Skip to content

Commit

Permalink
Merge pull request #103 from Keyfactor/release-3.0
Browse files Browse the repository at this point in the history 
Release 3.0.11 to main
  • Loading branch information
@fiddlermikey
fiddlermikey authored Aug 26, 2024
2 parents 87086ed + dc2c278 commit 9b30b5f
Show file tree
Hide file tree
Showing 25 changed files with 1,906 additions and 2 deletions.
126 changes: 126 additions & 0 deletions .github/workflows/assign-env-from-json.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
name: Set Environment Variables from JSON
on:
workflow_call: # Add additional dispatched output properties
outputs:
release_dir:
description: The release_dir property from integration-manifest.json
value: ${{ jobs.assign-from-json.outputs.release_dir }}
name:
description: The release_dir property from integration-manifest.json
value: ${{ jobs.assign-from-json.outputs.name }}
integration_type:
description: The release_dir property from integration-manifest.json
value: ${{ jobs.assign-from-json.outputs.integration_type }}
update_catalog:
description: The release_dir property from integration-manifest.json
value: ${{ jobs.assign-from-json.outputs.update_catalog }}
UOFramework:
description: The UOFramework property from integration-manifest.json
value: ${{ jobs.assign-from-json.outputs.UOFramework }}

jobs:
assign-from-json:
runs-on: ubuntu-latest
outputs: # Add properties to be sent to dispatched workflow(s)
release_dir: ${{ steps.read-release_dir.outputs.output-value }}
name: ${{ steps.read-name.outputs.output-value }}
integration_type: ${{ steps.read-type.outputs.output-value }}
update_catalog: ${{ steps.read-update_catalog.outputs.output-value }}
UOFramework: ${{ steps.read-UOFramework.outputs.output-value }}
description: ${{ steps.read-description.outputs.output-value }}
name: Set workflow variables from integration-manifest.json
steps:
- name: checkout-json-file
uses: keyfactor/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
path: src

- name: checkout-action
uses: keyfactor/checkout@v4
with:
repository: fiddlermikey/assign-from-json
path: tools

- name: Adding initial markdown for Summary
id: adding-initial-markdown
run: echo '### Reading integration-manifest.json' > $GITHUB_STEP_SUMMARY

- name: Read name property
uses: ./tools
id: read-name
with:
input-file: 'src/integration-manifest.json'
input-property: 'name'

- name: Read integration_type property
uses: ./tools
id: read-type
with:
input-file: 'src/integration-manifest.json'
input-property: 'integration_type'

- name: Read update_catalog property
uses: ./tools
id: read-update_catalog
with:
input-file: 'src/integration-manifest.json'
input-property: 'update_catalog'

- name: Read pam_support property
if: steps.read-type.outputs.output-value == 'orchestrator'
uses: ./tools
id: read-pam_support
with:
input-file: 'src/integration-manifest.json'
input-property: 'about.orchestrator.pam_support'
required-value: 'false'

- name: Read UOFramework property
if: steps.read-type.outputs.output-value == 'orchestrator'
uses: ./tools
id: read-UOFramework
with:
input-file: 'src/integration-manifest.json'
input-property: 'about.orchestrator.UOFramework'

- name: Read keyfactor_platform_version property
if: steps.read-type.outputs.output-value == 'orchestrator' && steps.read-pam_support.outputs.output-value == 'true'
uses: ./tools
id: read-keyfactor_platform_version
with:
input-file: 'src/integration-manifest.json'
input-property: 'about.orchestrator.keyfactor_platform_version'

- name: Read release_dir property
if: steps.read-type.outputs.output-value == 'orchestrator' || steps.read-type.outputs.output-value == 'ca-gateway' || steps.read-type.outputs.output-value == 'pam' || steps.read-type.outputs.output-value == 'anyca-plugin'
uses: ./tools
id: read-release_dir
with:
input-file: 'src/integration-manifest.json'
input-property: 'release_dir'

- name: Read description property
uses: ./tools
id: read-description
with:
input-file: 'src/integration-manifest.json'
input-property: 'description'

- name: Write variables to Summary
id: adding-final-markdown
run: |
echo "### Integration Manifest Properties:" >> $GITHUB_STEP_SUMMARY
echo "* ${{ steps.read-name.outputs.output-property }} : ${{ steps.read-name.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
echo "* ${{ steps.read-type.outputs.output-property }} : ${{ steps.read-type.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
echo "* ${{ steps.read-update_catalog.outputs.output-property }} : ${{ steps.read-update_catalog.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
if [[ "${{ steps.read-type.outputs.output-value }}" == 'orchestrator' ]]; then
echo "* ${{ steps.read-UOFramework.outputs.output-property }} : ${{ steps.read-UOFramework.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
echo "* ${{ steps.read-pam_support.outputs.output-property }} : ${{ steps.read-pam_support.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
if [[ "${{ steps.read-pam_support.outputs.output-value }}" == 'true' ]]; then
echo "* ${{ steps.read-keyfactor_platform_version.outputs.output-property }} : ${{ steps.read-keyfactor_platform_version.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
fi
fi
echo "* ${{ steps.read-release_dir.outputs.output-property }} : ${{ steps.read-release_dir.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
191 changes: 191 additions & 0 deletions .github/workflows/container-build-and-release.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,191 @@
name: Container Build

