Merge pull request #1336 from stackhpc/trivy-fix-2023.1 #394
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# This reusable workflow builds a Kayobe container image using the Dockerfile | |
# in kayobe-automation, then pushes it to a registry. | |
name: Build kayobe image | |
on: | |
push: | |
branches: | |
# NOTE(upgrade): Reference only the current release branch here. | |
- stackhpc/2023.1 | |
workflow_call: | |
inputs: | |
http_proxy: | |
type: string | |
required: false | |
https_proxy: | |
type: string | |
required: false | |
no_proxy: | |
type: string | |
required: false | |
base_image: | |
type: string | |
required: false | |
default: "rockylinux:9" | |
if: | |
description: Whether to run the workflow (workaround for required status checks issue) | |
type: boolean | |
default: true | |
outputs: | |
kayobe_image: | |
description: Reference of Kayobe image that was built | |
value: ${{ jobs.build-kayobe-image.outputs.kayobe_image }} | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
jobs: | |
build-kayobe-image: | |
name: Build kayobe image | |
if: inputs.if || github.repository == 'stackhpc/stackhpc-kayobe-config' && github.event_name == 'push' | |
runs-on: ubuntu-20.04 | |
permissions: | |
contents: read | |
packages: write | |
outputs: | |
kayobe_image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- name: Checkout kayobe config | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver-opts: | | |
image=moby/buildkit:master | |
env.http_proxy=${{ env.http_proxy }} | |
env.https_proxy=${{ env.https_proxy }} | |
# Doesn't like commas: invalid value "127.0.0.1", expecting k=v | |
# env.no_proxy='${{ env.no_proxy }}' | |
env: | |
http_proxy: ${{ inputs.http_proxy }} | |
https_proxy: ${{ inputs.https_proxy }} | |
no_proxy: ${{ inputs.no_proxy }} | |
# Setting KAYOBE_USER_UID and KAYOBE_USER_GID to 1001 to match docker's defaults | |
# so that docker can run as a privileged user within the Kayobe image. | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v5 | |
with: | |
file: ./.automation/docker/kayobe/Dockerfile | |
context: . | |
build-args: | | |
http_proxy=${{ inputs.http_proxy }} | |
https_proxy=${{ inputs.https_proxy }} | |
BASE_IMAGE=${{ inputs.base_image || 'rockylinux:9' }} | |
KAYOBE_USER_UID=1001 | |
KAYOBE_USER_GID=1001 | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Send message to Slack via Workflow Builder | |
uses: slackapi/[email protected] | |
with: | |
payload: | | |
{ | |
"channel-id": "${{ env.SLACK_CHANNEL_ID }}", | |
"inputs": "${{ env.INPUTS }}", | |
"message": "${{ env.MESSAGE }}", | |
"results-url": "${{ env.RESULTS_URL }}", | |
"workflow-url": "${{ env.WORKFLOW_URL }}" | |
} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
# #release-train-alerts | |
SLACK_CHANNEL_ID: C03B28HRP53 | |
INPUTS: >- | |
branch: ${{ github.ref_name }} | |
MESSAGE: "SKC Build Kayobe Image workflow failed :sob:" | |
RESULTS_URL: "N/A" | |
WORKFLOW_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
if: failure() && github.event_name == 'push' |