Skip to content

Merge pull request #99 from Keyfactor/azurekeyvault-orchestrator #66

Merge pull request #99 from Keyfactor/azurekeyvault-orchestrator

Merge pull request #99 from Keyfactor/azurekeyvault-orchestrator #66

Workflow file for this run

name: Build and Release Container
on:
release:
types: [released]
push:
branches:
- '*'
env:
REGISTRY: ghcr.io
jobs:
build:
name: Build Containers
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform:
- linux/386
- linux/amd64
- linux/arm/v6
- linux/arm/v7
- linux/arm64/v8
- linux/ppc64le
- linux/s390x
permissions:
contents: read
packages: write
steps:
- name: Set IMAGE_NAME
run: |
echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
# Checkout code
# https://github.com/actions/checkout
- name: Checkout code
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
# Extract metadata (tags, labels) for Docker
# If the pull request is not merged, do not include the edge tag and only include the sha tag.
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern=v{{version}}
type=sha
# Set up QEMU
# https://github.com/docker/setup-qemu-action
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
# Set up BuildKit Docker container builder to be able to build
# multi-platform images and export cache
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
# Login to Docker registry
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Build and push Docker image with Buildx
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
context: .
platforms: ${{ matrix.platform }}
labels: ${{ env.DOCKER_METADATA_OUTPUT_LABELS }}
push: true
outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true
# Export digest
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
# Upload digest
- name: Upload digest
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: digests
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
name: Merge Container Manifests
runs-on: ubuntu-latest
needs:
- build
steps:
- name: Set IMAGE_NAME
run: |
echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
# Download digests
# https://github.com/actions/download-artifact
- name: Download digests
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: digests
path: /tmp/digests
# Set up BuildKit Docker container builder to be able to build
# multi-platform images and export cache
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
# Extract metadata (tags, labels) for Docker
# If the pull request is not merged, do not include the edge tag and only include the sha tag.
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern=v{{version}}
type=sha
# Login to Docker registry
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Create manifest list and push
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
# Base command to create a manifest list with the selected tag(s) and push
CMD="docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)"
# If the branch is 'release-*', add the 'edge' tag
if [[ "${{ github.ref }}" == refs/heads/release-* ]]; then
CMD="$CMD -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:edge"
fi
# Execute the command
eval "$CMD"
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DOCKER_METADATA_OUTPUT_VERSION }}