Skip to content

Commit bd0e68b

Browse files
committed
dev container build workflow
1 parent fab8cb1 commit bd0e68b

3 files changed

Lines changed: 190 additions & 13 deletions

File tree

.devcontainer/Dockerfile

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -130,11 +130,11 @@ RUN (npm install -g yarn@latest || (command -v corepack >/dev/null 2>&1 && corep
130130
WORKDIR /cloudharness
131131

132132
# Copy all requirements files first for better Docker layer caching
133-
COPY ../libraries/models/requirements.txt ./libraries/models/
134-
COPY ../libraries/cloudharness-utils/requirements.txt ./libraries/cloudharness-utils/
135-
COPY ../libraries/cloudharness-common/requirements.txt ./libraries/cloudharness-common/
136-
COPY ../libraries/client/cloudharness_cli/requirements.txt ./libraries/client/cloudharness_cli/
137-
COPY ../tools/deployment-cli-tools/requirements.txt ./tools/deployment-cli-tools/
133+
COPY libraries/models/requirements.txt ./libraries/models/
134+
COPY libraries/cloudharness-utils/requirements.txt ./libraries/cloudharness-utils/
135+
COPY libraries/cloudharness-common/requirements.txt ./libraries/cloudharness-common/
136+
COPY libraries/client/cloudharness_cli/requirements.txt ./libraries/client/cloudharness_cli/
137+
COPY tools/deployment-cli-tools/requirements.txt ./tools/deployment-cli-tools/
138138

139139
# Install all external dependencies with caching
140140
RUN --mount=type=cache,target=/root/.cache \
@@ -145,8 +145,8 @@ RUN --mount=type=cache,target=/root/.cache \
145145
pip install -r tools/deployment-cli-tools/requirements.txt --prefer-binary
146146

147147
# Copy requirements files for common framework libraries
148-
COPY ../infrastructure/common-images/cloudharness-flask/requirements.txt ./infrastructure/flask-requirements.txt
149-
COPY ../infrastructure/common-images/cloudharness-django/libraries/cloudharness-django/requirements.txt ./infrastructure/django-requirements.txt
148+
COPY infrastructure/common-images/cloudharness-flask/requirements.txt ./infrastructure/flask-requirements.txt
149+
COPY infrastructure/common-images/cloudharness-django/libraries/cloudharness-django/requirements.txt ./infrastructure/django-requirements.txt
150150

151151
# Install additional tools and common framework libraries
152152
RUN --mount=type=cache,target=/root/.cache \
@@ -155,24 +155,24 @@ RUN --mount=type=cache,target=/root/.cache \
155155
pip install -r infrastructure/django-requirements.txt --prefer-binary
156156

157157
# Copy and install libraries one by one
158-
COPY ../libraries/models ./libraries/models
158+
COPY libraries/models ./libraries/models
159159
RUN pip install -e libraries/models --no-cache-dir
160160

161-
COPY ../libraries/cloudharness-utils ./libraries/cloudharness-utils
161+
COPY libraries/cloudharness-utils ./libraries/cloudharness-utils
162162
RUN pip install -e libraries/cloudharness-utils --no-cache-dir
163163

164-
COPY ../libraries/cloudharness-common ./libraries/cloudharness-common
164+
COPY libraries/cloudharness-common ./libraries/cloudharness-common
165165
RUN pip install -e libraries/cloudharness-common --no-cache-dir
166166

167-
COPY ../libraries/client/cloudharness_cli ./libraries/client/cloudharness_cli
167+
COPY libraries/client/cloudharness_cli ./libraries/client/cloudharness_cli
168168
RUN pip install -e libraries/client/cloudharness_cli --no-cache-dir
169169

170-
COPY ../tools/deployment-cli-tools ./tools/deployment-cli-tools
170+
COPY tools/deployment-cli-tools ./tools/deployment-cli-tools
171171
RUN pip install -e tools/deployment-cli-tools --no-cache-dir
172172

173173

174174
# Copy and install cloudharness framework libraries (last to ensure they override any conflicts)
175-
COPY ../infrastructure/common-images/cloudharness-django/libraries/cloudharness-django infrastructure/cloudharness-django
175+
COPY infrastructure/common-images/cloudharness-django/libraries/cloudharness-django infrastructure/cloudharness-django
176176
RUN pip install -e infrastructure/cloudharness-django --no-cache-dir || echo "cloudharness-django not installable"
177177

178178
# Ensure latest npm & yarn still available after project copy (optional refresh)

