Skip to content

Non-automatic tool updates #1126

Non-automatic tool updates

Non-automatic tool updates #1126

Workflow file for this run

name: "docker"
on:
pull_request:
types: [opened, synchronize, reopened]
release:
types:
# "released" excludes pre-releases
# "published" is either a release or a pre-release
- published
jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
env:
IAM_ROLE_SESSION_NAME: geodesic-ci
AWS_REGION: us-east-1
ECR_REGISTRY: public.ecr.aws/ # Images will be published to `public.ecr.aws/cloudposse/$repositoryName`
strategy:
matrix:
os: ['alpine', 'debian']
steps:
- name: "Checkout source code at current commit"
uses: actions/checkout@v3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.ECR_AWS_ROLE }}
aws-region: ${{ env.AWS_REGION }}
role-session-name: ${{ env.IAM_ROLE_SESSION_NAME }}
- name: Login to Public Amazon ECR
run: |
docker logout public.ecr.aws
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
- name: Prepare tags for Docker image
id: prepare
# Even though we are no longer releasing plain numbered version tags like "0.111.0"
# because we want all versions to explicitly identify their base OS, we still need
# to provide a "latest" tag for automation that just wants the current version.
# We therefore designate whichever base OS version we recommend as the best supported
# as the one to get the "latest" tag. Initially that will be Alpine.
env:
LATEST_TAG_OS: 'debian'
BASE_OS: ${{matrix.os}}
run: |
echo publish=${{ (github.event_name == 'release' && github.event.action == 'published') || (github.event.pull_request.head.repo.full_name == github.repository) }} >> $GITHUB_OUTPUT
if [[ $BASE_OS == "debian" ]]; then
echo platforms="linux/amd64,linux/arm64" >> $GITHUB_OUTPUT
else
echo platforms="linux/amd64" >> $GITHUB_OUTPUT
fi
COMMIT_SHA="${GITHUB_SHA}"
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/}
elif [[ $GITHUB_REF == refs/pull/* ]]; then
VERSION=pr-${{ github.event.pull_request.number }}
COMMIT_SHA=${{ github.event.pull_request.head.sha }}
fi
printf "Version resolved to %s\n" "${VERSION}"
echo version=${VERSION} >> $GITHUB_OUTPUT
TAGS="${{ github.repository }}:sha-${COMMIT_SHA:0:7}-${BASE_OS}"
TAGS="$TAGS,${{ env.ECR_REGISTRY }}${{ github.repository }}:sha-${COMMIT_SHA:0:7}-${BASE_OS}"
if [[ -n $VERSION ]]; then
TAGS="$TAGS,${{ github.repository }}:${VERSION}-${BASE_OS}"
TAGS="$TAGS,${{ env.ECR_REGISTRY }}${{ github.repository }}:${VERSION}-${BASE_OS}"
fi
if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
TAGS="$TAGS,${{ github.repository }}:latest-${BASE_OS}"
TAGS="$TAGS,${{ env.ECR_REGISTRY }}${{ github.repository }}:latest-${BASE_OS}"
LATEST_TAGS="$TAGS,${{ github.repository }}:latest"
LATEST_TAGS="$LATEST_TAGS,${{ env.ECR_REGISTRY }}${{ github.repository }}:latest"
else
LATEST_TAGS="$TAGS"
fi
printf "Tagging %s with " "${BASE_OS}"
if [[ "${BASE_OS}" == "$LATEST_TAG_OS" ]]; then
printf "%s\n" "${LATEST_TAGS}"
echo tags=${LATEST_TAGS} >> $GITHUB_OUTPUT
else
printf "%s\n" "${TAGS}"
echo tags=${TAGS} >> $GITHUB_OUTPUT
fi
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub
if: steps.prepare.outputs.publish == 'true'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: "Build and push docker image to DockerHub"
id: docker_build
uses: docker/build-push-action@v3
with:
push: ${{ steps.prepare.outputs.publish == 'true' }}
platforms: ${{ steps.prepare.outputs.platforms }}
tags: ${{ steps.prepare.outputs.tags }}
file: ./os/${{matrix.os}}/Dockerfile.${{matrix.os}}
build-args: |
VERSION=${{ steps.prepare.outputs.version }}