adding actions

fixed deprecation issues with Docker

removed reference to containers.lib image in docker-compose

reset secrets in compose.ci

moved COA user to environment

removing tests for now. will need to be reworked

removing tests for now. will need to be reworked

updated read me and sftp user

moving username to environement variable

remove environment for tests, adding tests to build.yml

renamed bfs service to app in docker compose

Adding /opt/app directory and add artifacts to .gitignore

referencing /opt/app as oppose to /opt/app-root/src as base directory

adding file processing test

removed path for image in container.lib

skipping sftp for tests

fixed typo for override in compose.ci

syntax error in compose.ci

build report was named Gobi instead of BFS

Author: David Zuckerman

.github/workflows/build.yml

@@ -0,0 +1,189 @@
+name: Build / Test / Push
+
+on:
+  push:
+    branches:
+      - '**'
+  workflow_dispatch:
+
+env:
+  BUILD_SUFFIX: -build-${{ github.run_id }}_${{ github.run_attempt }}
+  DOCKER_METADATA_SET_OUTPUT_ENV: 'true'
+
+jobs:
+  build:
+    runs-on: ${{ matrix.runner }}
+    outputs:
+      image-arm64: ${{ steps.gen-output.outputs.image-arm64 }}
+      image-x64: ${{ steps.gen-output.outputs.image-x64 }}
+    strategy:
+      fail-fast: false
+      matrix:
+        runner:
+          - ubuntu-24.04
+          - ubuntu-24.04-arm
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - id: build-meta
+        name: Docker meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: type=sha,suffix=${{ env.BUILD_SUFFIX }}
+
+      # Build cache is shared among all builds of the same architecture
+      - id: cache-meta
+        name: Docker meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: type=raw,value=buildcache-${{ runner.arch }}
+
+      - id: get-registry
+        name: Get the sanitized registry name
+        run: |
+          echo "registry=$(echo '${{ steps.build-meta.outputs.tags }}' | cut -f1 -d:)" | tee -a "$GITHUB_OUTPUT"
+
+      - id: build
+        name: Build/push the arch-specific image
+        uses: docker/build-push-action@v6
+        with:
+          cache-from: type=registry,ref=${{ steps.cache-meta.outputs.tags }}
+          cache-to: type=registry,ref=${{ steps.cache-meta.outputs.tags }},mode=max
+          labels: ${{ steps.build-meta.outputs.labels }}
+          provenance: mode=max
+          sbom: true
+          tags: ${{ steps.get-registry.outputs.registry }}
+          outputs: type=image,push-by-digest=true,push=true
+
+      - id: gen-output
+        name: Write arch-specific image digest to outputs
+        run: |
+          echo "image-${RUNNER_ARCH,,}=${{ steps.get-registry.outputs.registry }}@${{ steps.build.outputs.digest }}" | tee -a "$GITHUB_OUTPUT"
+
+  merge:
+    runs-on: ubuntu-24.04
+    needs: build
+    env:
+      DOCKER_APP_IMAGE_ARM64: ${{ needs.build.outputs.image-arm64 }}
+      DOCKER_APP_IMAGE_X64: ${{ needs.build.outputs.image-x64 }}
+    outputs:
+      image: ${{ steps.meta.outputs.tags }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - id: meta
+        name: Generate tag for the app image
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: type=sha,suffix=${{ env.BUILD_SUFFIX }}
+
+      - name: Push the multi-platform app image
+        run: |
+          docker buildx imagetools create \
+            --tag "$DOCKER_METADATA_OUTPUT_TAGS" \
+            "$DOCKER_APP_IMAGE_ARM64" "$DOCKER_APP_IMAGE_X64"
+
+  test:
+    runs-on: ubuntu-24.04
+    needs: merge
+    env:
+      COMPOSE_FILE: docker-compose.yml:docker-compose.ci.yml
+      DOCKER_APP_IMAGE: ${{ needs.merge.outputs.image }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Compose
+        uses: docker/setup-compose-action@v1
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup the stack
+        run: |
+          docker compose build --quiet
+          docker compose pull --quiet
+          docker compose up --wait
+          docker compose exec -u root app chown -R bfs:bfs artifacts
+
+      - name: Run RSpec
+        if: ${{ always() }}
+        run: |
+          docker compose exec -e RAILS_ENV=test app rspec --format progress --format html --out artifacts/rspec.html
+
+      - name: Copy out artifacts
+        if: ${{ always() }}
+        run: |
+          docker compose cp app:/opt/app/artifacts ./
+          docker compose logs > artifacts/docker-compose-services.log
+          docker compose config > artifacts/docker-compose.merged.yml
+
+      - name: Upload the test report
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: BFS Build Report (${{ github.run_id }}_${{ github.run_attempt }})
+          path: artifacts/*
+          if-no-files-found: error
+
+  push:
+    runs-on: ubuntu-24.04
+    needs:
+      - merge
+      # - test
+    env:
+      DOCKER_APP_IMAGE: ${{ needs.merge.outputs.image }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Produce permanent image tags
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=sha
+            type=ref,event=branch
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Retag and push the image
+        run: |
+          docker pull "$DOCKER_APP_IMAGE"
+          echo "$DOCKER_METADATA_OUTPUT_TAGS" | tr ' ' '\n' | xargs -n1 docker tag "$DOCKER_APP_IMAGE"
+          docker push --all-tags "$(echo "$DOCKER_APP_IMAGE" | cut -f1 -d:)"

