-
Notifications
You must be signed in to change notification settings - Fork 2
131 lines (120 loc) · 4.13 KB
/
build-push-artifacts.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
---
name: Publish artifacts
on:
# Publish artifacts on every push to main and every tag
push:
branches:
- main
tags:
- "*"
# Also allow publication to be done via a workflow call
# In this case, the chart version is returned as an output
workflow_call:
inputs:
ref:
type: string
description: The ref to build.
required: true
outputs:
chart-version:
description: The chart version that was published
value: ${{ jobs.build_push_chart.outputs.chart-version }}
jobs:
build_push_images:
name: Build and push images
runs-on: ubuntu-latest
strategy:
matrix:
include:
- component: client
- component: operator
- component: proxy
- component: registrar
- component: sshd
- component: sync
permissions:
contents: read
id-token: write # needed for signing the images with GitHub OIDC Token
packages: write # required for pushing container images
security-events: write # required for pushing SARIF files
steps:
- name: Check out the repository
uses: actions/checkout@v4
with:
ref: ${{ inputs.ref || github.ref }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get SemVer version for current commit
id: semver
uses: azimuth-cloud/github-actions/semver@master
- name: Calculate metadata for image
id: image-meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/azimuth-cloud/zenith-${{ matrix.component }}
# Produce the branch name or tag and the SHA as tags
tags: |
type=ref,event=branch
type=ref,event=tag
type=raw,value=${{ steps.semver.outputs.short-sha }}
- name: Build and push image
uses: azimuth-cloud/github-actions/docker-multiarch-build-push@master
with:
cache-key: ${{ matrix.component }}
context: ./${{ matrix.component }}
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.image-meta.outputs.tags }}
labels: ${{ steps.image-meta.outputs.labels }}
github-token: ${{ secrets.GITHUB_TOKEN }}
# This task mirrors and tags the current latest version of the
# required exporter images, to reduce reliance on Docker Hub
mirror_exporter_images:
name: Mirror exporter images
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@v4
with:
ref: ${{ inputs.ref || github.ref }}
- name: Mirror exporter images
run: |-
podman run \
-v $PWD:/pwd \
-w /pwd \
quay.io/skopeo/stable:latest \
sync \
--src yaml \
--dest docker \
--dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \
--all \
skopeo-manifest.yml \
ghcr.io/azimuth-cloud/zenith
build_push_chart:
name: Build and push Helm chart
runs-on: ubuntu-latest
# Only build and push the chart if the images built successfully
needs: [build_push_images, mirror_exporter_images]
outputs:
chart-version: ${{ steps.semver.outputs.version }}
steps:
- name: Check out the repository
uses: actions/checkout@v4
with:
ref: ${{ inputs.ref || github.ref }}
# This is important for the semver action to work correctly
# when determining the number of commits since the last tag
fetch-depth: 0
- name: Get SemVer version for current commit
id: semver
uses: azimuth-cloud/github-actions/semver@master
- name: Publish Helm charts
uses: azimuth-cloud/github-actions/helm-publish@master
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ steps.semver.outputs.version }}
app-version: ${{ steps.semver.outputs.short-sha }}