Skip to content

Cloud Image Registry Implementation #6247

Cloud Image Registry Implementation

Cloud Image Registry Implementation #6247

Workflow file for this run

name: Build and publish the docker images
on:
push:
branches:
- master
tags:
- "v*"
pull_request:
types:
- opened
- reopened
- synchronize
repository_dispatch:
types:
- deploy-staging-command
jobs:
configure:
name: Preliminary configuration
runs-on: ubuntu-latest
outputs:
ref: ${{ steps.configure.outputs.ref }}
repo-suffix: ${{ steps.configure.outputs.repo-suffix }}
repo-push: ${{ steps.configure.outputs.repo-push }}
version: ${{ steps.version.outputs.version }}
build-matrix: ${{ steps.build-matrix.outputs.matrix }}
steps:
- name: Get version
id: version
run: echo "version=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT
if: |
github.event_name == 'push' &&
github.event.repository.full_name == github.repository &&
startsWith(github.ref, 'refs/tags/v')
- name: Configure
id: configure
env:
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
# The ref of the commit to checkout (do not use the merge commit if pull request)
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
echo "ref=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT
elif [[ "${{ github.event_name }}" == "repository_dispatch" ]]; then
echo "ref=${{ github.event.client_payload.pull_request.head.sha }}" >> $GITHUB_OUTPUT
elif [[ "${{ steps.version.outputs.version }}" != "" ]]; then
echo "ref=${{ steps.version.outputs.version }}" >> $GITHUB_OUTPUT
else
echo "ref=${{ github.sha }}" >> $GITHUB_OUTPUT
fi
# The suffix to append to the repository name if not triggered by a push
[[ "${{ github.event_name }}" == "push" && "${{ github.event.repository.full_name }}" == "${{ github.repository }}" ]] && \
echo "repo-suffix=" >> $GITHUB_OUTPUT || \
echo "repo-suffix=-dev" >> $GITHUB_OUTPUT
# Do not push the resulting images to DockerHub if triggered by a pull request or DockerHub credentials are not available
[[ "${{ github.event_name }}" == "pull_request" || -z $DOCKER_PASSWORD ]] && \
echo "repo-push=false" >> $GITHUB_OUTPUT || \
echo "repo-push=true" >> $GITHUB_OUTPUT
# The optional images (i.e., user environments) are built only in case of version tags,
# and when the /deploy-staging event is dispatched with the build-all flag
[[ "${{ steps.version.outputs.version }}" != "" || \
("${{ github.event_name }}" == "repository_dispatch" && "${{ github.event.client_payload.slash_command.args.all }}" == "build-all") ]] && \
echo "filter-optional-images=false" >> $GITHUB_OUTPUT || \
echo "filter-optional-images=true" >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ steps.configure.outputs.ref }}
persist-credentials: false
- name: Retrieve the build matrix
id: build-matrix
uses: ./.github/actions/retrieve-build-matrix
with:
path: .github/workflows/build-matrix.json
filterOptional: ${{ steps.configure.outputs.filter-optional-images }}
build:
name: Build
runs-on: ubuntu-latest
needs: configure
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.configure.outputs.build-matrix) }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ needs.configure.outputs.ref }}
persist-credentials: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
# The cache key is composed of the combination of the component name, the hash of the files in the build context and the hash of the commit.
# Example: Linux-instance-operator-buildx-78702f5342c365de6dec21db1910023b19d0c56b3e3187ac860131d88ac24498-3e0fbf49898789ec0ff0f78272dd0a7703389810
# The hash of the files in the context guarantees that a match is always found if no files of the component are modified, while the commit hash
# guarantees uniqueness of the name, to ensure the cache is always updated (i.e. to prevent issues if the base image changes).
key: ${{ runner.os }}-${{ matrix.component }}-buildx-${{ hashFiles(format('{0}/**', matrix.context), matrix.dockerfile) }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ matrix.component }}-buildx-${{ hashFiles(format('{0}/**', matrix.context), matrix.dockerfile) }}-
${{ runner.os }}-${{ matrix.component }}-buildx-
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
if: needs.configure.outputs.repo-push == 'true'
- name: Login to Harbor
uses: docker/login-action@v2
with:
registry: https://${{ secrets.HARBOR_REGISTRY_URL }}
username: ${{ secrets.HARBOR_REGISTRY_USERNAME }}
password: ${{ secrets.HARBOR_REGISTRY_PASSWORD }}
if: needs.configure.outputs.repo-push == 'true'
- name: Configure the build-push-action parameters
id: parameters
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
HARBOR_REGISTRY_URL: ${{ secrets.HARBOR_REGISTRY_URL }}
run: |
echo "repo-owner=${DOCKER_USERNAME:-crownlabs}" >> $GITHUB_OUTPUT
echo "repo-name=${{ matrix.component }}${{ needs.configure.outputs.repo-suffix }}" >> $GITHUB_OUTPUT