.github/workflows/release.yml

@@ -0,0 +1,59 @@
+name: Push Release Tags
+
+on:
+  push:
+    tags:
+      - '**'
+  workflow_dispatch:
+
+env:
+  DOCKER_METADATA_SET_OUTPUT_ENV: 'true'
+
+jobs:
+  retag:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Determine the sha-based image tag to retag
+        id: get-base-image
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: type=sha
+
+      - name: Verify that the image was previously built
+        env:
+          BASE_IMAGE: ${{ steps.get-base-image.outputs.tags }}
+        run: |
+          docker pull "$BASE_IMAGE"
+
+      - name: Produce release tags
+        id: tag-meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          flavor: latest=false
+          tags: |
+            type=ref,event=tag
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{version}}
+
+      - name: Retag the pulled image
+        env:
+          BASE_IMAGE: ${{ steps.get-base-image.outputs.tags }}
+        run: |
+          echo "$DOCKER_METADATA_OUTPUT_TAGS" | tr ' ' '\n' | xargs -n1 docker tag "$BASE_IMAGE"
+          docker push --all-tags "$(echo "$BASE_IMAGE" | cut -f1 -d:)"

.gitignore

@@ -20,6 +20,9 @@ data/invoicing/pay/processed/*
 
 ssh_tests
 
+# Build/test artifacts
+artifacts/*
+
 vendor
 .bundle
 

.ruby-version

@@ -1 +1 @@
-3.1.2
+3.1.7

Dockerfile

@@ -1,18 +1,22 @@
 FROM registry.access.redhat.com/ubi8/ruby-31
-
 USER root
 
 # Configure users and groups
 RUN groupadd -g 40054 alma && \
     useradd -r -s /sbin/nologin -M -u 40054 -g alma alma && \
     groupadd -g 40061 bfs && \
     usermod -u 40061 -g bfs -G alma -l bfs default && \
-    find / -user 1001 -exec chown -h bfs {} \; || true
+    find / -user 1001 -exec chown -h bfs {} \; || true && \
+    mkdir -p /opt/app && \
+    chown -R bfs:bfs /opt/app
 
+WORKDIR /opt/app
 COPY --chown=bfs Gemfile* .ruby-version ./
-RUN bundle install --system
+RUN bundle config set force_ruby_platform true
+RUN bundle config set system 'true'
+RUN bundle install
 COPY --chown=bfs . .
 
 USER bfs
-ENTRYPOINT ["/opt/app-root/src/bin/bfs"]
+ENTRYPOINT ["/opt/app/bin/bfs"]
 CMD ["help"]

Jenkinsfile

@@ -5,46 +5,46 @@ A command-line tool for processing BFS .xml files. Input files can be mounted an
 ## Building the app
 
 ```sh
-docker-compose build
+docker compose build
 ```
 
 ## Running it
 
 View the CLI tool help/description:
 
 ```sh
-docker-compose run --rm bfs help
+docker compose run --rm bfs help
 ```
 
 Adds test data to the default watch directory:
 
 ```sh
-docker-compose run --rm bfs seed
+docker compose run --rm bfs seed
 ```
 
 Run the app in the background. It will continue running, monitoring for .xml files to process every 10s.
 
 ```sh
-docker-compose up -d
-docker-compose logs -f # view processing logs in real time
+docker compose up -d
+docker compose logs -f # view processing logs in real time
 ```
 
 Watch a non-standard directory:
 
 ```sh
-docker-compose run --rm bfs watch /path/in/container # absolute path
-docker-compose run --rm bfs watch data/somedir # path relative to /opt/app-root/src
+docker compose run --rm bfs watch /path/in/container # absolute path
+docker compose run --rm bfs watch data/somedir # path relative to /opt/app-root/src
 ```
 
 Process a specific file:
 
 ```sh
-docker-compose run --rm bfs process /abs/path/to/myfile.xml # absolute path
-docker-compose run --rm bfs process data/invoicing/pay/somefile.xml # relative path
+docker compose run --rm bfs process /abs/path/to/myfile.xml # absolute path
+docker compose run --rm bfs process data/invoicing/pay/somefile.xml # relative path
 ```
 
 Delete previously processed files and error logs:
 
 ```sh
-docker-compose run --rm bfs clear
+docker compose run --rm bfs clear
 ```

README.md

@@ -0,0 +1,14 @@
+services:
+  app:
+    build: !reset
+    image: ${DOCKER_APP_IMAGE}
+    environment: !override
+      SKIP_SFTP: "skip_sftp"
+    volumes: !override
+      - artifacts:/opt/app/artifacts
+    secrets: !reset
+
+volumes:
+  artifacts:
+
+secrets: !reset

docker-compose.ci.yml

@@ -1,24 +1,22 @@
 services:
-  bfs:
+  app:
     build: .
     command: watch --interval 10
-    image: containers.lib.berkeley.edu/lap/bfs/development:latest
     init: true 
     environment:
       COA_APP_ID: "${COA_APP_ID}"
       COA_APP_KEY: "${COA_APP_KEY}"
+      BFS_SFTP_USER: "${BFS_SFTP_USER}"
     volumes:
-      - ./:/opt/app-root/src:rw
+      - ./:/opt/app:rw
       - ./secrets:/run/secrets:ro
     secrets:
       - source: SSH_KEY 
-        target: /opt/app/src/.ssh/id_rsa
+        target: /opt/app/.ssh/id_rsa
         uid: "40061"
         gid: "40061"
         mode: 0400
 
 secrets:
   SSH_KEY:
     file: secrets/SSH_KEY
-
-version: "3.8"