JCU/Customize docker

.github/workflows/build.yml

@@ -3,8 +3,14 @@
 # https://docs.github.com/en/free-pro-team@latest/actions/guides/building-and-testing-nodejs
 name: Build
 
-# Run this Build for all pushes / PRs to current branch
-on: [push, pull_request]
+# Run this Build for pushes to our main and all PRs
+on:
+  push:
+    branches:
+      - dtq-dev
+      - customer/*
+  pull_request:
+  workflow_dispatch:
 
 permissions:
   contents: read  # to fetch code (actions/checkout)
@@ -24,7 +30,6 @@ jobs:
       # Spin up UI on 127.0.0.1 to avoid host resolution issues in e2e tests with Node 20+
       DSPACE_UI_HOST: 127.0.0.1
       DSPACE_UI_PORT: 4000
-      DSPACE_UI_BASEURL: http://127.0.0.1:4000
       # Ensure all SSR caching is disabled in test environment
       DSPACE_CACHE_SERVERSIDE_BOTCACHE_MAX: 0
       DSPACE_CACHE_SERVERSIDE_ANONYMOUSCACHE_MAX: 0
@@ -40,11 +45,8 @@ jobs:
       # Project name to use when running "docker compose" prior to e2e tests
       COMPOSE_PROJECT_NAME: 'ci'
       # Docker Registry to use for Docker compose scripts below.
-      # On the upstream dspace/dspace-angular repository we use GitHub's Container Registry
-      # (ghcr.io) to avoid aggressive rate limits at DockerHub. Forks cannot authenticate
-      # against ghcr.io/dspace/* with their own GITHUB_TOKEN (and the images there require
-      # auth), so on forks we fall back to docker.io where the same images are public.
-      DOCKER_REGISTRY: ${{ github.repository == 'dspace/dspace-angular' && 'ghcr.io' || 'docker.io' }}
+      # Using DockerHub as the images are publicly available there
+      DOCKER_REGISTRY: docker.io
     strategy:
       # Create a matrix of Node versions to test against (in parallel)
       matrix:
@@ -124,18 +126,14 @@ jobs:
           path: 'coverage/dspace-angular/lcov.info'
           retention-days: 14
 
-      # Login to our Docker registry, so that we can access Docker images using "docker compose" below.
-      # This login is required on the upstream repository because DOCKER_REGISTRY is set to ghcr.io
-      # and pulling ghcr.io/dspace/* requires authentication. On forks, DOCKER_REGISTRY falls back to
-      # docker.io (see env block above) where the same images are publicly pullable without a login,
-      # and forks cannot authenticate against ghcr.io/dspace/* with their own GITHUB_TOKEN anyway.
-      - name: Login to ${{ env.DOCKER_REGISTRY }}
-        uses: docker/login-action@v4
-        if: github.repository == 'dspace/dspace-angular'
-        with:
-          registry: ${{ env.DOCKER_REGISTRY }}
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+      # Note: Docker login not required for public images from docker.io
+      # If you need to use ghcr.io images, uncomment the login step below:
+      # - name: Login to ${{ env.DOCKER_REGISTRY }}
+      #   uses: docker/login-action@v3
+      #   with:
+      #     registry: ${{ env.DOCKER_REGISTRY }}
+      #     username: ${{ github.repository_owner }}
+      #     password: ${{ secrets.GITHUB_TOKEN }}
 
       # Using "docker compose" start backend using CI configuration
       # and load assetstore from a cached copy
@@ -315,40 +313,3 @@ jobs:
 
       - name: Shutdown Docker containers
         run: docker compose -f ./docker/docker-compose-ci.yml down
-
-  # Codecov upload is a separate job in order to allow us to restart this separate from the entire build/test
-  # job above. This is necessary because Codecov uploads seem to randomly fail at times.
-  # See https://community.codecov.com/t/upload-issues-unable-to-locate-build-via-github-actions-api/3954
-  codecov:
-    # Must run after 'tests' job above
-    needs: tests
-    # Only run on the upstream repository: forks do not have the CODECOV_TOKEN secret,
-    # and Codecov refuses to create a commit on a protected branch without a token.
-    if: github.repository == 'dspace/dspace-angular'
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      # Download artifacts from previous 'tests' job
-      - name: Download coverage artifacts
-        uses: actions/download-artifact@v8
-
-      # Now attempt upload to Codecov using its action.
-      # NOTE: We use a retry action to retry the Codecov upload if it fails the first time.
-      #
-      # Retry action: https://github.com/marketplace/actions/retry-action
-      # Codecov action: https://github.com/codecov/codecov-action
-      - name: Upload coverage to Codecov.io
-        uses: Wandalen/wretry.action@v3.8.0
-        with:
-          action: codecov/codecov-action@v4
-          # Ensure codecov-action throws an error when it fails to upload
-          # This allows us to auto-restart the action if an error is thrown
-          with: |
-            fail_ci_if_error: true
-            token: ${{ secrets.CODECOV_TOKEN }}
-          # Try re-running action 5 times max
-          attempt_limit: 5
-          # Run again in 30 seconds
-          attempt_delay: 30000

