Skip to content
docker

Update dependencies and tools #1410

Sign in to view logs

Update dependencies and tools

Update dependencies and tools #1410

Workflow file for this run

.github/workflows/docker.yml at f0c0b1b
name: "docker"
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
pull_request:
types: [opened, synchronize, reopened]
release:
types:
# "released" excludes pre-releases
# "published" is either a release or a pre-release
- published
jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
env:
LATEST_TAG_OS: 'debian'
IAM_ROLE_SESSION_NAME: geodesic-ci
AWS_REGION: us-east-1
ECR_REGISTRY: public.ecr.aws/ # Images will be published to `public.ecr.aws/cloudposse/$repositoryName`
strategy:
matrix:
os: ['debian']
steps:
- name: "Checkout source code at current commit"
uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.ECR_AWS_ROLE }}
aws-region: ${{ env.AWS_REGION }}
role-session-name: ${{ env.IAM_ROLE_SESSION_NAME }}
- name: Login to Public Amazon ECR
run: |
docker logout public.ecr.aws
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
- name: Prepare tags for Docker image
id: prepare
# Even though we are no longer releasing plain numbered version tags like "0.111.0"
# because we want all versions to explicitly identify their base OS, we still need
# to provide a "latest" tag for automation that just wants the current version.
# We therefore designate whichever base OS version we recommend as the best supported
# as the one to get the "latest" tag. Initially that will be Alpine.
env:
BASE_OS: ${{matrix.os}}
run: |
echo publish=${{ (github.event_name == 'release' && github.event.action == 'published') || (github.event.pull_request.head.repo.full_name == github.repository) }} >> $GITHUB_OUTPUT
if [[ $BASE_OS == "debian" ]]; then
echo platforms="linux/amd64,linux/arm64" >> $GITHUB_OUTPUT
else
echo platforms="linux/amd64" >> $GITHUB_OUTPUT
fi
COMMIT_SHA="${GITHUB_SHA}"
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/}
elif [[ $GITHUB_REF == refs/pull/* ]]; then
VERSION=pr-${{ github.event.pull_request.number }}
COMMIT_SHA=${{ github.event.pull_request.head.sha }}
fi
printf "Version resolved to %s\n" "${VERSION}"
echo version=${VERSION} >> $GITHUB_OUTPUT
printf "Commit SHA resolved to %s\n" "${COMMIT_SHA}"
echo commit_sha=${COMMIT_SHA} >> $GITHUB_OUTPUT
TAGS="${{ github.repository }}:sha-${COMMIT_SHA:0:7}-${BASE_OS}"
TAGS="$TAGS,${{ env.ECR_REGISTRY }}${{ github.repository }}:sha-${COMMIT_SHA:0:7}-${BASE_OS}"
if [[ -n $VERSION ]]; then
TAGS="$TAGS,${{ github.repository }}:${VERSION}-${BASE_OS}"
TAGS="$TAGS,${{ env.ECR_REGISTRY }}${{ github.repository }}:${VERSION}-${BASE_OS}"
fi
if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
TAGS="$TAGS,${{ github.repository }}:latest-${BASE_OS}"
TAGS="$TAGS,${{ env.ECR_REGISTRY }}${{ github.repository }}:latest-${BASE_OS}"
LATEST_TAGS="$TAGS,${{ github.repository }}:latest"
LATEST_TAGS="$LATEST_TAGS,${{ env.ECR_REGISTRY }}${{ github.repository }}:latest"
else
LATEST_TAGS="$TAGS"
fi
printf "Tagging %s with " "${BASE_OS}"
if [[ "${BASE_OS}" == "$LATEST_TAG_OS" ]]; then
printf "%s\n" "${LATEST_TAGS}"
echo tags=${LATEST_TAGS} >> $GITHUB_OUTPUT
else
printf "%s\n" "${TAGS}"
echo tags=${TAGS} >> $GITHUB_OUTPUT
fi
- name: Prepare Metadata for Docker Images
id: Metadata
uses: docker/metadata-action@v5
env:
DOCKER_METADATA_PR_HEAD_SHA: true
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
with:
images: |
cloudposse/geodesic
${{ env.ECR_REGISTRY }}cloudposse/geodesic
flavor: |
suffix=-${{ matrix.os }}
latest=false
# Geodesic's original code is licensed under the Apache 2.0 License (Apache-2.0)
# but it contains many other components with different licenses.
labels: |
org.opencontainers.image.title=Geodesic
org.opencontainers.image.description=Geodesic is a DevOps Linux Toolbox in Docker
org.opencontainers.image.vendor=Cloud Posse, LLC
org.opencontainers.image.licenses=NOASSERTION
annotations: |
[email protected]
org.opencontainers.image.title=Geodesic
org.opencontainers.image.description=Geodesic is a DevOps Linux Toolbox in Docker
org.opencontainers.image.vendor=Cloud Posse, LLC
org.opencontainers.image.licenses=NOASSERTION
tags: |
type=semver,pattern={{version}}
type=ref,event=pr,prefix=pr-,suffix=-${{matrix.os}}
type=sha,prefix=sha-,suffix=-${{matrix.os}}
type=raw,value=latest,enable=${{ github.event_name == 'release' && github.event.action == 'published' }}
type=raw,value=latest,suffix=,enable=${{ github.event_name == 'release' && github.event.action == 'published' && matrix.os == env.LATEST_TAG_OS }}
- name: Show metadata
run: |
printf "Old tags for cloudposse/geodesic\n\n"
printf " %s\n" $(tr , " " <<<'${{ steps.prepare.outputs.tags }}') | sort
printf "\n\nNew tags for cloudposse/geodesic\n\n%s\n\n" '${{ steps.Metadata.outputs.tags }}'
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: steps.prepare.outputs.publish == 'true'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: "Build and push docker image to DockerHub"
id: docker_build
uses: docker/build-push-action@v5
with:
cache-from: type=gha
cache-to: type=gha,mode=max
push: ${{ steps.prepare.outputs.publish == 'true' }}
platforms: ${{ steps.prepare.outputs.platforms }}
tags: ${{ steps.Metadata.outputs.tags }}
labels: ${{ steps.Metadata.outputs.labels }}
annotations: ${{ steps.Metadata.outputs.annotations }}
file: ./os/${{matrix.os}}/Dockerfile.${{matrix.os}}
build-args: |
VERSION=${{ steps.prepare.outputs.version }}