Skip to content

Go

Go #6566

Workflow file for this run

# This workflow will build a golang project
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
name: Go
on:
workflow_dispatch:
inputs:
buildImportDemo:
type: choice
description: "build demo import images and dex image"
options:
- "true"
- "false"
default: "false"
servicesList:
type: string
description: "List of services to build"
required: false
default: "all"
deployTo:
type: choice
description: "Environment to deploy to"
options:
- "dev"
- "prod"
default: "dev"
push:
branches: ["main","dev"]
pull_request:
branches: ["main","dev"]
jobs:
tag:
runs-on: ubuntu-latest
environment: golang
outputs:
latest_tag: ${{ steps.set_latest_tag.outputs.latest_tag }}
if: github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') && ( ! contains(github.event.head_commit.message, 'ui-changes') )
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Tag version
id: tag_version
uses: mathieudutour/[email protected]
with:
github_token: ${{ secrets.GH_ACCESS_TOKEN }}
fetch_all_tags: true
release_branches: main
tag_prefix: v
- name: Set latest tag output
id: set_latest_tag
run: |
if [[ -z "${{ steps.tag_version.outputs.new_tag }}" ]]; then
echo "latest_tag=${{ steps.tag_version.outputs.previous_tag }}" >> "$GITHUB_OUTPUT"
else
echo "latest_tag=${{ steps.tag_version.outputs.new_tag }}" >> "$GITHUB_OUTPUT"
fi
build:
runs-on: ubuntu-latest
needs:
- tag
environment: golang
outputs:
steampipe: ${{ steps.build_services.outputs.steampipe }}
auth-service: ${{ steps.build_services.outputs.auth-service }}
checkup-worker: ${{ steps.build_services.outputs.checkup-worker }}
compliance-report-worker: ${{ steps.build_services.outputs.compliance-report-worker }}
compliance-service: ${{ steps.build_services.outputs.compliance-service }}
compliance-summarizer: ${{ steps.build_services.outputs.compliance-summarizer }}
describe-scheduler: ${{ steps.build_services.outputs.describe-scheduler }}
inventory-service: ${{ steps.build_services.outputs.inventory-service }}
metadata-service: ${{ steps.build_services.outputs.metadata-service }}
post-install-worker: ${{ steps.build_services.outputs.post-install-worker }}
swagger-ui: ${{ steps.build_services.outputs.swagger-ui }}
analytics-worker: ${{ steps.build_services.outputs.analytics-worker }}
steampipe-plugin-opengovernance: ${{ steps.build_services.outputs.steampipe-plugin-opengovernance }}
integration-service: ${{ steps.build_services.outputs.integration-service }}
es-sink-service: ${{ steps.build_services.outputs.es-sink-service }}
wastage-service: ${{ steps.build_services.outputs.wastage-service }}
information-service: ${{ steps.build_services.outputs.information-service }}
query-runner-worker: ${{ steps.build_services.outputs.query-runner-worker }}
demo-importer-worker: ${{ steps.build_services.outputs.demo-importer-worker }}
env:
SERVICE_LIST: ${{ github.event.inputs.servicesList }}
GH_ACCESS_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
# This might remove tools that are actually needed,
# if set to "true" but frees about 6 GB
tool-cache: false
# All of these default to true, but feel free to set to
# "false" if necessary for your workflow
android: true
dotnet: true
haskell: true
large-packages: false
docker-images: true
swap-storage: true
- name: Install musl cc
uses: awalsh128/cache-apt-pkgs-action@v1
with:
packages: musl-tools musl-dev musl
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 5
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version-file: "./go.mod"
cache: false
- name: Go Cache
uses: actions/cache@v3
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Configure Git
run: git config --global url.https://[email protected]/opengovern.insteadOf https://github.com/opengovern
- name: Build services
id: build_services
run: |
set -x
./scripts/list_services > ./service-list
cat ./service-list
cat ./service-list | sed 's/\s\+/\n/g' | sed 's/^\<steampipe\>$//g' | sed '/^$/d' > ./build_services
cat ./build_services
mkdir -p ./build
if [ ! -z "$(cat ./build_services)" ]; then
for f in $(cat ./build_services); do
CC=/usr/bin/musl-gcc GOPRIVATE="github.com/opengovern" GOOS=linux GOARCH=amd64 go build -v -ldflags "-linkmode external -extldflags '-static' -s -w" -tags musl -o ./build/ ./cmd/$f;
