GeoMop · jbrezmorf · Aug 28, 2025 · Aug 28, 2025 · Aug 31, 2025 · Aug 31, 2025
@@ -0,0 +1,52 @@
+name: Containerize application
+description: Build and optionally push a container image
+inputs:
+  registry:
+    description: Container registry (e.g., docker.io, ghcr.io, etc.)
+    required: false
+    default: docker.io
+  repository:
+    description: Container repository (e.g., username/repo)
+    required: true
+  tag:
+    description: Tag for the container image
+    required: true
+  containerfile-path:
+    description: Path to the Dockerfile
+    required: false
+    default: oci/Containerfile
+  push:
+    description: Whether to push the container image
+    required: false
+    default: "false"
+  extra-build-args:
+    description: Build arguments for the container build (key=value pairs, comma-separated)
+    required: false
+    default: ""
+  registry-username:
+    description: Username for the container registry (if pushing)
+    required: true
+  registry-password:
+    description: Password for the container registry (if pushing)
+    required: true
+  working-directory:
+    description: The working directory to run the action in
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Login to registry
+      shell: bash
+      if: ${{ inputs.push }} == 'true'
+      run: buildah login -u ${{ inputs.registry-username }} -p "${{ inputs.registry-password }}" ${{ inputs.registry }}
+    - name: Build container file
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      run: buildah build -t ${{ inputs.registry }}/${{ inputs.repository }}:${{ inputs.tag }} ${{ inputs.extra-build-args }} -f ${{ inputs.containerfile-path }} .
+    - name: Push container image
+      shell: bash
+      if: ${{ inputs.push }} == 'true'
+      run: |
+        buildah push ${{ inputs.registry }}/${{ inputs.repository }}:${{ inputs.tag }} docker://${{ inputs.registry }}/${{ inputs.repository }}:${{ inputs.tag }}
+        buildah logout ${{ inputs.registry }}
@@ -0,0 +1,25 @@
+name: Helm Lint
+description: Lint a Helm chart
+inputs:
+  working-directory:
+    description: The working directory to run the action in
+    required: true
+  chart:
+    description: Path to the Helm chart to lint
+    required: false
+    default: .
+  values:
+    description: Additional values to pass to helm lint command
+    required: false
+    default: ""
+runs:
+  using: "composite"
+  steps:
+    - name: Lint helm chart
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      run: helm lint ${{ inputs.chart }} --strict ${{ inputs.values }} > /dev/null
+    - name: Template helm chart
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      run: helm template chart ${{ inputs.chart }} ${{ inputs.values }} > /dev/null
@@ -0,0 +1,33 @@
+name: Dashboard - pull request
+on:
+  pull_request:
+    branches:
+      - "**"
+jobs:
+  get-changed-files:
+    name: Get changed file
+    runs-on: ubuntu-latest
+    outputs:
+      any-changed: ${{ steps.changed.outputs.any_changed }}
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}-get-changed-files
+      cancel-in-progress: true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Check if Dashboard files were changed
+        id: changed
+        uses: tj-actions/changed-files@v45
+        with:
+          files: |
+            app/databuk/dashboard/**
+  build:
+    name: Build and lint dashboard
+    needs:
+      - get-changed-files
+    if: ${{ needs.get-changed-files.outputs.any-changed }} == 'true'
+    uses: ./.github/workflows/dashboard-reusable-workflow.yaml
+    with:
+      tag: generate
+      deploy: false
+    secrets: inherit
@@ -0,0 +1,33 @@
+name: Dashboard - push main
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+jobs:
+  get-changed-files:
+    name: Get changed file
+    runs-on: ubuntu-latest
+    outputs:
+      any-changed: ${{ steps.changed.outputs.any_changed }}
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}-get-changed-files
+      cancel-in-progress: true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Check if Dashboard files were changed
