Update images digests (#1608) #1762
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- README.md | |
- withdrawn-images.txt | |
- withdrawn-repos.txt | |
schedule: | |
- cron: '0 0 * * *' | |
workflow_dispatch: | |
inputs: | |
only: | |
description: 'Specific image name to build' | |
type: string | |
required: false | |
default: '' | |
concurrency: release | |
jobs: | |
generate-matrix: | |
runs-on: ubuntu-latest | |
outputs: | |
shard-0: ${{ steps.generate-matrix-0.outputs.matrix }} | |
unique-images-shard-0: ${{ steps.generate-matrix-0.outputs.matrix-unique-images }} | |
steps: | |
- uses: actions/checkout@v4 # v3.5.2 | |
# On push to main branch, only build images necessary | |
- id: files | |
if: ${{ github.event_name != 'schedule' && github.event_name != 'workflow_dispatch' }} | |
uses: tj-actions/changed-files@db153baf731265ad02cd490b07f470e2d55e3345 # v39.2.1 | |
with: | |
separator: ',' | |
- id: build-filter | |
run: | | |
set -xe | |
TMP=$(mktemp) | |
# For manual builds, build only the image requested | |
[[ "${{ github.event_name }}" != "workflow_dispatch" || "${{ inputs.only }}" == "" ]] || echo -n 'images/${{ inputs.only }}/image.yaml' > "${TMP}" | |
# On push to main branch, only build images necessary | |
[[ "${{ github.event_name }}" == "schedule" || "${{ github.event_name }}" == "workflow_dispatch" ]] || echo -n '${{ steps.files.outputs.all_changed_files }}' > "${TMP}" | |
echo "filter=$(cat "${TMP}")" >> $GITHUB_OUTPUT | |
- id: generate-matrix-0 | |
uses: ./.github/actions/generate-matrix | |
with: | |
shard: 0 | |
sharding-factor: 1 | |
modified-files: ${{ steps.build-filter.outputs.filter }} | |
build-0: | |
runs-on: ubuntu-latest | |
needs: [generate-matrix] | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJson(needs.generate-matrix.outputs.shard-0) }} | |
permissions: | |
id-token: write | |
packages: write | |
contents: read | |
actions: read | |
steps: | |
# In some cases, we runs out of disk space during tests, so this hack frees up approx 10G. | |
# See the following issue for more info: https://github.com/actions/runner-images/issues/2840#issuecomment-1284059930 | |
- name: Free up runner disk space | |
shell: bash | |
run: | | |
set -x | |
sudo rm -rf /usr/share/dotnet | |
sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
- uses: actions/checkout@v4 # v3.5.2 | |
- id: release-image-inputs | |
name: Add additional inputs for release-image action | |
uses: chainguard-dev/actions/matrix-extra-inputs@main | |
with: | |
matrix-json: ${{ toJSON(matrix) }} | |
env: | |
# This allows chainguard-images/images to publish images to cgr.dev/chainguard | |
# We maintain this identity here: | |
# https://github.com/chainguard-dev/mono/blob/main/env/chainguard-images/iac/images-pusher.tf | |
EXTRA_INPUT_CHAINGUARD_IDENTITY: 720909c9f5279097d847ad02a2f24ba8f59de36a/b6461e99e132298f | |
EXTRA_INPUT_TARGET_REPOSITORY: cgr.dev/chainguard | |
EXTRA_INPUT_APKO_IMAGE: ghcr.io/wolfi-dev/apko:latest@sha256:2af07abf691c0da2226076b90cbbcbb38462ca8fbe61320d9eaeb278f18b0eaa | |
- uses: chainguard-dev/actions/setup-k3d@main | |
with: | |
k3s-image: cgr.dev/chainguard/k3s:latest@sha256:5bf7e7eebcff66a03f360511155b90732dd2b9ebcf4079bbf0c3d9501d717ddc | |
# Disable creating new version tags. | |
- run: | | |
# temporarily generate tags for these modules | |
if [[ "${{ matrix.imageName }}" != "busybox" ]] && \ | |
[[ "${{ matrix.imageName }}" != "jre" ]] && \ | |
[[ "${{ matrix.imageName }}" != "node" ]] && \ | |
[[ "${{ matrix.imageName }}" != "minio" ]] && \ | |
[[ "${{ matrix.imageName }}" != "rqlite" ]] && \ | |
[[ "${{ matrix.imageName }}" != "dex" ]]; then | |
echo "TF_APKO_DISABLE_VERSION_TAGS=true" >> $GITHUB_ENV | |
fi | |
- uses: ./.github/actions/release-image-terraform | |
with: ${{ fromJSON(steps.release-image-inputs.outputs.matrix-json) }} | |
- name: Collect diagnostics and upload | |
if: ${{ failure() }} | |
uses: chainguard-dev/actions/k8s-diag@main | |
with: | |
cluster-type: k3d | |
- uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 | |
if: ${{ failure() && github.event_name == 'schedule' }} | |
with: | |
payload: '{"text": "[images] release failed ${{ matrix.imageName }}: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.DISTROLESS_SLACK_WEBHOOK }} | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK |