diff --git a/.github/workflows/conventional-commits.yaml b/.github/workflows/conventional-commits.yaml new file mode 100644 index 0000000..cb75bfd --- /dev/null +++ b/.github/workflows/conventional-commits.yaml @@ -0,0 +1,16 @@ +name: Conventional Commit as PR title + +on: + pull_request_target: + types: + - opened + - edited + - reopened + +jobs: + lint-pr-title: + # Prevent execution on forks + if: github.repository_owner == 'iExecBlockchainComputing' + permissions: + pull-requests: read + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/conventional-commits.yml@conventional-commits-v1.1.0 diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml new file mode 100644 index 0000000..15d8695 --- /dev/null +++ b/.github/workflows/docker-build.yaml @@ -0,0 +1,78 @@ +name: Build and Push OCI Image + +on: + pull_request: + push: + branches: [main] + tags: + - 'v*.*.*' + # can only be executed by people with write access on repository + workflow_dispatch: + +jobs: + prepare: + name: Determine image tag + runs-on: ubuntu-latest + # Prevent execution on forks + if: github.repository_owner == 'iExecBlockchainComputing' + outputs: + image_tag: ${{ steps.determine-tag.outputs.image_tag }} + steps: + - name: Checkout code + uses: actions/checkout@v6 + with: + fetch-depth: 0 + + - name: Determine Docker tag based on Git ref + id: determine-tag + run: | + if [ "${{ github.ref_type }}" = "tag" ] ; then + # Since this workflow only triggers on tags matching 'v*.*.*' we know we're always dealing with a version tag + TAG_ON_MAIN=$(git branch -r --contains ${{ github.sha }} 'origin/main') + + if [ -z "$TAG_ON_MAIN" ] ; then + echo "Error: Tag ${{ github.ref_name }} is not on main branch" + echo "Tags must be created on main branch to generate X.Y.Z image tags" + exit 1 + fi + + GITHUB_REF_NAME="${{ github.ref_name }}" + echo "Processing tag on main branch: ${{ github.ref_name }}" + echo "image_tag=${GITHUB_REF_NAME#v}" | tee -a $GITHUB_OUTPUT + else + if [ "${{ github.event_name }}" = "pull_request" ] ; then + SHORT_SHA=$(echo ${{ github.event.pull_request.head.sha }} | cut -c1-8) + else + SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-8) + fi + + if [ "${{ github.ref_name }}" = "main" ] ; then + echo "Processing main branch" + echo "image_tag=dev-${SHORT_SHA}" | tee -a $GITHUB_OUTPUT + else + # This covers other branches + echo "Processing feat/fix branch ${{ github.head_ref }}" + echo "image_tag=feature-${SHORT_SHA}" | tee -a $GITHUB_OUTPUT + fi + fi + + build-oci-image: + name: Build OCI image + needs: prepare + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-v3.3.0 + with: + image-name: docker-regis.iex.ec/go-hello-world + image-tag: ${{ needs.prepare.outputs.image_tag }} + dockerfile: Dockerfile + context: . + registry: docker-regis.iex.ec + push: true + security-scan: true + security-report: "comment" + hadolint: true + platform: linux/amd64 + secrets: + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN_PULL_ONLY }} + username: ${{ secrets.NEXUS_USERNAME }} + password: ${{ secrets.NEXUS_PASSWORD }} diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml new file mode 100644 index 0000000..7a5fb14 --- /dev/null +++ b/.github/workflows/release-please.yaml @@ -0,0 +1,18 @@ +name: Release Please + +on: + push: + branches: + - main + +permissions: + contents: write + issues: write + pull-requests: write + +jobs: + release-please: + # Prevent execution on forks + if: github.repository_owner == 'iExecBlockchainComputing' + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/release-please.yml@release-please-v2.0.0 + secrets: inherit diff --git a/.release-please-manifest.json b/.release-please-manifest.json new file mode 100644 index 0000000..305c150 --- /dev/null +++ b/.release-please-manifest.json @@ -0,0 +1 @@ +{".":"0.2.0"} diff --git a/Dockerfile b/Dockerfile index 1da14af..699a35a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,21 @@ # same version as Scone -FROM golang:1.19.2-alpine3.15 AS build -RUN apk add --no-cache gcc build-base gcc-go +FROM golang:1.25.9-alpine3.23 AS build + +RUN apk upgrade --no-cache + COPY ./src /app -RUN go build -compiler=gccgo -buildmode=exe -o /app/helloworld /app/helloworld.go + +RUN go build -o /app/helloworld /app/helloworld.go # create final image from compiled golang binary -FROM alpine:3.15 -RUN apk add --no-cache libgo +FROM alpine:3.23 + RUN mkdir /iexec_in /iexec_out + COPY --from=build /app/helloworld /app/helloworld + ENV IEXEC_IN=/iexec_in + ENV IEXEC_OUT=/iexec_out + ENTRYPOINT ["/app/helloworld"] diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 6e660b5..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,9 +0,0 @@ -@Library('global-jenkins-library@2.2.0') _ - -buildInfo = getBuildInfo() - -buildSimpleDocker_v3( - buildInfo: buildInfo, - dockerfileDir: '.', - visibility: 'iex.ec' -) diff --git a/release-please-config.json b/release-please-config.json new file mode 100644 index 0000000..0950af1 --- /dev/null +++ b/release-please-config.json @@ -0,0 +1,10 @@ +{ + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json", + "draft-pull-request": true, + "include-component-in-tag": false, + "include-v-in-tag": true, + "release-type": "simple", + "packages": { + ".": {} + } +}