(TEST) WIP POC 🌱 Add process to build the images for kube-rbac-proxy and publish in GitHub registry #9
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow updates kube-rbac-proxy images in GHCR by retagging images from quay.io/brancz/kube-rbac-proxy. | |
| # Steps: | |
| # 1. Checks if specified version images already exist in GHCR to avoid redundancy. | |
| # 2. For new versions, pulls the base image from quay.io/brancz/kube-rbac-proxy without considering architecture. | |
| # 3. Pushes this image to GHCR, ensuring it's available for all required architectures (amd64, arm64, ppc64le, s390x). | |
| # 4. Creates and pushes a multi-architecture manifest for each version in GHCR, enabling architecture-agnostic pulls. | |
| name: Build and Push Kube RBAC Proxy Image | |
| on: | |
| # push: | |
| # branches: | |
| # - master | |
| pull_request: | |
| branches: | |
| - master | |
| # paths: | |
| # - 'hack/release/kube-rbac-proxy/images-versions.yaml' | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| kube-rbac-proxy-release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU and Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install yq for YAML processing | |
| run: sudo snap install yq | |
| - name: Pull, Tag, and Push Images | |
| run: | | |
| ARCHES=("amd64" "arm64" "ppc64le" "s390x") | |
| VERSIONS=$(yq e '.versions[]' hack/release/kube-rbac-proxy/images-versions.yaml) | |
| for VERSION in $VERSIONS; do | |
| # Check if the multi-architecture manifest already exists | |
| MANIFEST_EXISTS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "https://ghcr.io/v2/kubernetes-sigs/kubebuilder/kube-rbac-proxy/manifests/$VERSION") | |
| if [ "$MANIFEST_EXISTS" -eq 200 ]; then | |
| echo "Manifest for version $VERSION already exists. Skipping..." | |
| continue | |
| fi | |
| for ARCH in "${ARCHES[@]}"; do | |
| SOURCE_IMAGE_TAG="quay.io/brancz/kube-rbac-proxy:$VERSION" | |
| TARGET_IMAGE_TAG="ghcr.io/kubernetes-sigs/kubebuilder/kube-rbac-proxy:$VERSION-$ARCH" | |
| docker pull $SOURCE_IMAGE_TAG | |
| docker tag $SOURCE_IMAGE_TAG $TARGET_IMAGE_TAG | |
| docker push $TARGET_IMAGE_TAG | |
| done | |
| # Create and push a multi-architecture manifest | |
| TARGET_IMAGE_TAG="ghcr.io/kubernetes-sigs/kubebuilder/kube-rbac-proxy:$VERSION" | |
| docker manifest create $TARGET_IMAGE_TAG $(printf "ghcr.io/kubernetes-sigs/kubebuilder/kube-rbac-proxy:$VERSION-%s " "${ARCHES[@]}") | |
| for ARCH in "${ARCHES[@]}"; do | |
| docker manifest annotate $TARGET_IMAGE_TAG "ghcr.io/kubernetes-sigs/kubebuilder/kube-rbac-proxy:$VERSION-$ARCH" --arch $ARCH | |
| done | |
| docker manifest push $TARGET_IMAGE_TAG | |
| done | |
| shell: bash | |
| env: | |
| DOCKER_CLI_EXPERIMENTAL: enabled |