.github/workflows/deploy.yml

@@ -0,0 +1,160 @@
+# DSpace Docker deploy on dataquest servers
+name: Deploy DSpace
+
+on:
+  workflow_call:
+    inputs:
+      DEV_MACHINE:
+        required: false
+        type: string
+        default: 'dev-6'
+      INSTANCE:
+        required: false
+        type: string
+        default: '8593'
+      IMPORT:
+        required: false
+        default: false
+        type: boolean
+      ERASE_DB:
+        required: false
+        default: false
+        type: boolean
+
+  workflow_dispatch:
+    inputs:
+      INSTANCE:
+        required: true
+        default: '8593'
+        type: choice
+        options:
+          - '8593'
+      IMPORT:
+        required: true
+        default: true
+        type: boolean
+      ERASE_DB:
+        required: false
+        default: false
+        type: boolean
+      DEV_MACHINE:
+        required: false
+        type: string
+        default: 'dev-6'
+
+jobs:
+  deploy-3:
+    if: inputs.INSTANCE == '*' || inputs.INSTANCE == '8593'
+    runs-on: dspace-${{inputs.DEV_MACHINE}}-dep-1
+    timeout-minutes: 60
+    env:
+      INSTANCE: '8593'
+      CONFIG_PATH: /opt/dspace-envs/${{inputs.INSTANCE}}
+      ENVFILE: /opt/dspace-envs/${{inputs.INSTANCE}}/.env
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: ./.github/actions/erase-db
+        if: inputs.ERASE_DB
+        with:
+          INSTANCE: ${{ env.INSTANCE }}
+          NAME: dspace-${{ env.INSTANCE }}
+
+      - name: Set start.sh as executable
+        run: chmod +x build-scripts/run/start.sh
+
+      - name: deploy to ${{inputs.DEV_MACHINE}}
+        working-directory: build-scripts/run/
+        env:
+          ADMIN_PASSWORD: ${{ secrets.DSPACE_ADMIN_PASSWORD }}
+          USER_PASSWORD: ${{ secrets.DSPACE_USER_PASSWORD }}
+        run: |
+          ./start.sh dspace-$INSTANCE
+          cd ../..
+          docker compose --env-file $ENVFILE -p dspace-$INSTANCE -f docker/docker-compose.yml -f docker/docker-compose-rest.yml -f $CONFIG_PATH/docker-compose-rest.yml -f $CONFIG_PATH/docker-compose.yml up -d --no-build --remove-orphans
+
+  playwright-after-deploy3:
+    needs: deploy-3
+    if: '!inputs.IMPORT'
+    uses: ./.github/workflows/playwright-tests.yml
+    secrets: inherit
+
+  playwright-after-import3:
+    needs: import-3
+    if: inputs.IMPORT
+    uses: ./.github/workflows/playwright-tests.yml
+    secrets: inherit
+
+  import-3:
+    runs-on: dspace-${{inputs.DEV_MACHINE}}-dep-1
+    if: inputs.IMPORT
+    timeout-minutes: 900
+    needs: deploy-3
+    env:
+      INSTANCE: ${{inputs.INSTANCE}}
+      CONFIG_PATH: /opt/dspace-envs/
+      FNAME: old_dump.sql
+      ADMIN_PASSWORD: ${{ secrets.ADMIN_PASSWORD }}
+    steps:
+      - name: vanilla import
+        run: |
+          export DATADIR=$CONFIG_PATH/${{inputs.INSTANCE}}/dump/$FNAME
+          export DNAME=dspace${{inputs.INSTANCE}}
+          export DDBNAME=dspacedb${{inputs.INSTANCE}}
+
+          docker stop $DNAME || true
+
+          echo "====="
+          # echo Starting vanilla import DB
+          docker cp $DATADIR $DDBNAME:/tmp/$FNAME
+
+          echo "Copying script for setup db roles to container..."
+
+          # Create database, import dumpand extensions, then cleanup
+          docker exec $DDBNAME /bin/bash -c "
+          dropdb -U dspace -p 10593 dspace || true &&
+          createdb -U dspace -p 10593 --owner=dspace --encoding=UNICODE dspace &&
+          psql -p 10593 -U dspace -d dspace -f /tmp/$FNAME
+          "
+          echo "====="
+          docker start $DNAME
+
+      - name: run database migration
+        run: |
+          export DNAME=dspace${{inputs.INSTANCE}}
+          export DDBNAME=dspacedb${{inputs.INSTANCE}}
+          export SYNCSEQSETUP=$CONFIG_PATH/${{inputs.INSTANCE}}/$SYNCSEQFNAME
+
+          echo "Starting DSpace container for migration..."
+          docker start $DNAME
+
+          echo "Waiting longer for DSpace to be fully ready and locks to clear..."
+          sleep 20
+
+          echo "Running DSpace database migration..."
+          docker exec $DNAME /bin/bash -c "cd /dspace/bin && ./dspace database migrate ignored"
+
+          echo "Waiting for DSpace to be ready..."
+          sleep 10
+
+      - name: restart dspace container
+        run: |
+          export DNAME=dspace${{inputs.INSTANCE}}
+          echo "Restarting DSpace container..."
+          docker restart $DNAME
+          sleep 60
+
+      - name: create administrator
+        run: |
+          export DNAME=dspace${{inputs.INSTANCE}}
+          echo "Creating DSpace administrator..."
+          docker exec $DNAME /bin/bash -c "cd /dspace/bin && ./dspace create-administrator -e dspace.admin.dev@dataquest.sk -f admin -l user -p \"${ADMIN_PASSWORD}\" -c en -o dataquest"
+
+      - name: rebuild discovery index and run oai import
+        run: |
+          export DNAME=dspace${{inputs.INSTANCE}}
+          echo "Rebuilding discovery index..."
+          docker exec $DNAME /bin/bash -c "/dspace/bin/dspace index-discovery -b"
+
+          echo "Running OAI import..."
+          docker exec $DNAME /bin/bash -c "/dspace/bin/dspace oai import -c"