Scheduled publish #101
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Scheduled publish | |
| on: | |
| schedule: | |
| - cron: '20 8 * * 1' | |
| workflow_dispatch: | |
| jobs: | |
| deployment: | |
| name: Rebuild and publish the latest tagged image | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| packages: write | |
| steps: | |
| - name: Get latest tag | |
| uses: oprypin/find-latest-tag@v1 | |
| id: latest-tag | |
| with: | |
| repository: ${{ github.repository }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Checkout repository code | |
| uses: actions/checkout@main | |
| with: | |
| ref: ${{ steps.latest-tag.outputs.tag }} | |
| fetch-depth: 0 | |
| - name: Set current date as env variable | |
| run: echo "TODAY=$(date +'%Y%m%d')" >> $GITHUB_ENV | |
| - name: Set nicely formatted current date as env variable | |
| run: echo "TODAY_FORMATTED=$(date +'%Y-%m-%d')" >> $GITHUB_ENV | |
| - name: Create weekly tag | |
| id: tag | |
| env: | |
| TAG: ${{ steps.latest-tag.outputs.tag }}_${{ env.TODAY }} | |
| run: | | |
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | |
| git config --global user.name "github-actions[bot]" | |
| git tag -a $TAG -m "Weekly rebuild of ${{ steps.latest-tag.outputs.tag }}" | |
| git push origin $TAG | |
| echo "TAG=$TAG" >> $GITHUB_OUTPUT | |
| - name: Build and push weekly image (w/ aws cli) | |
| uses: ./.github/workflows/publish | |
| with: | |
| bake_target: aws | |
| aws_role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| git_tag: ${{ steps.tag.outputs.TAG }} | |
| publish_release: true | |
| release_title: ${{ steps.latest-tag.outputs.tag }} - weekly release (${{ env.TODAY_FORMATTED }}) | |
| release_body: | | |
| ## Weekly rebuild | |
| This is a weekly rebuild of the latest image (`${{ steps.latest-tag.outputs.tag }}`). | |
| The image is rebuilt to ensure that it is up to date with the latest security patches. | |
| ## Updated images | |
| ### Image with aws cli | |
| - `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:latest` | |
| - `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:${{ steps.tag.outputs.TAG }}` | |
| - `ghcr.io/spacelift-io/runner-terraform:latest` | |
| - `ghcr.io/spacelift-io/runner-terraform:${{ steps.tag.outputs.TAG }}` | |
| ### Image with gcloud cli | |
| - `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:gcp-latest` | |
| - `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:gcp-${{ steps.tag.outputs.TAG }}` | |
| - `ghcr.io/spacelift-io/runner-terraform:gcp-latest` | |
| - `ghcr.io/spacelift-io/runner-terraform:gcp-${{ steps.tag.outputs.TAG }}` | |
| ### Image with az cli | |
| - `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-latest` | |
| - `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-${{ steps.tag.outputs.TAG }}` | |
| - `ghcr.io/spacelift-io/runner-terraform:azure-latest` | |
| - `ghcr.io/spacelift-io/runner-terraform:azure-${{ steps.tag.outputs.TAG }}` | |
| bake_set: | | |
| aws.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:latest | |
| aws.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:${{ steps.tag.outputs.TAG }} | |
| aws.tags=ghcr.io/spacelift-io/runner-terraform:latest | |
| aws.tags=ghcr.io/spacelift-io/runner-terraform:${{ steps.tag.outputs.TAG }} | |
| - name: Build and push weekly image (w/ gcloud cli) | |
| uses: ./.github/workflows/publish | |
| with: | |
| bake_target: gcp | |
| aws_role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| git_tag: ${{ steps.latest-tag.outputs.tag }} | |
| publish_release: false | |
| bake_set: | | |
| gcp.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:gcp-latest | |
| gcp.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:gcp-${{ steps.tag.outputs.TAG }} | |
| gcp.tags=ghcr.io/spacelift-io/runner-terraform:gcp-latest | |
| gcp.tags=ghcr.io/spacelift-io/runner-terraform:gcp-${{ steps.tag.outputs.TAG }} | |
| - name: Build and push weekly image (w/ az cli) | |
| uses: ./.github/workflows/publish | |
| with: | |
| bake_target: azure | |
| aws_role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| git_tag: ${{ steps.latest-tag.outputs.tag }} | |
| publish_release: false | |
| bake_set: | | |
| azure.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-latest | |
| azure.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-${{ steps.tag.outputs.TAG }} | |
| azure.tags=ghcr.io/spacelift-io/runner-terraform:azure-latest | |
| azure.tags=ghcr.io/spacelift-io/runner-terraform:azure-${{ steps.tag.outputs.TAG }} | |