-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #70 from Keyfactor/ab#53666-dev
* Add initial container build logic/workflow * add condition check for .goreleaser file * get-is-release promoted to job for outputs * add id to set-vars job to map output * add push * add platform_matrix in starter as input to container build * Update docker meta action to use raw version semver type
- Loading branch information
Showing
2 changed files
with
223 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,182 @@ | ||
| name: Container Build | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| release_version: | ||
| description: Condition based on release branch build | ||
| required: false | ||
| type: string | ||
| platform_list: | ||
| required: true | ||
| description: platform name from input | ||
| type: string # like linux/amd64,linux/arm64 | ||
|
|
||
| secrets: | ||
| token: | ||
| description: 'Secret token from caller workflow to access private packages' | ||
| required: true | ||
|
|
||
| env: | ||
| REGISTRY: ghcr.io | ||
|
|
||
| jobs: | ||
| setup: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| platform_matrix: ${{ steps.vars.outputs.platform_matrix }} | ||
| steps: | ||
| - name: Create an array from platform_list input | ||
| id: vars | ||
| run: echo "platform_matrix=$(jq 'split(",")' -Rc <(echo '${{ inputs.platform_list }}'))" | tee -a $GITHUB_OUTPUT | tee -a $GITHUB_STEP_SUMMARY | ||
| get-release-values: | ||
| name: Get Release Properties | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| PUSH_IMAGE: ${{ steps.set-vars.outputs.PUSH_IMAGE }} | ||
| steps: | ||
| - name: Determine IMAGE_PUSH and VERSION | ||
| id: set-vars | ||
| run: | | ||
| if [[ ("${{ github.event_name }}" == "pull_request") && "${{ inputs.release_version }}" != "" ]]; then | ||
| echo "PUSH_IMAGE=true" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY" | ||
| echo "VERSION=${{ inputs.release_version }}" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY" | ||
| else | ||
| echo "PUSH_IMAGE=false" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY" | ||
| echo "VERSION=0.0.0" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY" | ||
| fi | ||
| run-container-build: | ||
| name: Build Containers | ||
| runs-on: ubuntu-latest | ||
| needs: [setup,get-release-values] | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| platform: ${{ fromJson(needs.setup.outputs.platform_matrix) }} | ||
|
|
||
| permissions: | ||
| contents: read | ||
| packages: write | ||
|
|
||
| steps: | ||
| - name: Set IMAGE_NAME | ||
| run: | | ||
| echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} | ||
| # Checkout code | ||
| # https://github.com/actions/checkout | ||
| - name: Checkout code | ||
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
|
|
||
| # Extract metadata (tags, labels) for Docker | ||
| # https://github.com/docker/metadata-action | ||
| - name: Extract Docker metadata | ||
| id: meta | ||
| uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 | ||
| with: | ||
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
| tags: | | ||
| type=semver,pattern={{raw}},value=${{ inputs.release_version }} | ||
| # Set up QEMU | ||
| # https://github.com/docker/setup-qemu-action | ||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | ||
|
|
||
| # Set up BuildKit Docker container builder to be able to build | ||
| # multi-platform images and export cache | ||
| # https://github.com/docker/setup-buildx-action | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | ||
|
|
||
| # Login to Docker registry | ||
| # https://github.com/docker/login-action | ||
| - name: Log into registry ${{ env.REGISTRY }} | ||
| uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| # Build and push Docker image with Buildx | ||
| # https://github.com/docker/build-push-action | ||
| - name: Build and push Docker image | ||
| id: build | ||
| uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 | ||
| with: | ||
| context: . | ||
| platforms: ${{ matrix.platform }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| push: ${{ needs.get-release-values.outputs.PUSH_IMAGE == 'true' }} | ||
| outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true | ||
|
|
||
| # Export digest | ||
| - name: Export digest | ||
| run: | | ||
| mkdir -p /tmp/digests | ||
| digest="${{ steps.build.outputs.digest }}" | ||
| touch "/tmp/digests/${digest#sha256:}" | ||
| # Upload digest | ||
| - name: Upload digest | ||
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | ||
| with: | ||
| name: digests | ||
| path: /tmp/digests/* | ||
| if-no-files-found: error | ||
| retention-days: 1 | ||
|
|
||
| merge: | ||
| runs-on: ubuntu-latest | ||
| needs: [get-release-values, run-container-build] | ||
| steps: | ||
| - name: Set IMAGE_NAME | ||
| run: | | ||
| echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} | ||
| echo "PUSH_IMAGE = ${{ needs.get-release-values.outputs.PUSH_IMAGE }}" | ||
| # Download digests | ||
| # https://github.com/actions/download-artifact | ||
| - name: Download digests | ||
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | ||
| with: | ||
| name: digests | ||
| path: /tmp/digests | ||
|
|
||
| # Set up BuildKit Docker container builder to be able to build | ||
| # multi-platform images and export cache | ||
| # https://github.com/docker/setup-buildx-action | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | ||
|
|
||
| # Extract metadata (tags, labels) for Docker | ||
| # https://github.com/docker/metadata-action | ||
| - name: Extract Docker metadata | ||
| id: meta | ||
| uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 | ||
| with: | ||
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
| tags: | | ||
| type=semver,pattern={{raw}},value=${{ inputs.release_version }} | ||
| # Login to Docker registry | ||
| # https://github.com/docker/login-action | ||
| - name: Log into registry ${{ env.REGISTRY }} | ||
| uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| # Create manifest list and push if: needs.get-release-values.outputs.PUSH_IMAGE == true | ||
| - name: Create manifest list and push | ||
| if: needs.get-release-values.outputs.PUSH_IMAGE == 'true' | ||
| working-directory: /tmp/digests | ||
| run: | | ||
| docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | ||
| $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *) | ||
| - name: Inspect image | ||
| if: needs.get-release-values.outputs.PUSH_IMAGE == 'true' | ||
| run: | | ||
| docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters