-
Notifications
You must be signed in to change notification settings - Fork 10
137 lines (119 loc) · 5.02 KB
/
build-images-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Image Release Build
on:
push:
tags:
- v[0-9]+.[0-9]+.[0-9]+
- v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+
permissions: read-all
jobs:
build-and-push:
if: ${{ github.repository == 'cilium/certgen' }}
environment: release
runs-on: ubuntu-24.04
strategy:
# matrix for easier code-sharing with workflows from cilium/cilium
matrix:
include:
- name: certgen
dockerfile: ./Dockerfile
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5
- name: Login to DockerHub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
with:
username: ${{ secrets.DOCKER_HUB_RELEASE_USERNAME }}
password: ${{ secrets.DOCKER_HUB_RELEASE_PASSWORD }}
- name: Login to quay.io
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME_RELEASE_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD_RELEASE_PASSWORD }}
- name: Getting image tag
id: tag
run: |
echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
- name: Checkout Source Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
persist-credentials: false
- name: Release Build ${{ matrix.name }}
uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
id: docker_build_release
with:
context: .
file: ${{ matrix.dockerfile }}
push: true
platforms: linux/amd64,linux/arm64
tags: |
${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}
quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}
- name: Image Release Digest
shell: bash
run: |
mkdir -p image-digest/
job_name=${{ matrix.name }}
job_name_capital=${job_name^^}
job_name_underscored=${job_name_capital//-/_}
echo "${job_name_underscored}_DIGEST := \"${{ steps.docker_build_release.outputs.digest }}\"" > image-digest/makefile-digest.txt
echo "### ${{ matrix.name }}" > image-digest/${{ matrix.name }}.txt
echo "" >> image-digest/${{ matrix.name }}.txt
echo "\`docker.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_release.outputs.digest }}\`" >> image-digest/${{ matrix.name }}.txt
echo "\`quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_release.outputs.digest }}\`" >> image-digest/${{ matrix.name }}.txt
echo "" >> image-digest/${{ matrix.name }}.txt
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
with:
name: image-digest ${{ matrix.name }}
path: image-digest
retention-days: 1
image-digests:
if: ${{ github.repository == 'cilium/certgen' }}
name: Display Digests
runs-on: ubuntu-24.04
needs: build-and-push
steps:
- name: Getting image tag
id: tag
run: |
echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
- name: Downloading Image Digests
shell: bash
run: |
mkdir -p image-digest/
- name: Download digests of all images built
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
path: image-digest/
- name: Image Digests Output
shell: bash
run: |
cd image-digest/
echo "## Docker Manifests" > ../image-digest-output.txt
echo "" >> ../image-digest-output.txt
find -type f -not -name "makefile-digest.txt" | sort | xargs -d '\n' cat >> ../image-digest-output.txt
- name: Image Makefile Digests
shell: bash
run: |
cd image-digest/
echo "# File generated by .github/workflows/build-images-releases.yaml; DO NOT EDIT." > ../Makefile.digests
echo "# Copyright "$(date +'%Y')" Authors of Cilium" >> ../Makefile.digests
echo "# SPDX-License-Identifier: Apache-2.0" >> ../Makefile.digests
echo "" >> ../Makefile.digests
find -type f -name "makefile-digest.txt" | sort | xargs -d '\n' cat >> ../Makefile.digests
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
with:
name: image-digest-output.txt-${{ steps.tag.outputs.tag }}
path: image-digest-output.txt
retention-days: 1
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
with:
name: Makefile.digests-${{ steps.tag.outputs.tag }}
path: Makefile.digests
retention-days: 1