTAINER_ID}") -IMAGE_ID=$(docker image ls --filter "reference=${IMAGE_NAME}" --quiet) - # Run actual test echo "(*) Running test..." devcontainer exec --workspace-folder "${PROJECT_DIR}/src/${IMAGE}" --id-label "${ID_LABEL}" \ From fe94f1ef869fd2ae125ed33dfa8e1395695d3338 Mon Sep 17 00:00:00 2001 From: Oliver Pajonk Date: Wed, 23 Jul 2025 13:55:23 +0000 Subject: [PATCH 3/9] eof fixer ;) --- .github/workflows/release.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7124936..683e1b8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -52,4 +52,3 @@ jobs: runCmd: | # Note: "${{ github.ref_name }}" will be the tag name, e.g., "1.0.0" ./scripts/publish.sh "${{ github.ref_name }}" - From 01e04f43d79411fe59919425d483c53ba62b000f Mon Sep 17 00:00:00 2001 From: Oliver Pajonk Date: Wed, 23 Jul 2025 14:03:01 +0000 Subject: [PATCH 4/9] temporarily comment this out to test publication --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3427d00..b1727a0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -50,7 +50,7 @@ jobs: # Upload devcontainer from src/s-core-devcontainer - name: Publish uses: devcontainers/ci@v0.3 - if: github.ref == 'refs/heads/main' + #if: github.ref == 'refs/heads/main' with: # We do not use the push feature of devcontainers/ci here, since that would push the wrong container. # Instead, we use the publish script which pushes the correct container (residing in src/s-core-devcontainer). From ef35c0cffadf8ee35489800e48344c3d1b005afd Mon Sep 17 00:00:00 2001 From: Oliver Pajonk Date: Wed, 23 Jul 2025 14:11:34 +0000 Subject: [PATCH 5/9] use devcontainer build to push --- scripts/publish.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/scripts/publish.sh b/scripts/publish.sh index b8e7ad7..e615848 100755 --- a/scripts/publish.sh +++ b/scripts/publish.sh @@ -3,8 +3,4 @@ set -euxo pipefail TAG="${1:-latest}" -if [[ "$TAG" != "latest" ]]; then - docker tag "ghcr.io/eclipse-score/devcontainer:latest" "ghcr.io/eclipse-score/devcontainer:${TAG}" -fi - -docker push "ghcr.io/eclipse-score/devcontainer:${TAG}" +devcontainer build --workspace-folder src/s-core-devcontainer --image-name "ghcr.io/eclipse-score/devcontainer:${TAG}" --cache-from ghcr.io/eclipse-score/devcontainer --push true From 003ef9c14f7413b4e31378c8dc73b5b7ecf5df9c Mon Sep 17 00:00:00 2001 From: Oliver Pajonk Date: Wed, 23 Jul 2025 14:18:19 +0000 Subject: [PATCH 6/9] Revert "use devcontainer build to push" This reverts commit ef35c0cffadf8ee35489800e48344c3d1b005afd. --- scripts/publish.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/publish.sh b/scripts/publish.sh index e615848..b8e7ad7 100755 --- a/scripts/publish.sh +++ b/scripts/publish.sh @@ -3,4 +3,8 @@ set -euxo pipefail TAG="${1:-latest}" -devcontainer build --workspace-folder src/s-core-devcontainer --image-name "ghcr.io/eclipse-score/devcontainer:${TAG}" --cache-from ghcr.io/eclipse-score/devcontainer --push true +if [[ "$TAG" != "latest" ]]; then + docker tag "ghcr.io/eclipse-score/devcontainer:latest" "ghcr.io/eclipse-score/devcontainer:${TAG}" +fi + +docker push "ghcr.io/eclipse-score/devcontainer:${TAG}" From 815793a951c027f9d1774afcf0d33f4d0a2e81bf Mon Sep 17 00:00:00 2001 From: Oliver Pajonk Date: Wed, 23 Jul 2025 14:23:58 +0000 Subject: [PATCH 7/9] test login manually --- .github/workflows/ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b1727a0..400a356 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -56,4 +56,5 @@ jobs: # Instead, we use the publish script which pushes the correct container (residing in src/s-core-devcontainer). push: "never" runCmd: | + echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin ./scripts/publish.sh "latest" From b618407a4630f3bdca0b98338f346ddbec361e13 Mon Sep 17 00:00:00 2001 From: Oliver Pajonk Date: Wed, 23 Jul 2025 14:30:20 +0000 Subject: [PATCH 8/9] Add comment for manual login step in publish script --- .github/workflows/ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 400a356..567281a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -56,5 +56,6 @@ jobs: # Instead, we use the publish script which pushes the correct container (residing in src/s-core-devcontainer). push: "never" runCmd: | + # manually login to ghcr.io for publishing echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin ./scripts/publish.sh "latest" From ba2ed5bd3b95f596f8faf525cedabf0b763fe394 Mon Sep 17 00:00:00 2001 From: Oliver Pajonk Date: Wed, 23 Jul 2025 14:30:49 +0000 Subject: [PATCH 9/9] revert the if check we have to hope that this works on main; there is no way to test it before merging --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 567281a..0f3ea2a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -50,7 +50,7 @@ jobs: # Upload devcontainer from src/s-core-devcontainer - name: Publish uses: devcontainers/ci@v0.3 - #if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' with: # We do not use the push feature of devcontainers/ci here, since that would push the wrong container. # Instead, we use the publish script which pushes the correct container (residing in src/s-core-devcontainer).