-
-
Notifications
You must be signed in to change notification settings - Fork 121
160 lines (150 loc) Β· 6.64 KB
/
docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
name: "docker"
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
pull_request:
types: [opened, synchronize, reopened]
release:
types:
# "released" excludes pre-releases
# "published" is either a release or a pre-release
- published
jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
env:
LATEST_TAG_OS: 'debian'
IAM_ROLE_SESSION_NAME: geodesic-ci
AWS_REGION: us-east-1
ECR_REGISTRY: public.ecr.aws/ # Images will be published to `public.ecr.aws/cloudposse/$repositoryName`
strategy:
matrix:
os: ['debian']
steps:
- name: "Checkout source code at current commit"
uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ vars.ECR_AWS_ROLE }}
aws-region: ${{ env.AWS_REGION }}
role-session-name: ${{ env.IAM_ROLE_SESSION_NAME }}
- name: Login to Public Amazon ECR
run: |
docker logout public.ecr.aws
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
- name: Prepare tags for Docker image
id: prepare
# Even though we are no longer releasing plain numbered version tags like "0.111.0"
# because we want all versions to explicitly identify their base OS, we still need
# to provide a "latest" tag for automation that just wants the current version.
# We therefore designate whichever base OS version we recommend as the best supported
# as the one to get the "latest" tag. Initially that will be Alpine.
env:
BASE_OS: ${{matrix.os}}
run: |
echo publish=${{ (github.event_name == 'release' && github.event.action == 'published') || (github.event.pull_request.head.repo.full_name == github.repository) }} >> $GITHUB_OUTPUT
if [[ $BASE_OS == "debian" ]]; then
echo platforms="linux/amd64,linux/arm64" >> $GITHUB_OUTPUT
else
echo platforms="linux/amd64" >> $GITHUB_OUTPUT
fi
COMMIT_SHA="${GITHUB_SHA}"
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/}
elif [[ $GITHUB_REF == refs/pull/* ]]; then
VERSION=pr-${{ github.event.pull_request.number }}
COMMIT_SHA=${{ github.event.pull_request.head.sha }}
fi
printf "Version resolved to %s\n" "${VERSION}"
echo version=${VERSION} >> $GITHUB_OUTPUT
printf "Commit SHA resolved to %s\n" "${COMMIT_SHA}"
echo commit_sha=${COMMIT_SHA} >> $GITHUB_OUTPUT
TAGS="${{ github.repository }}:sha-${COMMIT_SHA:0:7}-${BASE_OS}"
TAGS="$TAGS,${{ env.ECR_REGISTRY }}${{ github.repository }}:sha-${COMMIT_SHA:0:7}-${BASE_OS}"
if [[ -n $VERSION ]]; then
TAGS="$TAGS,${{ github.repository }}:${VERSION}-${BASE_OS}"
TAGS="$TAGS,${{ env.ECR_REGISTRY }}${{ github.repository }}:${VERSION}-${BASE_OS}"
fi
if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
TAGS="$TAGS,${{ github.repository }}:latest-${BASE_OS}"
TAGS="$TAGS,${{ env.ECR_REGISTRY }}${{ github.repository }}:latest-${BASE_OS}"
LATEST_TAGS="$TAGS,${{ github.repository }}:latest"
LATEST_TAGS="$LATEST_TAGS,${{ env.ECR_REGISTRY }}${{ github.repository }}:latest"
else
LATEST_TAGS="$TAGS"
fi
printf "Tagging %s with " "${BASE_OS}"
if [[ "${BASE_OS}" == "$LATEST_TAG_OS" ]]; then
printf "%s\n" "${LATEST_TAGS}"
echo tags=${LATEST_TAGS} >> $GITHUB_OUTPUT
else
printf "%s\n" "${TAGS}"
echo tags=${TAGS} >> $GITHUB_OUTPUT
fi
- name: Prepare Metadata for Docker Images
id: Metadata
uses: docker/metadata-action@v5
env:
DOCKER_METADATA_PR_HEAD_SHA: true
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
with:
images: |
cloudposse/geodesic
${{ env.ECR_REGISTRY }}cloudposse/geodesic
flavor: |
suffix=-${{ matrix.os }}
latest=false
# Geodesic's original code is licensed under the Apache 2.0 License (Apache-2.0)
# but it contains many other components with different licenses.
labels: |
org.opencontainers.image.title=Geodesic
org.opencontainers.image.description=Geodesic is a DevOps Linux Toolbox in Docker
org.opencontainers.image.vendor=Cloud Posse, LLC
org.opencontainers.image.licenses=NOASSERTION
annotations: |
org.opencontainers.image.title=Geodesic
org.opencontainers.image.description=Geodesic is a DevOps Linux Toolbox in Docker
org.opencontainers.image.vendor=Cloud Posse, LLC
org.opencontainers.image.licenses=NOASSERTION
tags: |
type=semver,pattern={{version}}
type=ref,event=pr,prefix=pr-,suffix=-${{matrix.os}}
type=sha,prefix=sha-,suffix=-${{matrix.os}}
type=raw,value=latest,enable=${{ github.event_name == 'release' && github.event.action == 'published' }}
type=raw,value=latest,suffix=,enable=${{ github.event_name == 'release' && github.event.action == 'published' && matrix.os == env.LATEST_TAG_OS }}
- name: Show metadata
run: |
printf "Old tags for cloudposse/geodesic\n\n"
printf " %s\n" $(tr , " " <<<'${{ steps.prepare.outputs.tags }}') | sort
printf "\n\nNew tags for cloudposse/geodesic\n\n%s\n\n" '${{ steps.Metadata.outputs.tags }}'
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: steps.prepare.outputs.publish == 'true'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: "Build and push docker image to DockerHub"
id: docker_build
uses: docker/build-push-action@v5
with:
cache-from: type=gha
cache-to: type=gha,mode=max
push: ${{ steps.prepare.outputs.publish == 'true' }}
platforms: ${{ steps.prepare.outputs.platforms }}
tags: ${{ steps.Metadata.outputs.tags }}
labels: ${{ steps.Metadata.outputs.labels }}
annotations: ${{ steps.Metadata.outputs.annotations }}
file: ./os/${{matrix.os}}/Dockerfile.${{matrix.os}}
build-args: |
VERSION=${{ steps.prepare.outputs.version }}