Cloud Image Registry Implementation #6247
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and publish the docker images | |
on: | |
push: | |
branches: | |
- master | |
tags: | |
- "v*" | |
pull_request: | |
types: | |
- opened | |
- reopened | |
- synchronize | |
repository_dispatch: | |
types: | |
- deploy-staging-command | |
jobs: | |
configure: | |
name: Preliminary configuration | |
runs-on: ubuntu-latest | |
outputs: | |
ref: ${{ steps.configure.outputs.ref }} | |
repo-suffix: ${{ steps.configure.outputs.repo-suffix }} | |
repo-push: ${{ steps.configure.outputs.repo-push }} | |
version: ${{ steps.version.outputs.version }} | |
build-matrix: ${{ steps.build-matrix.outputs.matrix }} | |
steps: | |
- name: Get version | |
id: version | |
run: echo "version=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT | |
if: | | |
github.event_name == 'push' && | |
github.event.repository.full_name == github.repository && | |
startsWith(github.ref, 'refs/tags/v') | |
- name: Configure | |
id: configure | |
env: | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
run: | | |
# The ref of the commit to checkout (do not use the merge commit if pull request) | |
if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
echo "ref=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT | |
elif [[ "${{ github.event_name }}" == "repository_dispatch" ]]; then | |
echo "ref=${{ github.event.client_payload.pull_request.head.sha }}" >> $GITHUB_OUTPUT | |
elif [[ "${{ steps.version.outputs.version }}" != "" ]]; then | |
echo "ref=${{ steps.version.outputs.version }}" >> $GITHUB_OUTPUT | |
else | |
echo "ref=${{ github.sha }}" >> $GITHUB_OUTPUT | |
fi | |
# The suffix to append to the repository name if not triggered by a push | |
[[ "${{ github.event_name }}" == "push" && "${{ github.event.repository.full_name }}" == "${{ github.repository }}" ]] && \ | |
echo "repo-suffix=" >> $GITHUB_OUTPUT || \ | |
echo "repo-suffix=-dev" >> $GITHUB_OUTPUT | |
# Do not push the resulting images to DockerHub if triggered by a pull request or DockerHub credentials are not available | |
[[ "${{ github.event_name }}" == "pull_request" || -z $DOCKER_PASSWORD ]] && \ | |
echo "repo-push=false" >> $GITHUB_OUTPUT || \ | |
echo "repo-push=true" >> $GITHUB_OUTPUT | |
# The optional images (i.e., user environments) are built only in case of version tags, | |
# and when the /deploy-staging event is dispatched with the build-all flag | |
[[ "${{ steps.version.outputs.version }}" != "" || \ | |
("${{ github.event_name }}" == "repository_dispatch" && "${{ github.event.client_payload.slash_command.args.all }}" == "build-all") ]] && \ | |
echo "filter-optional-images=false" >> $GITHUB_OUTPUT || \ | |
echo "filter-optional-images=true" >> $GITHUB_OUTPUT | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ steps.configure.outputs.ref }} | |
persist-credentials: false | |
- name: Retrieve the build matrix | |
id: build-matrix | |
uses: ./.github/actions/retrieve-build-matrix | |
with: | |
path: .github/workflows/build-matrix.json | |
filterOptional: ${{ steps.configure.outputs.filter-optional-images }} | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
needs: configure | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJson(needs.configure.outputs.build-matrix) }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ needs.configure.outputs.ref }} | |
persist-credentials: false | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Cache Docker layers | |
uses: actions/cache@v3 | |
with: | |
path: /tmp/.buildx-cache | |
# The cache key is composed of the combination of the component name, the hash of the files in the build context and the hash of the commit. | |
# Example: Linux-instance-operator-buildx-78702f5342c365de6dec21db1910023b19d0c56b3e3187ac860131d88ac24498-3e0fbf49898789ec0ff0f78272dd0a7703389810 | |
# The hash of the files in the context guarantees that a match is always found if no files of the component are modified, while the commit hash | |
# guarantees uniqueness of the name, to ensure the cache is always updated (i.e. to prevent issues if the base image changes). | |
key: ${{ runner.os }}-${{ matrix.component }}-buildx-${{ hashFiles(format('{0}/**', matrix.context), matrix.dockerfile) }}-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ matrix.component }}-buildx-${{ hashFiles(format('{0}/**', matrix.context), matrix.dockerfile) }}- | |
${{ runner.os }}-${{ matrix.component }}-buildx- | |
- name: Login to DockerHub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
if: needs.configure.outputs.repo-push == 'true' | |
- name: Login to Harbor | |
uses: docker/login-action@v2 | |
with: | |
registry: https://${{ secrets.HARBOR_REGISTRY_URL }} | |
username: ${{ secrets.HARBOR_REGISTRY_USERNAME }} | |
password: ${{ secrets.HARBOR_REGISTRY_PASSWORD }} | |
if: needs.configure.outputs.repo-push == 'true' | |
- name: Configure the build-push-action parameters | |
id: parameters | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
HARBOR_REGISTRY_URL: ${{ secrets.HARBOR_REGISTRY_URL }} | |
run: | | |
echo "repo-owner=${DOCKER_USERNAME:-crownlabs}" >> $GITHUB_OUTPUT | |
echo "repo-name=${{ matrix.component }}${{ needs.configure.outputs.repo-suffix }}" >> $GITHUB_OUTPUT | |
echo "harbor-registry=${HARBOR_REGISTRY_URL:-harbor.local}" >> $GITHUB_OUTPUT | |
