From 848805b04fbedc575d1d93307656968bd1d03260 Mon Sep 17 00:00:00 2001 From: Brock Hinkson Date: Thu, 23 Oct 2025 02:52:57 -0500 Subject: [PATCH 1/5] Add CICD Docker Build Pipeline --- .github/workflows/cicd.yaml | 112 ++++++++++++++++++++++++++++++++++++ Dockerfile | 8 +++ 2 files changed, 120 insertions(+) create mode 100644 .github/workflows/cicd.yaml create mode 100644 Dockerfile diff --git a/.github/workflows/cicd.yaml b/.github/workflows/cicd.yaml new file mode 100644 index 0000000..92e1a4c --- /dev/null +++ b/.github/workflows/cicd.yaml @@ -0,0 +1,112 @@ +name: CI/CD Pipeline + +on: + pull_request: + branches: [main, development] + push: + #TODO: remove dev branch + branches: [main, development] + # Consider how you want to handle version tags + tags: ['v*.*.*'] + +permissions: + contents: read + packages: write + security-events: write + +env: + REGISTRY: ghcr.io + PYTHON_VERSION: '3.13' + +jobs: + setup: + runs-on: ubuntu-latest + outputs: + image_base: ${{ steps.vars.outputs.image_base }} + pr_tag: ${{ steps.vars.outputs.pr_tag }} + commit_sha: ${{ steps.vars.outputs.commit_sha }} + commit_sha_short: ${{ steps.vars.outputs.commit_sha_short }} + test_image_tag: ${{ steps.vars.outputs.test_image_tag }} + steps: + - name: Compute image vars + id: vars + shell: bash + run: | + set -euo pipefail + ORG="$(echo "${GITHUB_REPOSITORY_OWNER}" | tr '[:upper:]' '[:lower:]')" + REPO="$(basename "${GITHUB_REPOSITORY}")" + IMAGE_BASE="${REGISTRY}/${ORG}/${REPO}" + echo "image_base=${IMAGE_BASE}" >> "$GITHUB_OUTPUT" + if [ "${GITHUB_EVENT_NAME}" = "pull_request" ]; then + PR_NUM="${{ github.event.pull_request.number }}" + PR_TAG="pr-${PR_NUM}-build" + echo "pr_tag=${PR_TAG}" >> "$GITHUB_OUTPUT" + echo "test_image_tag=${PR_TAG}" >> "$GITHUB_OUTPUT" + fi + if [ "${GITHUB_EVENT_NAME}" = "push" ]; then + COMMIT_SHA="${GITHUB_SHA}" + SHORT_SHA="${COMMIT_SHA:0:12}" + echo "commit_sha=${COMMIT_SHA}" >> "$GITHUB_OUTPUT" + echo "commit_sha_short=${SHORT_SHA}" >> "$GITHUB_OUTPUT" + echo "test_image_tag=${SHORT_SHA}" >> "$GITHUB_OUTPUT" + fi + build: + name: Build + if: > + github.event_name != 'push' + runs-on: ubuntu-latest + needs: setup + steps: + - uses: actions/checkout@v4 + - name: Build image for scanning + id: build + uses: docker/build-push-action@v6 + with: + context: . + file: ./Dockerfile + # Load the image to the local Docker daemon, but do not push it + load: true + tags: ${{ needs.setup.outputs.image_base }}:${{ needs.setup.outputs.test_image_tag }} + + publish: + name: Build and Publish + if: > + github.event_name == 'push' && ( + github.ref == 'refs/heads/main' || + github.ref == 'refs/heads/development' || + startsWith(github.ref, 'refs/tags/v') + ) + runs-on: ubuntu-latest + # When you re-enable your other jobs: ruff-linting, unit-test. Add them to this list. + needs: setup + steps: + - uses: actions/checkout@v4 + - name: Prepare image tags + id: prep_tags + run: | + # Always start with the unique commit SHA tag for traceability + TAGS="${{ needs.setup.outputs.image_base }}:${{ needs.setup.outputs.commit_sha_short }}" + # If it's a push to the main branch, also add the 'latest' tag + if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then + TAGS="$TAGS,${{ needs.setup.outputs.image_base }}:latest" + fi + # If the trigger was a version tag, add that version as a tag + if [[ "${{ github.ref }}" == refs/tags/v* ]]; then + # github.ref_name holds the tag name (e.g., "v1.0.0") + VERSION_TAG=${{ github.ref_name }} + TAGS="$TAGS,${{ needs.setup.outputs.image_base }}:${VERSION_TAG}" + fi + echo "tags=${TAGS}" >> "$GITHUB_OUTPUT" + - name: Log in to registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build & push final image + uses: docker/build-push-action@v6 + with: + context: . + file: ./Dockerfile + push: true + tags: ${{ steps.prep_tags.outputs.tags }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..344a42f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,8 @@ +FROM ghcr.io/ngwpc/hydrofabric-base-image:latest + +WORKDIR /home/hydrofabric +COPY . /home/hydrofabric + +RUN R -e 'devtools::install()' + +CMD ["bash"] From 64e00f32a5b611b72194dbc5b4078fc97301552b Mon Sep 17 00:00:00 2001 From: Brock Hinkson Date: Thu, 23 Oct 2025 03:19:44 -0500 Subject: [PATCH 2/5] Add GHCR authentication for build --- .github/workflows/cicd.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cicd.yaml b/.github/workflows/cicd.yaml index 92e1a4c..35afa8a 100644 --- a/.github/workflows/cicd.yaml +++ b/.github/workflows/cicd.yaml @@ -58,7 +58,13 @@ jobs: needs: setup steps: - uses: actions/checkout@v4 - - name: Build image for scanning + - name: Log in to registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build image id: build uses: docker/build-push-action@v6 with: @@ -103,7 +109,7 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build & push final image + - name: Build & push image uses: docker/build-push-action@v6 with: context: . From 9bf7bb2bf134bd4695bc2299665037789972c58e Mon Sep 17 00:00:00 2001 From: Brock Hinkson Date: Thu, 23 Oct 2025 03:44:49 -0500 Subject: [PATCH 3/5] Try to fix dependencies --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 344a42f..e7eb5a7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,6 +3,10 @@ FROM ghcr.io/ngwpc/hydrofabric-base-image:latest WORKDIR /home/hydrofabric COPY . /home/hydrofabric +RUN R -e 'install.packages("ragg")' +RUN R -e 'install.packages("pkgdown")' +RUN R -e 'install.packages("devtools", dependencies = TRUE)' + RUN R -e 'devtools::install()' CMD ["bash"] From d54db62f1931d75923bd7bf65e17a585a9664edc Mon Sep 17 00:00:00 2001 From: Brock Hinkson Date: Thu, 23 Oct 2025 03:50:42 -0500 Subject: [PATCH 4/5] Add CRAN Mirrors --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index e7eb5a7..7655fd2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,9 +3,9 @@ FROM ghcr.io/ngwpc/hydrofabric-base-image:latest WORKDIR /home/hydrofabric COPY . /home/hydrofabric -RUN R -e 'install.packages("ragg")' -RUN R -e 'install.packages("pkgdown")' -RUN R -e 'install.packages("devtools", dependencies = TRUE)' +RUN R -e 'install.packages("ragg", repos = "https://cloud.r-project.org")' +RUN R -e 'install.packages("pkgdown", repos = "https://cloud.r-project.org")' +RUN R -e 'install.packages("devtools", repos = "https://cloud.r-project.org", dependencies = TRUE)' RUN R -e 'devtools::install()' From 4ea0398c4ec77b6727f2ab0436cabfa5ad995ed2 Mon Sep 17 00:00:00 2001 From: Brock Hinkson Date: Thu, 23 Oct 2025 04:02:32 -0500 Subject: [PATCH 5/5] Add ragg deps --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 7655fd2..53e547c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,6 +3,8 @@ FROM ghcr.io/ngwpc/hydrofabric-base-image:latest WORKDIR /home/hydrofabric COPY . /home/hydrofabric +RUN dnf install -y freetype-devel libpng-devel libtiff-devel libjpeg-devel libwebp-devel + RUN R -e 'install.packages("ragg", repos = "https://cloud.r-project.org")' RUN R -e 'install.packages("pkgdown", repos = "https://cloud.r-project.org")' RUN R -e 'install.packages("devtools", repos = "https://cloud.r-project.org", dependencies = TRUE)'