ci(go-build): Add Docker authentication and push to DockerHub

[FavourDaniel]

Features

• Add Docker authentication and push to DockerHub

Summary by CodeRabbit

• New Features
  • Introduced a new input parameter, PROVIDERS, allowing users to specify multiple cloud providers for Docker image builds.
  • Enhanced workflow flexibility by supporting dynamic handling of various cloud environments.
  • Required secrets DOCKERHUB_USERNAME and DOCKERHUB_TOKEN for improved security during builds.
• Improvements
  • Streamlined workflow by removing unnecessary steps, simplifying the build process.

[coderabbitai]

Walkthrough

The changes introduce a new input parameter, PROVIDERS, in the GitHub Actions workflow for building Docker images. This parameter allows users to specify a comma-separated list of cloud providers, enhancing the workflow's flexibility. The job logic has been updated to read the PROVIDERS input, iterating over each specified provider and dynamically handling the execution of MAKE commands for Docker operations. Additionally, new secrets for Docker Hub credentials have been added to support the updated workflow requirements.

Changes

File	Change Summary
.github/workflows/go-build.yaml	Added PROVIDERS input parameter; included required secrets DOCKERHUB_USERNAME and DOCKERHUB_TOKEN; updated job logic to dynamically handle Docker operations for specified providers. Removed gcp-auth and sdk-install steps.

Poem

In the meadow where clouds drift high,
A rabbit hops with a gleam in his eye.
With providers now in a list so neat,
Building Docker images is quite the treat!
Flexibility blooms, like flowers in spring,
Oh, what joy these changes will bring! 🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between c98a35e and 207d3b9.

📒 Files selected for processing (1)

• .github/workflows/go-build.yaml (2 hunks)

🧰 Additional context used

actionlint

.github/workflows/go-build.yaml

95-95: shellcheck reported issue in this script: SC2086:info:4:22: Double quote to prevent globbing and word splitting

(shellcheck)

🔇 Additional comments not posted (4)

.github/workflows/go-build.yaml (4)

30-33: LGTM: New PROVIDERS input parameter added correctly.

The addition of the PROVIDERS input parameter is well-implemented and aligns with the PR objective of updating the workflow for multi-provider support. The parameter is correctly typed as a required string and includes a clear description.

---

89-94: LGTM: Environment variables for multi-provider support added correctly.

The addition of environment variables for GCP and Docker Hub credentials in the docker-manifest step is well-implemented. This change supports the multi-provider functionality and aligns with the PR objective of enabling Docker authentication and pushing to Docker Hub. Sensitive information is correctly handled using secrets.

---

Line range hint 30-100: Summary: Multi-provider support successfully implemented.

The changes in this PR successfully implement multi-provider support for Docker authentication and pushing to Docker Hub, aligning well with the stated PR objectives. Key improvements include:

1. Addition of the PROVIDERS input parameter.
2. Implementation of multi-provider logic in the docker-manifest step.
3. Addition of necessary environment variables for GCP and Docker Hub authentication.

These changes enhance the workflow's flexibility and functionality. With the suggested fix for the potential word splitting issue, this implementation provides a robust solution for handling multiple providers in the go-build workflow.

🧰 Tools

actionlint

95-95: shellcheck reported issue in this script: SC2086:info:4:22: Double quote to prevent globbing and word splitting

(shellcheck)

---

96-100: ⚠️ Potential issue

Fix potential word splitting issue in the $MAKE command.

The implementation of multi-provider support is well-done. However, there's a potential issue with word splitting in the $MAKE command on line 99. To fix this, wrap the $provider variable in double quotes:

- $MAKE docker-login-$provider docker-push docker-manifest DOCKER_BASE_IMAGES='${{ inputs.DOCKER_BASE_IMAGES }}' DOCKER_DOCKERFILE_PATH="${{ inputs.DOCKER_DOCKERFILE_PATH }}"
+ $MAKE docker-login-"$provider" docker-push docker-manifest DOCKER_BASE_IMAGES='${{ inputs.DOCKER_BASE_IMAGES }}' DOCKER_DOCKERFILE_PATH="${{ inputs.DOCKER_DOCKERFILE_PATH }}"

This ensures that the $provider variable is properly expanded and passed as a single argument to the $MAKE command.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (2)

.github/workflows/go-build.yaml (2)

35-38: LGTM: Docker Hub secrets added.

The addition of DOCKERHUB_USERNAME and DOCKERHUB_TOKEN secrets is appropriate for Docker Hub authentication. Marking them as required ensures they are always provided when needed.

