From f71c2cf3be8650dcb343bab40c3be9657e61e8f4 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Thu, 7 Nov 2024 19:28:28 +0000 Subject: [PATCH 01/25] add arm64 builds --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b14160a01..86201803c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -163,7 +163,7 @@ jobs: uses: docker/build-push-action@v3 with: context: . - platforms: linux/amd64 + platforms: linux/amd64, linux/arm64 push: true tags: ${{ steps.meta.outputs.tags }} From 85d3693a91bfd1ed9e9d57294cecaec7d709bf14 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Sun, 19 Jan 2025 16:40:05 +0000 Subject: [PATCH 02/25] fix: update rye setup dockerfile and workflow --- .github/workflows/main.yml | 2 -- Dockerfile | 17 +++++++++++++---- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 74e6f9fe9..2f0af6d18 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -18,7 +18,6 @@ jobs: uses: eifinger/setup-rye@v4 with: version: '0.43.0' - checksum: 'ca702c3d93fd6ec76a1a0efaaa605e10736ee79a0674d241aad1bc0fe26f7d80' enable-cache: true - name: Install OS dependencies @@ -73,7 +72,6 @@ jobs: uses: eifinger/setup-rye@v4 with: version: '0.43.0' - checksum: 'ca702c3d93fd6ec76a1a0efaaa605e10736ee79a0674d241aad1bc0fe26f7d80' enable-cache: true cache-prefix: 'rye-cache' diff --git a/Dockerfile b/Dockerfile index 21822aef6..06e8705ec 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,12 @@ WORKDIR /code COPY ./static/package*.json /code/static/ RUN cd /code/static && npm ci -FROM --platform=linux/amd64 ubuntu:22.04 +FROM ubuntu:22.04 ARG RYE_VERSION="0.43.0" -ARG RYE_HASH="ca702c3d93fd6ec76a1a0efaaa605e10736ee79a0674d241aad1bc0fe26f7d80" +ARG RYE_HASH_x86_64="ca702c3d93fd6ec76a1a0efaaa605e10736ee79a0674d241aad1bc0fe26f7d80" +ARG RYE_HASH_aarch64="72db8238de446f300a1a9eb9d76caa05a8429aeb3315ae5de606462b9da20c5a" +ARG TARGETARCH # Keeps Python from generating .pyc files in the container ENV PYTHONDONTWRITEBYTECODE=1 @@ -23,8 +25,15 @@ COPY pyproject.toml requirements.lock requirements-dev.lock .python-version ./ # Install deps RUN apt-get update \ && apt-get install -y curl netcat-traditional gcc python3-dev gnupg git libre2-dev build-essential pkg-config cmake ninja-build bash clang \ - && curl -sSL "https://github.com/astral-sh/rye/releases/download/${RYE_VERSION}/rye-x86_64-linux.gz" > rye.gz \ - && echo "${RYE_HASH} rye.gz" | sha256sum -c - \ + && if [ "$TARGETARCH" = "amd64" ]; then \ + curl -sSL "https://github.com/astral-sh/rye/releases/download/${RYE_VERSION}/rye-x86_64-linux.gz" > rye.gz \ + && echo "${RYE_HASH_x86_64} rye.gz" | sha256sum -c - ; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + curl -sSL "https://github.com/astral-sh/rye/releases/download/${RYE_VERSION}/rye-aarch64-linux.gz" > rye.gz \ + && echo "${RYE_HASH_aarch64} rye.gz" | sha256sum -c - ; \ + else \ + echo "compatible arch not detected" ; \ + fi \ && gunzip rye.gz \ && chmod +x rye \ && mv rye /usr/bin/rye \ From 6d7cbc327fffe8a0a4da98200c039daa3ad8a19f Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Fri, 24 Jan 2025 12:55:08 +0000 Subject: [PATCH 03/25] make uv compatable --- .github/workflows/main.yml | 43 +++++++++++++++++++++++--------------- Dockerfile | 31 +++++++++++++++------------ 2 files changed, 44 insertions(+), 30 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2f0af6d18..8bd711349 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -13,11 +13,11 @@ jobs: - name: Check out repo uses: actions/checkout@v3 - - name: "Install rye" - id: setup-rye - uses: eifinger/setup-rye@v4 + - name: Install uv + uses: astral-sh/setup-uv@v5 with: - version: '0.43.0' + # Install a specific version of uv. + version: "0.5.21" enable-cache: true - name: Install OS dependencies @@ -25,13 +25,18 @@ jobs: sudo apt update sudo apt install -y libre2-dev libpq-dev + - name: "Set up Python" + uses: actions/setup-python@v5 + with: + python-version-file: "pyproject.toml" + - name: Install dependencies - if: steps.setup-rye.outputs.cache-hit != 'true' - run: rye sync --no-lock + if: steps.setup-uv.outputs.cache-hit != 'true' + run: uv sync --locked --all-extras - name: Check formatting & linting run: | - rye run pre-commit run --all-files + uv run pre-commit run --all-files test: @@ -67,22 +72,27 @@ jobs: - name: Check out repo uses: actions/checkout@v3 - - name: Install rye - id: setup-rye - uses: eifinger/setup-rye@v4 + - name: Install uv + uses: astral-sh/setup-uv@v5 with: - version: '0.43.0' + # Install a specific version of uv. + version: "0.5.21" enable-cache: true - cache-prefix: 'rye-cache' - name: Install OS dependencies run: | sudo apt update sudo apt install -y libre2-dev libpq-dev + - name: "Set up Python" + uses: actions/setup-python@v5 + with: + python-version-file: "pyproject.toml" + - name: Install dependencies - if: steps.setup-rye.outputs.cache-hit != 'true' - run: rye sync --no-lock + if: steps.setup-uv.outputs.cache-hit != 'true' + run: uv sync --locked --all-extras + - name: Start Redis v6 uses: superchargejs/redis-github-action@1.1.0 @@ -91,8 +101,7 @@ jobs: - name: Run db migration run: | - rye install alembic - CONFIG=tests/test.env rye run alembic upgrade head + CONFIG=tests/test.env uv