echo "harbor-registry=${HARBOR_REGISTRY_URL:-harbor.local}" >> $GITHUB_OUTPUT
[[ -n "${{ matrix.dockerfile }}" ]] && \
echo "dockerfile=${{ matrix.dockerfile }}" >> $GITHUB_OUTPUT || \
echo "dockerfile=${{ matrix.context }}/Dockerfile" >> $GITHUB_OUTPUT
- name: Build and Push the ${{ matrix.component }} image
uses: docker/build-push-action@v3
with:
tags: |
${{ steps.parameters.outputs.repo-owner }}/${{ steps.parameters.outputs.repo-name }}:${{ needs.configure.outputs.ref }}
# ${{ steps.parameters.outputs.harbor-registry }}/${{ matrix.harbor-project }}/${{ steps.parameters.outputs.repo-name }}:${{ needs.configure.outputs.ref }}
push: ${{ needs.configure.outputs.repo-push }}
file: ${{ steps.parameters.outputs.dockerfile }}
context: ${{ matrix.context }}
build-args: ${{ matrix.build-args }}
cache-from: type=gha, scope=${{ github.workflow }}
cache-to: type=gha, scope=${{ github.workflow }}
trigger-events-master:
name: Trigger events upon successful push to master
runs-on: ubuntu-latest
needs:
- configure
- build
if: |
github.event_name == 'push' &&
github.ref == 'refs/heads/master' &&
needs.configure.outputs.repo-push == 'true'
steps:
- name: Send the Slack notification
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
author_name: CrownLabs CI
env:
GITHUB_TOKEN: ${{ secrets.CI_TOKEN }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
if: always()
- name: Notify Event to CrownOps
uses: peter-evans/repository-dispatch@v2
with:
token: ${{ secrets.CI_TOKEN }}
repository: netgroup-polito/CrownOps
event-type: preprod-event
client-payload: '{"tag": "${{ needs.configure.outputs.ref }}"}'
trigger-events-deploy-staging:
name: Trigger events upon /deploy-staging comment
runs-on: ubuntu-latest
needs:
- configure
- build
if: |
github.event_name == 'repository_dispatch' &&
needs.configure.outputs.repo-push == 'true'
steps:
- name: Notify Event to CrownOps
uses: peter-evans/repository-dispatch@v2
with:
token: ${{ secrets.CI_TOKEN }}
repository: netgroup-polito/CrownOps
event-type: deploy-staging-event
client-payload: |
{
"repository": "${{ github.repository }}",
"pr-number": "${{ github.event.client_payload.github.payload.issue.number }}",
"tag": "${{ needs.configure.outputs.ref }}"
}
- name: Report status as reaction
uses: peter-evans/create-or-update-comment@v2
with:
token: ${{ secrets.CI_TOKEN }}
comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
reactions: "hooray"
release:
name: Create a new CrownLabs release
runs-on: ubuntu-latest
permissions:
contents: write
needs:
- configure
- build
if: |
needs.configure.outputs.version != '' &&
needs.configure.outputs.repo-push == 'true'
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ needs.configure.outputs.ref }}
# The changelog generation requires the entire history
fetch-depth: 0
persist-credentials: false
- name: Get the latest CrownLabs release
uses: pozetroninc/[email protected]
id: last-release
with:
repository: ${{ github.repository }}
- name: Configure Git
run: |
git config user.name "kingmakerbot"
git config user.email "[email protected]"
# automatic helm repo management
# (from https://github.com/liqotech/liqo/blob/master/.github/workflows/integration.yml)
- name: Install Helm
uses: azure/setup-helm@v3
with:
version: v3.9.4
- name: Download chart releaser
run: |
curl -sSL "https://github.com/helm/chart-releaser/releases/download/v1.5.0/chart-releaser_1.5.0_linux_amd64.tar.gz" | tar -xz
- name: Enforce global version
run: |
sed -i 's| version: "" # default set while packaging| version: "${{ needs.configure.outputs.version }}"|' deploy/crownlabs/values.yaml
- name: Package helm chart
run: |
# the output should be in the .cr-release-packages since cr index expects to find it there to create the helm index
helm package deploy/crownlabs --dependency-update --version "${{ needs.configure.outputs.version }}" --app-version "${{ needs.configure.outputs.version }}" --destination .cr-release-packages
- uses: ncipollo/release-action@v1
with:
artifacts: ".cr-release-packages/*"
generateReleaseNotes: true
token: ${{ github.token }}
allowUpdates: true
tag: ${{ needs.configure.outputs.version }}
name: Release ${{ needs.configure.outputs.version }}
- name: Update Helm index
run: |
repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY")
owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY")
# Update index and push to github pages
./cr index \
--owner "$owner" \
--git-repo "$repo" \
--release-name-template "${{ needs.configure.outputs.version }}" \
--token "${{ secrets.GITHUB_TOKEN }}" \
--index-path index.yaml \
--pages-index-path index.yaml \
--push
- name: Notify Event to CrownOps
uses: peter-evans/repository-dispatch@v2
with:
token: ${{ secrets.CI_TOKEN }}
repository: netgroup-polito/CrownOps
event-type: release-event
client-payload: '{"version": "${{ needs.configure.outputs.version }}"}'