.github/workflows/README.md

Lines changed: 92 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,92 @@
1+
# GitHub Actions - Docker Build and Push
2+
3+
This workflow builds the CloudHarness development container and pushes it to Google Cloud Registry.
4+
5+
## Required Secrets
6+
7+
You need to configure the following secrets in your GitHub repository settings:
8+
9+
### 1. `GCP_PROJECT_ID`
10+
- **Description**: Your Google Cloud Project ID
11+
- **Example**: `my-cloudharness-project`
12+
- **How to find**: Go to Google Cloud Console → Project Info → Project ID
13+
14+
### 2. `GCP_SA_KEY`
15+
- **Description**: Google Cloud Service Account key (JSON format)
16+
- **Format**: Complete JSON key file content
17+
- **Required permissions**:
18+
- `Storage Admin` (for pushing to Container Registry)
19+
- `Container Registry Service Agent`
20+
21+
## Setting up the Service Account
22+
23+
1. **Create a Service Account**:
24+
```bash
25+
gcloud iam service-accounts create github-actions \
26+
--description="Service account for GitHub Actions" \
27+
--display-name="GitHub Actions"
28+
```
29+
30+
2. **Grant necessary permissions**:
31+
```bash
32+
gcloud projects add-iam-policy-binding YOUR_PROJECT_ID \
33+
--member="serviceAccount:github-actions@YOUR_PROJECT_ID.iam.gserviceaccount.com" \
34+
--role="roles/storage.admin"
35+
36+
gcloud projects add-iam-policy-binding YOUR_PROJECT_ID \
37+
--member="serviceAccount:github-actions@YOUR_PROJECT_ID.iam.gserviceaccount.com" \
38+
--role="roles/containerregistry.ServiceAgent"
39+
```
40+
41+
3. **Create and download the key**:
42+
```bash
43+
gcloud iam service-accounts keys create github-actions-key.json \
44+
--iam-account=github-actions@YOUR_PROJECT_ID.iam.gserviceaccount.com
45+
```
46+
47+
4. **Add the key to GitHub Secrets**:
48+
- Copy the entire content of `github-actions-key.json`
49+
- Go to GitHub repository → Settings → Secrets and variables → Actions
50+
- Create new secret named `GCP_SA_KEY`
51+
- Paste the JSON content
52+
53+
## Workflow Triggers
54+
55+
The workflow runs on:
56+
- **Push to main/develop**: Builds and pushes with branch name and `latest` tags
57+
- **Pull requests**: Builds and pushes with PR reference tags
58+
- **Manual trigger**: Can be run manually from GitHub Actions tab
59+
- **File changes**: Only triggers when relevant files are modified
60+
61+
## Image Tags
62+
63+
The workflow creates multiple tags:
64+
- `latest` (only for main branch)
65+
- `<branch-name>` (for branch pushes)
66+
- `<branch-name>-<sha>` (with git commit SHA)
67+
- `pr-<number>` (for pull requests)
68+
69+
## Multi-platform Support
70+
71+
The workflow builds for both:
72+
- `linux/amd64` (Intel/AMD processors)
73+
- `linux/arm64` (ARM processors, including Apple Silicon)
74+
75+
## Registry Location
76+
77+
Images are pushed to: `gcr.io/YOUR_PROJECT_ID/cloudharness-dev`
78+
79+
## Usage
80+
81+
After the workflow runs, you can pull the image:
82+
83+
```bash
84+
# Pull latest (from main branch)
85+
docker pull gcr.io/YOUR_PROJECT_ID/cloudharness-dev:latest
86+
87+
# Pull specific branch
88+
docker pull gcr.io/YOUR_PROJECT_ID/cloudharness-dev:develop
89+
90+
# Pull specific commit
91+
docker pull gcr.io/YOUR_PROJECT_ID/cloudharness-dev:main-abc1234
92+
```
Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
name: Build and Push CloudHarness Dev Container
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
- develop
8+
paths:
9+
- 'Dockerfile'
10+
- 'docker-compose.yml'
11+
- '.devcontainer/**'
12+
- 'dev-scripts/**'
13+
- 'libraries/**'
14+
- 'tools/**'
15+
- 'infrastructure/common-images/**'
16+
pull_request:
17+
branches:
18+
- main
19+
- develop
20+
paths:
21+
- 'Dockerfile'
22+
- 'docker-compose.yml'
23+
- '.devcontainer/**'
24+
- 'dev-scripts/**'
25+
- 'libraries/**'
26+
- 'tools/**'
27+
- 'infrastructure/common-images/**'
28+
workflow_dispatch:
29+
30+
env:
31+
REGISTRY: gcr.io
32+
PROJECT_ID: metacellllc
33+
IMAGE_NAME: cloud-harness/dev-container
34+
35+
jobs:
36+
build-and-push:
37+
runs-on: ubuntu-latest
38+
39+
permissions:
40+
contents: read
41+
id-token: write
42+
43+
steps:
44+
- name: Checkout repository
45+
uses: actions/checkout@v4
46+
47+
- name: Set up Docker Buildx
48+
uses: docker/setup-buildx-action@v3
49+
50+
- name: Authenticate to Google Cloud
51+
uses: google-github-actions/auth@v2
52+
with:
53+
credentials_json: ${{ secrets.GCP_SA_KEY }}
54+
55+
- name: Configure Docker to use gcloud as a credential helper
56+
run: |
57+
gcloud auth configure-docker
58+
59+
- name: Extract metadata
60+
id: meta
61+
uses: docker/metadata-action@v5
62+
with:
63+
images: ${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.IMAGE_NAME }}
64+
tags: |
65+
type=ref,event=branch
66+
type=ref,event=pr
67+
type=sha,prefix={{branch}}-
68+
type=raw,value=latest,enable={{is_default_branch}}
69+
70+
- name: Build and push Docker image
71+
uses: docker/build-push-action@v5
72+
with:
73+
context: .
74+
file: ./.devcontainer/Dockerfile
75+
push: ${{ github.event_name != 'pull_request' }}
76+
tags: ${{ steps.meta.outputs.tags }}
77+
labels: ${{ steps.meta.outputs.labels }}
78+
cache-from: type=gha
79+
cache-to: type=gha,mode=max
80+
platforms: linux/amd64,linux/arm64
81+
82+
- name: Output image details
83+
run: |
84+
echo "Image pushed to: ${{ steps.meta.outputs.tags }}"
85+
echo "Image digest: ${{ steps.build.outputs.digest }}"

0 commit comments

Comments
 (0)