run alembic upgrade head - name: Prepare version file run: | @@ -101,7 +110,7 @@ jobs: - name: Test with pytest run: | - rye run pytest + uv run pytest env: GITHUB_ACTIONS_TEST: true diff --git a/Dockerfile b/Dockerfile index 06e8705ec..8f357b62f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,9 +6,9 @@ RUN cd /code/static && npm ci FROM ubuntu:22.04 -ARG RYE_VERSION="0.43.0" -ARG RYE_HASH_x86_64="ca702c3d93fd6ec76a1a0efaaa605e10736ee79a0674d241aad1bc0fe26f7d80" -ARG RYE_HASH_aarch64="72db8238de446f300a1a9eb9d76caa05a8429aeb3315ae5de606462b9da20c5a" +ARG UV_VERSION="0.5.21" +ARG UV_HASH_x86_64="a0eb614f7fc38a6e14ef1c4819f1f187591db8e0d3c4218dae38b1bd663a00e2" +ARG UV_HASH_aarch64="3cf910468c37c709580d83d19b7b55352cfe05d6e1cc038718698410b6b8c6f0" ARG TARGETARCH # Keeps Python from generating .pyc files in the container @@ -20,25 +20,30 @@ ENV PYTHONUNBUFFERED=1 WORKDIR /code # Copy dependency files -COPY pyproject.toml requirements.lock requirements-dev.lock .python-version ./ +COPY pyproject.toml uv.lock .python-version ./ # Install deps RUN apt-get update \ && apt-get install -y curl netcat-traditional gcc python3-dev gnupg git libre2-dev build-essential pkg-config cmake ninja-build bash clang \ && if [ "$TARGETARCH" = "amd64" ]; then \ - curl -sSL "https://github.com/astral-sh/rye/releases/download/${RYE_VERSION}/rye-x86_64-linux.gz" > rye.gz \ - && echo "${RYE_HASH_x86_64} rye.gz" | sha256sum -c - ; \ + curl -sSL "curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-x86_64-unknown-linux-gnu.tar.gz" > uv.tar.gz \ + && echo "${UV_HASH_x86_64} uv.gz" | sha256sum -c - ; \ + && tar xf uv.tar.gz -C /tmp/ \ + && mv /tmp/uv-x86_64-unknown-linux-gnu/uv /usr/bin/uv \ + && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx /usr/bin/uvx \ elif [ "$TARGETARCH" = "arm64" ]; then \ - curl -sSL "https://github.com/astral-sh/rye/releases/download/${RYE_VERSION}/rye-aarch64-linux.gz" > rye.gz \ - && echo "${RYE_HASH_aarch64} rye.gz" | sha256sum -c - ; \ + curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-aarch64-unknown-linux-gnu.tar.gz" > uv.tar.gz \ + && echo "${UV_HASH_aarch64} uv.tar.gz" | sha256sum -c - ; \ + && tar xf uv.tar.gz -C /tmp/ \ + && mv /tmp/uv-aarch64-unknown-linux-gnu/uv /usr/bin/uv \ + && mv /tmp/uv-aarch64-unknown-linux-gnu/uvx /usr/bin/uvx \ else \ echo "compatible arch not detected" ; \ fi \ - && gunzip rye.gz \ - && chmod +x rye \ - && mv rye /usr/bin/rye \ - && rye toolchain fetch `cat .python-version` \ - && rye sync --no-lock --no-dev \ + && rm -rf /tmp/uv* \ + && rm -f uv.tar.gz \ + && uv python install `cat .python-version` \ + && uv sync --locked \ && apt-get autoremove -y \ && apt-get purge -y curl netcat-traditional build-essential pkg-config cmake ninja-build python3-dev clang\ && apt-get autoremove -y \ From 8ee7f4c7d5a7f69c4e5cd347031ed3f12a8d6899 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Fri, 24 Jan 2025 13:14:57 +0000 Subject: [PATCH 04/25] correct uv checksums --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8f357b62f..8348175c2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,8 +7,8 @@ RUN cd /code/static && npm ci FROM ubuntu:22.04 ARG UV_VERSION="0.5.21" -ARG UV_HASH_x86_64="a0eb614f7fc38a6e14ef1c4819f1f187591db8e0d3c4218dae38b1bd663a00e2" -ARG UV_HASH_aarch64="3cf910468c37c709580d83d19b7b55352cfe05d6e1cc038718698410b6b8c6f0" +ARG UV_HASH_x86_64="e108c300eafae22ad8e6d94519605530f18f8762eb58d2b98a617edfb5d088fc" +ARG UV_HASH_aarch64="c4cc2ec78a294378b867ebd08c5842d3ce71074c2818dc7f641422fb3bf4b2d2" ARG TARGETARCH # Keeps Python from generating .pyc files in the container From b3fab7da523087b24ef06af5be42949fed2c73dc Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Fri, 24 Jan 2025 13:22:53 +0000 Subject: [PATCH 05/25] fix typo --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8348175c2..a1d5957bb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,7 +26,7 @@ COPY pyproject.toml uv.lock .python-version ./ RUN apt-get update \ && apt-get install -y curl netcat-traditional gcc python3-dev gnupg git libre2-dev build-essential pkg-config cmake ninja-build bash clang \ && if [ "$TARGETARCH" = "amd64" ]; then \ - curl -sSL "curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-x86_64-unknown-linux-gnu.tar.gz" > uv.tar.gz \ + curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-x86_64-unknown-linux-gnu.tar.gz" > uv.tar.gz \ && echo "${UV_HASH_x86_64} uv.gz" | sha256sum -c - ; \ && tar xf uv.tar.gz -C /tmp/ \ && mv /tmp/uv-x86_64-unknown-linux-gnu/uv /usr/bin/uv \ From 25d13f48e69db2653a4932abfb6c791e5bbd0bd0 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Fri, 24 Jan 2025 13:33:07 +0000 Subject: [PATCH 06/25] fix errand ; --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index a1d5957bb..76316830b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,16 +27,16 @@ RUN apt-get update \ && apt-get install -y curl netcat-traditional gcc python3-dev gnupg git libre2-dev build-essential pkg-config cmake ninja-build bash clang \ && if [ "$TARGETARCH" = "amd64" ]; then \ curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-x86_64-unknown-linux-gnu.tar.gz" > uv.tar.gz \ - && echo "${UV_HASH_x86_64} uv.gz" | sha256sum -c - ; \ + && echo "${UV_HASH_x86_64} uv.gz" | sha256sum -c - \ && tar xf uv.tar.gz -C /tmp/ \ && mv /tmp/uv-x86_64-unknown-linux-gnu/uv /usr/bin/uv \ - && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx /usr/bin/uvx \ + && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx /usr/bin/uvx ;\ elif [ "$TARGETARCH" = "arm64" ]; then \ curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-aarch64-unknown-linux-gnu.tar.gz" > uv.tar.gz \ - && echo "${UV_HASH_aarch64} uv.tar.gz" | sha256sum -c - ; \ + && echo "${UV_HASH_aarch64} uv.tar.gz" | sha256sum -c - \ && tar xf uv.tar.gz -C /tmp/ \ && mv /tmp/uv-aarch64-unknown-linux-gnu/uv /usr/bin/uv \ - && mv /tmp/uv-aarch64-unknown-linux-gnu/uvx /usr/bin/uvx \ + && mv /tmp/uv-aarch64-unknown-linux-gnu/uvx /usr/bin/uvx ;\ else \ echo "compatible arch not detected" ; \ fi \ From 7d998e2af212c0f24636dcd6593147feb0f45acd Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Fri, 24 Jan 2025 13:34:01 +0000 Subject: [PATCH 07/25] fix errand ; --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 76316830b..841741015 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,13 +30,13 @@ RUN apt-get update \ && echo "${UV_HASH_x86_64} uv.gz" | sha256sum -c - \ && tar xf uv.tar.gz -C /tmp/ \ && mv /tmp/uv-x86_64-unknown-linux-gnu/uv /usr/bin/uv \ - && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx /usr/bin/uvx ;\ + && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx /usr/bin/uvx ; \ elif [ "$TARGETARCH" = "arm64" ]; then \ curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-aarch64-unknown-linux-gnu.tar.gz" > uv.tar.gz \ - && echo "${UV_HASH_aarch64} uv.tar.gz" | sha256sum -c - \ + && echo "${UV_HASH_aarch64} uv.tar.gz" | sha256sum -c - ; \ && tar xf uv.tar.gz -C /tmp/ \ && mv /tmp/uv-aarch64-unknown-linux-gnu/uv /usr/bin/uv \ - && mv /tmp/uv-aarch64-unknown-linux-gnu/uvx /usr/bin/uvx ;\ + && mv /tmp/uv-aarch64-unknown-linux-gnu/uvx /usr/bin/uvx ; \ else \ echo "compatible arch not detected" ; \ fi \ From 631b4e6f959147d5438917260c9cd345d8316fc6 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Fri, 24 Jan 2025 13:44:01 +0000 Subject: [PATCH 08/25] fix uv gz typo --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 841741015..6cb046695 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,7 +27,7 @@ RUN apt-get update \ && apt-get install -y curl netcat-traditional gcc python3-dev gnupg git libre2-dev build-essential pkg-config cmake ninja-build bash clang \ && if [ "$TARGETARCH" = "amd64" ]; then \ curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-x86_64-unknown-linux-gnu.tar.gz" > uv.tar.gz \ - && echo "${UV_HASH_x86_64} uv.gz" | sha256sum -c - \ + && echo "${UV_HASH_x86_64} uv.tar.gz" | sha256sum -c - \ && tar xf uv.tar.gz -C /tmp/ \ && mv /tmp/uv-x86_64-unknown-linux-gnu/uv /usr/bin/uv \ && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx /usr/bin/uvx ; \ From ab506951bfeb498bffe1acb5504ffa24784e806c Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Fri, 24 Jan 2025 21:39:39 +0000 Subject: [PATCH 09/25] =?UTF-8?q?Split=20build=20os=E2=80=99=20into=20a=20?= =?UTF-8?q?matrix?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When trying to build both amd64 and arm64 it seems to timeout. Splitting allows the jobs to run in parallel. --- .github/workflows/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 810f63c9b..920626f28 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -123,6 +123,9 @@ jobs: path: htmlcov build: + strategy: + matrix: + arch: [linux/amd64, linux/arm64] runs-on: ubuntu-latest needs: ['test', 'lint'] if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) @@ -171,7 +174,7 @@ jobs: uses: docker/build-push-action@v3 with: context: . - platforms: linux/amd64, linux/arm64 + platforms: ${{ matrix.arch }} push: true tags: ${{ steps.meta.outputs.tags }} From 84e1b3a0e57be7d3903ec3de0fb3034096f7189c Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Fri, 24 Jan 2025 22:53:17 +0000 Subject: [PATCH 10/25] Build amd and arm in the same build step --- .github/workflows/main.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 920626f28..dd05c2574 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -123,14 +123,21 @@ jobs: path: htmlcov build: - strategy: - matrix: - arch: [linux/amd64, linux/arm64] runs-on: ubuntu-latest needs: ['test', 'lint'] if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) steps: + - name: Set up Docker + uses: docker/setup-docker-action@v4 + with: + daemon-config: | + { + "debug": true, + "features": { + "containerd-snapshotter": true + } + } - name: Docker meta id: meta uses: docker/metadata-action@v4 @@ -174,7 +181,7 @@ jobs: uses: docker/build-push-action@v3 with: context: . - platforms: ${{ matrix.arch }} + platforms: linux/amd64, linux/arm64 push: true tags: ${{ steps.meta.outputs.tags }} From b75627d21339d673337ff28861d2bac1d87ebc6c Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Sat, 25 Jan 2025 20:45:42 +0000 Subject: [PATCH 11/25] adjust workflow for matrix builds, and change dockerfile to not run uv tests on arm due to intermittent timeouts --- .github/workflows/main.yml | 112 ++++++++++++++++++++++++++++++------- Dockerfile | 13 ++--- 2 