Merge pull request #14237 from Budibase/fix/lock-ci-image-sha

Lock CI images to specific SHAs
This commit is contained in:
Michael Drury 2024-07-24 18:14:56 +01:00 committed by GitHub
commit 30e479242e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 49 additions and 17 deletions

View File

@ -108,7 +108,7 @@ jobs:
- name: Pull testcontainers images
run: |
docker pull testcontainers/ryuk:0.5.1 &
docker pull budibase/couchdb:v3.2.1-sqs &
docker pull budibase/couchdb:v3.3.3 &
docker pull redis &
wait $(jobs -p)
@ -162,17 +162,23 @@ jobs:
node-version: 20.x
cache: yarn
- name: Load dotenv
id: dotenv
uses: falti/dotenv-action@v1.1.3
with:
path: ./packages/server/datasource-sha.env
- name: Pull testcontainers images
run: |
docker pull mcr.microsoft.com/mssql/server:2022-CU13-ubuntu-22.04 &
docker pull mysql:8.3 &
docker pull postgres:16.1-bullseye &
docker pull mongo:7.0-jammy &
docker pull mariadb:lts &
docker pull testcontainers/ryuk:0.5.1 &
docker pull budibase/couchdb:v3.2.1-sqs &
docker pull mcr.microsoft.com/mssql/server@${{ steps.dotenv.outputs.MSSQL_SHA }} &
docker pull mysql@${{ steps.dotenv.outputs.MYSQL_SHA }} &
docker pull postgres@${{ steps.dotenv.outputs.POSTGRES_SHA }} &
docker pull mongo@${{ steps.dotenv.outputs.MONGODB_SHA }} &
docker pull mariadb@${{ steps.dotenv.outputs.MARIADB_SHA }} &
docker pull minio/minio &
docker pull redis &
docker pull testcontainers/ryuk:0.5.1 &
docker pull budibase/couchdb:v3.3.3 &
wait $(jobs -p)

View File

@ -46,7 +46,7 @@ export default async function setup() {
await killContainers(containers)
try {
const couchdb = new GenericContainer("budibase/couchdb:v3.2.1-sqs")
const couchdb = new GenericContainer("budibase/couchdb:v3.3.3")
.withExposedPorts(5984, 4984)
.withEnvironment({
COUCHDB_PASSWORD: "budibase",

View File

@ -0,0 +1,5 @@
MSSQL_SHA=sha256:c4369c38385eba011c10906dc8892425831275bb035d5ce69656da8e29de50d8
MYSQL_SHA=sha256:9de9d54fecee6253130e65154b930978b1fcc336bcc86dfd06e89b72a2588ebe
POSTGRES_SHA=sha256:bd0d8e485d1aca439d39e5ea99b931160bd28d862e74c786f7508e9d0053090e
MONGODB_SHA=sha256:afa36bca12295b5f9dae68a493c706113922bdab520e901bd5d6c9d7247a1d8d
MARIADB_SHA=sha256:e59ba8783bf7bc02a4779f103bb0d8751ac0e10f9471089709608377eded7aa8

View File

@ -0,0 +1,13 @@
import dotenv from "dotenv"
import { join } from "path"
const path = join(__dirname, "..", "..", "..", "..", "datasource-sha.env")
dotenv.config({
path,
})
export const MSSQL_IMAGE = `mcr.microsoft.com/mssql/server@${process.env.MSSQL_SHA}`
export const MYSQL_IMAGE = `mysql@${process.env.MYSQL_SHA}`
export const POSTGRES_IMAGE = `postgres@${process.env.POSTGRES_SHA}`
export const MONGODB_IMAGE = `mongo@${process.env.MONGODB_SHA}`
export const MARIADB_IMAGE = `mariadb@${process.env.MARIADB_SHA}`

