Publish Docker images also to ACR

.github/workflows/cd.yml

@@ -1,15 +1,15 @@
-name: Docker Build & Push & Test
+name: CD
 
 on:
   push:
+    branches:
+      - main
   pull_request:
-    branches: [main]
 
 jobs:
-  push_to_registry:
+  publish_docker_image_to_docker_hub:
     name: Build & Push docker image to dockerhub
-    # The MS SQL server version in use does not run on Linux kernels newer than 6.6.x.
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Checkout code
@@ -61,11 +61,23 @@ jobs:
           docker push $IMAGE_NAME:schema-only
           docker push $IMAGE_NAME:latest
 
+  publish_docker_image_to_acr:
+    name: Publish Docker image to ACR
+    permissions:
+      id-token: write
+      contents: read
+    uses: HSLdevcom/jore4-tools/.github/workflows/shared-build-and-publish-docker-image.yml@shared-build-and-publish-docker-image-v1
+    with:
+      docker_image_name: jore4-mssql-testdb
+    secrets:
+      azure_client_id: ${{ secrets.AZURE_CLIENT_ID }}
+      azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+      azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
   test-docker-images:
     name: verify that the docker images work
-    needs: push_to_registry
-    # The MS SQL server version in use does not run on Linux kernels newer than 6.6.x.
-    runs-on: ubuntu-22.04
+    needs: publish_docker_image_to_docker_hub
+    runs-on: ubuntu-24.04
     env:
       SA_PASSWORD: "P@ssw0rd"
 
@@ -134,39 +146,64 @@ jobs:
       - name: Get metadata as environment variables
         uses: HSLdevcom/jore4-tools/github-actions/extract-metadata@extract-metadata-v1
 
+      - name: Read Current MS SQL Docker Image
+        id: docker
+        shell: bash
+        run: |
+          echo mssql_docker_image="$(grep FROM Dockerfile | sed -E 's/FROM *([^ ]*)( AS.*)?/\1/g' | head -n 1)" >> "${GITHUB_OUTPUT}"
+
       - name: Start up mssql docker container
         run: |
-          docker run -d --rm -p 1433:1433 --name mssql -e SA_PASSWORD="$SA_PASSWORD" ${{ matrix.volumeMapping }} $IMAGE_NAME:${{ matrix.dockerImage }}-$COMMIT_ID
+          # A custom network is used so that Docker containers can be referred with names instead of IPs
+          docker network rm hsl || true
+          docker network create -d bridge --subnet=10.240.0.0/24 hsl
+          docker network ls
+
+          docker run \
+            -d \
+            --rm \
+            -p 1433:1433 \
+            --name mssql \
+            --hostname mssql \
+            --network hsl \
+            -e SA_PASSWORD="$SA_PASSWORD" \
+            ${{ matrix.volumeMapping }} \
+            $IMAGE_NAME:${{ matrix.dockerImage }}-$COMMIT_ID
 
       - name:
           Verify that dockerized MSSQL database is up and can be connected to
         uses: HSLdevcom/jore4-tools/github-actions/healthcheck@healthcheck-v1
         with:
           command:
-            '/opt/mssql-tools/bin/sqlcmd -S 127.0.0.1 -U sa -P "$SA_PASSWORD" -d
-            master -Q "SELECT ''OK'';"'
-
+            'docker run
+              --network hsl
+              ${{ steps.docker.outputs.mssql_docker_image }}
+              /opt/mssql-tools18/bin/sqlcmd
+              -C
+              -S mssql
+              -U sa
+              -P "$SA_PASSWORD"
+              -d master
+              -Q "SELECT ''OK'';"'
       - name:
           Verify that the proper sql dumps got imported (diff expected results)
         env:
           # query for listing all available database names
           DB_QUERY: "SELECT name FROM master.sys.databases ORDER BY name;"
+        # A custom entrypoint needs to be used so that the output does not contain lines printed by
+        # the default entrypoint which would make the diff fail
         run: |
-          /opt/mssql-tools/bin/sqlcmd -S 127.0.0.1 -U sa -P "$SA_PASSWORD" -d master -Q "$DB_QUERY" > dbresults.txt
+          docker run \
+            --network hsl \
+            --entrypoint /opt/mssql-tools18/bin/sqlcmd \
+            ${{ steps.docker.outputs.mssql_docker_image }} \
+            -C \
+            -S mssql \
+            -U sa \
+            -P "$SA_PASSWORD" \
+            -d master \
+            -Q "$DB_QUERY" \
+            > dbresults.txt
+
           echo "${{ matrix.expectedOutput }}" > expectedresults.txt
           diff --ignore-all-space --ignore-blank-lines dbresults.txt expectedresults.txt
-
-  run_e2e_tests:
-    needs: push_to_registry
-    name: Run E2E tests
-    # The MS SQL server version in use does not run on Linux kernels newer than 6.6.x.
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Extract metadata to env variables
-        uses: HSLdevcom/jore4-tools/github-actions/extract-metadata@extract-metadata-v1
-
-      - name: Run e2e tests
-        uses: HSLdevcom/jore4-tools/github-actions/run-ci@main
-        with:
-          mssqltestdb_version:
-            "${{ env.IMAGE_NAME }}:schema-only-${{ env.COMMIT_ID }}"

