Initial commit.

Signed-off-by: Chad Metcalf <[email protected]>

Author: metcalfc

.github/workflows/main-ci.yml

@@ -0,0 +1,71 @@
+name: Main Branch CI
+
+# For all pushes to the main branch run the tests and push the image to the
+# GitHub registry under an edge tag so we can use it for the nightly
+# integration tests
+on:
+  push:
+    branches: main
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Prepare
+        id: prep
+        run: |
+          DOCKER_IMAGE=ghcr.io/metcalfc/docker-action-examples
+          VERSION=edge
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/v}
+          fi
+          if [ "${{ github.event_name }}" = "schedule" ]; then
+            VERSION=nightly
+          fi
+          TAGS="${DOCKER_IMAGE}:${VERSION}"
+          if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+            TAGS="$TAGS,${DOCKER_IMAGE}:latest"
+          fi
+          echo ::set-output name=tags::${TAGS}
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@master
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Login to ghcr
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.ghcr_TOKEN }}
+
+      - name: Test
+        id: docker_test
+        uses: docker/build-push-action@v2-build-push
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ./app
+          file: ./app/Dockerfile
+          target: test
+
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2-build-push
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ./app
+          file: ./app/Dockerfile
+          target: prod
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.prep.outputs.tags }}

.github/workflows/nightly.yml

@@ -0,0 +1,22 @@
+name: Main Branch CI
+
+# Run the nightly tests at at 2 AM UTC
+on:
+  schedule:
+    - cron: "0 2 * * *"
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    env:
+      PROD_IMAGE: ghcr.io/metcalfc/docker-action-examples:edge
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Compose up
+        run: docker-compose -f docker-compose.yml up -d
+      - name: Check running containers
+        run: docker ps -a
+      - name: Check logs
+        run: docker logs web
+      - name: Compose down
+        run: docker-compose -f docker-compose.yml down

.github/workflows/pr-ci.yml

@@ -0,0 +1,36 @@
+name: Main Branch CI
+
+# For all pushes to the main branch run the tests and push the image to the
+# GitHub registry under an edge tag so we can use it for the nightly
+# integration tests
+on:
+  pull_request:
+    branches: main
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@master
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Test
+        id: docker_test
+        uses: docker/build-push-action@v2-build-push
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ./app
+          file: ./app/Dockerfile
+          target: test

.github/workflows/release.yml

@@ -0,0 +1,74 @@
+name: Publish Releases to Hub
+
+# When its time to do a release do a full cross platform build for all supported
+# architectures and push all of them to Docker Hub.
+# Only trigger on semver shaped tags.
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Prepare
+        id: prep
+        run: |
+          DOCKER_IMAGE=metcalfc/docker-action-examples
+          VERSION=edge
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/v}
+          fi
+          if [ "${{ github.event_name }}" = "schedule" ]; then
+            VERSION=nightly
+          fi
+          TAGS="${DOCKER_IMAGE}:${VERSION}"
+          if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+            TAGS="$TAGS,${DOCKER_IMAGE}:latest"
+          fi
+          echo ::set-output name=tags::${TAGS}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@master
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@master
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2-build-push
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ./app
+          file: ./app/Dockerfile
+          target: prod
+          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.prep.outputs.tags }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}

Makefile

@@ -0,0 +1,58 @@
+# BuildKit is a next generation container image builder. You can enable it using
+# an environment variable or using the Engine config, see:
+# https://docs.docker.com/develop/develop-images/build_enhancements/#to-enable-buildkit-builds
+export DOCKER_BUILDKIT=1
+
+GIT_TAG?=$(shell git describe --tags --match "v[0-9]*" 2> /dev/null)
+ifeq ($(GIT_TAG),)
+	GIT_TAG=edge
+endif
+
+# Docker image tagging:
+HUB_USER?=${USER}
+REPO?=$(shell basename ${PWD})
+TAG?=${GIT_TAG}
+DEV_IMAGE?=${REPO}:latest
+PROD_IMAGE?=${HUB_USER}/${REPO}:${TAG}
+
+# Local development happens here!
+# This starts your application and bind mounts the source into the container so
+# that changes are reflected in real time.
+# Once you see the message "Running on http://0.0.0.0:5000/", open a Web browser at
+# http://localhost:5000
+.PHONY: dev
+all: dev
+dev:
+	@COMPOSE_DOCKER_CLI_BUILD=1 docker-compose -f docker-compose.dev.yml up --build
+
+# Run the unit tests.
+.PHONY: build-test unit-test test
+unit-test:
+	@docker build --progress plain --target test ./app
+
+test: unit-test
+
+# Build a production image for the application.
+.PHONY: build
+build:
+	@docker build --target prod --tag ${PROD_IMAGE} ./app
+
+# Push the production image to a registry.
+.PHONY: push
+push: build
+	@docker push ${PROD_IMAGE}
+
+# Run the production image either via compose or run
+.PHONY: deploy run
+deploy: build
+	@PROD_IMAGE=${PROD_IMAGE} docker-compose up -d
+
+run: build
+	@docker run -d -p 5000:5000 ${PROD_IMAGE}
+
+# Remove the dev container, dev image, test image, and clear the builder cache.
+.PHONY: clean
+clean:
+	@docker-compose -f docker-compose.dev.yml down
+	@docker rmi ${DEV_IMAGE} || true
+	@docker builder prune --force --filter type=exec.cachemount --filter=unused-for=24h

