feat: use GH Actions and separate Dockerfiles

GeoNet / fdsn

FDSN Web Services

MIT License

17 stars 15 forks source link

feat: use GH Actions and separate Dockerfiles #238

Closed BobyMCbobs closed 1 year ago

BobyMCbobs commented 1 year ago

changes include:

add workflow for Docker build, per app in ./cmd with push to ECR
go apps for Go validations

depends on https://github.com/GeoNet/terraform-aws/pull/847, https://github.com/GeoNet/Actions/pull/112, https://github.com/GeoNet/Actions/pull/116

should should be viewed as an example of an intermediary step between current things and Go 1.20 and ko

BobyMCbobs commented 1 year ago

@junghao, I think it's looking to be in likeness of the Travis job. Shall we merge it now and see how it goes?

edit: noticing the failing travis jobs and trying to resolve them

BobyMCbobs commented 1 year ago

Thanks. This should work and can be copy-paste to other repos.

Potentially yes. Which repo would you suggest to be the next candidate?

BobyMCbobs commented 1 year ago

Thanks for the work; the PR implements a Github Action that appears to be an appropriate translation of the Travis pipeline; tests pass.

@wilsonjord, thank you! Just need one more approve from @junghao.

junghao commented 1 year ago

I'll check if the built images run (in dev).

junghao commented 1 year ago

fdsn-quake-consumer doesn't work. I guess it's the alpine-xslt's issue?

$ docker run -d 7515
95ed5f56cf9d2df5ee5a2ea4fcd1624d02f46e54d55a28a9c9812119e1a66325
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/bin/sh": stat /bin/sh: permission denied: unknown.

BobyMCbobs commented 1 year ago

fdsn-quake-consumer doesn't work. I guess it's the alpine-xslt's issue?

$ docker run -d 7515
95ed5f56cf9d2df5ee5a2ea4fcd1624d02f46e54d55a28a9c9812119e1a66325
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/bin/sh": stat /bin/sh: permission denied: unknown.

A shell isn't included in the base-images/alpine-xslt image; this limits the unintended capabilities and locks down the image. From the programs run in the repo, there doesn't appear to be a need to ship a shell in them.

BobyMCbobs commented 1 year ago

Thanks. I've built containers based on new base-images and ran service in dev works. well.

@junghao, that's wonderful to hear!

Who is able to be assigned to merge?

BobyMCbobs commented 1 year ago

@sue-h-gns, thank you!