v0.0.92 #96
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Push Stack Image | |
| on: | |
| release: | |
| types: | |
| - published | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Version of the stack to push' | |
| required: false | |
| env: | |
| REGISTRIES_FILEPATH: "registries.json" | |
| GCR_REGISTRY: "gcr.io" | |
| GCR_USERNAME: "_json_key" | |
| jobs: | |
| preparation: | |
| name: Preparation | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| DOCKERHUB_ORG: ${{ steps.set-dockerhub-org-namespace.outputs.DOCKERHUB_ORG }} | |
| push_to_gcr: ${{ steps.parse_configs.outputs.push_to_gcr }} | |
| push_to_dockerhub: ${{ steps.parse_configs.outputs.push_to_dockerhub }} | |
| tag: ${{ steps.event.outputs.tag }} | |
| registry_repo_name: ${{ steps.registry-repo.outputs.name }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Parse Event | |
| id: event | |
| run: | | |
| set -euo pipefail | |
| shopt -s inherit_errexit | |
| # If the workflow has been triggered from dispatch event | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| echo "tag=${{ github.event.inputs.version }}" >> "$GITHUB_OUTPUT" | |
| else #The workflow has been triggered from publish event | |
| echo "tag=$(jq -r '.release.tag_name' "${GITHUB_EVENT_PATH}" | sed s/^v//)" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Get Registry Repo Name | |
| id: registry-repo | |
| run: | | |
| # Strip off 'stack' suffix from repo name | |
| # some-name-stack --> some-name | |
| echo "name=$(echo "${{ github.repository }}" | sed 's/^.*\///' | sed 's/\-stack$//')" >> "$GITHUB_OUTPUT" | |
| - name: Set matrix | |
| id: set-matrix | |
| run: | | |
| # Strip off the org and slash from repo name | |
| # paketo-buildpacks/repo-name --> repo-name | |
| repo_name=$(echo "${{ github.repository }}" | sed 's/^.*\///') | |
| release_version="${{ steps.event.outputs.tag }}" | |
| release_info=$(curl -s "https://api.github.com/repos/${{ github.repository }}/releases/tags/v${release_version}") | |
| asset_prefix="${repo_name}-${release_version}-" | |
| oci_images=$(echo $release_info | jq -c --arg asset_prefix "$asset_prefix" '[ .assets[] | select(.name | endswith(".oci")) | {name: (.name | split(".oci") | .[0] | split($asset_prefix) | .[1]), url}]') | |
| printf "matrix=%s\n" "${oci_images}" | |
| printf "matrix=%s\n" "${oci_images}" >> "$GITHUB_OUTPUT" | |
| - name: Set DOCKERHUB_ORG namespace | |
| id: set-dockerhub-org-namespace | |
| run: | | |
| echo "DOCKERHUB_ORG=${GITHUB_REPOSITORY_OWNER//-/}" >> "$GITHUB_OUTPUT" | |
| - name: Parse Configs | |
| id: parse_configs | |
| run: | | |
| registries_filepath="${{ env.REGISTRIES_FILEPATH }}" | |
| push_to_dockerhub=true | |
| push_to_gcr=true | |
| if [[ -f $registries_filepath ]]; then | |
| if jq 'has("dockerhub")' $registries_filepath > /dev/null; then | |
| push_to_dockerhub=$(jq '.dockerhub' $registries_filepath) | |
| fi | |
| if jq 'has("GCR")' $registries_filepath > /dev/null; then | |
| push_to_gcr=$(jq '.GCR' $registries_filepath) | |
| fi | |
| fi | |
| echo "push_to_dockerhub=${push_to_dockerhub}" >> "$GITHUB_OUTPUT" | |
| echo "push_to_gcr=${push_to_gcr}" >> "$GITHUB_OUTPUT" | |
| push: | |
| name: Push | |
| runs-on: ubuntu-22.04 | |
| needs: preparation | |
| strategy: | |
| max-parallel: 4 | |
| matrix: | |
| oci_image: ${{ fromJSON(needs.preparation.outputs.matrix) }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Download ${{ matrix.oci_image.name }} Image | |
| uses: paketo-buildpacks/github-config/actions/release/download-asset@main | |
| with: | |
| url: "${{ matrix.oci_image.url }}" | |
| output: "./${{ matrix.oci_image.name }}.oci" | |
| token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} | |
| - name: Docker login docker.io | |
| uses: docker/login-action@v3 | |
| if: ${{ needs.preparation.outputs.push_to_dockerhub == 'true' }} | |
| with: | |
| username: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }} | |
| registry: docker.io | |
| - name: Docker login gcr.io | |
| uses: docker/login-action@v3 | |
| if: ${{ needs.preparation.outputs.push_to_gcr == 'true' }} | |