README.md

@@ -1 +1,106 @@
-# ghrc-example
+# Docker GitHub Action Example
+
+Welcome. This is a simple example application to show a common Docker specific
+GitHub Action setup. We have a Python Flask application that is built and
+deployed in Docker containers using Dockerfiles and Docker Compose.
+
+We want to setup CI to test:
+
+- ✒ Every commit to `main`
+- ✉ Every PR
+- 🌃 Integration tests nightly
+- 🐳 Releases via tags pushed to Docker Hub.
+
+We are going to use GitHub Actions for the CI infrastructure. Since its local to
+GitHub Actions and free when used inside GitHub Actions we're going to use the
+new GitHub Container Registry to hold a copy of the nightly Docker image.
+
+After CI when it comes time for production we want to use Docker's new Amazon
+ECS integration to deploy from Docker Compose directly to Amazon ECS with
+Fargate. So we will push our release tagged images to Docker Hub which is
+integrated directly Amazon ECS via Docker Compose.
+
+The Dockerfile is setup to use multi stage builds. We have stages for `test` and
+`prod`. This means we'll need Docker Buildx and we can use the a preview of the
+new Docker Buildx Action. This is going to let us achieve a couple awesome outcomes:
+
+- We are going to use the buildx backend by default. Buildx out of the box brings a
+  number of improvements over the default `docker build`.
+- We are going to setup buildx caching to take advantage of the GitHub Action Cache.
+  You should see build performance improvements when repeating builds with common
+  layers.
+- We are going to setup QEMU to do cross platform builds. In the example, we'll
+  build this application for every Linux architecture that Docker Hub supports:
+  - linux/386
+  - linux/amd64
+  - linux/arm/v6
+  - linux/arm/v7
+  - linux/arm64
+  - linux/ppc64le
+  - linux/s390x
+
+I'm not going to have GitHub Action manage the deployment side of this example.
+Mostly because I don't want to leave an Amazon ECS cluster running.
+
+## Compose sample application
+
+### Python/Flask application
+
+Project structure:
+
+```
+.
+├── docker-compose.yaml
+├── app
+    ├── Dockerfile
+    ├── requirements.txt
+    └── app.py
+
+```
+
+[_docker-compose.yaml_](docker-compose.yaml)
+
+```
+services:
+  web:
+    build: app
+    ports:
+      - '5000:5000'
+```
+
+## Deploy with docker-compose
+
+```
+$ docker-compose up -d
+Creating network "flask_default" with the default driver
+Building web
+Step 1/6 : FROM python:3.7-alpine
+...
+...
+Status: Downloaded newer image for python:3.7-alpine
+Creating flask_web_1 ... done
+
+```
+
+## Expected result
+
+Listing containers must show one container running and the port mapping as below:
+
+```
+$ docker ps
+CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS              PORTS                  NAMES
+c126411df522        flask_web                    "python3 app.py"         About a minute ago  Up About a minute   0.0.0.0:5000->5000/tcp flask_web_1
+```
+
+After the application starts, navigate to `http://localhost:5000` in your web browser or run:
+
+```
+$ curl localhost:5000
+Hello World!
+```
+
+Stop and remove the containers
+
+```
+$ docker-compose down
+```

app/Dockerfile

@@ -0,0 +1,16 @@
+FROM python:3.7-alpine AS base
+WORKDIR /app
+COPY requirements.txt /app
+RUN pip3 install -r requirements.txt
+
+FROM base as src
+COPY . /app
+
+FROM src as test
+COPY requirements.dev.txt /app
+RUN pip3 install -r requirements.dev.txt
+RUN python3 -m pytest
+
+FROM src as prod
+ENTRYPOINT ["python3"]
+CMD ["app.py"]