[[ -n "${{ matrix.dockerfile }}" ]] && \ | |
echo "dockerfile=${{ matrix.dockerfile }}" >> $GITHUB_OUTPUT || \ | |
echo "dockerfile=${{ matrix.context }}/Dockerfile" >> $GITHUB_OUTPUT | |
- name: Build and Push the ${{ matrix.component }} image | |
uses: docker/build-push-action@v3 | |
with: | |
tags: | | |
${{ steps.parameters.outputs.repo-owner }}/${{ steps.parameters.outputs.repo-name }}:${{ needs.configure.outputs.ref }} | |
# ${{ steps.parameters.outputs.harbor-registry }}/${{ matrix.harbor-project }}/${{ steps.parameters.outputs.repo-name }}:${{ needs.configure.outputs.ref }} | |
push: ${{ needs.configure.outputs.repo-push }} | |
file: ${{ steps.parameters.outputs.dockerfile }} | |
context: ${{ matrix.context }} | |
build-args: ${{ matrix.build-args }} | |
cache-from: type=gha, scope=${{ github.workflow }} | |
cache-to: type=gha, scope=${{ github.workflow }} | |
trigger-events-master: | |
name: Trigger events upon successful push to master | |
runs-on: ubuntu-latest | |
needs: | |
- configure | |
- build | |
if: | | |
github.event_name == 'push' && | |
github.ref == 'refs/heads/master' && | |
needs.configure.outputs.repo-push == 'true' | |
steps: | |
- name: Send the Slack notification | |
uses: 8398a7/action-slack@v3 | |
with: | |
status: ${{ job.status }} | |
author_name: CrownLabs CI | |
env: | |
GITHUB_TOKEN: ${{ secrets.CI_TOKEN }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
if: always() | |
- name: Notify Event to CrownOps | |
uses: peter-evans/repository-dispatch@v2 | |
with: | |
token: ${{ secrets.CI_TOKEN }} | |
repository: netgroup-polito/CrownOps | |
event-type: preprod-event | |
client-payload: '{"tag": "${{ needs.configure.outputs.ref }}"}' | |
trigger-events-deploy-staging: | |
name: Trigger events upon /deploy-staging comment | |
runs-on: ubuntu-latest | |
needs: | |
- configure | |
- build | |
if: | | |
github.event_name == 'repository_dispatch' && | |
needs.configure.outputs.repo-push == 'true' | |
steps: | |
- name: Notify Event to CrownOps | |
uses: peter-evans/repository-dispatch@v2 | |
with: | |
token: ${{ secrets.CI_TOKEN }} | |
repository: netgroup-polito/CrownOps | |
event-type: deploy-staging-event | |
client-payload: | | |
{ | |
"repository": "${{ github.repository }}", | |
"pr-number": "${{ github.event.client_payload.github.payload.issue.number }}", | |
"tag": "${{ needs.configure.outputs.ref }}" | |
} | |
- name: Report status as reaction | |
uses: peter-evans/create-or-update-comment@v2 | |
with: | |
token: ${{ secrets.CI_TOKEN }} | |
comment-id: ${{ github.event.client_payload.github.payload.comment.id }} | |
reactions: "hooray" | |
release: | |
name: Create a new CrownLabs release | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
needs: | |
- configure | |
- build | |
if: | | |
needs.configure.outputs.version != '' && | |
needs.configure.outputs.repo-push == 'true' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ needs.configure.outputs.ref }} | |
# The changelog generation requires the entire history | |
fetch-depth: 0 | |
persist-credentials: false | |
- name: Get the latest CrownLabs release | |
uses: pozetroninc/[email protected] | |
id: last-release | |
with: | |
repository: ${{ github.repository }} | |
- name: Configure Git | |
run: | | |
git config user.name "kingmakerbot" | |
git config user.email "[email protected]" | |
# automatic helm repo management | |
# (from https://github.com/liqotech/liqo/blob/master/.github/workflows/integration.yml) | |
- name: Install Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: v3.9.4 | |
- name: Download chart releaser | |
run: | | |
curl -sSL "https://github.com/helm/chart-releaser/releases/download/v1.5.0/chart-releaser_1.5.0_linux_amd64.tar.gz" | tar -xz | |
- name: Enforce global version | |
run: | | |
sed -i 's| version: "" # default set while packaging| version: "${{ needs.configure.outputs.version }}"|' deploy/crownlabs/values.yaml | |
- name: Package helm chart | |
run: | | |
# the output should be in the .cr-release-packages since cr index expects to find it there to create the helm index | |
helm package deploy/crownlabs --dependency-update --version "${{ needs.configure.outputs.version }}" --app-version "${{ needs.configure.outputs.version }}" --destination .cr-release-packages | |
- uses: ncipollo/release-action@v1 | |
with: | |
artifacts: ".cr-release-packages/*" | |
generateReleaseNotes: true | |
token: ${{ github.token }} | |
allowUpdates: true | |
tag: ${{ needs.configure.outputs.version }} | |
name: Release ${{ needs.configure.outputs.version }} | |
- name: Update Helm index | |
run: | | |
repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY") | |
owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY") | |
# Update index and push to github pages | |
./cr index \ | |
--owner "$owner" \ | |
--git-repo "$repo" \ | |
--release-name-template "${{ needs.configure.outputs.version }}" \ | |
--token "${{ secrets.GITHUB_TOKEN }}" \ | |
--index-path index.yaml \ | |
--pages-index-path index.yaml \ | |
--push | |
- name: Notify Event to CrownOps | |
uses: peter-evans/repository-dispatch@v2 | |
with: | |
token: ${{ secrets.CI_TOKEN }} | |
repository: netgroup-polito/CrownOps | |
event-type: release-event | |
client-payload: '{"version": "${{ needs.configure.outputs.version }}"}' |