View File

@ -1,3 +1,4 @@
import "./images"
import { Datasource, SourceName } from "@budibase/types"
import * as postgres from "./postgres"
import * as mongodb from "./mongodb"
@ -67,7 +68,11 @@ export async function knexClient(ds: Datasource) {
export async function startContainer(container: GenericContainer) {
const imageName = (container as any).imageName.string as string
const key = imageName.replaceAll("/", "-").replaceAll(":", "-")
let key: string = imageName
if (imageName.includes("@sha256")) {
key = imageName.split("@")[0]
}
key = key.replaceAll("/", "-").replaceAll(":", "-")
container = container
.withReuse()

View File

@ -4,6 +4,7 @@ import { AbstractWaitStrategy } from "testcontainers/build/wait-strategies/wait-
import { generator, testContainerUtils } from "@budibase/backend-core/tests"
import { startContainer } from "."
import { knexClient } from "./mysql"
import { MARIADB_IMAGE } from "./images"
let ports: Promise<testContainerUtils.Port[]>
@ -27,7 +28,7 @@ class MariaDBWaitStrategy extends AbstractWaitStrategy {
export async function getDatasource(): Promise<Datasource> {
if (!ports) {
ports = startContainer(
new GenericContainer("mariadb:lts")
new GenericContainer(MARIADB_IMAGE)
.withExposedPorts(3306)
.withEnvironment({ MARIADB_ROOT_PASSWORD: "password" })
.withWaitStrategy(new MariaDBWaitStrategy())

View File

@ -2,13 +2,14 @@ import { generator, testContainerUtils } from "@budibase/backend-core/tests"
import { Datasource, SourceName } from "@budibase/types"
import { GenericContainer, Wait } from "testcontainers"
import { startContainer } from "."
import { MONGODB_IMAGE } from "./images"
let ports: Promise<testContainerUtils.Port[]>
export async function getDatasource(): Promise<Datasource> {
if (!ports) {
ports = startContainer(
new GenericContainer("mongo:7.0-jammy")
new GenericContainer(MONGODB_IMAGE)
.withExposedPorts(27017)
.withEnvironment({
MONGO_INITDB_ROOT_USERNAME: "mongo",

View File

@ -3,15 +3,14 @@ import { GenericContainer, Wait } from "testcontainers"
import { generator, testContainerUtils } from "@budibase/backend-core/tests"
import { startContainer } from "."
import knex from "knex"
import { MSSQL_IMAGE } from "./images"
let ports: Promise<testContainerUtils.Port[]>
export async function getDatasource(): Promise<Datasource> {
if (!ports) {
ports = startContainer(
new GenericContainer(
"mcr.microsoft.com/mssql/server:2022-CU13-ubuntu-22.04"
)
new GenericContainer(MSSQL_IMAGE)
.withExposedPorts(1433)
.withEnvironment({
ACCEPT_EULA: "Y",

View File

@ -4,6 +4,7 @@ import { AbstractWaitStrategy } from "testcontainers/build/wait-strategies/wait-
import { generator, testContainerUtils } from "@budibase/backend-core/tests"
import { startContainer } from "."
import knex from "knex"
import { MYSQL_IMAGE } from "./images"
let ports: Promise<testContainerUtils.Port[]>
@ -30,7 +31,7 @@ class MySQLWaitStrategy extends AbstractWaitStrategy {
export async function getDatasource(): Promise<Datasource> {
if (!ports) {
ports = startContainer(
new GenericContainer("mysql:8.3")
new GenericContainer(MYSQL_IMAGE)
.withExposedPorts(3306)
.withEnvironment({ MYSQL_ROOT_PASSWORD: "password" })
.withWaitStrategy(new MySQLWaitStrategy().withStartupTimeout(10000))

View File

@ -3,13 +3,14 @@ import { GenericContainer, Wait } from "testcontainers"
import { generator, testContainerUtils } from "@budibase/backend-core/tests"
import { startContainer } from "."
import knex from "knex"
import { POSTGRES_IMAGE } from "./images"
let ports: Promise<testContainerUtils.Port[]>
export async function getDatasource(): Promise<Datasource> {
if (!ports) {
ports = startContainer(
new GenericContainer("postgres:16.1-bullseye")
new GenericContainer(POSTGRES_IMAGE)
.withExposedPorts(5432)
.withEnvironment({ POSTGRES_PASSWORD: "password" })
.withWaitStrategy(