diff --git a/.github/workflows/container-build-and-release.yml b/.github/workflows/container-build-and-release.yml new file mode 100644 index 0000000..6a644e1 --- /dev/null +++ b/.github/workflows/container-build-and-release.yml @@ -0,0 +1,182 @@ +name: Container Build + +on: + workflow_call: + inputs: + release_version: + description: Condition based on release branch build + required: false + type: string + platform_list: + required: true + description: platform name from input + type: string # like linux/amd64,linux/arm64 + + secrets: + token: + description: 'Secret token from caller workflow to access private packages' + required: true + +env: + REGISTRY: ghcr.io + +jobs: + setup: + runs-on: ubuntu-latest + outputs: + platform_matrix: ${{ steps.vars.outputs.platform_matrix }} + steps: + - name: Create an array from platform_list input + id: vars + run: echo "platform_matrix=$(jq 'split(",")' -Rc <(echo '${{ inputs.platform_list }}'))" | tee -a $GITHUB_OUTPUT | tee -a $GITHUB_STEP_SUMMARY + get-release-values: + name: Get Release Properties + runs-on: ubuntu-latest + outputs: + PUSH_IMAGE: ${{ steps.set-vars.outputs.PUSH_IMAGE }} + steps: + - name: Determine IMAGE_PUSH and VERSION + id: set-vars + run: | + if [[ ("${{ github.event_name }}" == "pull_request") && "${{ inputs.release_version }}" != "" ]]; then + echo "PUSH_IMAGE=true" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY" + echo "VERSION=${{ inputs.release_version }}" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY" + else + echo "PUSH_IMAGE=false" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY" + echo "VERSION=0.0.0" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY" + fi + run-container-build: + name: Build Containers + runs-on: ubuntu-latest + needs: [setup,get-release-values] + strategy: + fail-fast: false + matrix: + platform: ${{ fromJson(needs.setup.outputs.platform_matrix) }} + + permissions: + contents: read + packages: write + + steps: + - name: Set IMAGE_NAME + run: | + echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + + # Checkout code + # https://github.com/actions/checkout + - name: Checkout code + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=semver,pattern={{raw}},value=${{ inputs.release_version }} + + # Set up QEMU + # https://github.com/docker/setup-qemu-action + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + # Login to Docker registry + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Build and push Docker image with Buildx + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + platforms: ${{ matrix.platform }} + labels: ${{ steps.meta.outputs.labels }} + push: ${{ needs.get-release-values.outputs.PUSH_IMAGE == 'true' }} + outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true + + # Export digest + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + + # Upload digest + - name: Upload digest + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: digests + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + runs-on: ubuntu-latest + needs: [get-release-values, run-container-build] + steps: + - name: Set IMAGE_NAME + run: | + echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + echo "PUSH_IMAGE = ${{ needs.get-release-values.outputs.PUSH_IMAGE }}" + + # Download digests + # https://github.com/actions/download-artifact + - name: Download digests + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: digests + path: /tmp/digests + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=semver,pattern={{raw}},value=${{ inputs.release_version }} + + # Login to Docker registry + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Create manifest list and push if: needs.get-release-values.outputs.PUSH_IMAGE == true + - name: Create manifest list and push + if: needs.get-release-values.outputs.PUSH_IMAGE == 'true' + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *) + + - name: Inspect image + if: needs.get-release-values.outputs.PUSH_IMAGE == 'true' + run: | + docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} diff --git a/.github/workflows/starter.yml b/.github/workflows/starter.yml index 7a3f61d..d49210b 100644 --- a/.github/workflows/starter.yml +++ b/.github/workflows/starter.yml @@ -40,6 +40,36 @@ jobs: run: | echo "primary_language=${{ steps.read.outputs.primary_language}}" | tee -a "$GITHUB_OUTPUT" | tee -a $GITHUB_STEP_SUMMARY + call-goreleaser-exists: + outputs: + goreleaser-exists: ${{ steps.check_files.outputs.files_exists }} + runs-on: ubuntu-latest + name: Check for .goreleaser file + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Check file existence + id: check_files + uses: andstor/file-existence-action@v2 + with: + files: ".goreleaser.y*ml" + + setup_platforms: + runs-on: ubuntu-latest + outputs: + platform_matrix: ${{ steps.vars.outputs.platform_matrix }} + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Create an array from platform_list input # + id: vars + run: + echo "platform_matrix=`cat integration-manifest.json | jq '.platform_matrix'`" | tee -a $GITHUB_OUTPUT | tee -a $GITHUB_STEP_SUMMARY + call-create-github-release-workflow: uses: Keyfactor/actions/.github/workflows/github-release.yml@v2 @@ -57,7 +87,7 @@ jobs: call-go-build-and-release-workflow: needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow] - if: needs.call-get-primary-language.outputs.primary_language == 'Go' + if: needs.call-get-primary-language.outputs.primary_language == 'Go' && needs.call-goreleaser-exists.outputs.goreleaser-exists == 'true' uses: keyfactor/actions/.github/workflows/go-build-and-release.yml@v2 with: release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} @@ -66,6 +96,16 @@ jobs: gpg_key: ${{ secrets.gpg_key }} gpg_pass: ${{ secrets.gpg_pass }} + call-container-build-and-release-workflow: + needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow,call-goreleaser-exists,setup_platforms] + if: needs.call-get-primary-language.outputs.primary_language == 'Go' && needs.call-goreleaser-exists.outputs.goreleaser-exists == 'false' + uses: keyfactor/actions/.github/workflows/container-build-and-release.yml@ab#53666-container-build + with: + release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} + platform_list: ${{ fromJson(needs.setup_platforms.outputs.platform_matrix) }} + secrets: + token: ${{ secrets.GITHUB_TOKEN }} + call-generate-readme-workflow: if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' uses: Keyfactor/actions/.github/workflows/generate-readme.yml@v2