Skip to content

Commit

Permalink
workflow updates (#23)
Browse files Browse the repository at this point in the history 
* updating tag logic

* updating tag logic

* updating tag logic

* testing

* testing

* testing

* testing

* testing

* updated build and push approach

* workflow trigger update
  • Loading branch information
@yajith
yajith authored Sep 25, 2024
1 parent 7e492f2 commit 17cd2b0
Showing 1 changed file with 112 additions and 38 deletions.
150 changes: 112 additions & 38 deletions .github/workflows/kubectl-shell.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,22 +4,37 @@ on:
workflow_dispatch:
push:
branches:
- develop
- 'develop'
- 'release/*'
paths:
- 'kubectl-shell/**'
pull_request:
types:
- 'opened'
- 'reopened'
- 'synchronize'
- 'ready_for_review'
branches:
- develop
- 'develop'
- 'release/*'
paths:
- 'kubectl-shell/**'

env:
DOCKER_HUB_REPO: portainerci/kubectl-shell
GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }}

jobs:
build_images:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
config:
- { platform: linux, arch: amd64 }
- { platform: linux, arch: arm64 }
- { platform: linux, arch: arm }
- { platform: linux, arch: ppc64le }
steps:
- name: "[preparation] checkout"
uses: actions/[email protected]
Expand All @@ -35,51 +50,110 @@ jobs:
with:
endpoint: builders
driver-opts: image=moby/buildkit:v0.16.0
platforms: linux/amd64,linux/arm64,linux/arm,linux/ppc64le

- name: "[preparation] docker login"
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}

- name: "set image tag for pull request"
run: |
echo "IMAGE_TAG=pr${{ github.event.pull_request.number }}" >> $GITHUB_ENV
if: ${{ github.event_name == 'pull_request' }}

- name: "set image tag for develop"
run: |
echo "IMAGE_TAG=latest" >> $GITHUB_ENV
if: ${{ github.event_name == 'push' }}
- name: "[metadata] generate image tags"
id: meta
uses: docker/[email protected]
with:
images: ${{ env.DOCKER_HUB_REPO }}

- name: "build and push images"
- name: "[build] build and push by digest"
id: build
uses: docker/[email protected]
with:
context: kubectl-shell/
tags: ${{ env.DOCKER_HUB_REPO }}:${{ env.IMAGE_TAG }}
context: kubectl-shell/
platforms: ${{ matrix.config.platform }}/${{ matrix.config.arch }}
build-args: |
KUBERNETES_RELEASE=v1.31.0
ALPINE=alpine:latest
HELM_VERSION=v3.15.4
platforms: |
linux/amd64
linux/arm64
linux/arm
linux/ppc64le
sbom: true
provenance: true
push: true

- name: "docker scout scan"
id: docker-scout
if: ${{ github.event_name == 'pull_request' }}
uses: docker/scout-action@v1
KUBERNETES_RELEASE=v1.31.0
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,name=${{ env.DOCKER_HUB_REPO }},push-by-digest=true,name-canonical=true,push=true
cache-from: type=gha
cache-to: type=gha,mode=max
attests: |
type=sbom
type=provenance,mode=max
- name: "[build] export digest"
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: "[build] upload digest"
uses: actions/upload-artifact@v4
with:
name: digests-${{ matrix.config.platform }}-${{ matrix.config.arch }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1

build_manifests:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
needs: [build_images]
steps:
- name: "[preparation] download digests"
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true

- name: "[preparation] setup manifest name"
run: |
if [[ "${GITHUB_REF_NAME}" =~ ^release/.*$ ]]; then
# use the release branch name as the tag for release branches
# for instance, release/2.19 becomes 2.19
CONTAINER_IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -d "/" -f 2)
elif [ "${GITHUB_EVENT_NAME}" == "pull_request" ]; then
# use pr${{ github.event.number }} as the tag for pull requests
# for instance, pr123
CONTAINER_IMAGE_TAG="pr${{ github.event.number }}"
else
# replace / with - in the branch name
# for instance, feature/1.0.0 -> feature-1.0.0
CONTAINER_IMAGE_TAG=$(echo $GITHUB_REF_NAME | sed 's/\//-/g')
fi
# export the tag to the environment
echo "CONTAINER_IMAGE_TAG=${CONTAINER_IMAGE_TAG}" >> $GITHUB_ENV
- name: "[metadata] generate image tags"
id: meta
uses: docker/[email protected]
with:
command: cves
image: ${{ env.DOCKER_HUB_REPO }}:${{ env.IMAGE_TAG }}
to: portainer/base:latest
ignore-unchanged: true
only-severities: critical,high
write-comment: true
github-token: ${{ secrets.GITHUB_TOKEN }}
images: ${{ env.DOCKER_HUB_REPO }}
tags: |
type=raw,value=${{ env.CONTAINER_IMAGE_TAG }}
- name: "[preparation] set up docker context for buildx"
run: docker context create builders

- name: "[preparation] set up docker buildx"
uses: docker/[email protected]
with:
endpoint: builders
driver-opts: image=moby/buildkit:v0.16.0

- name: "[preparation] docker login"
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}

- name: "[build] create manifest list and push"
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.DOCKER_HUB_REPO }}@sha256:%s ' *)
- name: "[validate] inspect image"
run: |
docker buildx imagetools inspect ${{ env.DOCKER_HUB_REPO }}:${{ steps.meta.outputs.version }}

0 comments on commit 17cd2b0

Please sign in to comment.