files changed, 97 insertions(+), 28 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index dd05c2574..ba2a920f5 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -8,6 +8,9 @@ on: - v* pull_request: +env: + DOCKERHUB_REPO: simplelogin/app-ci + jobs: lint: runs-on: ubuntu-latest @@ -123,26 +126,31 @@ jobs: path: htmlcov build: + strategy: + fail-fast: false + matrix: + platform: [amd64, arm64] + include: + - platform: amd64 + runs-on: ubuntu-latest + - platform: arm64 + runs-on: ubuntu-20.04 runs-on: ubuntu-latest + timeout-minutes: 60 needs: ['test', 'lint'] if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) steps: - - name: Set up Docker - uses: docker/setup-docker-action@v4 - with: - daemon-config: | - { - "debug": true, - "features": { - "containerd-snapshotter": true - } - } + - name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Docker meta id: meta uses: docker/metadata-action@v4 with: - images: simplelogin/app-ci + images: ${{ env.DOCKERHUB_REPO }} - name: Login to Docker Hub uses: docker/login-action@v2 @@ -162,6 +170,54 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 + - name: Prepare version file + run: | + scripts/generate-build-info.sh ${{ github.sha }} + cat app/build_info.py + + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + platforms: ${{ matrix.platform }} + labels: ${{ steps.meta.outputs.labels }} + outputs: type=image,"name=${{ env.DOCKERHUB_REPO }}",push-by-digest=true,name-canonical=true,push=true + + - name: Export digest + run: | + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.build.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + runs-on: ubuntu-latest + needs: + - build + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: ${{ runner.temp }}/digests + pattern: digests-* + merge-multiple: true + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Create Sentry release uses: getsentry/action-release@v1 env: @@ -172,19 +228,33 @@ jobs: ignore_missing: true ignore_empty: true - - name: Prepare version file + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.DOCKERHUB_REPO }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests run: | - scripts/generate-build-info.sh ${{ github.sha }} - cat app/build_info.py + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *) - - name: Build image and publish to Docker Registry - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64, linux/arm64 - push: true - tags: ${{ steps.meta.outputs.tags }} + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ steps.meta.outputs.version }} + release: + runs-on: ubuntu-latest + needs: + - merge + steps: #- name: Send Telegram message # uses: appleboy/telegram-action@master diff --git a/Dockerfile b/Dockerfile index 6cb046695..04978ebc7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,6 @@ ENV PYTHONDONTWRITEBYTECODE=1 # Turns off buffering for easier container logging ENV PYTHONUNBUFFERED=1 - WORKDIR /code # Copy dependency files @@ -30,10 +29,12 @@ RUN apt-get update \ && echo "${UV_HASH_x86_64} uv.tar.gz" | sha256sum -c - \ && tar xf uv.tar.gz -C /tmp/ \ && mv /tmp/uv-x86_64-unknown-linux-gnu/uv /usr/bin/uv \ - && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx /usr/bin/uvx ; \ + && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx /usr/bin/uvx \ + && uv python install `cat .python-version` \ + && uv sync --locked ; \ elif [ "$TARGETARCH" = "arm64" ]; then \ curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-aarch64-unknown-linux-gnu.tar.gz" > uv.tar.gz \ - && echo "${UV_HASH_aarch64} uv.tar.gz" | sha256sum -c - ; \ + && echo "${UV_HASH_aarch64} uv.tar.gz" | sha256sum -c - \ && tar xf uv.tar.gz -C /tmp/ \ && mv /tmp/uv-aarch64-unknown-linux-gnu/uv /usr/bin/uv \ && mv /tmp/uv-aarch64-unknown-linux-gnu/uvx /usr/bin/uvx ; \ @@ -42,10 +43,8 @@ RUN apt-get update \ fi \ && rm -rf /tmp/uv* \ && rm -f uv.tar.gz \ - && uv python install `cat .python-version` \ - && uv sync --locked \ && apt-get autoremove -y \ - && apt-get purge -y curl netcat-traditional build-essential pkg-config cmake ninja-build python3-dev clang\ + && apt-get purge -y curl netcat-traditional build-essential pkg-config cmake ninja-build python3-dev clang \ && apt-get autoremove -y \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* @@ -60,4 +59,4 @@ ENV PATH="/code/.venv/bin:$PATH" EXPOSE 7777 #gunicorn wsgi:app -b 0.0.0.0:7777 -w 2 --timeout 15 --log-level DEBUG -CMD ["gunicorn","wsgi:app","-b","0.0.0.0:7777","-w","2","--timeout","15"] +CMD ["gunicorn","wsgi:app","-b","0.0.0.0:7777","-w","2","--timeout","15"] \ No newline at end of file From d2ae222b6ca5c8b8ec56c06f910346128371bc33 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Sat, 25 Jan 2025 20:58:49 +0000 Subject: [PATCH 12/25] remove UV hash for arm64 and skip checks in Dockerfile --- Dockerfile | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 04978ebc7..a9e79ec50 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,6 @@ FROM ubuntu:22.04 ARG UV_VERSION="0.5.21" ARG UV_HASH_x86_64="e108c300eafae22ad8e6d94519605530f18f8762eb58d2b98a617edfb5d088fc" -ARG UV_HASH_aarch64="c4cc2ec78a294378b867ebd08c5842d3ce71074c2818dc7f641422fb3bf4b2d2" ARG TARGETARCH # Keeps Python from generating .pyc files in the container @@ -31,18 +30,14 @@ RUN apt-get update \ && mv /tmp/uv-x86_64-unknown-linux-gnu/uv /usr/bin/uv \ && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx /usr/bin/uvx \ && uv python install `cat .python-version` \ - && uv sync --locked ; \ + && uv sync --locked \ + && rm -rf /tmp/uv* \ + && rm -f uv.tar.gz ; \ elif [ "$TARGETARCH" = "arm64" ]; then \ - curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-aarch64-unknown-linux-gnu.tar.gz" > uv.tar.gz \ - && echo "${UV_HASH_aarch64} uv.tar.gz" | sha256sum -c - \ - && tar xf uv.tar.gz -C /tmp/ \ - && mv /tmp/uv-aarch64-unknown-linux-gnu/uv /usr/bin/uv \ - && mv /tmp/uv-aarch64-unknown-linux-gnu/uvx /usr/bin/uvx ; \ + echo "skip uv checks on arm64" ; \ else \ echo "compatible arch not detected" ; \ fi \ - && rm -rf /tmp/uv* \ - && rm -f uv.tar.gz \ && apt-get autoremove -y \ && apt-get purge -y curl netcat-traditional build-essential pkg-config cmake ninja-build python3-dev clang \ && apt-get autoremove -y \ From 7f420ee5b3358d4a30a18d995cee4429bd862476 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Sun, 26 Jan 2025 00:45:36 +0000 Subject: [PATCH 13/25] adjust workflow and dockerfile --- .github/workflows/main.yml | 41 ++++++++++++++++---------------------- Dockerfile | 21 +++++++++++++------ 2 files changed, 32 insertions(+), 30 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ba2a920f5..8a2d67b3a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -22,7 +22,7 @@ jobs: uses: astral-sh/setup-uv@v5 with: # Install a specific version of uv. - version: "0.5.21" + version: "0.5.24" enable-cache: true - name: Install OS dependencies @@ -81,7 +81,7 @@ jobs: uses: astral-sh/setup-uv@v5 with: # Install a specific version of uv. - version: "0.5.21" + version: "0.5.24" enable-cache: true - name: Install OS dependencies @@ -129,23 +129,18 @@ jobs: strategy: fail-fast: false matrix: - platform: [amd64, arm64] - include: - - platform: amd64 - runs-on: ubuntu-latest - - platform: arm64 - runs-on: ubuntu-20.04 + platform: + - linux/amd64 + - linux/arm64 runs-on: ubuntu-latest timeout-minutes: 60 needs: ['test', 'lint'] - if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) - + #if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) steps: - - name: Prepare + - name: Prepare run: | platform=${{ matrix.platform }} echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - - name: Docker meta id: meta uses: docker/metadata-action@v4 @@ -170,11 +165,20 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 + - name: Create Sentry release + uses: getsentry/action-release@v1 + env: + SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} + SENTRY_ORG: ${{ secrets.SENTRY_ORG }} + SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} + with: + ignore_missing: true + ignore_empty: true + - name: Prepare version file run: | scripts/generate-build-info.sh ${{ github.sha }} cat app/build_info.py - - name: Build and push by digest id: build uses: docker/build-push-action@v6 @@ -188,7 +192,6 @@ jobs: mkdir -p ${{ runner.temp }}/digests digest="${{ steps.build.outputs.digest }}" touch "${{ runner.temp }}/digests/${digest#sha256:}" - - name: Upload digest uses: actions/upload-artifact@v4 with: @@ -218,16 +221,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Create Sentry release - uses: getsentry/action-release@v1 - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - SENTRY_ORG: ${{ secrets.SENTRY_ORG }} - SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} - with: - ignore_missing: true - ignore_empty: true - - name: Docker meta id: meta uses: docker/metadata-action@v5 diff --git a/Dockerfile b/Dockerfile index a9e79ec50..3aadbfa89 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,8 +6,9 @@ RUN cd /code/static && npm ci FROM ubuntu:22.04 -ARG UV_VERSION="0.5.21" -ARG UV_HASH_x86_64="e108c300eafae22ad8e6d94519605530f18f8762eb58d2b98a617edfb5d088fc" +ARG UV_VERSION="0.5.24" +ARG UV_HASH_x86_64="a0eb614f7fc38a6e14ef1c4819f1f187591db8e0d3c4218dae38b1bd663a00e2" +ARG UV_HASH_aarch64="3cf910468c37c709580d83d19b7b55352cfe05d6e1cc038718698410b6b8c6f0" ARG TARGETARCH # Keeps Python from generating .pyc files in the container @@ -29,12 +30,20 @@ RUN apt-get update \ && tar xf uv.tar.gz -C /tmp/ \ && mv /tmp/uv-x86_64-unknown-linux-gnu/uv /usr/bin/uv \ && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx /usr/bin/uvx \ - && uv python install `cat .python-version` \ - && uv sync --locked \ && rm -rf /tmp/uv* \ - && rm -f uv.tar.gz ; \ + && rm -f uv.tar.gz \ + && uv python install `cat .python-version` \ + && uv sync --locked ; \ elif [ "$TARGETARCH" = "arm64" ]; then \ - echo "skip uv checks on arm64" ; \ + curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-aarch64-unknown-linux-gnu.tar.gz" > uv.tar.gz \ + && echo "${UV_HASH_aarch64} uv.tar.gz" | sha256sum -c - \ + && tar xf uv.tar.gz -C /tmp/ \ + && mv /tmp/uv-aarch64-unknown-linux-gnu/uv /usr/bin/uv \ + && mv /tmp/uv-aarch64-unknown-linux-gnu/uvx /usr/bin/uvx \ + && rm -rf /tmp/uv* \ + && rm -f uv.tar.gz \ + && uv python install `cat .python-version` \ + && uv sync --locked ; \ else \ echo "compatible arch not detected" ; \ fi \ From 