From 5078b863c6339526bfcde93264afc3291b0458ab Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Mon, 7 Mar 2022 16:08:17 +0100
Subject: [PATCH] ci: build and test docker image

This adds a new workflow performing these steps:
- A development docker image is built and pushed to GHCR as
  'hedgedoc-ci' labeled with the commit hash
- Tests are run with the image
- If the tests are successful, a production image is built and
  pushed to GHCR as 'hedgedoc' labeled with the branch, version tag
  if available and the commit hash

At a later time, the built dev image can also be used to run E2E tests
with the other supported databases. Currently, this is not yet possible,
as the database is always expected to run on localhost, not other hosts.

Signed-off-by: David Mehren <git@herrmehren.de>
---
 .github/workflows/docker.yml | 90 ++++++++++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 .github/workflows/docker.yml

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
new file mode 100644
index 000000000..73b310dcc
--- /dev/null
+++ b/.github/workflows/docker.yml
@@ -0,0 +1,90 @@
+# SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
+#
+# SPDX-License-Identifier: AGPL-3.0-only
+
+name: Docker
+
+on:
+  push:
+    branches: [ develop ]
+  pull_request:
+    branches: [ develop ]
+
+jobs:
+  build-dev:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to GHCR
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build dev image
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          file: docker/Dockerfile
+          tags: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}-ci:${{ github.sha }}
+          target: development
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  sqlite-test:
+    runs-on: ubuntu-latest
+    needs: [build-dev]
+    container:
+      image: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}-ci:${{ github.sha }}
+    steps:
+      - run: cd /usr/src/app && yarn run test
+
+  sqlite-e2e:
+    runs-on: ubuntu-latest
+    needs: [build-dev]
+    container:
+      image: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}-ci:${{ github.sha }}
+    steps:
+      - run: cd /usr/src/app && yarn run test:e2e
+
+  build-prod:
+    runs-on: ubuntu-latest
+    needs: [sqlite-test, sqlite-e2e]
+    steps:
+      - name: Generate Docker metadata
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
+          tags: |
+            type=ref,event=branch
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to GHCR
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          file: docker/Dockerfile
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max