PMW-46: make it possible to push (tagged) images using Maven

as noted in the pom file some developer environment setup is required
B3Partners · Jan 14, 2025 · 5f56b2e · 5f56b2e
1 parent 7e64ece
commit 5f56b2e
Show file tree

Hide file tree

Showing 6 changed files with 42 additions and 21 deletions.
diff --git a/.github/maven-settings.xml b/.github/maven-settings.xml
@@ -17,6 +17,19 @@
         </server>
     </servers>
     <mirrors/>
-    <profiles/>
-    <activeProfiles/>
+    <profiles>
+        <profile>
+            <id>docker-deploy</id>
+            <activation>
+                <activeByDefault>true</activeByDefault>
+            </activation>
+            <properties>
+                <docker.deploy-username>${env.GITHUB_ACTOR}</docker.deploy-username>
+                <docker.deploy-password>${env.GITHUB_TOKEN}</docker.deploy-password>
+            </properties>
+        </profile>
+    </profiles>
+    <activeProfiles>
+        <activeProfile>docker-deploy</activeProfile>
+    </activeProfiles>
 </settings>
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -2,7 +2,7 @@ name: "CodeQL"
 
 env:
   MAVEN_OPTS: -Djava.awt.headless=true
-  MAVEN_VERSION: '3.9.7'
+  MAVEN_VERSION: '3.9.9'
 
 concurrency: # More info: https://stackoverflow.com/a/68422069/253468
   group: ${{ github.workflow }}-${{ ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/release' ) && format('ci-master-{0}', github.sha) || format('ci-master-{0}', github.ref) }}

diff --git a/.github/workflows/owasp-dependency-check.yml b/.github/workflows/owasp-dependency-check.yml
@@ -2,7 +2,7 @@ name: OWASP
 
 env:
   MAVEN_OPTS: -Djava.awt.headless=true
-  MAVEN_VERSION: '3.9.7'
+  MAVEN_VERSION: '3.9.9'
 
 concurrency:
   # More info: https://stackoverflow.com/a/68422069/253468

diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml
@@ -2,7 +2,7 @@ name: 'Ubuntu QA Maven build'
 
 env:
   MAVEN_OPTS: -Djava.awt.headless=true
-  MAVEN_VERSION: '3.9.7'
+  MAVEN_VERSION: '3.9.9'
 
 concurrency:
   # More info: https://stackoverflow.com/a/68422069/253468

diff --git a/.github/workflows/ubuntu-maven.yml b/.github/workflows/ubuntu-maven.yml
@@ -6,7 +6,7 @@ concurrency: # More info: https://stackoverflow.com/a/68422069/253468
 
 env:
   MAVEN_OPTS: -Djava.awt.headless=true
-  MAVEN_VERSION: '3.9.7'
+  MAVEN_VERSION: '3.9.9'
 
 on:
   push:
@@ -129,16 +129,13 @@ jobs:
 
       - name: Build and Push
         # no need to run any QC or tests
-        # note deploy will deploy both Maven artifact as well as Docker image
+        # note deploy will deploy both Maven artifact and Docker image
         env:
           B3P_DEPLOY_ACTOR: ${{ secrets.B3P_DEPLOY_ACTOR }}
           B3P_DEPLOY_TOKEN: ${{ secrets.B3P_DEPLOY_TOKEN }}
           GITHUB_ACTOR: ${{ secrets.GITHUB_ACTOR }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          docker run --privileged --rm tonistiigi/binfmt --install arm64
-          mvn -B -V -fae -DskipTests -DskipITs -DskipQA=true -Pqa-skip clean deploy --settings .github/maven-settings.xml
-          docker push ghcr.io/b3partners/planmonitor-wonen-api:snapshot
+        run: mvn -B -V -fae -DskipTests -DskipITs -DskipQA=true -Ddocker.publish=true -Pqa-skip clean deploy --settings .github/maven-settings.xml
 
 
   cleanup:

diff --git a/pom.xml b/pom.xml
@@ -143,6 +143,9 @@ SPDX-License-Identifier: MIT
         <docker.deploy.repo>ghcr.io</docker.deploy.repo>
         <docker.skip>false</docker.skip>
         <docker.pull.policy>ALWAYS</docker.pull.policy>
+        <docker.publish>false</docker.publish>
+        <docker.image.name>${docker.deploy.repo}/b3partners/${project.artifactId}:snapshot</docker.image.name>
+        <docker.image.tags />
         <!-- skip QA checks -->
         <skipQA>false</skipQA>
         <skipJavaDoc>false</skipJavaDoc>
@@ -445,11 +448,9 @@ SPDX-License-Identifier: MIT
                     <!--max attempts to check if application is up, default 60 -->
                     <maxAttempts>120</maxAttempts>
                     <image>
-                        <name>${docker.deploy.repo}/b3partners/${project.artifactId}:snapshot</name>
-                        <!-- TODO setup in release profile -->
-                        <!--<tags>${docker.deploy.repo}/b3partners/${project.artifactId}:latest</tags>-->
-                        <!-- TODO setup w/ true in release profile to push image -->
-                        <publish>false</publish>
+                        <name>${docker.image.name}</name>
+                        <tags>${docker.image.tags}</tags>
+                        <publish>${docker.publish}</publish>
                         <env>
                             <BP_OCI_SOURCE>${project.scm.url}</BP_OCI_SOURCE>
                             <!--suppress UnresolvedMavenProperty -->
@@ -467,9 +468,15 @@ SPDX-License-Identifier: MIT
                     </layers>
                     <docker>
                         <publishRegistry>
-                            <!-- TODO setup in release profile; it seems this plugin cannot use a pre-existing repo login/session from the user profile-->
-                            <!--    <username>${docker.publish.username}</username>-->
-                            <!--    <password>${docker.publish.password}</password>-->
+                            <!--
+                            This assumes you have a profile in your settings.xml that has the credentials for
+                            the relevant repo ( ${docker.deploy.repo} ). See the example in .mvn/settings.xml
+
+                            Create a personal access token at https://github.com/settings/tokens with
+                            'delete:packages' and 'write:packages' permissions and use that as password.
+                            -->
+                            <username>${docker.deploy-username}</username>
+                            <password>${docker.deploy-password}</password>
                         </publishRegistry>
                     </docker>
                 </configuration>
@@ -910,7 +917,7 @@ SPDX-License-Identifier: MIT
                     <title>Aggregate Test Coverage</title>
                     <outputDirectory>${project.reporting.outputDirectory}/jacoco</outputDirectory>
                     <dataFileIncludes>
-                        <!-- this has merged test and integrationtest coverage -->
+                        <!-- this has merged test and integration test coverage -->
                         <dataFileInclude>${project.build.directory}/jacoco.exec</dataFileInclude>
                         <!-- NO! <dataFileInclude>${project.build.directory}/jacoco-it.exec</dataFileInclude>-->
                     </dataFileIncludes>
@@ -942,7 +949,11 @@ SPDX-License-Identifier: MIT
     <profiles>
         <profile>
             <id>release</id>
-            <properties />
+            <properties>
+                <docker.publish>true</docker.publish>
+                <docker.image.name>${docker.deploy.repo}/b3partners/${project.artifactId}:${project.version}</docker.image.name>
+                <docker.image.tags>${docker.deploy.repo}/b3partners/${project.artifactId}:latest</docker.image.tags>
+            </properties>
         </profile>
     </profiles>
 </project>