Update Images and Instances to include SQLcl #245
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Workflow for validating container image builds | |
| name: Validate Container Images | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - ready_for_review | |
| paths: | |
| - "src/**" | |
| - "pyproject.toml" | |
| - ".github/workflows/image_smoke.yml" | |
| # Allows running this workflow manually | |
| workflow_dispatch: | |
| jobs: | |
| # Build and test all container images with optimized caching | |
| image-build-test: | |
| if: github.event.pull_request.draft == false || github.event_name == 'workflow_dispatch' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| contents: read | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| build: | |
| - name: aio | |
| dockerfile: src/Dockerfile | |
| - name: client | |
| dockerfile: src/client/Dockerfile | |
| - name: server | |
| dockerfile: src/server/Dockerfile | |
| name: Build & Test - ${{ matrix.build.name }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| # Use official Docker Buildx action for better caching | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Optimized caching with content-based keys | |
| - name: Cache Docker Layers | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ matrix.build.name }}-${{ hashFiles('src/**', 'pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx-${{ matrix.build.name }}- | |
| ${{ runner.os }}-buildx- | |
| # Build using official action (replaces manual docker buildx commands) | |
| - name: Build Container Image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ${{ matrix.build.dockerfile }} | |
| tags: ${{ matrix.build.name }}:${{ github.sha }} | |
| load: true # Load all images for smoke testing | |
| push: false | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | |
| # Move cache to avoid ever-growing cache | |
| # Reference: https://github.com/docker/build-push-action/issues/252 | |
| - name: Move Cache | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| # Security scanning - only AIO (contains both server and client) | |
| - name: Run Trivy Security Scan | |
| if: matrix.build.name == 'aio' | |
| uses: aquasecurity/[email protected] | |
| with: | |
| scan-type: image | |
| image-ref: "aio:${{ github.sha }}" | |
| severity: HIGH,CRITICAL | |
| format: sarif | |
| output: trivy-results-aio.sarif | |
| ignore-unfixed: true | |
| exit-code: 0 | |
| # Upload security results to GitHub Security tab | |
| - name: Upload Trivy Results to GitHub Security | |
| if: matrix.build.name == 'aio' | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: trivy-results-aio.sarif | |
| category: trivy-aio | |
| # Smoke test - Server container | |
| - name: Smoke Test - Server Container | |
| if: matrix.build.name == 'server' | |
| run: | | |
| echo "Testing Server container startup..." | |
| # Start server container in background | |
| docker run -d --name test-server \ | |
| -e API_SERVER_KEY=test-key-for-ci \ | |
| server:${{ github.sha }} | |
| # Wait and verify container is still running (max 30 seconds) | |
| echo "Waiting for container to stabilize..." | |
| sleep 10 | |
| if docker ps --filter "name=test-server" --filter "status=running" | grep -q test-server; then | |
| echo "✅ Server container started and is running" | |
| docker stop test-server | |
| exit 0 | |
| else | |
| echo "❌ Server container failed to start or crashed" | |
| docker logs test-server 2>&1 | |
| exit 1 | |
| fi | |
| # Smoke test - Client container | |
| - name: Smoke Test - Client Container | |
| if: matrix.build.name == 'client' | |
| run: | | |
| echo "Testing Client container startup..." | |
| # Start client container in background | |
| # Client requires API_SERVER_* env vars to be set | |
| docker run -d --name test-client \ | |
| -e API_SERVER_KEY=test-key-for-ci \ | |
| -e API_SERVER_URL=http://localhost \ | |
| -e API_SERVER_PORT=8000 \ | |
| client:${{ github.sha }} | |
| # Wait and verify container is still running | |
| echo "Waiting for container to stabilize..." | |
| sleep 10 | |
| if docker ps --filter "name=test-client" --filter "status=running" | grep -q test-client; then | |
| echo "✅ Client container started and is running" | |
| docker stop test-client | |
| exit 0 | |
| else | |
| echo "❌ Client container failed to start or crashed" | |
| docker logs test-client 2>&1 | |
| exit 1 | |
| fi | |
| # Smoke test - AIO container (both server and client) | |
| - name: Smoke Test - AIO Container | |
| if: matrix.build.name == 'aio' | |
| run: | | |
| echo "Testing AIO container startup..." | |
| # Start container in background | |
| docker run -d --name test-aio \ | |
| -e API_SERVER_KEY=test-key-for-ci \ | |
| aio:${{ github.sha }} | |
| # Wait and verify container is still running | |
| echo "Waiting for container to stabilize..." | |
| sleep 10 | |
| if docker ps --filter "name=test-aio" --filter "status=running" | grep -q test-aio; then | |
| echo "✅ AIO container started and is running" | |
| docker stop test-aio | |
| exit 0 | |
| else | |
| echo "❌ AIO container failed to start or crashed" | |
| docker logs test-aio 2>&1 | |
| exit 1 | |
| fi | |
| # Cleanup test containers | |
| - name: Cleanup Test Containers | |
| if: always() | |
| run: | | |
| docker stop test-server 2>/dev/null || true | |
| docker rm test-server 2>/dev/null || true | |
| docker stop test-client 2>/dev/null || true | |
| docker rm test-client 2>/dev/null || true | |
| docker stop test-aio 2>/dev/null || true | |
| docker rm test-aio 2>/dev/null || true | |
| # Summary job | |
| image-validation-summary: | |
| name: Validation Summary | |
| if: github.event.pull_request.draft == false || github.event_name == 'workflow_dispatch' | |
| runs-on: ubuntu-latest | |
| needs: [image-build-test] | |
| steps: | |
| - name: All Validations Passed | |
| run: | | |
| echo "========================================================" | |
| echo "✅ All container image validations passed!" | |
| echo "========================================================" | |
| echo "- Image builds (aio, client, server): ✅" | |
| echo "- Security scan (AIO): ✅" | |
| echo "- Smoke tests:" | |
| echo " - Server container startup: ✅" | |
| echo " - Client container startup: ✅" | |
| echo " - AIO container startup: ✅" | |
| echo "========================================================" |