Docker #1781
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker | |
on: | |
push: | |
# Publish `main` as Docker `latest` image. | |
branches: | |
- main | |
# Publish `v1.2.3` tags as releases. | |
tags: | |
- v* | |
schedule: | |
- cron: '47 19 * * *' | |
# Run tests for any PRs. | |
pull_request: | |
env: | |
# renovate: datasource=github-releases depName=roboll/helmfile | |
HELMFILE_VERSION: v0.144.0 | |
# renovate: datasource=github-releases depName=helm/helm | |
HELM_VERSION: v3.10.3 | |
# renovate: datasource=github-releases depName=kubernetes/kubernetes | |
KUBECTL_VERSION: v1.28.4 | |
# renovate: datasource=github-releases depName=gruntwork-io/terragrunt | |
TERRAGRUNT_VERSION: v0.40.2 | |
# renovate: datasource=github-releases depName=hashicorp/vault | |
VAULT_VERSION: v1.12.2 | |
# renovate: datasource=github-releases depName=sigstore/cosign | |
COSIGN_VERSION: v1.13.1 | |
jobs: | |
# Push image to GitHub Packages. | |
# See also https://docs.docker.com/docker-hub/builds/ | |
package: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
terraform: ['1.1', '1.2','1.3', 'latest'] | |
steps: | |
- uses: actions/checkout@v3 | |
# Docker see https://blog.oddbit.com/post/2020-09-25-building-multi-architecture-im/ | |
- name: Prepare | |
id: prep | |
run: | | |
REPONAME=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]' ) | |
DOCKER_IMAGE=ghcr.io/$REPONAME | |
VERSION=latest | |
TERRAFORM_VERSION="" | |
if [ "${{ matrix.terraform }}" != 'latest' ]; then | |
VERSION="v${{ matrix.terraform }}" | |
TAG_PAGE=1 | |
while [ -z "$TERRAFORM_VERSION" -a $TAG_PAGE -le 10 ]; do | |
echo "$TERRAFORM_VERSION - $TAG_PAGE" | |
TERRAFORM_VERSION=$(curl -sSL "https://api.github.com/repos/hashicorp/terraform/tags?page=$TAG_PAGE" | jq -r '.[] | .name | select(. | startswith("v${{ matrix.terraform }}."))' | head -n1) | |
let "TAG_PAGE=TAG_PAGE+1" | |
sleep 10 | |
done | |
else | |
TERRAFORM_VERSION="$(curl -sSL https://api.github.com/repos/hashicorp/terraform/tags | jq -r '.[] | .name' | grep -v "\-dev"| head -n1)" | |
fi | |
SHORTREF=${GITHUB_SHA::8} | |
UBUNTU_TAGS="${DOCKER_IMAGE}:${VERSION},${DOCKER_IMAGE}:${TERRAFORM_VERSION}" | |
ALPINE_TAGS="${DOCKER_IMAGE}:${VERSION}-alpine,${DOCKER_IMAGE}:${TERRAFORM_VERSION}-alpine" | |
BUSTER_TAGS="${DOCKER_IMAGE}:${VERSION}-buster,${DOCKER_IMAGE}:${TERRAFORM_VERSION}-buster" | |
# Set output parameters. | |
echo "shortref=${SHORTREF}">> $GITHUB_OUTPUT | |
echo "ubuntu_tags=${UBUNTU_TAGS}" >> $GITHUB_OUTPUT | |
echo "alpine_tags=${ALPINE_TAGS}" >> $GITHUB_OUTPUT | |
echo "buster_tags=${BUSTER_TAGS}" >> $GITHUB_OUTPUT | |
echo "docker_image=${DOCKER_IMAGE}" >> $GITHUB_OUTPUT | |
echo "terraform_version=${TERRAFORM_VERSION:1}" >> $GITHUB_OUTPUT | |
echo "terragrunt_version=${TERRAGRUNT_VERSION:1}" >> $GITHUB_OUTPUT | |
echo "cosign_version=${COSIGN_VERSION}" >> $GITHUB_OUTPUT | |
echo "vault_version=${VAULT_VERSION:1}" >> $GITHUB_OUTPUT | |
echo "kubectl_version=${KUBECTL_VERSION:1}" >> $GITHUB_OUTPUT | |
echo "helm_version=${HELM_VERSION:1}" >> $GITHUB_OUTPUT | |
echo "helmfile_version=${HELMFILE_VERSION:1}" >> $GITHUB_OUTPUT | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@master | |
with: | |
platforms: all | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@master | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build Alpine | |
uses: docker/build-push-action@v3 | |
with: | |
builder: ${{ steps.buildx.outputs.name }} | |
context: ./alpine | |
file: ./alpine/Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
build-args: | | |
HELMFILE_VERSION=${{ steps.prep.outputs.helmfile_version }} | |
HELM_VERSION=${{ steps.prep.outputs.helm_version }} | |
KUBECTL_VERSION=${{ steps.prep.outputs.kubectl_version }} | |
TERRAFORM_VERSION=${{ steps.prep.outputs.terraform_version }} | |
TERRAGRUNT_VERSION=${{ steps.prep.outputs.terragrunt_version }} | |
VAULT_VERSION=${{ steps.prep.outputs.vault_version }} | |
COSGIN_VERSION=${{ steps.prep.outputs.cosign_version }} | |
push: ${{ github.ref_name == 'main' }} | |
tags: ${{ steps.prep.outputs.alpine_tags }} | |
- name: Build Ubuntu | |
uses: docker/build-push-action@v3 | |
with: | |
builder: ${{ steps.buildx.outputs.name }} | |
context: ./ubuntu | |
file: ./ubuntu/Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
build-args: | | |
HELMFILE_VERSION=${{ steps.prep.outputs.helmfile_version }} | |
HELM_VERSION=${{ steps.prep.outputs.helm_version }} | |
KUBECTL_VERSION=${{ steps.prep.outputs.kubectl_version }} | |
TERRAFORM_VERSION=${{ steps.prep.outputs.terraform_version }} | |
TERRAGRUNT_VERSION=${{ steps.prep.outputs.terragrunt_version }} | |
VAULT_VERSION=${{ steps.prep.outputs.vault_version }} | |
COSGIN_VERSION=${{ steps.prep.outputs.cosign_version }} | |
push: ${{ github.ref_name == 'main' }} | |
tags: ${{ steps.prep.outputs.ubuntu_tags }} | |
- name: Build Buster | |
uses: docker/build-push-action@v3 | |
with: | |
builder: ${{ steps.buildx.outputs.name }} | |
context: ./buster | |
file: ./buster/Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
build-args: | | |
HELMFILE_VERSION=${{ steps.prep.outputs.helmfile_version }} | |
HELM_VERSION=${{ steps.prep.outputs.helm_version }} | |
KUBECTL_VERSION=${{ steps.prep.outputs.kubectl_version }} | |
TERRAFORM_VERSION=${{ steps.prep.outputs.terraform_version }} | |
TERRAGRUNT_VERSION=${{ steps.prep.outputs.terragrunt_version }} | |
VAULT_VERSION=${{ steps.prep.outputs.vault_version }} | |
COSGIN_VERSION=${{ steps.prep.outputs.cosign_version }} | |
push: ${{ github.ref_name == 'main' }} | |
tags: ${{ steps.prep.outputs.buster_tags }} |