Finalize Tags #209
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Finalize Tags | |
# Workflow this will update various mutable tags to match the full semver given in the input tag. | |
# E.g. if an image is tagged 0.1.2 and this workflow is triggered with a tag `latest-v0.1.2` then it will update tags: | |
# latest, 0, and 0.1 to point to the 0.1.2 image. | |
on: | |
create: | |
jobs: | |
update_latest_tag: | |
name: Build & Push to Registries | |
if: ${{ startsWith(github.ref, 'refs/tags/latest-v') }} | |
runs-on: ubuntu-latest | |
environment: production | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v2 | |
- name: Configure AWS credentials | |
uses: aws-actions/[email protected] | |
continue-on-error: true | |
with: | |
role-to-assume: ${{ secrets.ECR_REPO_ROLE }} | |
role-duration-seconds: 7200 # 2 hours | |
aws-region: us-east-1 | |
- name: 2nd Attempt Configure AWS credentials | |
uses: aws-actions/[email protected] | |
if: ${{ env.AWS_ACCESS_KEY_ID == '' }} | |
with: | |
role-to-assume: ${{ secrets.ECR_REPO_ROLE }} | |
role-duration-seconds: 7200 # 2 hours | |
aws-region: us-east-1 | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
# If this workflow runs for a semver that hasn't been released, then we'll fail below. This workflow is only | |
# meant to add the `latest` tag onto an existing release. | |
- name: Determine the version from the tag | |
id: get_ver | |
run: | | |
SEM_VER=$(echo "${{ github.ref }}" | grep -E -o "[0-9]+\.[0-9]+.[0-9]*") | |
if [ -z $SEM_VER ]; then | |
exit 1 | |
fi | |
echo "::set-output name=SEM_VER::$SEM_VER" | |
MAJOR_VERSION=$(echo "$SEM_VER" | grep -E -o "^[0-9]+") | |
echo "::set-output name=MAJOR_VERSION::$MAJOR_VERSION" | |
MINOR_VERSION=$(echo "$SEM_VER" | grep -E -o "^[0-9]+\.[0-9]+") | |
echo "::set-output name=MINOR_VERSION::$MINOR_VERSION" | |
# Right now just pull the image in order to tag it. There might be alternatives: | |
# https://stackoverflow.com/questions/37134929/how-to-tag-image-in-docker-registry-v2/38362476#38362476 (auth unclear) | |
# Use a shared context with original workflow? | |
- name: Pull, Tag, Push FrontEnd | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
SEM_VER: ${{ steps.get_ver.outputs.SEM_VER }} | |
MAJOR_VERSION: ${{ steps.get_ver.outputs.MAJOR_VERSION }} | |
MINOR_VERSION: ${{ steps.get_ver.outputs.MINOR_VERSION }} | |
run: | | |
amd_tag=amd64-$SEM_VER | |
arm_tag=arm64-$SEM_VER | |
docker_hub=sublimesec/strelka-frontend | |
ecr=$ECR_REGISTRY/strelka-frontend | |
docker manifest create $docker_hub:latest \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:latest \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $docker_hub:$MAJOR_VERSION \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$MAJOR_VERSION \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $docker_hub:$MINOR_VERSION \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$MINOR_VERSION \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest push $docker_hub:latest | |
docker manifest push $ecr:latest | |
docker manifest push $docker_hub:$MAJOR_VERSION | |
docker manifest push $ecr:$MAJOR_VERSION | |
docker manifest push $docker_hub:$MINOR_VERSION | |
docker manifest push $ecr:$MINOR_VERSION | |
- name: Pull, Tag, Push BackEnd | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
SEM_VER: ${{ steps.get_ver.outputs.SEM_VER }} | |
MAJOR_VERSION: ${{ steps.get_ver.outputs.MAJOR_VERSION }} | |
MINOR_VERSION: ${{ steps.get_ver.outputs.MINOR_VERSION }} | |
run: | | |
amd_tag=amd64-$SEM_VER | |
arm_tag=arm64-$SEM_VER | |
docker_hub=sublimesec/strelka-backend | |
ecr=$ECR_REGISTRY/strelka-backend | |
docker manifest create $docker_hub:latest \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:latest \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $docker_hub:$MAJOR_VERSION \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$MAJOR_VERSION \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $docker_hub:$MINOR_VERSION \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$MINOR_VERSION \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest push $docker_hub:latest | |
docker manifest push $ecr:latest | |
docker manifest push $docker_hub:$MAJOR_VERSION | |
docker manifest push $ecr:$MAJOR_VERSION | |
docker manifest push $docker_hub:$MINOR_VERSION | |
docker manifest push $ecr:$MINOR_VERSION | |
- name: Pull, Tag, Push Manager | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
SEM_VER: ${{ steps.get_ver.outputs.SEM_VER }} | |
MAJOR_VERSION: ${{ steps.get_ver.outputs.MAJOR_VERSION }} | |
MINOR_VERSION: ${{ steps.get_ver.outputs.MINOR_VERSION }} | |
run: | | |
amd_tag=amd64-$SEM_VER | |
arm_tag=arm64-$SEM_VER | |
docker_hub=sublimesec/strelka-manager | |
ecr=$ECR_REGISTRY/strelka-manager | |
docker manifest create $docker_hub:latest \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:latest \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $docker_hub:$MAJOR_VERSION \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$MAJOR_VERSION \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $docker_hub:$MINOR_VERSION \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$MINOR_VERSION \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest push $docker_hub:latest | |
docker manifest push $ecr:latest | |
docker manifest push $docker_hub:$MAJOR_VERSION | |
docker manifest push $ecr:$MAJOR_VERSION | |
docker manifest push $docker_hub:$MINOR_VERSION | |
docker manifest push $ecr:$MINOR_VERSION | |
- name: Validate All X-Region Replication | |
run: | | |
.github/workflows/check_images_x_region.sh latest | |
if [ $? != 0 ]; then | |
exit 1 | |
fi | |
- name: Slack Notification | |
uses: rtCamp/action-slack-notify@v2 | |
env: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_Z_LOG_DOCKER_BUILDS }} | |
SLACK_TITLE: Strelka Images latest tag updated to ${{ steps.get_ver.outputs.SEM_VER }} |