+        id: changed
+        uses: tj-actions/changed-files@v45
+        with:
+          files: |
+            app/databuk/dashboard/**
+  build-and-deploy:
+    uses: ./.github/workflows/dashboard-reusable-workflow.yaml
+    needs:
+      - get-changed-files
+    if: always() && ( github.event_name == 'push' || needs.get-changed-files.outputs.any-changed == 'true' )
+    with:
+      tag: generate
+      deploy: true
+    secrets: inherit
@@ -0,0 +1,176 @@
+name: Dashboard - reusable workflow
+on:
+  workflow_call:
+    inputs:
+      tag:
+        description: The tag to use for the container image
+        required: false
+        type: string
+        default: generate
+      deploy:
+        description: Whether to deploy the Helm chart
+        required: false
+        type: boolean
+        default: false
+jobs:
+  get-version-tag:
+    name: Get version tag
+    runs-on: ubuntu-latest
+    outputs:
+      version-tag: ${{ steps.get_version_tag.outputs.version-tag }}
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}-get-version-tag
+      cancel-in-progress: true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Get version tag
+        id: get_version_tag
+        run: |
+          if [[ ${{ inputs.tag }} == "generate" ]]; then
+            echo "version-tag=ci-$(git rev-parse --short=7 HEAD)" >> $GITHUB_OUTPUT
+          else
+            echo "version-tag=${{ inputs.tag }}" >> $GITHUB_OUTPUT
+          fi
+  containerize-backend:
+    name: Containerize backend
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/buildah/stable:v1.35.4
+      options: --privileged
+    needs:
+      - get-version-tag
+    defaults:
+      run:
+        working-directory: app/databuk/dashboard
+    concurrency:
+      group: "${{ github.workflow }}-${{ github.ref }}-containerize-backend"
+      cancel-in-progress: true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Containerize
+        uses: ./.github/actions/containerize
+        with:
+          repository: jbrezmorf/zarr-fuse-dashboard-backend
+          tag: ${{ needs.get-version-tag.outputs.version-tag }}
+          containerfile-path: oci/Containerfile.backend
+          push: true
+          registry-username: ${{ vars.DOCKER_USERNAME }}
+          registry-password: ${{ secrets.DOCKER_PASSWORD }}
+          working-directory: app/databuk/dashboard
+  build-frontend:
+    name: Build frontend
+    runs-on: ubuntu-latest
+    container:
+      image: docker.io/node:24.8.0-trixie-slim
+    needs:
+      - get-version-tag
+    defaults:
+      run:
+        working-directory: app/databuk/dashboard
+    concurrency:
+      group: "${{ github.workflow }}-${{ github.ref }}-build-frontend"
+      cancel-in-progress: true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install dependencies
+        run: npm ci
+      - name: Build frontend
+        env:
+          VITE_API_URL: "https://zarr-fuse-dashboard.dyn.cloud.e-infra.cz"
+        run: npm run build
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: dashboard-frontend
+          path: app/databuk/dashboard/dist
+          if-no-files-found: error
+  containerize-frontend:
+    name: Containerize frontend
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/buildah/stable:v1.35.4
+      options: --privileged
+    needs:
+      - get-version-tag
+      - build-frontend
+    defaults:
+      run:
+        working-directory: app/databuk/dashboard
+    concurrency:
+      group: "${{ github.workflow }}-${{ github.ref }}-containerize-frontend"
+      cancel-in-progress: true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: dashboard-frontend
+          path: app/databuk/dashboard/dist
+      - name: Containerize
+        uses: ./.github/actions/containerize
+        with:
+          repository: jbrezmorf/zarr-fuse-dashboard-frontend
+          tag: ${{ needs.get-version-tag.outputs.version-tag }}
+          containerfile-path: oci/Containerfile.frontend
+          push: true
+          registry-username: ${{ vars.DOCKER_USERNAME }}
+          registry-password: ${{ secrets.DOCKER_PASSWORD }}
+          working-directory: app/databuk/dashboard
+  lint-helm-chart:
+    name: Lint dashboard Helm chart
+    runs-on: ubuntu-latest
+    container:
+      image: docker.io/alpine/k8s:1.29.14
+    defaults:
+      run:
+        working-directory: app/databuk/dashboard/charts/dashboard
+    concurrency:
+      group: "${{ github.workflow }}-${{ github.ref }}-lint-helm-chart"
+      cancel-in-progress: true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Lint helm chart
+        uses: ./.github/actions/helm-lint
+        with:
+          working-directory: app/databuk/dashboard/charts/dashboard
+  deploy:
+    name: Deploy dashboard to e-infra rancher
+    runs-on: ubuntu-latest
+    if: ${{ inputs.deploy }}
+    container:
+      image: docker.io/alpine/k8s:1.29.14
+    needs:
+      - lint-helm-chart
+      - get-version-tag
+      - containerize-backend
+      - containerize-frontend
+    env:
+      KUBECONFIG: ./kubeconfig.yaml
+    defaults:
+      run:
+        working-directory: app/databuk/dashboard/charts
+    concurrency:
+      group: "${{ github.workflow }}-${{ github.ref }}-deploy"
+      cancel-in-progress: false
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Decode kubeconfig
+        run: echo "${{ secrets.KUBECONFIG }}" | base64 -d > kubeconfig.yaml && chmod 600 kubeconfig.yaml
+      - name: Ensure that the namespace exists
+        run: kubectl create namespace --dry-run=client -o yaml zarr-fuse-dashboard
+      - name: Set context
+        run: kubectl config set-context --current --namespace=zarr-fuse-dashboard
+      - name: Deploy app
+        run: |
+          helm upgrade dashboard dashboard \
+          --install --atomic --timeout 10m --namespace zarr-fuse-dashboard \
+          --set backend.image.tag="${{ needs.get-version-tag.outputs.version-tag }}" \
+          --set frontend.image.tag="${{ needs.get-version-tag.outputs.version-tag }}" \
+          --set backend.secrets.s3.accessKey="${{ secrets.S3_ACCESS_KEY }}" \
+          --set backend.secrets.s3.secretKey="${{ secrets.S3_SECRET_KEY }}"
@@ -2,15 +2,15 @@ name: Ingress server - pull request
 on:
   pull_request:
     branches:
-      - "*"
+      - "**"
 jobs:
   get-changed-files:
     name: Get changed file
     runs-on: ubuntu-latest
     outputs:
       any-changed: ${{ steps.changed.outputs.any_changed }}
     concurrency:
-      group: ${{ github.head_ref }}-${{ github.ref_name }}-get-changed-files
+      group: ${{ github.workflow }}-${{ github.ref }}-get-changed-files
       cancel-in-progress: true
     steps:
       - name: Checkout
@@ -20,7 +20,6 @@ jobs:
         uses: tj-actions/changed-files@v45
         with:
           files: |
-            charts/ingress-server/**
             app/databuk/ingress_server/**
   build:
     name: Build and deploy ingress server
@@ -29,8 +28,7 @@ jobs:
     if: ${{ needs.get-changed-files.outputs.any-changed }} == 'true'
     uses: ./.github/workflows/ingress-server-reusable-workflow.yaml
     with:
-      push-container: true
-      deploy-helm-chart: true
+      deploy: true
       tag: generate
       namespace: ingress-server-development
       release-name: ingress-server-development

@@ -11,7 +11,7 @@ jobs:
     outputs:
       any-changed: ${{ steps.changed.outputs.any_changed }}
     concurrency:
-      group: ${{ github.head_ref }}-${{ github.ref_name }}-get-changed-files
+      group: ${{ github.workflow }}-${{ github.ref }}-get-changed-files
       cancel-in-progress: true
     steps:
       - name: Checkout
@@ -26,10 +26,9 @@ jobs:
     uses: ./.github/workflows/ingress-server-reusable-workflow.yaml
     needs:
       - get-changed-files
-    if: always() && github.event_name == 'push' || needs.get-changed-files.outputs.any-changed == 'true'
+    if: always() && ( github.event_name == 'push' || needs.get-changed-files.outputs.any-changed == 'true' )
     with:
-      push-container: true
-      deploy-helm-chart: true
+      deploy: true
       tag: generate
       namespace: ingress-server-latest
       release-name: ingress-server-latest