Dockerfile

@@ -1,4 +1,8 @@
-FROM mcr.microsoft.com/mssql/server:2017-CU22-ubuntu-16.04 AS empty
+# Available tags can be found from
+# https://mcr.microsoft.com/en-us/artifact/mar/mssql/server/tags
+FROM mcr.microsoft.com/mssql/server:2022-CU18-ubuntu-22.04 AS empty
+
+USER root
 
 # Create workdir
 RUN mkdir -p /usr/src/app
@@ -16,20 +20,25 @@ EXPOSE 1433
 
 # The username is always "sa"
 # Password is to be defined with "SA_PASSWORD" environment variable
-ENV ACCEPT_EULA Y
-ENV MSSQL_PID Developer
+ENV \
+  ACCEPT_EULA=Y \
+  MSSQL_PID=Developer
 
 # Copy startup scripts
-COPY ./scripts /usr/src/app/scripts
+COPY --chmod=755 --chown=mssql ./scripts /usr/src/app/scripts
 
 # Entrypoint for loading sql dumps and starting the mssql server
-CMD /bin/bash ./scripts/entrypoint.sh
+CMD ["/bin/bash", "./scripts/entrypoint.sh"]
 
 HEALTHCHECK --interval=5s --timeout=5s --start-period=30s --retries=30 \
     CMD /opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P "$SA_PASSWORD" -Q "SELECT 1"
 
+USER mssql
+
 # extends the :empty image and copies the init data to the /initialize folder
 # from which the entrypoint automatically load it
 FROM empty AS schema-only
 
-COPY ./data/schema_only.sql /initialize/init-data.sql
+USER root
+COPY --chmod=644 --chown=mssql ./data/schema_only.sql /initialize/init-data.sql
+USER mssql

scripts/entrypoint.sh

@@ -15,7 +15,7 @@ SA_PASSWORD=$(generate_password)
 # find all .sql files from given folder and import them in alphabetical order
 function import_from_folder {
     find "$1" -name '*.sql' -print0 | sort -z | xargs -r0 -I{} \
-        /opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P "$SA_PASSWORD" -d master -i "{}"
+        /opt/mssql-tools18/bin/sqlcmd -C -S localhost -U sa -P "$SA_PASSWORD" -d master -i "{}"
 }
 
 function wait_for_startup {
@@ -24,7 +24,7 @@ function wait_for_startup {
     for i in $(seq 1 $RETRIES); do
         sleep $WAIT_BETWEEN
         echo "Checking if MSSQL server can be connected to. Trial #$i"
-        /opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P "$SA_PASSWORD" -d master \
+        /opt/mssql-tools18/bin/sqlcmd -C -S localhost -U sa -P "$SA_PASSWORD" -d master \
             -Q "SELECT 1;" && echo "Success!" && return 0
     done
     echo "Could not connect to MSSQL server"
@@ -43,7 +43,7 @@ function wait_and_populate {
 
     echo "Allow access to MSSQL instance"
     # set the password to the desired one so that loging in is enabled
-    /opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P "$SA_PASSWORD" -d master \
+    /opt/mssql-tools18/bin/sqlcmd -C -S localhost -U sa -P "$SA_PASSWORD" -d master \
         -Q "ALTER LOGIN sa WITH PASSWORD = '${SA_PASSWORD_FINAL}' OLD_PASSWORD = '${SA_PASSWORD}';"
     SA_PASSWORD="$SA_PASSWORD_FINAL"