44e8cdaff8fde7a39e767222e9d05ec882e29308 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Mon, 27 Jan 2025 11:42:47 +0000 Subject: [PATCH 14/25] continue build on error on arm64 --- .github/workflows/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8a2d67b3a..2725a631d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -132,6 +132,9 @@ jobs: platform: - linux/amd64 - linux/arm64 + include: + - platform: linux/arm64 + continue-on-error: true runs-on: ubuntu-latest timeout-minutes: 60 needs: ['test', 'lint'] @@ -179,6 +182,7 @@ jobs: run: | scripts/generate-build-info.sh ${{ github.sha }} cat app/build_info.py + - name: Build and push by digest id: build uses: docker/build-push-action@v6 From 17be3766c2d5036d3ea4a208f6c5ff314954c337 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Mon, 27 Jan 2025 12:51:37 +0000 Subject: [PATCH 15/25] don't fail the workflow on experimental builds --- .github/workflows/main.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2725a631d..fab26a79e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -132,9 +132,11 @@ jobs: platform: - linux/amd64 - linux/arm64 - include: - - platform: linux/arm64 - continue-on-error: true + include: + - platform: linux/amd64 + - platform: linux/arm64 + experimental: true + continue-on-error: ${{ matrix.experimental }} runs-on: ubuntu-latest timeout-minutes: 60 needs: ['test', 'lint'] From edc13e8b8aa721849e9ca315730964208f378c1a Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Mon, 27 Jan 2025 13:00:31 +0000 Subject: [PATCH 16/25] experimental --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index fab26a79e..ae0fa6c86 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -129,6 +129,7 @@ jobs: strategy: fail-fast: false matrix: + experimental: [false] platform: - linux/amd64 - linux/arm64 From 66974544fffe0f102c2d8266276f203a7d63e644 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Mon, 27 Jan 2025 13:12:37 +0000 Subject: [PATCH 17/25] remvoe the errand inlcude of amd64 builds --- .github/workflows/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ae0fa6c86..ba9266bec 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -134,7 +134,6 @@ jobs: - linux/amd64 - linux/arm64 include: - - platform: linux/amd64 - platform: linux/arm64 experimental: true continue-on-error: ${{ matrix.experimental }} From a2b83dec3386c65835ae7b1ec76a70847f2b69b8 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Mon, 27 Jan 2025 13:17:13 +0000 Subject: [PATCH 18/25] remove arm from platform as its on the include section --- .github/workflows/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ba9266bec..07f246f6e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -132,7 +132,6 @@ jobs: experimental: [false] platform: - linux/amd64 - - linux/arm64 include: - platform: linux/arm64 experimental: true From 0cabcb83d8eb887ab70797b3b7f240eef14c2a0d Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Fri, 31 Jan 2025 11:19:59 +0000 Subject: [PATCH 19/25] Have seperate workflow for arm64 that continues on error - arm64 image will use simplelogin/app-ci-arm64 Image name is dicated by variable at top of workflow --- .github/workflows/main.yml | 139 ++++++++++++++----------------------- 1 file changed, 54 insertions(+), 85 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 07f246f6e..36430cdf5 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -22,7 +22,7 @@ jobs: uses: astral-sh/setup-uv@v5 with: # Install a specific version of uv. - version: "0.5.24" + version: "0.5.21" enable-cache: true - name: Install OS dependencies @@ -81,7 +81,7 @@ jobs: uses: astral-sh/setup-uv@v5 with: # Install a specific version of uv. - version: "0.5.24" + version: "0.5.21" enable-cache: true - name: Install OS dependencies @@ -126,25 +126,11 @@ jobs: path: htmlcov build: - strategy: - fail-fast: false - matrix: - experimental: [false] - platform: - - linux/amd64 - include: - - platform: linux/arm64 - experimental: true - continue-on-error: ${{ matrix.experimental }} runs-on: ubuntu-latest - timeout-minutes: 60 needs: ['test', 'lint'] - #if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) + # if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) + steps: - - name: Prepare - run: | - platform=${{ matrix.platform }} - echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Docker meta id: meta uses: docker/metadata-action@v4 @@ -184,75 +170,14 @@ jobs: scripts/generate-build-info.sh ${{ github.sha }} cat app/build_info.py - - name: Build and push by digest - id: build - uses: docker/build-push-action@v6 - with: - platforms: ${{ matrix.platform }} - labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,"name=${{ env.DOCKERHUB_REPO }}",push-by-digest=true,name-canonical=true,push=true - - - name: Export digest - run: | - mkdir -p ${{ runner.temp }}/digests - digest="${{ steps.build.outputs.digest }}" - touch "${{ runner.temp }}/digests/${digest#sha256:}" - - name: Upload digest - uses: actions/upload-artifact@v4 - with: - name: digests-${{ env.PLATFORM_PAIR }} - path: ${{ runner.temp }}/digests/* - if-no-files-found: error - retention-days: 1 - - merge: - runs-on: ubuntu-latest - needs: - - build - steps: - - name: Download digests - uses: actions/download-artifact@v4 - with: - path: ${{ runner.temp }}/digests - pattern: digests-* - merge-multiple: true - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 + - name: Build image and publish to Docker Registry + uses: docker/build-push-action@v3 with: - images: | - ${{ env.DOCKERHUB_REPO }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - - - name: Create manifest list and push - working-directory: ${{ runner.temp }}/digests - run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *) + context: . + platforms: linux/amd64 + push: true + tags: ${{ steps.meta.outputs.tags }} - - name: Inspect image - run: | - docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ steps.meta.outputs.version }} - - release: - runs-on: ubuntu-latest - needs: - - merge - steps: #- name: Send Telegram message # uses: appleboy/telegram-action@master @@ -328,3 +253,47 @@ jobs: body: ${{ steps.build_changelog.outputs.changelog }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + build-arm64: + runs-on: ubuntu-latest + needs: ['build'] + continue-on-error: true + if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) + + steps: + - name: Docker meta + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.DOCKERHUB_REPO }}-arm64 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + # We need to checkout the repository in order for the "Create Sentry release" to work + - name: Checkout repository + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Prepare version file + run: | + scripts/generate-build-info.sh ${{ github.sha }} + cat app/build_info.py + + - name: Build image and publish to Docker Registry + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }} From 9ccb2e2cc58f6527016c0e86f8801870fce77431 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Fri, 31 Jan 2025 23:24:24 +0000 Subject: [PATCH 20/25] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3aadbfa89..d57e0574d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,7 +43,7 @@ RUN apt-get update \ && rm -rf /tmp/uv* \ && rm -f uv.tar.gz \ && uv python install `cat .python-version` \ - && uv sync --locked ; \ + && uv sync --no-dev --locked --no-install-package pyre2 --no-install-package pycryptodome ; \ else \ echo "compatible arch not detected" ; \ fi \ From 48b4a8d8ddf5a89ef820d62a7a80f7d35e445735 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Sun, 2 Feb 2025 18:48:38 +0000 Subject: [PATCH 21/25] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d57e0574d..3aadbfa89 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,7 +43,7 @@ RUN apt-get update \ && rm -rf /tmp/uv* \ && rm -f uv.tar.gz \ && uv python install `cat .python-version` \ - && uv sync --no-dev --locked --no-install-package pyre2 --no-install-package pycryptodome ; \ + && uv sync --locked ; \ else \ echo "compatible arch not detected" ; \ fi \ From 3ca640b4a92184b701305d62b19267ca49ce91ab Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Wed, 5 Feb 2025 08:47:38 +0000 Subject: [PATCH 22/25] change build runner to ubnuntu-22.04 --- .github/workflows/main.yml | 48 ++------------------------------------ Dockerfile | 2 +- 2 files changed, 3 insertions(+), 47 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 36430cdf5..e6946d3e9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -126,9 +126,9 @@ jobs: path: htmlcov build: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: ['test', 'lint'] - # if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) + if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) steps: - name: Docker meta @@ -253,47 +253,3 @@ jobs: body: ${{ steps.build_changelog.outputs.changelog }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - build-arm64: - runs-on: ubuntu-latest - needs: ['build'] - continue-on-error: true - if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) - - steps: - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.DOCKERHUB_REPO }}-arm64 - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - # We need to checkout the repository in order for the "Create Sentry release" to work - - name: Checkout repository - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Prepare version file - run: | - scripts/generate-build-info.sh ${{ github.sha }} - cat app/build_info.py - - - name: Build image and publish to Docker Registry - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/arm64 - push: true - tags: ${{ steps.meta.outputs.tags }} diff --git a/Dockerfile b/Dockerfile index 3aadbfa89..c163bad94 100644 --- a/Dockerfile +++ b/Dockerfile @@ -63,4 +63,4 @@ ENV PATH="/code/.venv/bin:$PATH" EXPOSE 7777 #gunicorn wsgi:app -b 0.0.0.0:7777 -w 2 --timeout 15 --log-level DEBUG -CMD ["gunicorn","wsgi:app","-b","0.0.0.0:7777","-w","2","--timeout","15"] \ No newline at end of file +CMD ["gunicorn","wsgi:app","-b","0.0.0.0:7777","-w","2","--timeout","15"] From 4d37b37264ca333a649098522a9d0e47d52b75e1 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Thu, 27 Feb 2025 12:09:37 +0000 Subject: [PATCH 23/25] adjust dockerfile to simplify uv installation and update workflow to match from upstream --- .github/workflows/main.yml | 11 ------ Dockerfile | 78 +++++++++++++++++++++----------------- 2 files changed, 43 