diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml new file mode 100644 index 0000000..7d6b595 --- /dev/null +++ b/.github/workflows/container.yml @@ -0,0 +1,110 @@ +--- + +name: Container Workflow template" + +on: + workflow_call: + inputs: + dockerfile: + description: 'The path to the Dockerfile' + required: true + type: string + default: 'Dockerfile' + +jobs: + build: + runs-on: ubuntu-latest + needs: [ prebuild ] + steps: + - uses: actions/checkout@v4 + + - uses: go-semantic-release/action@v1 + id: semrel + with: + github-token: ${{ secrets.BOT_ACCESS_TOKEN }} + prepend: true + dry: true + + - name: Get directory of ${{ inputs.dockerfile }} + id: get_dir + run: | + echo "docker_directory=$(dirname ${{ inputs.dockerfile }})" >> $GITHUB_OUTPUT + + - name: Prepare tagging + id: prep + run: | + IMAGE_NAME=$(basename ${{ github.repository }}) + IMAGE_REPO=${{ github.repository_owner }} + if [[ -n "${{ secrets.IMAGE_NAME }}" ]]; then + IMAGE_NAME="${{ secrets.IMAGE_NAME }}" + fi + if [[ -n "${{ secrets.IMAGE_REPO }}" ]]; then + IMAGE_REPO="${{ secrets.IMAGE_REPO }}" + fi + VERSION="dev" + if [[ '${{ needs.prebuild.outputs.version }}' != '' ]]; then + VERSION="${{ needs.prebuild.outputs.version }}" + fi + if [ "${{ github.event_name }}" = "schedule" ]; then + VERSION="nightly" + fi + GHCR_IMAGE="ghcr.io/${{ github.repository }}" + TAGS="${GHCR_IMAGE}:${VERSION}" + + if [[ -n "${{ env.QUAY_USER }}"]]; then + QUAY_IMAGE="quay.io/$IMAGE_REPO/$IMAGE_NAME" + tags="${TAGS}:${QUAY_IMAGE}:${VERSION}"" + fi + + if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then + TAGS="$TAGS,${GHCR_IMAGE}:latest" + if [[ -n "${{ env.QUAY_USER }}" ]]; then + TAGS="$TAGS,${QUAY_IMAGE}:latest" + fi + fi + echo "settings tag ${TAGS}" + echo "tags=${TAGS}" >> $GITHUB_OUTPUT + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: ${{ env.platforms }} + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Login to Quay + if: needs.prebuild.outputs.version != '' && env.QUAY_USER != '' + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ env.QUAY_USER }} + password: ${{ env.QUAY_TOKEN }} + + - name: Login to GitHub Container Registry + if: needs.prebuild.outputs.version != '' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ env.BOT_ACCESS_TOKEN }} + + - name: Build and push + id: docker_build + uses: docker/build-push-action@v5 + with: + builder: ${{ steps.buildx.outputs.name }} + context: ${{ steps.get_dir.outputs.docker_directory }} + file: ${{ inputs.dockerfile }} + push: ${{ github.event_name != 'pull_request' && needs.prebuild.outputs.version != '' }} + tags: ${{ steps.prep.outputs.tags }} + platforms: ${{ env.platforms }} diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 23d242d..97b6980 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -35,7 +35,6 @@ jobs: if: steps.precommit_exists.outputs.files_exists == 'true' - uses: go-semantic-release/action@v1 - if: github.event_name != 'pull_request' id: semrel with: github-token: ${{ secrets.BOT_ACCESS_TOKEN }} diff --git a/workflow-templates/container.yml b/workflow-templates/container.yml index 2678248..7770705 100644 --- a/workflow-templates/container.yml +++ b/workflow-templates/container.yml @@ -6,147 +6,15 @@ on: pull_request: branches: [ $default-branch ] -env: - platforms: linux/amd64, linux/arm64 - DOCKERHUB_USER: "${{ fromJSON(secrets.VAULT_KV_1D187965_OP_DOCKERHUB_INFRA_MACHINE).username }}" - DOCKERHUB_TOKEN: "${{ fromJSON(secrets.VAULT_KV_1D187965_OP_DOCKERHUB_INFRA_MACHINE).token }}" - - QUAY_USER: "${{ fromJSON(secrets.VAULT_KV_1D187965_OP_QUAY_ROBOT_ACCOUNT).username }}" - QUAY_TOKEN: "${{ fromJSON(secrets.VAULT_KV_1D187965_OP_QUAY_ROBOT_ACCOUNT).password }}" - - BOT_ACCESS_TOKEN: "${{ fromJSON(secrets.VAULT_KV_1D187965_OP_GITHUB_INFRALOVERS).PAT }}" - jobs: - prebuild: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.semrel.outputs.version }} - steps: - - uses: actions/checkout@v4 - - - name: Check pre-commit presence - id: precommit_exists - uses: andstor/file-existence-action@v1 - with: - files: ".pre-commit-config.yaml" - - - uses: actions/setup-python@v3 - if: steps.precommit_exists.outputs.files_exists == 'true' - - - uses: pre-commit/action@v3 - if: steps.precommit_exists.outputs.files_exists == 'true' - - - uses: go-semantic-release/action@v1 - if: github.event_name != 'pull_request' - id: semrel - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - prepend: true - dry: true - build: - runs-on: ubuntu-latest - needs: [ prebuild ] - steps: - - uses: actions/checkout@v4 - - - name: Prepare tagging - id: prep - run: | - IMAGE_NAME=$(basename ${{ github.repository }}) - IMAGE_REPO=${{ github.repository_owner }} - if [[ -n "${{ secrets.IMAGE_NAME }}" ]]; then - IMAGE_NAME="${{ secrets.IMAGE_NAME }}" - fi - if [[ -n "${{ secrets.IMAGE_REPO }}" ]]; then - IMAGE_REPO="${{ secrets.IMAGE_REPO }}" - fi - QUAY_IMAGE="quay.io/$IMAGE_REPO/$IMAGE_NAME" - GHCR_IMAGE="ghcr.io/${{ github.repository }}" - VERSION="dev" - if [[ '${{ needs.prebuild.outputs.version }}' != '' ]]; then - VERSION="${{ needs.prebuild.outputs.version }}" - fi - if [ "${{ github.event_name }}" = "schedule" ]; then - VERSION="nightly" - fi - TAGS="${QUAY_IMAGE}:${VERSION},${GHCR_IMAGE}:${VERSION}" - if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - TAGS="$TAGS,${QUAY_IMAGE}:latest,${GHCR_IMAGE}:latest" - fi - echo "settings tag ${TAGS}" - echo "tags=${TAGS}" >> $GITHUB_OUTPUT - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: ${{ env.platforms }} - - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Login to DockerHub - if: needs.prebuild.outputs.version != '' - uses: docker/login-action@v3 - with: - username: ${{ env.DOCKERHUB_USER }} - password: ${{ env.DOCKERHUB_TOKEN }} - - - name: Login to Quay - if: needs.prebuild.outputs.version != '' - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ env.QUAY_USER }} - password: ${{ env.QUAY_TOKEN }} - - - name: Login to GitHub Container Registry - if: needs.prebuild.outputs.version != '' - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ env.BOT_ACCESS_TOKEN }} - - - name: Build and push - id: docker_build - uses: docker/build-push-action@v5 - with: - builder: ${{ steps.buildx.outputs.name }} - context: . - push: ${{ github.event_name != 'pull_request' && needs.prebuild.outputs.version != '' }} - tags: ${{ steps.prep.outputs.tags }} - platforms: ${{ env.platforms }} - - release: - needs: [ prebuild, build ] - if: github.event_name != 'pull_request' - runs-on: ubuntu-latest - steps: - - - uses: actions/checkout@v2 + uses: infralovers/.github/.github/workflows/container.yml@main + secrets: inherit + env: + platforms: linux/amd64, linux/arm64 - - uses: go-semantic-release/action@v1 - if: needs.prebuild.outputs.version != '' - id: generate_changelog - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - prepend: true - changelog-file: CHANGELOG.md + QUAY_USER: "${{ fromJSON(secrets.VAULT_KV_1D187965_OP_QUAY_ROBOT_ACCOUNT).username }}" + QUAY_TOKEN: "${{ fromJSON(secrets.VAULT_KV_1D187965_OP_QUAY_ROBOT_ACCOUNT).password }}" - - name: Update changelog - uses: stefanzweifel/git-auto-commit-action@v4 - if: steps.generate_changelog.outputs.version != '' - with: - commit_message: 'chore(ci): commit changes from go-semantic-release' - file_pattern: CHANGELOG.md + BOT_ACCESS_TOKEN: "${{ fromJSON(secrets.VAULT_KV_1D187965_OP_GITHUB_INFRALOVERS).PAT }}"