diff --git a/.github/workflows/_release-docker-dx-metrics-import-v1.yaml b/.github/workflows/_release-docker-dx-metrics-import-v1.yaml index b667131456..d5b9784144 100644 --- a/.github/workflows/_release-docker-dx-metrics-import-v1.yaml +++ b/.github/workflows/_release-docker-dx-metrics-import-v1.yaml @@ -5,6 +5,10 @@ on: push: branches: - main + # Path filters are not evaluated for tag pushes. + # Trigger image publication on project release tags as well. + tags: + - "dx-metrics-import@*" paths: - "apps/dx-metrics-import/package.json" - "packages/dx-metrics-core/**" @@ -26,6 +30,20 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Resolve Docker image name from Nx config + id: image_name + shell: bash + run: | + set -euo pipefail + + image_name=$(jq -r '.nx.release.docker.repositoryName // empty' apps/dx-metrics-import/package.json) + if [[ -z "$image_name" ]]; then + echo "::error::Missing nx.release.docker.repositoryName in apps/dx-metrics-import/package.json" + exit 1 + fi + + echo "image_name=$image_name" >> "$GITHUB_OUTPUT" + - name: Docker Build and Push uses: pagopa/dx/actions/docker-build-push@main env: @@ -33,7 +51,7 @@ jobs: with: dockerfile_path: ./apps/dx-metrics-import/Dockerfile dockerfile_context: . - docker_image_name: pagopa/dx-metrics-import + docker_image_name: ${{ steps.image_name.outputs.image_name }} docker_image_description: "Scheduled import job for the DX Metrics portal. Fetches GitHub engineering metrics and writes them to PostgreSQL." docker_image_authors: PagoPA build_platforms: linux/amd64 diff --git a/.github/workflows/_release-docker-dx-metrics-v1.yaml b/.github/workflows/_release-docker-dx-metrics-v1.yaml index 3a1874d7d7..ab994c1844 100644 --- a/.github/workflows/_release-docker-dx-metrics-v1.yaml +++ b/.github/workflows/_release-docker-dx-metrics-v1.yaml @@ -5,6 +5,10 @@ on: push: branches: - main + # Path filters are not evaluated for tag pushes. + # Trigger production deploys on project release tags as well. + tags: + - "dx-metrics@*" paths: - "apps/dx-metrics/package.json" - "packages/dx-metrics-core/**" @@ -16,8 +20,32 @@ permissions: attestations: write jobs: + resolve-image-name: + name: Resolve Docker Image Name + runs-on: ubuntu-latest + outputs: + image_name: ${{ steps.image_name.outputs.image_name }} + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Resolve Docker image name from Nx config + id: image_name + shell: bash + run: | + set -euo pipefail + + image_name=$(jq -r '.nx.release.docker.repositoryName // empty' apps/dx-metrics/package.json) + if [[ -z "$image_name" ]]; then + echo "::error::Missing nx.release.docker.repositoryName in apps/dx-metrics/package.json" + exit 1 + fi + + echo "image_name=$image_name" >> "$GITHUB_OUTPUT" + deploy: name: Deploy DX Metrics as Container App + needs: resolve-image-name concurrency: group: ${{ github.workflow }}-cd # Override this configuration to prevent cancelling a running deploy. @@ -27,7 +55,7 @@ jobs: with: dockerfile_path: ./apps/dx-metrics/Dockerfile dockerfile_context: . - docker_image_name: pagopa/dx-metrics + docker_image_name: ${{ needs.resolve-image-name.outputs.image_name }} docker_image_description: "DX Metrics is a monitoring and analytics service for the PagoPA Developer Experience (DX) team, providing insights into development experience." container_app: dx-p-itn-metrics-portal-ca-01 resource_group_name: dx-p-itn-common-rg-01 diff --git a/.github/workflows/_release-docker-e2e-appconfiguration.yaml b/.github/workflows/_release-docker-e2e-appconfiguration.yaml index 89052f3d81..3ef4abdddd 100644 --- a/.github/workflows/_release-docker-e2e-appconfiguration.yaml +++ b/.github/workflows/_release-docker-e2e-appconfiguration.yaml @@ -6,6 +6,10 @@ on: push: branches: - main + # Path filters are not evaluated for tag pushes. + # Trigger image publication on project release tags as well. + tags: + - "app_configuration_tests_all_scenarios@*" paths: - "infra/modules/azure_app_configuration/tests/apps/all_scenarios/**" @@ -21,14 +25,24 @@ jobs: id-token: write attestations: write packages: write - env: - IMAGE_NAME: "pagopa/e2e-appconfiguration-all-scenarios" - IMAGE_TAG: "latest" - steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Resolve Docker image name from Nx config + id: image_name + shell: bash + run: | + set -euo pipefail + + image_name=$(jq -r '.release.docker.repositoryName // empty' infra/modules/${{ env.MODULE_NAME }}/tests/apps/all_scenarios/project.json) + if [[ -z "$image_name" ]]; then + echo "::error::Missing release.docker.repositoryName in infra/modules/${{ env.MODULE_NAME }}/tests/apps/all_scenarios/project.json" + exit 1 + fi + + echo "image_name=$image_name" >> "$GITHUB_OUTPUT" + - name: Docker Build and Push id: docker_build uses: pagopa/dx/actions/docker-build-push@main @@ -37,7 +51,7 @@ jobs: with: dockerfile_path: infra/modules/${{ env.MODULE_NAME }}/tests/apps/all_scenarios/Dockerfile dockerfile_context: infra/modules/${{ env.MODULE_NAME }}/tests/apps/all_scenarios/src - docker_image_name: ${{ env.IMAGE_NAME }} + docker_image_name: ${{ steps.image_name.outputs.image_name }} docker_image_description: "Web app which exposes endpoints to access App Configuration. Used for E2E tests of the Azure App Configuration Terraform module." docker_image_authors: "PagoPA" build_platforms: "linux/amd64,linux/arm64" diff --git a/.github/workflows/_release-docker-e2e-azure-merge-roles-blob-rbac.yaml b/.github/workflows/_release-docker-e2e-azure-merge-roles-blob-rbac.yaml index 25150102a6..b02f9fe383 100644 --- a/.github/workflows/_release-docker-e2e-azure-merge-roles-blob-rbac.yaml +++ b/.github/workflows/_release-docker-e2e-azure-merge-roles-blob-rbac.yaml @@ -6,6 +6,10 @@ on: push: branches: - main + # Path filters are not evaluated for tag pushes. + # Trigger image publication on project release tags as well. + tags: + - "azure_merge_roles_tests_blob_rbac_probe@*" paths: - "infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/**" @@ -18,13 +22,24 @@ jobs: id-token: write attestations: write packages: write - env: - IMAGE_NAME: "pagopa/e2e-azure-merge-roles-blob-rbac" - steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Resolve Docker image name from Nx config + id: image_name + shell: bash + run: | + set -euo pipefail + + image_name=$(jq -r '.release.docker.repositoryName // empty' infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json) + if [[ -z "$image_name" ]]; then + echo "::error::Missing release.docker.repositoryName in infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json" + exit 1 + fi + + echo "image_name=$image_name" >> "$GITHUB_OUTPUT" + - name: Docker Build and Push id: docker_build uses: ./actions/docker-build-push @@ -33,7 +48,7 @@ jobs: with: dockerfile_path: infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/Dockerfile dockerfile_context: infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe - docker_image_name: ${{ env.IMAGE_NAME }} + docker_image_name: ${{ steps.image_name.outputs.image_name }} docker_image_description: "Web app which exposes data-plane and control-plane endpoints to probe Azure Storage RBAC. Used for E2E tests of the Azure Merge Roles Terraform module." diff --git a/.github/workflows/_release-docker-e2e-cosmos-networkaccess.yaml b/.github/workflows/_release-docker-e2e-cosmos-networkaccess.yaml index 133f31d1c1..aee6d75ca4 100644 --- a/.github/workflows/_release-docker-e2e-cosmos-networkaccess.yaml +++ b/.github/workflows/_release-docker-e2e-cosmos-networkaccess.yaml @@ -6,6 +6,10 @@ on: push: branches: - main + # Path filters are not evaluated for tag pushes. + # Trigger image publication on project release tags as well. + tags: + - "cosmos_db_tests_network_access@*" paths: - "infra/modules/azure_cosmos_account/tests/apps/network_access/**" @@ -18,14 +22,24 @@ jobs: id-token: write attestations: write packages: write - env: - IMAGE_NAME: "pagopa/e2e-cosmos-network-access" - IMAGE_TAG: "latest" - steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Resolve Docker image name from Nx config + id: image_name + shell: bash + run: | + set -euo pipefail + + image_name=$(jq -r '.release.docker.repositoryName // empty' infra/modules/azure_cosmos_account/tests/apps/network_access/project.json) + if [[ -z "$image_name" ]]; then + echo "::error::Missing release.docker.repositoryName in infra/modules/azure_cosmos_account/tests/apps/network_access/project.json" + exit 1 + fi + + echo "image_name=$image_name" >> "$GITHUB_OUTPUT" + - name: Docker Build and Push id: docker_build uses: pagopa/dx/actions/docker-build-push@main @@ -34,7 +48,7 @@ jobs: