feat(): update docker release workflow (#22)

* feat(): separate dev and prod builds * feat(): add semantic release; remove tagging * chore(): update README.md * feat(): use docker-bake * set development env vars * use docker metadata to pass config * use raw tag setting * set bake target * simpify docker-bake file * fix typo in metadata file * use docker-bake in release workflow
rewindio · Nov 26, 2024 · 4e87823 · 4e87823
1 parent 348c6e0
commit 4e87823
Show file tree

Hide file tree

Showing 7 changed files with 170 additions and 72 deletions.
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -9,6 +9,9 @@ on:
       - '!.github/workflows/docker.yml'
   workflow_dispatch:
 
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
 
 jobs:
   docker-action:
@@ -29,44 +32,42 @@ jobs:
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
-          registry: ghcr.io
+          registry: ${{ env.REGISTRY }}
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Docker metadata
+        uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
+        id: metadata
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=${{ env.TIMESTAMP_TAG }}
+
       - name: Build for development
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
-        if:
+        uses: docker/bake-action@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0
+        env:
+          REGISTRY: ${{ env.REGISTRY }}
+          IMAGE_NAME: ${{ env.IMAGE_NAME }}
+          TIMESTAMP_TAG: ${{ env.TIMESTAMP_TAG }}
         with:
-          context: .
+          files: |
+            ./docker-bake.hcl
+            ${{ steps.metadata.outputs.bake-file }}
+          push: true
           load: true
-          platforms: linux/amd64
           no-cache: true
-          pull: true
-          target: production
-          tags: "ghcr.io/${{ github.repository }}/github-to-slack-notifier:${{ env.TIMESTAMP_TAG }}"
-          push: true
+          targets: build
 
       - name: Run Trivy to check Docker images for vulnerabilities
         uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
         env:
           TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
           TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
         with:
-          image-ref: "ghcr.io/${{ github.repository }}/github-to-slack-notifier:${{ env.TIMESTAMP_TAG }}"
+          image-ref: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TIMESTAMP_TAG }}"
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
-
-      - name: Build for production
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
-        if: github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch'
-        with:
-          context: .
-          load: true
-          platforms: linux/amd64
-          no-cache: true
-          pull: true
-          target: production
-          tags: "ghcr.io/${{ github.repository }}/github-to-slack-notifier:latest"
diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
@@ -0,0 +1,51 @@
+on:
+  push:
+    tags:
+      - 'v*'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+    build-release-image:
+        name: Build release Docker image
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+            packages: write
+
+        steps:
+            - uses: actions/checkout@v4
+
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+
+            - name: Login to GitHub Container Registry
+              uses: docker/login-action@v3
+              with:
+                registry: ghcr.io
+                username: ${{ github.repository_owner }}
+                password: ${{ secrets.GITHUB_TOKEN }}
+
+            - name: Extract metadata for Docker build
+              id: metadata
+              uses: docker/metadata-action@v5
+              with:
+                images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+                tags: |
+                    type=semver,pattern={{version}}
+
+            - name: Build for development
+              uses: docker/bake-action@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0
+              with:
+                files: |
+                    ./docker-bake.hcl
+                    ${{ steps.metadata.outputs.bake-file }}
+                push: true
+                load: true
+                no-cache: true
+                targets: build
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,24 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - '**/*.md'
+      - '*.md'
+      - 'LICENSE'
+  workflow_dispatch:
+
+jobs:
+  release:
+    name: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - name: Semantic Release
+        uses: cycjimmy/semantic-release-action@cb425203a562475bca039ba4dbf90c7f9ac790f4 # v4.1.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
diff --git a/.releaserc b/.releaserc
@@ -0,0 +1,13 @@
+{
+  "branches": ["main"],
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    [
+      "@semantic-release/changelog"
+    ],
+    [
+      "@semantic-release/github"
+    ]
+  ]
+}
diff --git a/README.md b/README.md
@@ -1,9 +1,57 @@
-# github-to-slack-notifier
+# Github to Slack Notifier
 
 A Github action to send a Slack Direct Message.
 
 This action finds the corporate e-mails of a git user in the configured org and sends a DM to a user in Slack with the same corporate e-mail address
 
+## Usage
+
+### Using the pre-built container
+
+```yaml
+jobs:
+  send-slack-dm:
+    name: Send a Slack DM
+    runs-on: ubuntu-latest
+
+    steps:
+     name: Send Slack DM to user on deploy failure
+     id: send-slack-dm
+     uses: docker://ghcr.io/rewindio/github-to-slack-notifier:latest
+     with:
+        github_token: ${{ secrets.GITHUB_USER_LOOKUP_TOKEN }}
+        slack_bot_token: ${{ secrets.SLACK_DM_TOKEN }}
+        github_org: ${{ github.repository_owner }}
+        list_of_github_users: "github_user"
+        message: "Hello!"
+```
+
+### Building the container on each Github Action run
+
+```yaml
+jobs:
+  send-slack-dm:
+    name: Send a Slack DM
+    runs-on: ubuntu-latest
+
+    steps:
+     name: Send Slack DM to user on deploy failure
+     id: send-slack-dm
+     uses: rewindio/github-to-slack-notifier@v{VERSION_TAG}
+     with:
+        github_token: ${{ secrets.GITHUB_USER_LOOKUP_TOKEN }}
+        slack_bot_token: ${{ secrets.SLACK_DM_TOKEN }}
+        github_org: ${{ github.repository_owner }}
+        list_of_github_users: "github_user"
+        message: "Hello!"
+```
+
+This will build the `github-to-slack-notifier` action container on each workflow run.
+
+The docker build may hang when the action builds the container.
+
+To prevent long action run times, using the pre-built container is recommended.
+
 ## Input Variables
 
 The action requires the following input variables:

diff --git a/docker-bake.hcl b/docker-bake.hcl
@@ -0,0 +1,10 @@
+target "docker-metadata-action" {}
+
+target "build" {
+    inherits = ["docker-metadata-action"]
+    context = "./"
+    dockerfile = "Dockerfile"
+    platforms = [
+        "linux/amd64"
+    ]
+}