Skip to content

Spring cleaning: metadata, CI containerization, release workflow #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
burning-bush-dev merged 1 commit into from
Apr 6, 2026
Merged

Spring cleaning: metadata, CI containerization, release workflow #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions .github/workflows/ci-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: CI Image

on:
push:
branches: [master]
paths:
- 'dist/docker/Dockerfile'
- '.github/workflows/ci-image.yml'
- 'server/Makefile.PL'
- 'client/Makefile.PL'
workflow_dispatch:

permissions:
contents: read
packages: write

jobs:
build:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v6

- name: Compute image tag
id: meta
run: echo "tag=ghcr.io/${GITHUB_REPOSITORY,,}/build:latest" >> "$GITHUB_OUTPUT"

- uses: docker/setup-buildx-action@v4

- uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- uses: docker/build-push-action@v7
with:
context: .
file: dist/docker/Dockerfile
target: base
push: true
tags: ${{ steps.meta.outputs.tag }}
cache-from: type=gha
cache-to: type=gha,mode=max
127 changes: 44 additions & 83 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,69 +13,41 @@ on:

permissions:
contents: read
packages: read

jobs:
image-name:
runs-on: ubuntu-24.04
outputs:
ci: ${{ steps.set.outputs.ci }}
steps:
- id: set
run: echo "ci=ghcr.io/${GITHUB_REPOSITORY,,}/build:latest" >> "$GITHUB_OUTPUT"

test:
runs-on: ubuntu-22.04
needs: image-name
runs-on: ubuntu-24.04
container:
image: ${{ needs.image-name.outputs.ci }}
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

services:
mysql:
image: mysql:8
env:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: nictool
options: >-
--health-cmd="mysqladmin ping -h 127.0.0.1"
--health-interval=5s
--health-timeout=3s
--health-retries=10

steps:
- uses: actions/checkout@v6

- name: Install system dependencies
run: |
sudo apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y \
expat \
cpanminus \
libdbix-simple-perl \
libdbd-mysql-perl \
apache2 \
libapache2-mod-perl2 \
libapache2-mod-perl2-dev \
libapache-dbi-perl \
gettext \
libxml2 \
libnet-ip-perl \
libxml-libxml-perl \
libxml-parser-perl \
libdigest-hmac-perl \
libjson-perl \
librpc-xml-perl \
libsoap-lite-perl \
libmodule-build-perl \
libmime-base32-perl \
libmime-base64-perl \
libbind-confparser-perl \
libssl-dev \
libcrypt-openssl-rsa-perl \
libcrypt-openssl-dsa-perl \
libnet-dns-perl \
libyaml-perl \
bind9utils \
libwww-perl \
liburi-perl \
libmime-tools-perl \
libmailtools-perl \
libfile-sharedir-perl \
libperl-prereqscanner-perl \
libdbi-perl \
libcgi-pm-perl \
libtest-pod-perl \
libtest-output-perl \
libtest-simple-perl \
default-mysql-client

- name: Wait for MySQL service
run: |
sudo /etc/init.d/mysql start
for attempt in $(seq 1 10); do
if mysqladmin ping -h 127.0.0.1 --silent; then
exit 0
fi
sleep 2
done
exit 1

- name: Generate test credentials
run: |
DB_PW=$(openssl rand -base64 24)
Expand All @@ -85,42 +57,34 @@ jobs:
echo "NICTOOL_DB_USER=nictool" >> "$GITHUB_ENV"
echo "NICTOOL_DB_NAME=nictool" >> "$GITHUB_ENV"
echo "DB_ENGINE=mysql" >> "$GITHUB_ENV"
echo "DB_HOSTNAME=localhost" >> "$GITHUB_ENV"
echo "DB_HOSTNAME=mysql" >> "$GITHUB_ENV"
echo "ROOT_USER_EMAIL=ci@nictool.test" >> "$GITHUB_ENV"
echo "ROOT_USER_PASSWORD=$ROOT_PW" >> "$GITHUB_ENV"
echo "NICTOOL_CLIENT_DIR=$GITHUB_WORKSPACE/client" >> "$GITHUB_ENV"
echo "DB_SSL=1" >> "$GITHUB_ENV"

- name: Install NicTool client and server
run: |
cd "$GITHUB_WORKSPACE/client"
perl Makefile.PL
cpanm -n .

cd "$GITHUB_WORKSPACE/server"
perl Makefile.PL
cpanm -n .

- name: Allow Apache to traverse workspace path
run: |
# Ubuntu 21.04+ defaults home dirs to 750; www-data needs o+x to traverse
dir="$GITHUB_WORKSPACE"
while [ "$dir" != "/" ]; do
sudo chmod o+x "$dir"
chmod o+x "$dir"
dir="$(dirname "$dir")"
done

- name: Set up NicTool configs, Apache, and TLS
run: sudo -E dist/setup/install-nictool.sh --nt-dir="$GITHUB_WORKSPACE"

- name: Install Perl modules for Apache/mod_perl
run: |
sudo cpanm --notest \
CryptX Crypt::Mac::HMAC Crypt::KeyDerivation \
Test::HTML::Lint Time::TAI64 DBD::MariaDB

- name: Install NicTool client and server
run: |
cd "$GITHUB_WORKSPACE/client"
perl Makefile.PL
sudo cpanm -n .

cd "$GITHUB_WORKSPACE/server"
perl Makefile.PL
sudo cpanm -n .
run: dist/setup/install-nictool.sh --nt-dir="$GITHUB_WORKSPACE"

- name: Restart Apache
run: sudo service apache2 restart || sudo cat /var/log/apache2/error.log
- name: Start Apache
run: apachectl start

- name: Create NicTool test database
run: |
Expand All @@ -139,9 +103,6 @@ jobs:
- name: Failure diagnostics
if: failure()
run: |
pwd
mysql --version
apache2 -version
sudo cat /var/log/apache2/error.log || true
cat /etc/apache2/apache2.conf || true
ls /usr/lib/apache2/modules/ || true
cat /var/log/apache2/error.log || true
22 changes: 11 additions & 11 deletions .github/workflows/docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,15 @@ permissions:

jobs:
build:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v6

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4

- name: Build Docker image
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
with:
context: .
file: dist/docker/Dockerfile
Expand All @@ -32,15 +32,15 @@ jobs:

docker-tests:
needs: build
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v6

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4

- name: Load Docker image from cache
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
with:
context: .
file: dist/docker/Dockerfile
Expand Down Expand Up @@ -72,15 +72,15 @@ jobs:

e2e-tests:
needs: build
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v6

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4

- name: Load Docker image from cache
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
with:
context: .
file: dist/docker/Dockerfile
Expand All @@ -99,14 +99,14 @@ jobs:
timeout-minutes: 5

- name: Set up Node.js
uses: actions/setup-node@v4
uses: actions/setup-node@v6
with:
node-version: 22
cache: npm
cache-dependency-path: client/t/e2e/package-lock.json

- name: Cache Playwright browsers
uses: actions/cache@v4
uses: actions/cache@v5
id: playwright-cache
with:
path: ~/.cache/ms-playwright
Expand Down
Loading
Loading