From 566134ae579e71748620858f9ecde6a682359540 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Tue, 6 Jun 2023 15:28:46 +0200 Subject: [PATCH 1/2] Tweak release action to use semver, limit publish to repo owner MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé (cherry picked from commit 2445d6d053a9b6b259222a17502071148e36583d) --- .github/workflows/publish.yml | 93 +++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..0ca8721a --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,93 @@ +name: Publish VC-AuthN Image +run-name: Publish VC-AuthN ${{ inputs.tag || github.event.release.tag_name }} Image +on: + release: + types: [published] + + workflow_dispatch: + inputs: + tag: + description: "Image tag" + required: true + type: string + platforms: + description: "Platforms - Comma separated list of the platforms to support." + required: true + default: linux/amd64 + type: string + ref: + description: "Optional - The branch, tag or SHA to checkout." + required: false + type: string + +env: + PLATFORMS: ${{ inputs.platforms || 'linux/amd64,linux/arm64' }} + +jobs: + publish-image: + if: github.repository_owner == 'bcgov' + strategy: + fail-fast: false + + name: Publish VC-AuthN Image + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v3 + with: + ref: ${{ inputs.ref || '' }} + + - name: Gather image info + id: info + run: | + echo "repo-owner=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_OUTPUT + + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to the GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Setup Image Metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: | + ghcr.io/${{ steps.info.outputs.repo-owner }}/vc-authn-oidc + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=sha + + - name: Build and Push Image to ghcr.io + uses: docker/build-push-action@v3 + with: + push: true + context: . + file: docker/oidc-controller/Dockerfile + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + target: main + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + platforms: ${{ env.PLATFORMS }} + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache From db287d6d03f00a7a1332532c126d4b4f837e4be7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Wed, 7 Jun 2023 14:38:43 +0200 Subject: [PATCH 2/2] Re-introduce pr ref for tagging Docker image on release action MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- .github/workflows/publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0ca8721a..9580b830 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -69,6 +69,7 @@ jobs: tags: | type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} + type=ref,event=pr type=sha - name: Build and Push Image to ghcr.io