-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GHA: Build and Publish to Public ECR and Build Nix #49
Changes from all commits
ed84c5f
2cec5c8
b672efd
7002f49
ba96ded
19b4079
dfe4d84
33a35a0
0afa173
2e8b84f
a0a04c6
16926f3
63571c8
40acf51
78f00f5
5e01112
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
name: Setup ECR / Buildx | ||
description: Composite action to setup requirements for ECR and buildx for docker pushes | ||
|
||
inputs: | ||
registry-type: | ||
description: ECR Registry Type | ||
default: private | ||
iam-role-to-assume: | ||
description: IAM Role to Assume | ||
required: true | ||
|
||
outputs: | ||
ecr_registry: | ||
description: ECR Registry | ||
value: ${{ steps.login-ecr.outputs.registry }} | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- name: Configure AWS Credentials | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
role-to-assume: ${{ inputs.iam-role-to-assume }} | ||
role-session-name: github-action-session | ||
aws-region: us-east-1 | ||
|
||
- name: Login to Amazon ECR | ||
id: login-ecr | ||
uses: aws-actions/amazon-ecr-login@v1 | ||
with: | ||
registry-type: ${{ inputs.registry-type }} | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2.7.0 |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
name: Build and Push | ||
|
||
# Builds and pushes the branch to ECR from master, or the manually selected branch when invoked manually. We stopped using Docker Hub for storing the image of oplogtoredis, where we used a Webhook to do the same thing. | ||
|
||
on: | ||
push: | ||
branches: | ||
- master | ||
# Left this here in-case the workflow needs to be developed further rapidly: | ||
pull_request: | ||
types: [ opened, synchronize, reopened ] | ||
workflow_dispatch: | ||
|
||
|
||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.ref }} | ||
cancel-in-progress: ${{ github.ref != 'refs/heads/master' }} | ||
|
||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
jobs: | ||
build-and-push: | ||
name: Build and Push | ||
runs-on: ubuntu-latest | ||
steps: | ||
|
||
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 | ||
|
||
- uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac | ||
with: | ||
nix_path: nixpkgs=channel:nixos-unstable | ||
|
||
# Examples of the generated tags: | ||
# - v3.0.0 (branch: master) | ||
# - v3.0.0-branch-name (branch: branch-name) | ||
- name: Generate Tag | ||
id: generate-tag | ||
run: | | ||
# Extract the current version from `default.nix`. This must pass. | ||
version=$(nix flake show . --quiet --all-systems --json | jq -r '.defaultPackage."aarch64-darwin".name' | cut -d'-' -f2-) | ||
|
||
# Adds the branch name if the workflow is manually invoked from a branch. | ||
tag_branch_segment="" | ||
|
||
branch_name=${{ github.event.pull_request && github.head_ref || github.ref_name }} | ||
if [ "$branch_name" != "master" ]; then | ||
tag_branch_segment="-${branch_name}" # adds a -<branch-name> as needed | ||
fi | ||
|
||
tag="v${version}${tag_branch_segment}" | ||
|
||
echo "TAG=${tag}" >> $GITHUB_OUTPUT | ||
|
||
- name: Setup ECR/buildx | ||
uses: ./.github/actions/setup-ecr-buildx | ||
id: setup-ecr-buildx | ||
with: | ||
iam-role-to-assume: ${{ secrets.AWS_PUBLIC_ECR_IAM_ROLE_ARN }} | ||
registry-type: public | ||
|
||
- name: Build and push image | ||
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # 4.0.0 | ||
with: | ||
tags: ${{ steps.setup-ecr-buildx.outputs.ecr_registry }}/tulip/oplogtoredis:${{ steps.generate-tag.outputs.TAG }} | ||
provenance: true | ||
push: true |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,25 @@ | ||
{ lib, stdenv, buildGoModule, fetchFromGitHub, installShellFiles }: | ||
buildGoModule { | ||
pname = "oplogtoredis"; | ||
version = "2.0.1"; | ||
|
||
buildGoModule { | ||
pname = "oplogtoredis"; | ||
version = "3.0.0"; | ||
src = builtins.path { path = ./.; }; | ||
|
||
vendorSha256 = "sha256-VHiYVJUNtHN2IY4iXZ6kHAa3Avi2VwRH1ySKBrrCDu4="; | ||
postInstall = '' | ||
postInstall = '' | ||
''; | ||
nativeBuildInputs = [installShellFiles]; | ||
doCheck = false; | ||
doInstallCheck = false; | ||
|
||
# update: set value to an empty string and run `nix build`. This will download Go, fetch the dependencies and calculates their hash. | ||
vendorHash = "sha256-ceToA2DC1bhmg9WIeNSAfoNoU7sk9PrQqgqt5UbpivQ="; | ||
|
||
nativeBuildInputs = [ installShellFiles ]; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is there a nix linter? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Not that I know of. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
doCheck = false; | ||
doInstallCheck = false; | ||
|
||
meta = with lib; { | ||
description = '' | ||
This program tails the oplog of a Mongo server, and publishes changes to Redis. | ||
It's designed to work with the redis-oplog Meteor package''; | ||
homepage = "https://github.com/tulip/oplogtoredis"; | ||
license = licenses.mit; | ||
}; | ||
} |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -21,17 +21,23 @@ func RunInserts(client *mongo.Database, numInserts int, frequency time.Duration) | |
for i := 0; i < numInserts; i++ { | ||
id := fmt.Sprintf("doc%d", i) | ||
|
||
// We set a 50ms timout for the insert: long enough that the insert will | ||
// We set a 100ms timeout for the insert: long enough that the insert will | ||
// succeed if Mongo is working normally, but too short for it to retry during | ||
// a failover | ||
ctx, cancel := context.WithTimeout(context.Background(), 50*time.Millisecond) | ||
// a failover. | ||
|
||
// The write may still get through even if the InsertOne call errors out and if the resulting InsertedID is nil. | ||
ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond) | ||
defer cancel() | ||
_, err := client.Collection("Test").InsertOne(ctx, bson.M{ | ||
insertResult, err := client.Collection("Test").InsertOne(ctx, bson.M{ | ||
"_id": id, | ||
}) | ||
|
||
if err != nil { | ||
log.Printf("Warning: mongo insert failed: %s", err) | ||
log.Printf("Warning: mongo insert failed for doc %s: %s", id, err) | ||
if insertResult != nil && insertResult.InsertedID != nil { | ||
log.Printf("Warning: although the previous insert faced this error, the InsertedID wasn't nil, so we'll conclude it was a success (InterruptedDueToReplStateChange). InsertedID: %s", insertResult.InsertedID) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🤔 is there a way to check the type of There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I guess, this worked though, so lets go with this one. There could be many different errors, this was just what I picked up. The result is apparently simply not reliable in case of insert when using replicated mongo. |
||
result = append(result, id) | ||
} | ||
} else { | ||
log.Printf("Inserted doc %s", id) | ||
result = append(result, id) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's fine to hard-code
aarch64-darwin
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is, cause all the
${system}
dicts will have the same.name
attribute. Although I agree that it's ugly.