0.6.0-prerelease-2 #108
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: push-docker-images-release | |
on: | |
release: | |
types: [published] | |
workflow_dispatch: | |
env: | |
CARGO_TERM_COLOR: always | |
DOCKER_BUILDKIT: 1 | |
jobs: | |
push-containers: | |
permissions: | |
id-token: "write" | |
contents: "read" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- run: echo "GIT_REVISION=$(git describe --always --dirty=-modified)" >> $GITHUB_ENV | |
# See https://github.com/google-github-actions/auth#authenticating-to-container-registry-and-artifact-registry | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver: docker-container | |
use: true | |
- name: Get the version | |
id: get_version | |
run: echo VERSION=${GITHUB_REF/refs\/tags\//} | tee -a $GITHUB_OUTPUT | tee -a $GITHUB_ENV | |
- name: Build | |
uses: docker/[email protected] | |
with: | |
files: docker-bake.hcl | |
workdir: . | |
targets: release | |
load: true | |
# Note that we can't push all tags simultaneously, since we use two | |
# different sets of credentials on us-west2-docker.pkg.dev. Instead, we | |
# save all images locally first, and then push to one repository at a | |
# time. | |
- id: "gcp-auth-private" | |
name: "Authenticate to GCP (private repositories)" | |
uses: "google-github-actions/auth@v1" | |
with: | |
workload_identity_provider: ${{ vars.GCP_ARTIFACT_PUBLISHER_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ vars.GCP_ARTIFACT_PUBLISHER_DEPLOY_SERVICE_ACCOUNT }} | |
token_format: "access_token" | |
access_token_lifetime: "3600s" | |
access_token_scopes: "https://www.googleapis.com/auth/cloud-platform" | |
- uses: "docker/login-action@v3" | |
with: | |
registry: "us-west2-docker.pkg.dev" | |
username: "oauth2accesstoken" | |
password: ${{ steps.gcp-auth-private.outputs.access_token }} | |
- run: docker push us-west2-docker.pkg.dev/janus-artifacts/janus/janus_aggregator:${{ steps.get_version.outputs.VERSION }} | |
- run: docker push us-west2-docker.pkg.dev/janus-artifacts/janus/janus_aggregation_job_creator:${{ steps.get_version.outputs.VERSION }} | |
- run: docker push us-west2-docker.pkg.dev/janus-artifacts/janus/janus_aggregation_job_driver:${{ steps.get_version.outputs.VERSION }} | |
- run: docker push us-west2-docker.pkg.dev/janus-artifacts/janus/janus_collection_job_driver:${{ steps.get_version.outputs.VERSION }} | |
- run: docker push us-west2-docker.pkg.dev/janus-artifacts/janus/janus_cli:${{ steps.get_version.outputs.VERSION }} | |
- run: docker push us-west2-docker.pkg.dev/janus-artifacts/janus/janus_interop_client:${{ steps.get_version.outputs.VERSION }} | |
- run: docker push us-west2-docker.pkg.dev/janus-artifacts/janus/janus_interop_aggregator:${{ steps.get_version.outputs.VERSION }} | |
- run: docker push us-west2-docker.pkg.dev/janus-artifacts/janus/janus_interop_collector:${{ steps.get_version.outputs.VERSION }} | |
- id: "gcp-auth-public" | |
name: "Authenticate to GCP (public repositories)" | |
uses: "google-github-actions/auth@v1" | |
with: | |
workload_identity_provider: ${{ vars.GCP_PUBLIC_ARTIFACT_PUBLISHER_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ vars.GCP_PUBLIC_ARTIFACT_PUBLISHER_DEPLOY_SERVICE_ACCOUNT }} | |
token_format: "access_token" | |
access_token_lifetime: "3600s" | |
access_token_scopes: "https://www.googleapis.com/auth/cloud-platform" | |
- uses: "docker/login-action@v3" | |
with: | |
registry: "us-west2-docker.pkg.dev" | |
username: "oauth2accesstoken" | |
password: ${{ steps.gcp-auth-public.outputs.access_token }} | |
- run: docker push us-west2-docker.pkg.dev/divviup-artifacts-public/janus/janus_aggregator:${{ steps.get_version.outputs.VERSION }} | |
- run: docker push us-west2-docker.pkg.dev/divviup-artifacts-public/janus/janus_aggregation_job_creator:${{ steps.get_version.outputs.VERSION }} | |
- run: docker push us-west2-docker.pkg.dev/divviup-artifacts-public/janus/janus_aggregation_job_driver:${{ steps.get_version.outputs.VERSION }} | |
- run: docker push us-west2-docker.pkg.dev/divviup-artifacts-public/janus/janus_collection_job_driver:${{ steps.get_version.outputs.VERSION }} | |
- run: docker push us-west2-docker.pkg.dev/divviup-artifacts-public/janus/janus_cli:${{ steps.get_version.outputs.VERSION }} | |
- run: docker push us-west2-docker.pkg.dev/divviup-artifacts-public/janus/janus_interop_client:${{ steps.get_version.outputs.VERSION }} | |
- run: docker push us-west2-docker.pkg.dev/divviup-artifacts-public/janus/janus_interop_aggregator:${{ steps.get_version.outputs.VERSION }} | |
- run: docker push us-west2-docker.pkg.dev/divviup-artifacts-public/janus/janus_interop_collector:${{ steps.get_version.outputs.VERSION }} |