Skip to content

update ssh role

update ssh role #99

Workflow file for this run

name: CI
on:
push:
branches: [ "main", "fresh" ]
env:
alpine: "3.20"
ansible: "10.5.0"
ansible_core: "2.17.5"
permissions:
checks: write
contents: write
packages: write
pull-requests: read
jobs:
build-base:
name: Build base image
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/fresh' }}
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to ghcr.io
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Check if Docker image exists
id: check
run: |
IMAGE_TAG="ghcr.io/${{ github.repository }}/base:${{ env.alpine }}-${{ env.ansible_core }}-${{ env.ansible }}"
if docker manifest inspect "$IMAGE_TAG" > /dev/null 2>&1; then echo "exists=yes" >> "$GITHUB_OUTPUT"; else echo "exists=no" >> "$GITHUB_OUTPUT"; fi
- name: Extract metadata (tags, labels) for Docker
if: ${{ steps.check.outputs.exists == 'no' }}
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}/base
tags: |
type=raw,value=${{ env.alpine }}-${{ env.ansible_core }}-${{ env.ansible }},enable=${{ github.ref_name == 'fresh' }}
- name: Build and push
if: ${{ steps.check.outputs.exists == 'no' }}
uses: docker/build-push-action@v6
with:
platforms: linux/amd64,linux/arm64
file: Dockerfile.base
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
ALPINE=${{ env.alpine }}
ANSIBLE=${{ env.ansible }}
ANSIBLE_CORE=${{ env.ansible_core }}
build-fresh:
name: Build ansible image (fresh)
needs: build-base
runs-on: self-hosted
if: ${{ github.ref == 'refs/heads/fresh' }}
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to ghcr.io
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository }}
registry.etke.cc/${{ github.repository }}
tags: |
type=raw,value=fresh,enable=${{ github.ref_name == 'fresh' }}
- name: Build and push
uses: docker/build-push-action@v6
with:
platforms: linux/amd64,linux/arm64
push: true
context: .
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
ALPINE=${{ env.alpine }}
ANSIBLE=${{ env.ansible }}
ANSIBLE_CORE=${{ env.ansible_core }}
sync-images:
name: Sync images
needs: build-fresh
runs-on: self-hosted
if: ${{ github.ref == 'refs/heads/fresh' }}
container:
image: ghcr.io/${{ github.repository }}:fresh
steps:
- uses: actions/checkout@v4
- name: Sync images
env:
MATRIX_TOKEN: ${{ secrets.MATRIX_TOKEN }}
MATRIX_URL_FRESH: ${{ secrets.MATRIX_URL_FRESH }}
CI_COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
run: |
apk --no-cache add skopeo parallel curl
skopeo login --username etkecc --password ${{ secrets.DOCKER_HUB_PASSWORD }} docker.io
cp -r /playbook/.config/inventory /
cd /playbook; ansible-playbook play/all.yml -l localhost -t skopeo -e target=localhost
sh play/.skopeo-parallel
./bin/ci-notify.sh
build-stable:
name: Build ansible image (stable)
runs-on: self-hosted
if: ${{ github.ref == 'refs/heads/main' }}
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to ghcr.io
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository }}
registry.etke.cc/${{ github.repository }}
tags: |
type=raw,value=latest,enable=${{ github.ref_name == 'main' }}
- name: Build and push
uses: docker/build-push-action@v6
with:
platforms: linux/amd64,linux/arm64
push: true
context: .
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
ALPINE=${{ env.alpine }}
ANSIBLE=${{ env.ansible }}
ANSIBLE_CORE=${{ env.ansible_core }}