Merge pull request #96 from cyber-dojo/infra-update

Infra update

.github/workflows/main.yml

@@ -183,7 +183,7 @@ jobs:
       id-token: write
       contents: write
     outputs:
-      artifact_digest: ${{ steps.variables.outputs.artifact_digest }}
+      digest: ${{ steps.variables.outputs.digest }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -224,11 +224,11 @@ jobs:
           path: ${{ env.IMAGE_TAR_FILENAME }}
           key: ${{ env.IMAGE_NAME }}
 
-      - name: Make Artifact fingerprint available to following jobs
+      - name: Make image digest available to following jobs
         id: variables
         run: |
-          FINGERPRINT=$(echo ${{ steps.docker_build.outputs.digest }} | sed 's/.*://')          
-          echo "artifact_digest=${FINGERPRINT}" >> ${GITHUB_OUTPUT}
+          DIGEST=$(echo ${{ steps.docker_build.outputs.digest }} | sed 's/.*://')          
+          echo "digest=${DIGEST}" >> ${GITHUB_OUTPUT}
 
       - name: Setup Kosli CLI
         if: ${{ github.ref == 'refs/heads/main' }}
@@ -249,7 +249,7 @@ jobs:
     needs: [setup, build-image]
     env:
       IMAGE_NAME:        ${{ needs.setup.outputs.image_name }}
-      KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.artifact_digest }}
+      KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.digest }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -302,7 +302,7 @@ jobs:
     needs: [setup, build-image]
     env:
       IMAGE_NAME:        ${{ needs.setup.outputs.image_name }}
-      KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.artifact_digest }}
+      KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.digest }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -355,7 +355,7 @@ jobs:
     needs: [setup, build-image]
     env:
       IMAGE_NAME: ${{ needs.setup.outputs.image_name }}
-      KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.artifact_digest }}
+      KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.digest }}
       SARIF_FILENAME: snyk.container.scan.json
     steps:
       - uses: actions/checkout@v4
@@ -402,7 +402,7 @@ jobs:
     needs: [setup, build-image, pull-request, rubocop-lint, unit-tests, integration-tests, snyk-container-scan, snyk-code-scan]
     env:
       IMAGE_NAME:        ${{ needs.setup.outputs.image_name }}
-      KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.artifact_digest }}
+      KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.digest }}
     steps:
       - name: Setup Kosli CLI
         uses: kosli-dev/setup-cli-action@v2
@@ -419,7 +419,7 @@ jobs:
     runs-on: ubuntu-latest
     env:
       IMAGE_NAME:        ${{ needs.setup.outputs.image_name }}
-      KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.artifact_digest }}
+      KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.digest }}
     environment:
       name: staging
       url: https://beta.cyber-dojo.org
@@ -442,10 +442,10 @@ jobs:
 
 
   deploy-to-beta:
-    needs: [setup, approve-deployment-to-beta]
+    needs: [setup, build-image, approve-deployment-to-beta]
     uses: ./.github/workflows/sub_deploy_to_beta.yml
     with:
-      IMAGE_TAG: ${{ needs.setup.outputs.image_tag }}
+      IMAGE_TAG: ${{ needs.setup.outputs.image_tag }}@sha256:${{ needs.build-image.outputs.digest }}
     secrets:
       KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
 
@@ -455,7 +455,7 @@ jobs:
     runs-on: ubuntu-latest
     env:
       IMAGE_NAME:        ${{ needs.setup.outputs.image_name }}
-      KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.artifact_digest }}
+      KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.digest }}
     environment:
       name: production
       url: https://cyber-dojo.org
@@ -478,10 +478,10 @@ jobs:
 
 
   deploy-to-prod:
-    needs: [setup, approve-deployment-to-prod]
+    needs: [setup, build-image, approve-deployment-to-prod]
     uses: ./.github/workflows/sub_deploy_to_prod.yml
     with:
-      IMAGE_TAG: ${{ needs.setup.outputs.image_tag }}
+      IMAGE_TAG: ${{ needs.setup.outputs.image_tag }}@sha256:${{ needs.build-image.outputs.digest }}
     secrets:
       KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
 

bin/build_image.sh

@@ -59,9 +59,9 @@ build_image()
   echo
   echo "Building with --build-args"
   echo "  COMMIT_SHA=${COMMIT_SHA}"
-  echo "  BASE_IMAGE=${CYBER_DOJO_RUNNER_BASE_IMAGE}"
+  echo "  BASE_IMAGE=${BASE_IMAGE}"
   echo "To change this run:"
-  echo "$ COMMIT_SHA=... CYBER_DOJO_RUNNER_BASE_IMAGE=cyberdojo/docker-base:... make image_${type}"
+  echo "$ COMMIT_SHA=... BASE_IMAGE=cyberdojo/docker-base:d6830c0@sha256:4be745d... make image_${type}"
   echo
 
   docker compose build server

bin/lib.sh

@@ -5,7 +5,7 @@ echo_base_image()
 {
   local -r json="$(curl --fail --silent --request GET https://beta.cyber-dojo.org/runner/base_image)"
   echo "${json}" | jq -r '.base_image'
-  #echo cyberdojo/docker-base:d6830c0
+  # echo cyberdojo/docker-base:d6830c0@sha256:4be745df921403085fd2626b1013707352d81a1a943b2cc8c198300246d6f6f7
 }
 
 echo_env_vars()
@@ -19,11 +19,11 @@ echo_env_vars()
   # Get identities of dependent services from versioner
   docker run --rm cyberdojo/versioner
   export $(docker run --rm cyberdojo/versioner)
-  echo "CYBER_DOJO_LANGUAGES_START_POINTS=${CYBER_DOJO_LANGUAGES_START_POINTS_IMAGE}:${CYBER_DOJO_LANGUAGES_START_POINTS_TAG}"
+  echo "CYBER_DOJO_LANGUAGES_START_POINTS=${CYBER_DOJO_LANGUAGES_START_POINTS_IMAGE}:${CYBER_DOJO_LANGUAGES_START_POINTS_TAG}@sha256:${CYBER_DOJO_LANGUAGES_START_POINTS_DIGEST}"
 
   # Set env-vars for this repos runner service
-  if [[ ! -v CYBER_DOJO_RUNNER_BASE_IMAGE ]] ; then
-    echo CYBER_DOJO_RUNNER_BASE_IMAGE="$(echo_base_image)"  # --build-arg
+  if [[ ! -v BASE_IMAGE ]] ; then
+    echo BASE_IMAGE="$(echo_base_image)"  # --build-arg
   fi
   if [[ ! -v COMMIT_SHA ]] ; then
     local -r sha="$(cd "${ROOT_DIR}" && git rev-parse HEAD)"

docker-compose.yml

@@ -6,7 +6,7 @@ services:
       context: source/client
       args:
         - COMMIT_SHA
-        - BASE_IMAGE=${CYBER_DOJO_RUNNER_BASE_IMAGE}
+        - BASE_IMAGE=${BASE_IMAGE}
     image: ${CYBER_DOJO_RUNNER_CLIENT_IMAGE}:${CYBER_DOJO_RUNNER_TAG}
     user: ${CYBER_DOJO_RUNNER_CLIENT_USER}
     container_name: ${CYBER_DOJO_RUNNER_CLIENT_CONTAINER_NAME}
@@ -15,7 +15,7 @@ services:
     env_file: [ .env ]
     environment:
       - CONTEXT=client
-      - SHOW_TEST_IDS=false
+      - SHOW_TEST_IDS=true
     read_only: true
     restart: no
     tmpfs: /tmp
@@ -27,7 +27,7 @@ services:
       context: .
       args:
         - COMMIT_SHA
-        - BASE_IMAGE=${CYBER_DOJO_RUNNER_BASE_IMAGE}
+        - BASE_IMAGE=${BASE_IMAGE}
     image: ${CYBER_DOJO_RUNNER_IMAGE}:${CYBER_DOJO_RUNNER_TAG}
     user: ${CYBER_DOJO_RUNNER_SERVER_USER}
     container_name: ${CYBER_DOJO_RUNNER_SERVER_CONTAINER_NAME}