build jmx container -WIP

2026-02-06 11:47:18 +00:00 · 2024-06-21 09:35:35 +02:00 · 2024-06-21 09:35:35 +02:00 · b3e7d0c591
commit b3e7d0c591
parent ea46c1ab51
2 changed files with 105 additions and 0 deletions
--- a/.github/Dockerfile_PreBuild_Jmx
+++ b/.github/Dockerfile_PreBuild_Jmx
@ -0,0 +1,9 @@
+FROM jetty:9.4-jdk11-alpine
+
+# Copy OBP source code
+# Copy build artifact (.war file) into jetty from 'maven' stage.
+COPY /jmx_prometheus_javaagent-0.20.0.jar /var/lib/jetty/jmx_prometheus_javaagent-0.20.0.jar
+COPY /.github/jmx_exporter.config /var/lib/jetty/prometheus_config.yml
+COPY /obp-api/target/obp-api-1.*.war /var/lib/jetty/webapps/ROOT.war
+
+CMD ["java -jar $JETTY_HOME/start.jar -javaagent:$JETTY_BASE/jmx_prometheus_javaagent-0.20.0.jar=8090:$JETTY_BASE/prometheus_config.yml"]
--- a/.github/workflows/build_jmx_container.yml
+++ b/.github/workflows/build_jmx_container.yml
@ -0,0 +1,96 @@
+name: Build and publish jmx container develop
+
+# read-write repo token
+# access to secrets
+on: workflow_dispatch
+
+env:
+  ## Sets environment variable
+  DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }}
+  DOCKER_HUB_REPOSITORY: obp-api
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: 'Download artifact'
+        uses: actions/github-script@v3.1.0
+        with:
+          script: |
+            var matchRun = workflowRuns.data.workflow_runs.filter((run) => {
+              return run.head_sha == context.sha
+            var workflowRuns = await github.actions.listWorkflowRunsForRepo({
+            })[0];
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            });
+            var artifacts = await github.actions.listWorkflowRunArtifacts({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            var matchRun = workflowRuns.data.workflow_runs.filter((run) => {
+              return run.head_sha == context.sha
+            })[0];
+              run_id: matchRun.id,
+            });
+            if (!matchRun) {
+            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+              console.log('No matching workflow run found for this commit');
+              return;
+            }
+              return artifact.name == "push"
+            })[0];
+            var artifacts = await github.actions.listWorkflowRunArtifacts({
+            var download = await github.actions.downloadArtifact({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: matchRun.id,
+              artifact_id: matchArtifact.id,
+            });
+              archive_format: 'zip',
+            });
+            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+            var fs = require('fs');
+              return artifact.name == "push"
+            })[0];
+            if (!matchArtifact) {
+            fs.writeFileSync('${{github.workspace}}/push.zip', Buffer.from(download.data));
+                - run: unzip push.zip
+
+      - name: prepare the artifact
+        run: |
+          mkdir -p obp-api/target/
+          cp push/obp-api-1.*.war obp-api/target/obp-api-1.10.1.war
+
+      - name: Build the Docker image
+        run: |
+          echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io
+          docker build . --file .github/Dockerfile_PreBuild --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:develop
+          docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags
+          echo docker done
+
+      - uses: sigstore/cosign-installer@main
+
+      - name: Write signing key to disk (only needed for `cosign sign --key`)
+        run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
+
+      - name: Sign container image
+        run: |
+          cosign sign -y --key cosign.key \
+            docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:develop
+          cosign sign -y --key cosign.key \
+                      docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest
+          cosign sign -y --key cosign.key \
+                      docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA
+          cosign sign -y --key cosign.key \
+                      docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:develop-OC
+          cosign sign -y --key cosign.key \
+                      docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest-OC
+        env:
+          COSIGN_PASSWORD: "${{secrets.COSIGN_PASSWORD}}"
+
+
+