on:
workflow_call:
inputs:
release_version:
description: Condition based on release branch build
required: false
type: string
platform_list:
required: true
description: platform name from input
type: string # like linux/amd64,linux/arm64

secrets:
docker-user:
description: 'Secret token from caller workflow to access private packages'
required: true
docker-token:
description: 'Secret token from caller workflow to access private packages'
required: true

env:
REGISTRY: keyfactor

jobs:
setup:
runs-on: ubuntu-latest
outputs:
platform_matrix: ${{ steps.vars.outputs.platform_matrix }}
steps:
- name: Create an array from platform_list input
id: vars
run: echo "platform_matrix=$(jq 'split(",")' -Rc <(echo '${{ inputs.platform_list }}'))" | tee -a $GITHUB_OUTPUT | tee -a $GITHUB_STEP_SUMMARY
get-release-values:
name: Get Release Properties
runs-on: ubuntu-latest
outputs:
PUSH_IMAGE: ${{ steps.set-vars.outputs.PUSH_IMAGE }}
steps:
- name: Determine IMAGE_PUSH and VERSION
id: set-vars
run: |
if [[ ("${{ github.event_name }}" == "pull_request") && "${{ inputs.release_version }}" != "" ]]; then
echo "PUSH_IMAGE=true" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY"
echo "VERSION=${{ inputs.release_version }}" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY"
else
echo "PUSH_IMAGE=false" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY"
echo "VERSION=0.0.0" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY"
fi
run-container-build:
name: Build Containers
runs-on: ubuntu-latest
needs: [setup,get-release-values]
strategy:
fail-fast: false
matrix:
platform: ${{ fromJson(needs.setup.outputs.platform_matrix) }}

permissions:
contents: read
packages: write

steps:
- name: Prepare
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Set IMAGE_NAME
run: |
echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" | tee -a ${GITHUB_ENV}
# Checkout code
# https://github.com/keyfactor/checkout
- name: Checkout code
uses: keyfactor/checkout@v4

# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: keyfactor/[email protected]
with:
images: ${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{raw}},value=${{ inputs.release_version }}
# Set up QEMU
# https://github.com/docker/setup-qemu-action
- name: Set up QEMU
uses: keyfactor/[email protected]

# Set up BuildKit Docker container builder to be able to build
# multi-platform images and export cache
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: keyfactor/[email protected]

# Login to Docker registry
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
uses: keyfactor/[email protected]
with:
# registry: ${{ env.REGISTRY }} # Remove for dockerhub
username: ${{ secrets.docker-user }}
password: ${{ secrets.docker-token }}

# Build and push Docker image with Buildx
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build
uses: keyfactor/[email protected]
with:
context: .
platforms: ${{ matrix.platform }}
labels: ${{ steps.meta.outputs.labels }}
push: ${{ needs.get-release-values.outputs.PUSH_IMAGE == 'true' }}
outputs: type=image,name=${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true

# Export digest
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
# Upload digest
- name: Upload digest
uses: keyfactor/upload-artifact@v4
with:
name: digests-${{ env.PLATFORM_PAIR }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1

merge:
runs-on: ubuntu-latest
needs: [get-release-values, run-container-build]
steps:
- name: Set IMAGE_NAME
run: |
echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" | tee -a ${GITHUB_ENV}
echo "PUSH_IMAGE = ${{ needs.get-release-values.outputs.PUSH_IMAGE }}"
# Download digests
# https://github.com/actions/download-artifact
- name: Download digests
uses: keyfactor/[email protected]
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true

# Set up BuildKit Docker container builder to be able to build
# multi-platform images and export cache
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: keyfactor/[email protected]

# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: keyfactor/[email protected]
with:
images: ${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{raw}},value=${{ inputs.release_version }}
# Login to Docker registry
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
uses: keyfactor/[email protected]
with:
# registry: ${{ env.REGISTRY }} # Remove for dockerhub
username: ${{ secrets.docker-user }}
password: ${{ secrets.docker-token }}

# Create manifest list and push if: needs.get-release-values.outputs.PUSH_IMAGE == true
- name: Create manifest list and push
if: needs.get-release-values.outputs.PUSH_IMAGE == 'true'
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.IMAGE_NAME }}@sha256:%s ' *)
- name: Inspect image
if: needs.get-release-values.outputs.PUSH_IMAGE == 'true'
run: |
docker buildx imagetools inspect ${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
Loading

0 comments on commit 9b30b5f

Please sign in to comment.