| with: | |
| username: ${{ env.GCR_USERNAME }} | |
| password: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }} | |
| registry: ${{ env.GCR_REGISTRY }} | |
| - name: Push ${{ matrix.oci_image.name }} Image to registries | |
| id: push | |
| env: | |
| DOCKERHUB_ORG: "${{ needs.preparation.outputs.DOCKERHUB_ORG }}" | |
| GCR_PROJECT: "${{ github.repository_owner }}" | |
| run: | | |
| # Ensure other scripts can access the .bin directory to install their own | |
| # tools after we install them as whatever user we are. | |
| mkdir -p ./.bin/ | |
| chmod 777 ./.bin/ | |
| ./scripts/publish.sh \ | |
| --image-ref "docker.io/${DOCKERHUB_ORG}/${{ matrix.oci_image.name }}-${{ needs.preparation.outputs.registry_repo_name }}:${{ needs.preparation.outputs.tag }}" \ | |
| --image-ref "docker.io/${DOCKERHUB_ORG}/${{ matrix.oci_image.name }}-${{ needs.preparation.outputs.registry_repo_name }}:latest" \ | |
| --image-archive "./${{ matrix.oci_image.name }}.oci" | |
| if [ "${{ needs.preparation.outputs.push_to_gcr }}" = "true" ]; then | |
| platforms=$(docker manifest inspect "docker.io/${DOCKERHUB_ORG}/${{ matrix.oci_image.name }}-${{ needs.preparation.outputs.registry_repo_name }}:${{ needs.preparation.outputs.tag }}" | | |
| jq -r '[.manifests[].platform] | [.[] | .os + "/" + .architecture] | join(",")') | |
| echo "FROM docker.io/${DOCKERHUB_ORG}/${{ matrix.oci_image.name }}-${{ needs.preparation.outputs.registry_repo_name }}:${{ needs.preparation.outputs.tag }}" | \ | |
| docker buildx build -f - . \ | |
| --tag "${{ env.GCR_REGISTRY }}/${GCR_PROJECT}/${{ matrix.oci_image.name }}-${{ needs.preparation.outputs.registry_repo_name }}:${{ needs.preparation.outputs.tag }}" \ | |
| --tag "${{ env.GCR_REGISTRY }}/${GCR_PROJECT}/${{ matrix.oci_image.name }}-${{ needs.preparation.outputs.registry_repo_name }}:latest" \ | |
| --platform "$platforms" \ | |
| --provenance=false \ | |
| --push | |
| fi | |
| # If the repository name contains 'bionic', let's push it to legacy image locations as well: | |
| # paketobuildpacks/{build/run}:{version}-{variant} | |
| # paketobuildpacks/{build/run}:{version}-{variant}-cnb | |
| # paketobuildpacks/{build/run}:{variant}-cnb | |
| # paketobuildpacks/{build/run}:{variant} | |
| registry_repo="${{ needs.preparation.outputs.registry_repo_name }}" | |
| if [[ ${registry_repo} == "bionic"-* ]]; | |
| then | |
| # Strip the final part from a repo name after the `-` | |
| # bionic-tiny --> tiny | |
| variant="${registry_repo#bionic-}" | |
| sudo skopeo copy "oci-archive:./${{ matrix.oci_image.name }}.oci" "docker://${DOCKERHUB_ORG}/${{ matrix.oci_image.name }}:${{ steps.event.outputs.tag }}-${variant}" | |
| sudo skopeo copy "oci-archive:./${{ matrix.oci_image.name }}.oci" "docker://${DOCKERHUB_ORG}/${{ matrix.oci_image.name }}:${{ steps.event.outputs.tag }}-${variant}-cnb" | |
| sudo skopeo copy "oci-archive:./${{ matrix.oci_image.name }}.oci" "docker://${DOCKERHUB_ORG}/${{ matrix.oci_image.name }}:${variant}-cnb" | |
| sudo skopeo copy "oci-archive:./${{ matrix.oci_image.name }}.oci" "docker://${DOCKERHUB_ORG}/${{ matrix.oci_image.name }}:${variant}" | |
| sudo skopeo copy "docker://${DOCKERHUB_ORG}/${{ matrix.oci_image.name }}:${variant}-cnb" "docker://gcr.io/${GCR_PROJECT}/${{ matrix.oci_image.name }}:${variant}-cnb" | |
| fi | |
| failure: | |
| name: Alert on Failure | |
| runs-on: ubuntu-22.04 | |
| needs: [push] | |
| if: ${{ always() && needs.push.result == 'failure' }} | |
| steps: | |
| - name: File Failure Alert Issue | |
| uses: paketo-buildpacks/github-config/actions/issue/file@main | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| repo: ${{ github.repository }} | |
| label: "failure:push" | |
| comment_if_exists: true | |
| issue_title: "Failure: Push Image workflow" | |
| issue_body: | | |
| Push Image workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}). | |
| Please take a look to ensure CVE patches can be released. (cc @paketo-buildpacks/stacks-maintainers). | |
| comment_body: | | |
| Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} |