insertions(+), 46 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1f9253ba0..c1f1711cd 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -30,11 +30,6 @@ jobs: sudo apt update sudo apt install -y libre2-dev libpq-dev - - name: "Set up Python" - uses: actions/setup-python@v5 - with: - python-version-file: "pyproject.toml" - - name: Install dependencies if: steps.setup-uv.outputs.cache-hit != 'true' run: uv sync --locked --all-extras @@ -43,7 +38,6 @@ jobs: run: | uv run pre-commit run --all-files - test: runs-on: ubuntu-latest @@ -89,11 +83,6 @@ jobs: sudo apt update sudo apt install -y libre2-dev libpq-dev - - name: "Set up Python" - uses: actions/setup-python@v5 - with: - python-version-file: "pyproject.toml" - - name: Install dependencies if: steps.setup-uv.outputs.cache-hit != 'true' run: uv sync --locked --all-extras diff --git a/Dockerfile b/Dockerfile index c163bad94..f33fac1c1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,11 +4,8 @@ WORKDIR /code COPY ./static/package*.json /code/static/ RUN cd /code/static && npm ci -FROM ubuntu:22.04 +FROM ubuntu:24.04 -ARG UV_VERSION="0.5.24" -ARG UV_HASH_x86_64="a0eb614f7fc38a6e14ef1c4819f1f187591db8e0d3c4218dae38b1bd663a00e2" -ARG UV_HASH_aarch64="3cf910468c37c709580d83d19b7b55352cfe05d6e1cc038718698410b6b8c6f0" ARG TARGETARCH # Keeps Python from generating .pyc files in the container @@ -22,36 +19,47 @@ WORKDIR /code COPY pyproject.toml uv.lock .python-version ./ # Install deps -RUN apt-get update \ - && apt-get install -y curl netcat-traditional gcc python3-dev gnupg git libre2-dev build-essential pkg-config cmake ninja-build bash clang \ - && if [ "$TARGETARCH" = "amd64" ]; then \ - curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-x86_64-unknown-linux-gnu.tar.gz" > uv.tar.gz \ - && echo "${UV_HASH_x86_64} uv.tar.gz" | sha256sum -c - \ - && tar xf uv.tar.gz -C /tmp/ \ - && mv /tmp/uv-x86_64-unknown-linux-gnu/uv /usr/bin/uv \ - && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx /usr/bin/uvx \ - && rm -rf /tmp/uv* \ - && rm -f uv.tar.gz \ - && uv python install `cat .python-version` \ - && uv sync --locked ; \ - elif [ "$TARGETARCH" = "arm64" ]; then \ - curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-aarch64-unknown-linux-gnu.tar.gz" > uv.tar.gz \ - && echo "${UV_HASH_aarch64} uv.tar.gz" | sha256sum -c - \ - && tar xf uv.tar.gz -C /tmp/ \ - && mv /tmp/uv-aarch64-unknown-linux-gnu/uv /usr/bin/uv \ - && mv /tmp/uv-aarch64-unknown-linux-gnu/uvx /usr/bin/uvx \ - && rm -rf /tmp/uv* \ - && rm -f uv.tar.gz \ - && uv python install `cat .python-version` \ - && uv sync --locked ; \ - else \ - echo "compatible arch not detected" ; \ - fi \ - && apt-get autoremove -y \ - && apt-get purge -y curl netcat-traditional build-essential pkg-config cmake ninja-build python3-dev clang \ - && apt-get autoremove -y \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* +RUN \ + echo "**** install build packages ****" && \ + apt-get update && \ + apt-get install -y --no-install-recommends \ + curl \ + netcat-traditional \ + gcc \ + python3-dev \ + gnupg \ + git \ + libre2-dev \ + build-essential \ + pkg-config \ + cmake \ + ninja-build \ + bash \ + clang \ + ca-certificates && \ + curl -o /tmp/uv-installer.sh -L https://astral.sh/uv/install.sh && \ + sh /tmp/uv-installer.sh && \ + export PATH="$HOME/.local/bin:$PATH" && \ + uv python install `cat .python-version` && \ + uv sync --no-dev --no-cache && \ + echo "**** install runtime packages ****" && \ + apt-get install -y \ + gnupg \ + libre2-10 && \ + echo "**** cleanup ****" && \ + apt-get purge -y \ + curl \ + netcat-traditional \ + build-essential \ + pkg-config \ + cmake \ + ninja-build \ + python3-dev \ + clang && \ + apt-get autoremove -y && \ + apt-get autoclean -y && \ + rm -rf \ + /var/lib/apt/lists/* # Copy code COPY . . @@ -63,4 +71,4 @@ ENV PATH="/code/.venv/bin:$PATH" EXPOSE 7777 #gunicorn wsgi:app -b 0.0.0.0:7777 -w 2 --timeout 15 --log-level DEBUG -CMD ["gunicorn","wsgi:app","-b","0.0.0.0:7777","-w","2","--timeout","15"] +CMD ["gunicorn","wsgi:app","-b","0.0.0.0:7777","-w","2","--timeout","15"] \ No newline at end of file From 4f782c6b4c629536d5483d0874faee35b78efae4 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Fri, 18 Apr 2025 14:57:20 +0100 Subject: [PATCH 24/25] add cmake policy version --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index f33fac1c1..35f3178d3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,6 +41,7 @@ RUN \ sh /tmp/uv-installer.sh && \ export PATH="$HOME/.local/bin:$PATH" && \ uv python install `cat .python-version` && \ + export CMAKE_POLICY_VERSION_MINIMUM=3.5 && \ uv sync --no-dev --no-cache && \ echo "**** install runtime packages ****" && \ apt-get install -y \ From 92c3134a3b7eaaa5a6fccb36b3c4ed06ae37ec30 Mon Sep 17 00:00:00 2001 From: Martin Adams <6276146+martadams89@users.noreply.github.com> Date: Fri, 18 Apr 2025 14:57:59 +0100 Subject: [PATCH 25/25] add cmake policy version to workflow --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c1f1711cd..7c7f8392a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,6 +10,7 @@ on: env: DOCKERHUB_REPO: simplelogin/app-ci + CMAKE_POLICY_VERSION_MINIMUM: 3.5 jobs: lint: