Skip to content

Merge pull request #1259 from equinor/master #779

Merge pull request #1259 from equinor/master

Merge pull request #1259 from equinor/master #779

Workflow file for this run

name: Build & push
on:
push:
branches:
- master
- release
workflow_dispatch:
permissions:
id-token: write
contents: read
packages: write
jobs:
build-operator:
runs-on: ubuntu-20.04
name: Build Operator
outputs:
tag: ${{ steps.metadata.outputs.tag }}
fullname_latest: ${{ steps.metadata.outputs.fullname_latest }}
steps:
- uses: actions/checkout@v4
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build image tags
id: metadata
run: |
sha=${GITHUB_SHA::8}
ts=$(date +%s)
tag=${GITHUB_REF_NAME}-${sha}-${ts}
tag_latest=${GITHUB_REF_NAME}-latest
image="radix-operator"
echo "tag=$tag" >> $GITHUB_OUTPUT
echo "fullname=ghcr.io/equinor/$image:$tag" >> $GITHUB_OUTPUT
echo "fullname_latest=ghcr.io/equinor/$image:$tag_latest" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push radix-operator docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
file: ./operator.Dockerfile
platforms: |
linux/amd64
linux/arm64
tags: |
${{ steps.metadata.outputs.fullname }}
${{ steps.metadata.outputs.fullname_latest }}
cache-from: "type=registry,ref=${{ steps.metadata.outputs.fullname_latest }}-buildcache"
cache-to: "type=registry,ref=${{ steps.metadata.outputs.fullname_latest }}-buildcache,mode=max"
build-pipelinerunner:
runs-on: ubuntu-20.04
name: Build Pipeline runner
outputs:
tag_latest: ${{ steps.metadata.outputs.tag_latest }}
fullname_latest: ${{ steps.metadata.outputs.fullname_latest }}
steps:
- uses: actions/checkout@v4
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build image names
id: metadata
run: |
sha=${GITHUB_SHA::8}
ts=$(date +%s)
tag_latest=${GITHUB_REF_NAME}-latest
tag=${GITHUB_REF_NAME}-${sha}-${ts}
image="radix-pipeline-runner"
echo "tag_latest=$tag_latest" >> $GITHUB_OUTPUT
echo "tag=$tag" >> $GITHUB_OUTPUT
echo "fullname=ghcr.io/equinor/$image:$tag" >> $GITHUB_OUTPUT
echo "fullname_latest=ghcr.io/equinor/$image:$tag_latest" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push pipeline-runner docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
file: ./pipeline.Dockerfile
platforms: |
linux/amd64
linux/arm64
tags: |
${{ steps.metadata.outputs.fullname }}
${{ steps.metadata.outputs.fullname_latest }}
cache-from: "type=registry,ref=${{ steps.metadata.outputs.fullname_latest }}-buildcache"
cache-to: "type=registry,ref=${{ steps.metadata.outputs.fullname_latest }}-buildcache,mode=max"
deploy:
runs-on: ubuntu-20.04
needs:
- build-pipelinerunner
- build-operator
strategy:
fail-fast: false
matrix:
target:
- name: "dev"
acr-name: "radixdev"
client-id: "2bfe6984-f5e3-4d09-a0b2-4dd96de3f21e"
subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b"
- name: "playground"
acr-name: "radixplayground"
client-id: "7c000a42-1edb-4491-a241-4ac77bf7dd6d"
subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b"
- name: "platform"
acr-name: "radixprod"
client-id: "044f760d-aabb-4d29-a879-e774f16e3bcc"
subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a"
- name: "c2"
acr-name: "radixc2prod"
client-id: "581bb747-7b9f-4e80-a843-249eafb0a5fa"
subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a"
steps:
- uses: actions/checkout@v4
- uses: azure/login@v2
with:
client-id: ${{matrix.target.client-id}}
tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
subscription-id: ${{matrix.target.subscription-id}}
- name: Get GitHub Public IP
id: github_public_ip
run: echo "ipv4=$(curl 'https://ifconfig.me/ip')" >> $GITHUB_OUTPUT
- name: Add GitHub IP to ACR
id: update_firewall
run: az acr network-rule add
--name ${{matrix.target.acr-name}}
--subscription ${{matrix.target.subscription-id}}
--ip-address ${{ steps.github_public_ip.outputs.ipv4 }}
- name: Wait for 2 minutes while the network rule to take effect
run: sleep 120
- name: Build image tags
id: metadata
run: |
echo "operator=${{ matrix.target.acr-name }}.azurecr.io/radix-operator:${{ needs.build-operator.outputs.tag }}" >> $GITHUB_OUTPUT
echo "pipeline_latest=${{ matrix.target.acr-name }}.azurecr.io/radix-pipeline:${{ needs.build-pipelinerunner.outputs.tag_latest }}" >> $GITHUB_OUTPUT
- name: ACR Login
run: az acr login --name ${{ matrix.target.acr-name }}
- name: GHCR Login
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push Operator docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
file: ./operator.Dockerfile
platforms: |
linux/amd64
linux/arm64
tags: |
${{ steps.metadata.outputs.operator }}
cache-from: "type=registry,ref=${{ needs.build-operator.outputs.fullname_latest }}-buildcache"
cache-to: "type=registry,ref=${{ needs.build-operator.outputs.fullname_latest }}-buildcache,mode=max"
- name: Build and push pipeline-runner docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
file: ./pipeline.Dockerfile
platforms: |
linux/amd64
linux/arm64
tags: |
${{ steps.metadata.outputs.pipeline_latest }}
cache-from: "type=registry,ref=${{ needs.build-pipelinerunner.outputs.fullname_latest }}-buildcache"
cache-to: "type=registry,ref=${{ needs.build-pipelinerunner.outputs.fullname_latest }}-buildcache,mode=max"
- name: Revoke GitHub IP on ACR
if: ${{ steps.update_firewall.outcome == 'success' && !cancelled()}} # Always run this step even if previous step failed
run: az acr network-rule remove
--name ${{matrix.target.acr-name}}
--subscription ${{matrix.target.subscription-id}}
--ip-address ${{ steps.github_public_ip.outputs.ipv4 }}