diff --git a/.github/workflows/build-push-ar.yml b/.github/workflows/build-push-ar.yml new file mode 100644 index 0000000..99315f9 --- /dev/null +++ b/.github/workflows/build-push-ar.yml @@ -0,0 +1,57 @@ +name: build-push-ar +on: + workflow_call: + inputs: + image: + required: true + type: string + build-args: + required: false + type: string + default: "" + context: + required: false + type: string + default: "." +jobs: + build-push-ar: + runs-on: ubuntu-latest + timeout-minutes: 15 + permissions: + contents: read + id-token: write + steps: + - uses: 'actions/checkout@v4' + - name: Extract branch name + shell: bash + run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT + id: extract_branch + - name: Extract tag name + shell: bash + run: |- + t=$(echo ${GITHUB_SHA} | cut -c1-7) + echo "tag=$t" >> $GITHUB_OUTPUT + id: extract_tag + - id: 'auth' + name: 'Authenticate to Google Cloud' + uses: 'google-github-actions/auth@v1' + with: + workload_identity_provider: ${{ secrets.GCLOUD_OIDC_POOL }} + create_credentials_file: true + service_account: ${{ secrets.GSA }} + token_format: 'access_token' + - uses: 'docker/login-action@v3' + name: 'Docker login' + with: + registry: 'us-docker.pkg.dev' + username: 'oauth2accesstoken' + password: '${{ steps.auth.outputs.access_token }}' + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: ${{ inputs.context }} + push: true + build-args: ${{ inputs.build-args }} + tags: | + us-docker.pkg.dev/${{ secrets.GCLOUD_PROJECT }}/${{ inputs.image }}:${{steps.extract_branch.outputs.branch}}-${{steps.extract_tag.outputs.tag}} + us-docker.pkg.dev/${{ secrets.GCLOUD_PROJECT }}/${{ inputs.image }}:${{steps.extract_branch.outputs.branch}} diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 664f84c..f18da1d 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -1,76 +1,50 @@ -name: Workflow Template - Build and push +name: build-push on: - workflow_call: - inputs: - dir: - required: true - type: string - major_version: - required: true - type: string - build_arg: - type: string + push: jobs: - build-push: + find-jobs: + name: Find changed directories runs-on: ubuntu-latest - timeout-minutes: 15 + outputs: + folders: ${{ steps.jobs.outputs.folders }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - id: jobs + run: | + folders=$(git diff --diff-filter="ACMR" --name-only ${{ github.event.before }} ${{ github.event.after }} | xargs dirname | awk -F '/' '{print $1}' | sort | uniq | grep -Ev "^\." | awk NF | jq -c --raw-input --slurp 'split("\n") | .[0:-1]') + echo "folders=$folders" >> $GITHUB_OUTPUT + + get-tags: + needs: [find-jobs] + runs-on: ubuntu-latest + outputs: + tags: ${{ steps.tags.outputs.tags }} + steps: + - uses: actions/checkout@v4 + - id: tags + run: | + json_array=$(echo '${{ needs.find-jobs.outputs.folders }}' | jq -rc '.[]') + TAGS=$(while read -r REPO; do + for TAG in $(ls $REPO/.build-args); do + echo '{"context":"'${REPO}'", "image":"'${REPO}':'${TAG}'", "args":"'$(cat ${REPO}/.build-args/${TAG})'"},' + done + done <<< "$json_array") + TAGS=$(echo "[${TAGS%,}]") + echo "tags=$TAGS" >> $GITHUB_OUTPUT + + build-push-ar: + needs: [get-tags] + strategy: + matrix: + tags: ${{ fromJson(needs.get-tags.outputs.tags )}} + uses: ./.github/workflows/build-push-ar.yml + with: + image: "internal/${{ matrix.image }}" + context: ${{ matrix.context }} + build-args: ${{ matrix.args }} permissions: contents: read id-token: write - steps: - - - name: Extract branch name - shell: bash - run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT - id: extract_branch - - - name: Extract tag name - shell: bash - run: |- - t=$(echo ${GITHUB_SHA} | cut -c1-7) - echo "tag=$t" >> $GITHUB_OUTPUT - id: extract_tag - - - uses: 'actions/checkout@v3' - - - name: 'Authenticate to Google Cloud' - id: 'auth' - uses: 'google-github-actions/auth@v0' - with: - workload_identity_provider: ${{ secrets.GCLOUD_OIDC_POOL }} - create_credentials_file: true - service_account: ${{ secrets.GSA }} - token_format: 'access_token' - - - name: 'Docker login init' - uses: 'docker/login-action@v1' - with: - registry: 'us-docker.pkg.dev' - username: 'oauth2accesstoken' - password: '${{ steps.auth.outputs.access_token }}' - - - name: 'Docker login' - run: echo '${{ steps.auth.outputs.access_token }}' | docker login -u oauth2accesstoken --password-stdin https://us-docker.pkg.dev - - - name: Lint Dockerfile - uses: hadolint/hadolint-action@v3.1.0 - with: - dockerfile: ${{ inputs.dir }}/Dockerfile - - - name: Lint shell - working-directory: ${{ inputs.dir }} - run: |- - echo "Running shellcheck on" - find . -name "*.sh" -exec ls -l {} \; - echo "Starting..." - find . -name "*.sh" -exec shellcheck {} \; - - - name: Build and push - uses: docker/build-push-action@v3 - with: - context: ${{ inputs.dir }} - push: true - build-args: ${{ inputs.build_arg }} - tags: | - us-docker.pkg.dev/${{ secrets.GCLOUD_PROJECT }}/${{ secrets.GCLOUD_AR_REPO }}/${{ inputs.dir }}:${{ inputs.major_version }}-${{steps.extract_branch.outputs.branch}}-${{steps.extract_tag.outputs.tag}} - us-docker.pkg.dev/${{ secrets.GCLOUD_PROJECT }}/${{ secrets.GCLOUD_AR_REPO }}/${{ inputs.dir }}:${{ inputs.major_version }}-${{steps.extract_branch.outputs.branch}} + secrets: inherit diff --git a/.github/workflows/gulp.yml b/.github/workflows/gulp.yml deleted file mode 100644 index fcc12de..0000000 --- a/.github/workflows/gulp.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: Build and push gulp 2.3 -on: - push: - paths: - - 'gulp/**' - - '.github/workflows/gulp.yml' - -jobs: - deploy: - uses: ./.github/workflows/build-push.yml - with: - dir: gulp - major_version: 2 - permissions: - contents: read - id-token: write - secrets: inherit - diff --git a/.github/workflows/loris-3.2.yml b/.github/workflows/loris-3.2.yml deleted file mode 100644 index 472ede7..0000000 --- a/.github/workflows/loris-3.2.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: Build and push loris 3.2 -on: - push: - paths: - - 'loris/**' - - '.github/workflows/loris-3.2.yml' - - '.github/workflows/build-push.yml' - -jobs: - deploy: - uses: ./.github/workflows/build-push.yml - with: - dir: loris - major_version: 3.2 - build_arg: LORIS_VERSION=3.2.1 - permissions: - contents: read - id-token: write - secrets: inherit diff --git a/.github/workflows/nginx-1.25.yml b/.github/workflows/nginx-1.25.yml deleted file mode 100644 index 4427176..0000000 --- a/.github/workflows/nginx-1.25.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: Build and push nginx 1.25 -on: - push: - paths: - - 'nginx/**' - - '.github/workflows/nginx-1.25.yml' - - '.github/workflows/build-push.yml' - -jobs: - deploy: - uses: ./.github/workflows/build-push.yml - with: - dir: nginx - major_version: 1.25 - build_arg: NGINX_VERSION=1.25.1 - permissions: - contents: read - id-token: write - secrets: inherit diff --git a/.github/workflows/php-8.yml b/.github/workflows/php-8.yml deleted file mode 100644 index 0be2e96..0000000 --- a/.github/workflows/php-8.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: CI -on: - schedule: - - cron: '43 12 * * 6' - push: - paths: - - 'php/**' - - '.github/workflows/php-8.yml' - - '.github/workflows/build-push.yml' - -jobs: - deploy: - strategy: - fail-fast: false - matrix: - version: ["8.1", "8.2"] - - name: Build and push PHP ${{ matrix.version }} - - uses: ./.github/workflows/build-push.yml - - with: - dir: php - major_version: ${{ matrix.version }} - build_arg: PHP_VERSION=${{ matrix.version }} - - permissions: - contents: read - id-token: write - - secrets: inherit diff --git a/gulp/.build-args/2.3 b/gulp/.build-args/2.3 new file mode 100644 index 0000000..e69de29 diff --git a/loris/.build-args/3.2 b/loris/.build-args/3.2 new file mode 100644 index 0000000..7d4ec6f --- /dev/null +++ b/loris/.build-args/3.2 @@ -0,0 +1 @@ +LORIS_VERSION=3.2.1 diff --git a/nginx/.build-args/1.25 b/nginx/.build-args/1.25 new file mode 100644 index 0000000..de596b1 --- /dev/null +++ b/nginx/.build-args/1.25 @@ -0,0 +1,2 @@ +NGINX_VERSION=1.25.1 + diff --git a/php/.build-args/8.1 b/php/.build-args/8.1 new file mode 100644 index 0000000..adbb2d4 --- /dev/null +++ b/php/.build-args/8.1 @@ -0,0 +1,2 @@ +PHP_VERSION=8.1 + diff --git a/php/.build-args/8.2 b/php/.build-args/8.2 new file mode 100644 index 0000000..b137526 --- /dev/null +++ b/php/.build-args/8.2 @@ -0,0 +1,2 @@ +PHP_VERSION=8.2 + diff --git a/php/.build-args/8.3 b/php/.build-args/8.3 new file mode 100644 index 0000000..896608c --- /dev/null +++ b/php/.build-args/8.3 @@ -0,0 +1,2 @@ +PHP_VERSION=8.3 +