docker.yaml

# Build, test and push InvenTree docker image
# This workflow runs under any of the following conditions:
#
# - Push to the master branch
# - Publish release
#
# The following actions are performed:
#
# - Check that the version number matches the current branch or tag
# - Build the InvenTree docker image
# - Run suite of unit tests against the build image
# - Push the compiled, tested image to dockerhub

name: Docker

on:
  release:
    types: [published]

  push:
    branches:
      - "master"
  pull_request:
    branches:
      - "master"

permissions:
  contents: read

jobs:
  paths-filter:
    permissions:
      contents: read # for dorny/paths-filter to fetch a list of changed files
      pull-requests: read # for dorny/paths-filter to read pull requests
    name: Filter
    runs-on: ubuntu-latest

    outputs:
      docker: ${{ steps.filter.outputs.docker }}

    steps:
      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin@v4.2.1
      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # pin@v3.0.2
        id: filter
        with:
          filters: |
            docker:
              - .github/workflows/docker.yaml
              - contrib/container/**
              - src/backend/InvenTree/InvenTree/settings.py
              - src/backend/requirements.txt
              - tasks.py

  # Build the docker image
  build:
    needs: paths-filter
    if: needs.paths-filter.outputs.docker == 'true' || github.event_name == 'release' || github.event_name == 'push'
    permissions:
      contents: read
      packages: write
      id-token: write
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      python_version: "3.11"
    runs-on: ubuntu-latest # in the future we can try to use alternative runners here

    steps:
      - name: Check out repo
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin@v4.2.1
      - name: Set Up Python ${{ env.python_version }}
        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # pin@v5.2.0
        with:
          python-version: ${{ env.python_version }}
      - name: Version Check
        run: |
          pip install --require-hashes -r contrib/dev_reqs/requirements.txt
          python3 .github/scripts/version_check.py
          echo "git_commit_hash=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
          echo "git_commit_date=$(git show -s --format=%ci)" >> $GITHUB_ENV
      - name: Test Docker Image
        id: test-docker
        run: |
          docker build . --target production --tag inventree-test -f contrib/container/Dockerfile
          docker run --rm inventree-test invoke --version
          docker run --rm inventree-test invoke --list
          docker run --rm inventree-test gunicorn --version
          docker run --rm inventree-test pg_dump --version
          docker run --rm inventree-test test -f /home/inventree/init.sh
          docker run --rm inventree-test test -f /home/inventree/tasks.py
          docker run --rm inventree-test test -f /home/inventree/gunicorn.conf.py
          docker run --rm inventree-test test -f /home/inventree/src/backend/requirements.txt
          docker run --rm inventree-test test -f /home/inventree/src/backend/InvenTree/manage.py
      - name: Build Docker Image
        # Build the development docker image (using docker-compose.yml)
        run: docker compose --project-directory . -f contrib/container/dev-docker-compose.yml build --no-cache
      - name: Update Docker Image
        run: |
          docker compose --project-directory . -f contrib/container/dev-docker-compose.yml run inventree-dev-server invoke install
          docker compose --project-directory . -f contrib/container/dev-docker-compose.yml run inventree-dev-server invoke update
          docker compose --project-directory . -f contrib/container/dev-docker-compose.yml run inventree-dev-server invoke dev.setup-dev
          docker compose --project-directory . -f contrib/container/dev-docker-compose.yml up -d
          docker compose --project-directory . -f contrib/container/dev-docker-compose.yml run inventree-dev-server invoke wait
      - name: Check Data Directory
        # The following file structure should have been created by the docker image
        run: |
          test -d data
          test -d data/env
          test -d data/pgdb
          test -d data/media
          test -d data/static
          test -d data/plugins
          test -f data/config.yaml
          test -f data/plugins.txt
          test -f data/secret_key.txt
      - name: Run Unit Tests
        run: |
          echo "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> contrib/container/docker.dev.env
          docker compose --project-directory . -f contrib/container/dev-docker-compose.yml run --rm inventree-dev-server invoke dev.test --disable-pty
      - name: Run Migration Tests
        run: |
          docker compose --project-directory . -f contrib/container/dev-docker-compose.yml run --rm inventree-dev-server invoke dev.test --migrations
      - name: Clean up test folder
        run: |
          rm -rf InvenTree/_testfolder
      - name: Set up QEMU
        if: github.event_name != 'pull_request'
        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # pin@v3.2.0
      - name: Set up Docker Buildx
        if: github.event_name != 'pull_request'
        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # pin@v3.7.1
      - name: Set up cosign
        if: github.event_name != 'pull_request'
        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # pin@v3.7.0
      - name: Check if Dockerhub login is required
        id: docker_login
        run: |
          if [ -z "${{ secrets.DOCKER_USERNAME }}" ]; then
            echo "skip_dockerhub_login=true" >> $GITHUB_OUTPUT
          else
            echo "skip_dockerhub_login=false" >> $GITHUB_OUTPUT
          fi
      - name: Login to Dockerhub
        if: github.event_name != 'pull_request' && steps.docker_login.outputs.skip_dockerhub_login != 'true'
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pin@v3.3.0
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Log into registry ghcr.io
        if: github.event_name != 'pull_request'
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pin@v3.3.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract Docker metadata
        if: github.event_name != 'pull_request'
        id: meta
        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # pin@v5.5.1
        with:
          images: |
            inventree/inventree
            ghcr.io/${{ github.repository }}

      - name: Push Docker Images
        id: push-docker
        if: github.event_name != 'pull_request'
        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # pin@v6.9.0
        with:
          context: .
          file: ./contrib/container/Dockerfile
          platforms: linux/amd64,linux/arm64
          push: true
          sbom: true
          provenance: false
          target: production
          tags: ${{ env.docker_tags }}
          build-args: |
            commit_hash=${{ env.git_commit_hash }}
            commit_date=${{ env.git_commit_date }}