.github/workflows/malcolm-iso-build-docker-wrap-push-ghcr.yml

name: malcolm-iso-build-docker-wrap-push-ghcr

on:
  push:
    branches:
      - main
      - development
    paths:
      - 'malcolm-iso/**'
      - 'shared/bin/*'
      - '.trigger_workflow_build'
  workflow_dispatch:
  repository_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      actions: write
      packages: write
      contents: read
    defaults:
      run:
        shell: bash
    steps:
      -
        name: Cancel previous run in progress
        uses: styfle/cancel-workflow-action@0.9.1
        with:
          ignore_sha: true
          all_but_latest: true
          access_token: ${{ secrets.GITHUB_TOKEN }}
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Build environment setup
        run: |
          sudo apt-get -q update
          sudo env DEBIAN_FRONTEND=noninteractive apt-get install -t focal-backports --no-install-recommends -y -q \
               apt-transport-https \
               bc \
               build-essential \
               ca-certificates \
               curl \
               debhelper-compat \
               debian-archive-keyring \
               debootstrap \
               genisoimage \
               gettext \
               git \
               gnupg2 \
               imagemagick \
               jq \
               pandoc \
               po4a \
               rsync \
               software-properties-common \
               squashfs-tools \
               virt-what \
               xorriso
            git clone --depth=1 --single-branch --recurse-submodules --shallow-submodules --branch='debian/1%20210407' 'https://salsa.debian.org/live-team/live-build.git' /tmp/live-build
            cd /tmp/live-build
            dpkg-buildpackage -b -uc -us
            sudo dpkg -i /tmp/live-build*.deb
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Extract branch name
        shell: bash
        run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
        id: extract_branch
      -
        name: Extract short hash
        shell: bash
        run: echo "##[set-output name=hash;]$(git rev-parse --short $GITHUB_SHA)"
        id: extract_short_hash
      -
        name: Extract Malcolm version
        shell: bash
        run: echo "##[set-output name=mversion;]$(grep -P "^\s+image:\s*malcolm" docker-compose.yml | awk '{print $2}' | cut -d':' -f2 | uniq -c | sort -nr | awk '{print $2}' | head -n 1)"
        id: extract_malcolm_version
      -
        name: Build image
        run: |
          IMAGES=( $(grep image: docker-compose.yml | awk '{print $2}') )
          for IMAGE in "${IMAGES[@]}"; do
            REPO_IMAGE="$(echo "$IMAGE" | sed "s@^\(malcolmnetsec\)@ghcr.io/${{ github.repository_owner }}/\1@" | sed "s/:.*/:${{ steps.extract_branch.outputs.branch }}/")"
            docker pull "$REPO_IMAGE" && \
              docker tag "$REPO_IMAGE" "$IMAGE" && \
              docker rmi "$REPO_IMAGE"
          done
          DEST_IMAGES_TGZ=$(pwd)/malcolm_"$(date +%Y.%m.%d_%H:%M:%S)"_${{ steps.extract_short_hash.outputs.hash }}_images.tar.gz
          docker save "${IMAGES[@]}" | gzip > "$DEST_IMAGES_TGZ"
          pushd ./malcolm-iso
          sudo /usr/bin/env bash ./build.sh -d "$DEST_IMAGES_TGZ"
          rm -rf ./shared/
          sudo chmod 644 ./malcolm-*.*
          popd
      -
        name: ghcr.io login
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      -
        name: Build and push ISO image
        uses: docker/build-push-action@v2
        with:
          context: ./malcolm-iso
          push: true
          tags: ghcr.io/${{ github.repository_owner }}/malcolmnetsec/malcolm:${{ steps.extract_branch.outputs.branch }}