done
chmod +x ./build/*
fi
for f in $(cat ./service-list); do echo "$f=true" >> "$GITHUB_OUTPUT"; done
- name: Pack build
if: github.event_name != 'pull_request'
run: |
tar -czvf build.tar.gz build
- name: Upload artifact
if: github.event_name != 'pull_request'
uses: actions/upload-artifact@v3
with:
name: build
path: build.tar.gz
retention-days: 1
deploy-steampipe:
runs-on: ubuntu-latest
needs:
- build
- tag
- deploy-steampipe-plugin-opengovernance
permissions:
id-token: write
contents: read
environment: docker
if: (needs.build.outputs.steampipe-plugin-opengovernance == 'true' || needs.build.outputs.steampipe == 'true') && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/steampipe-service:${{ needs.tag.outputs.latest_tag }}
file: docker/SteampipeServiceDockerfile
build-args: |
PLUGIN_REGISTRY=ghcr.io/opengovern
context: .
deploy-auth-service:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.auth-service == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/auth-service:${{ needs.tag.outputs.latest_tag }}
file: docker/AuthServiceDockerfile
context: .
deploy-checkup-worker:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.checkup-worker == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/checkup-worker:${{ needs.tag.outputs.latest_tag }}
file: docker/CheckupWorkerDockerfile
context: .
deploy-compliance-report-worker:
runs-on: ubuntu-latest
needs:
- build
- tag
- deploy-steampipe-plugin-opengovernance
- deploy-steampipe
permissions:
id-token: write
contents: read
environment: docker
if: (needs.build.outputs.steampipe-plugin-opengovernance == 'true' || needs.build.outputs.compliance-report-worker == 'true') && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/compliance-report-worker:${{ needs.tag.outputs.latest_tag }}
file: docker/ComplianceReportWorkerDockerfile
build-args: |
PLUGIN_REGISTRY=ghcr.io/opengovern
context: .
deploy-compliance-summarizer:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.compliance-summarizer == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/compliance-summarizer:${{ needs.tag.outputs.latest_tag }}
file: docker/ComplianceSummarizerDockerfile
build-args: |
PLUGIN_REGISTRY=ghcr.io/opengovern
context: .
deploy-compliance-service:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.compliance-service == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/compliance-service:${{ needs.tag.outputs.latest_tag }}
file: docker/ComplianceServiceDockerfile
context: .
deploy-describe-scheduler:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.describe-scheduler == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/describe-scheduler:${{ needs.tag.outputs.latest_tag }}
file: docker/DescribeSchedulerDockerfile
context: .
deploy-integration-service:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.integration-service == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/integration:${{ needs.tag.outputs.latest_tag }}
file: docker/IntegrationServiceDockerfile
context: .
deploy-es-sink-service:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.es-sink-service == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/es-sink:${{ needs.tag.outputs.latest_tag }}
file: docker/EsSinkServiceDockerfile
context: .
deploy-inventory-service:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.inventory-service == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/inventory-service:${{ needs.tag.outputs.latest_tag }}
file: docker/InventoryServiceDockerfile
context: .
deploy-metadata-service:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.metadata-service == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/metadata-service:${{ needs.tag.outputs.latest_tag }}
file: docker/MetadataServiceDockerfile
context: .
deploy-post-install-worker:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.post-install-worker == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/post-install:${{ needs.tag.outputs.latest_tag }}
file: docker/PostInstallDockerfile
context: .
deploy-swagger-ui:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.swagger-ui == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/swagger-ui:${{ needs.tag.outputs.latest_tag }}
file: docker/SwaggerUIDockerfile
context: .