with: dockerfile_path: infra/modules/azure_cosmos_account/tests/apps/network_access/Dockerfile dockerfile_context: infra/modules/azure_cosmos_account/tests/apps/network_access/src - docker_image_name: ${{ env.IMAGE_NAME }} + docker_image_name: ${{ steps.image_name.outputs.image_name }} docker_image_description: "Web app which exposes a single endpoint to probe Azure Cosmos DB. Used for E2E tests of the Azure Cosmos DB Terraform module." docker_image_authors: "PagoPA" build_platforms: "linux/amd64,linux/arm64" diff --git a/.github/workflows/_validate-docker-e2e-cosmos-networkaccess.yaml b/.github/workflows/_validate-docker-e2e-cosmos-networkaccess.yaml index d68f7cffd4..0d96c028d1 100644 --- a/.github/workflows/_validate-docker-e2e-cosmos-networkaccess.yaml +++ b/.github/workflows/_validate-docker-e2e-cosmos-networkaccess.yaml @@ -19,13 +19,25 @@ jobs: runs-on: ubuntu-latest permissions: contents: read - env: - IMAGE_NAME: "pagopa/e2e-cosmos-network-access" steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Resolve Docker image name from Nx config + id: image_name + shell: bash + run: | + set -euo pipefail + + image_name=$(jq -r '.release.docker.repositoryName // empty' infra/modules/azure_cosmos_account/tests/apps/network_access/project.json) + if [[ -z "$image_name" ]]; then + echo "::error::Missing release.docker.repositoryName in infra/modules/azure_cosmos_account/tests/apps/network_access/project.json" + exit 1 + fi + + echo "image_name=$image_name" >> "$GITHUB_OUTPUT" + - name: Docker Build id: docker_build uses: pagopa/dx/actions/docker-build-push@main @@ -34,7 +46,7 @@ jobs: with: dockerfile_path: infra/modules/azure_cosmos_account/tests/apps/network_access/Dockerfile dockerfile_context: infra/modules/azure_cosmos_account/tests/apps/network_access/src - docker_image_name: ${{ env.IMAGE_NAME }} + docker_image_name: ${{ steps.image_name.outputs.image_name }} docker_image_description: "Web app which exposes a single endpoint to probe Azure Cosmos DB. Used for E2E tests of the Azure Cosmos DB Terraform module." docker_image_authors: "PagoPA" build_platforms: "linux/amd64,linux/arm64" diff --git a/apps/dx-metrics-import/package.json b/apps/dx-metrics-import/package.json index f17c8390e0..e737991416 100644 --- a/apps/dx-metrics-import/package.json +++ b/apps/dx-metrics-import/package.json @@ -36,5 +36,27 @@ "tsx": "catalog:", "typescript": "catalog:", "vitest": "catalog:" + }, + "nx": { + "targets": { + "docker:build": { + "options": { + "env": { + "DOCKER_BUILD_PLATFORMS": "linux/arm64" + } + } + }, + "nx-release-publish": { + "executor": "nx:run-commands", + "options": { + "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}" + } + } + }, + "release": { + "docker": { + "repositoryName": "pagopa/dx-metrics-import" + } + } } } diff --git a/apps/dx-metrics/package.json b/apps/dx-metrics/package.json index c9e0a1e3eb..842656c570 100644 --- a/apps/dx-metrics/package.json +++ b/apps/dx-metrics/package.json @@ -35,5 +35,27 @@ "tailwindcss": "^4.2.4", "typescript": "catalog:", "vitest": "catalog:" + }, + "nx": { + "targets": { + "docker:build": { + "options": { + "env": { + "DOCKER_BUILD_PLATFORMS": "linux/arm64" + } + } + }, + "nx-release-publish": { + "executor": "nx:run-commands", + "options": { + "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}" + } + } + }, + "release": { + "docker": { + "repositoryName": "pagopa/dx-metrics" + } + } } } diff --git a/apps/mcpserver/Dockerfile b/apps/mcpserver/Dockerfile index 5c3c448d10..722366940c 100644 --- a/apps/mcpserver/Dockerfile +++ b/apps/mcpserver/Dockerfile @@ -1,4 +1,4 @@ -FROM public.ecr.aws/docker/library/node:24-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14 AS base +FROM --platform=$BUILDPLATFORM public.ecr.aws/docker/library/node:24-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14 AS base # 1. Enable pnpm RUN corepack enable @@ -15,7 +15,7 @@ COPY ./packages ./packages # 5. Install ALL dependencies for mcpserver and its workspace dependencies RUN pnpm install --filter @pagopa/dx-mcpserver... # 6. Build the mcpserver app -RUN pnpm nx build @pagopa/dx-mcpserver +RUN NX_DAEMON=false pnpm nx build @pagopa/dx-mcpserver # 7. Prune development-only dependencies for the final image RUN pnpm --filter @pagopa/dx-mcpserver deploy --legacy --prod /app/deploy diff --git a/apps/mcpserver/package.json b/apps/mcpserver/package.json index 3dd714bace..be623f05c9 100644 --- a/apps/mcpserver/package.json +++ b/apps/mcpserver/package.json @@ -45,5 +45,20 @@ "format": "prettier --write .", "format:check": "prettier --check .", "version": "node ./scripts/generate-server-manifest.js" + }, + "nx": { + "targets": { + "nx-release-publish": { + "executor": "nx:run-commands", + "options": { + "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}" + } + } + }, + "release": { + "docker": { + "repositoryName": "pagopa/dx-mcpserver" + } + } } } diff --git a/containers/self-hosted-runner/project.json b/containers/self-hosted-runner/project.json index fe11d363ea..6b26776a68 100644 --- a/containers/self-hosted-runner/project.json +++ b/containers/self-hosted-runner/project.json @@ -2,8 +2,19 @@ "$schema": "../../node_modules/nx/schemas/project-schema.json", "name": "self-hosted-runner", "targets": { + "nx-release-publish": { + "executor": "nx:run-commands", + "options": { + "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}" + } + }, "docker:build": { "options": { + "cwd": "containers/self-hosted-runner", + "args": [ + "--tag containers-self-hosted-runner", + "-f Dockerfile" + ], "platform": "linux/amd64" } } diff --git a/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json b/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json index a4a99d2208..4fc27bd68e 100644 --- a/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json +++ b/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json @@ -4,10 +4,22 @@ "version": "0.0.0", "description": "Simple application for Terraform E2E tests, which exposes endpoints to test connectivity and integration with App Configuration", "private": true, + "release": { + "docker": { + "repositoryName": "pagopa/e2e-appconfiguration-all-scenarios" + } + }, "targets": { + "nx-release-publish": { + "executor": "nx:run-commands", + "options": { + "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}" + } + }, "docker:build": { + "command": "docker build -f ../Dockerfile {args} .", "options": { - "platform": "linux/amd64,linux/arm64" + "cwd": "infra/modules/azure_app_configuration/tests/apps/all_scenarios/src" } }, "docker:run": { diff --git a/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json b/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json index 532b68bc71..29d5b23207 100644 --- a/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json +++ b/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json @@ -4,10 +4,22 @@ "version": "0.1.0", "description": "Simple application for Terraform E2E tests, which exposes a single HTTP endpoint to test connectivity to Cosmos DB", "private": true, + "release": { + "docker": { + "repositoryName": "pagopa/e2e-cosmos-network-access" + } + }, "targets": { + "nx-release-publish": { + "executor": "nx:run-commands", + "options": { + "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}" + } + }, "docker:build": { + "command": "docker build -f ../Dockerfile {args} .", "options": { - "platform": "linux/amd64,linux/arm64" + "cwd": "infra/modules/azure_cosmos_account/tests/apps/network_access/src" } }, "docker:run": { diff --git a/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json b/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json index 6dc72e69c8..46e7c1d2a2 100644 --- a/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json +++ b/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json @@ -4,10 +4,25 @@ "version": "0.1.0", "description": "Simple application for Terraform E2E tests, exposing a single HTTP endpoint to verify merged Blob RBAC permissions with managed identity", "private": true, + "release": { + "docker": { + "repositoryName": "pagopa/e2e-azure-merge-roles-blob-rbac" + } + }, "targets": { + "nx-release-publish": { + "executor": "nx:run-commands", + "options": { + "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}" + } + }, "docker:build": { "options": { - "platform": "linux/amd64,linux/arm64" + "cwd": "infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe", + "args": [ + "--tag infra-modules-azure_merge_roles-tests-apps-blob_rbac_probe", + "-f Dockerfile" + ] } }, "docker:run": { @@ -16,4 +31,4 @@ } } } -} \ No newline at end of file +}