Consider using a consistent naming convention for secrets across different providers. For example, you could use DOCKER_USERNAME and DOCKER_TOKEN to make it more generic if you plan to support other Docker registries in the future.

---

94-99: LGTM: Environment variables added for multi-provider support.

The addition of environment variables for GCP and Docker Hub is well-implemented and necessary for the multi-provider support. The use of secrets for Docker Hub credentials is a good security practice.

For consistency, consider prefixing all provider-specific environment variables. For example:

env:
  GCP_PROJECT_ID: ${{ env.GCP_PROJECT_ID }}
  GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }}
  GCP_SERVICE_ACCOUNT: ${{ env.GCP_SERVICE_ACCOUNT }}
  DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
  DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}

This makes it easier to identify which variables belong to which provider.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 062ca35 and c98a35e.

📒 Files selected for processing (1)

• .github/workflows/go-build.yaml (2 hunks)

🧰 Additional context used

actionlint

.github/workflows/go-build.yaml

100-100: shellcheck reported issue in this script: SC2086:info:8:22: Double quote to prevent globbing and word splitting

(shellcheck)

🔇 Additional comments not posted (2)

.github/workflows/go-build.yaml (2)

30-33: LGTM: New input parameter for providers.

The addition of the PROVIDERS input parameter is well-implemented and aligns with the PR objectives. It provides flexibility in specifying which cloud providers to use for Docker authentication and pushing.

---

Line range hint 30-109: Overall: Well-implemented multi-provider support for Docker operations.

The changes in this PR successfully implement multi-provider support for Docker authentication and pushing, aligning well with the stated objectives. The addition of the PROVIDERS input parameter and the necessary secrets for Docker Hub authentication provides flexibility and security.

The updated workflow logic correctly handles multiple providers, including provider-specific steps (e.g., for GCP). The use of environment variables and secrets is appropriate and follows good security practices.

A few minor suggestions have been made to improve consistency and prevent potential issues:

1. Consider using a more generic naming convention for Docker-related secrets.
2. Prefix all provider-specific environment variables for better clarity.
3. Fix potential word splitting issue in the $MAKE command.

These changes significantly enhance the workflow's capabilities and flexibility. Great job on implementing this feature!

🧰 Tools

actionlint

100-100: shellcheck reported issue in this script: SC2086:info:8:22: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

⚠️ Potential issue

LGTM: Multi-provider support implemented correctly.

The implementation of multi-provider support is well-done. The logic correctly splits the PROVIDERS input, iterates over each provider, and executes the appropriate commands for each.

There's a potential issue with word splitting in the $MAKE command on line 108. To fix this, wrap the variables in double quotes:

- $MAKE docker-login-$provider docker-push docker-manifest DOCKER_BASE_IMAGES='${{ inputs.DOCKER_BASE_IMAGES }}' DOCKER_DOCKERFILE_PATH="${{ inputs.DOCKER_DOCKERFILE_PATH }}"
+ $MAKE docker-login-"$provider" docker-push docker-manifest DOCKER_BASE_IMAGES='${{ inputs.DOCKER_BASE_IMAGES }}' DOCKER_DOCKERFILE_PATH="${{ inputs.DOCKER_DOCKERFILE_PATH }}"

This ensures that the $provider variable is properly expanded and passed as a single argument to the $MAKE command.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	IFS=',' read -r -a providers <<< "${{ inputs.PROVIDERS }}"
	for provider in "${providers[@]}"; do
	if [ "$provider" == "gcp" ]; then
	$MAKE gcp-auth
	$MAKE gcp-sdk-install
	fi
	echo "Running make with target: docker-login-$provider"
	$MAKE docker-login-$provider docker-push docker-manifest DOCKER_BASE_IMAGES='${{ inputs.DOCKER_BASE_IMAGES }}' DOCKER_DOCKERFILE_PATH="${{ inputs.DOCKER_DOCKERFILE_PATH }}"
	done
	IFS=',' read -r -a providers <<< "${{ inputs.PROVIDERS }}"
	for provider in "${providers[@]}"; do
	if [ "$provider" == "gcp" ]; then
	$MAKE gcp-auth
	$MAKE gcp-sdk-install
	fi
	echo "Running make with target: docker-login-$provider"
	$MAKE docker-login-"$provider" docker-push docker-manifest DOCKER_BASE_IMAGES='${{ inputs.DOCKER_BASE_IMAGES }}' DOCKER_DOCKERFILE_PATH="${{ inputs.DOCKER_DOCKERFILE_PATH }}"
	done