deploy-analytics-worker:
runs-on: ubuntu-latest
needs:
- build
- tag
- deploy-steampipe-plugin-opengovernance
- deploy-compliance-report-worker
permissions:
id-token: write
contents: read
environment: docker
if: (needs.build.outputs.steampipe-plugin-opengovernance == 'true' || needs.build.outputs.analytics-worker == 'true') && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/analytics-worker:${{ needs.tag.outputs.latest_tag }}
file: docker/AnalyticsWorkerDockerfile
build-args: |
PLUGIN_REGISTRY=ghcr.io/opengovern
context: .
deploy-steampipe-plugin-opengovernance:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: (needs.build.outputs.steampipe-plugin-opengovernance == 'true' ||
needs.build.outputs.steampipe == 'true' ||
needs.build.outputs.compliance-report-worker == 'true' ||
needs.build.outputs.analytics-worker == 'true') && github.event_name != 'pull_request'
steps:
- name: Check if we need to actually push
id: check_if_push
run: |
if [[ -z "${{ needs.build.outputs.steampipe-plugin-opengovernance }}" ]]; then
echo "do_build=false" >> $GITHUB_OUTPUT
else
echo "do_build=true" >> $GITHUB_OUTPUT
fi
- name: Checkout code
if: steps.check_if_push.outputs.do_build == 'true'
uses: actions/checkout@v3
- name: Download artifact
if: steps.check_if_push.outputs.do_build == 'true'
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
if: steps.check_if_push.outputs.do_build == 'true'
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
if: steps.check_if_push.outputs.do_build == 'true'
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/steampipe-plugin-opengovernance:0.0.1
ghcr.io/${{ github.repository_owner }}/steampipe-plugin-opengovernance:${{ needs.tag.outputs.latest_tag }}
file: docker/SteampipePluginOpengovernanceDockerfile
context: .
deploy-wastage-service:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.wastage-service == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/wastage-service:${{ needs.tag.outputs.latest_tag }}
file: docker/WastageServiceDockerfile
context: .
deploy-information-service:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.information-service == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/information-service:${{ needs.tag.outputs.latest_tag }}
file: docker/InformationServiceDockerfile
context: .
deploy-query-runner-worker:
runs-on: ubuntu-latest
needs:
- build
- tag
- deploy-steampipe-plugin-opengovernance
- deploy-steampipe
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.query-runner-worker == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/query-runner-worker:${{ needs.tag.outputs.latest_tag }}
file: docker/QueryRunnerWorkerDockerfile
build-args: |
PLUGIN_REGISTRY=ghcr.io/opengovern
context: .
deploy-import-data-script:
runs-on: ubuntu-latest
needs:
- tag
if: github.event.inputs.buildImportDemo == 'true'
permissions:
id-token: write
contents: read
environment: docker
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/import-data-script:${{ needs.tag.outputs.latest_tag }}
file: docker/ImportDataScriptDockerfile
build-args: |
PLUGIN_REGISTRY=ghcr.io/opengovern
context: .
deploy-export-data-script:
runs-on: ubuntu-latest
needs:
- tag
if: github.event.inputs.buildImportDemo == 'true'
permissions:
id-token: write
contents: read
environment: docker
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/export-data-script:${{ needs.tag.outputs.latest_tag }}
file: docker/ExportDataScriptDockerfile
build-args: |
PLUGIN_REGISTRY=ghcr.io/opengovern
context: .
deploy-demo-importer-worker:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
if: needs.build.outputs.demo-importer-worker == 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build
path: .
- name: Unpack artifact
run: |
tar -xvf build.tar.gz
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/demo-importer:${{ needs.tag.outputs.latest_tag }}
file: docker/DemoImporterDockerfile
context: .
deploy-dex-login:
runs-on: ubuntu-latest
if: github.event.inputs.buildImportDemo == 'true'
needs:
- tag
permissions:
id-token: write
contents: read
environment: docker
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/dex-login:${{ needs.tag.outputs.latest_tag }}
file: docker/DexLoginDockerfile
context: .
deploy-postgres:
runs-on: ubuntu-latest
needs:
- build
- tag
permissions:
id-token: write
contents: read
environment: docker
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Build and push Docker images
uses: docker/build-push-action@v4
with:
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/postgres:${{ needs.tag.outputs.latest_tag }}
file: docker/PostgresDockerfile
context: .