Build Base Images #249
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Base Images | |
on: | |
workflow_dispatch: | |
workflow_call: | |
schedule: | |
- cron: "30 4 * * 1-5" # run Mon-Fri at 04:30 UTC | |
defaults: | |
run: | |
shell: bash | |
concurrency: | |
group: ${{ github.ref_name }}-base-image | |
cancel-in-progress: false | |
permissions: | |
contents: read | |
jobs: | |
checks: | |
name: Checks and variables | |
runs-on: ubuntu-24.04 | |
outputs: | |
docker_md5: ${{ steps.vars.outputs.docker_md5 }} | |
ic_version: ${{ steps.vars.outputs.ic_version }} | |
image_matrix_oss: ${{ steps.vars.outputs.image_matrix_oss }} | |
image_matrix_plus: ${{ steps.vars.outputs.image_matrix_plus }} | |
image_matrix_nap: ${{ steps.vars.outputs.image_matrix_nap }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Output Variables | |
id: vars | |
run: | | |
./.github/scripts/variables.sh docker_md5 >> $GITHUB_OUTPUT | |
source .github/data/version.txt | |
echo "ic_version=${IC_VERSION}" >> $GITHUB_OUTPUT | |
echo "image_matrix_oss=$(cat .github/data/matrix-images-oss.json | jq -c)" >> $GITHUB_OUTPUT | |
echo "image_matrix_plus=$(cat .github/data/matrix-images-plus.json | jq -c)" >> $GITHUB_OUTPUT | |
echo "image_matrix_nap=$(cat .github/data/matrix-images-nap.json | jq -c)" >> $GITHUB_OUTPUT | |
cat $GITHUB_OUTPUT | |
build-oss: | |
name: Build OSS base images | |
runs-on: ubuntu-24.04 | |
needs: checks | |
permissions: | |
contents: read | |
pull-requests: write # for scout report | |
id-token: write | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJSON( needs.checks.outputs.image_matrix_oss ) }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Docker Buildx | |
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 | |
- name: Setup QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
with: | |
platforms: arm,arm64,ppc64le,s390x | |
- name: Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 | |
with: | |
token_format: access_token | |
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} | |
service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} | |
- name: Login to GCR | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: gcr.io | |
username: oauth2accesstoken | |
password: ${{ steps.auth.outputs.access_token }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 | |
with: | |
images: | | |
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/oss | |
flavor: | | |
suffix=-${{ matrix.image }},onlatest=false | |
tags: | | |
type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }} | |
- name: Build Base Container | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 | |
with: | |
file: build/Dockerfile | |
context: "." | |
cache-from: type=gha,scope=${{ matrix.image }} | |
cache-to: type=gha,scope=${{ matrix.image }},mode=max | |
target: common | |
tags: ${{ steps.meta.outputs.tags }} | |
platforms: ${{ matrix.platforms }} | |
pull: true | |
push: true | |
build-args: | | |
BUILD_OS=${{ matrix.image }} | |
IC_VERSION=${{ needs.checks.outputs.ic_version }} | |
build-plus: | |
name: Build Plus base images | |
runs-on: ubuntu-24.04 | |
needs: checks | |
permissions: | |
contents: read | |
id-token: write | |
pull-requests: write # for scout report | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJSON( needs.checks.outputs.image_matrix_plus ) }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Docker Buildx | |
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 | |
- name: Setup QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
with: | |
platforms: arm64,s390x | |
- name: Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 | |
with: | |
token_format: access_token | |
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} | |
service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} | |
- name: Login to GCR | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: gcr.io | |
username: oauth2accesstoken | |
password: ${{ steps.auth.outputs.access_token }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 | |
with: | |
images: | | |
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus | |
flavor: | | |
suffix=-${{ matrix.image }},onlatest=false | |
tags: | | |
type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }} | |
- name: Build Base Container | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 | |
with: | |
file: build/Dockerfile | |
context: "." | |
cache-from: type=gha,scope=${{ matrix.image }} | |
cache-to: type=gha,scope=${{ matrix.image }},mode=max | |
target: common | |
tags: ${{ steps.meta.outputs.tags }} | |
platforms: ${{ matrix.platforms }} | |
pull: true | |
push: true | |
build-args: | | |
BUILD_OS=${{ matrix.image }} | |
IC_VERSION=${{ needs.checks.outputs.ic_version }} | |
secrets: | | |
"nginx-repo.crt=${{ secrets.NGINX_CRT }}" | |
"nginx-repo.key=${{ secrets.NGINX_KEY }}" | |
build-plus-nap: | |
name: Build Plus NAP base images | |
runs-on: ubuntu-24.04 | |
needs: checks | |
permissions: | |
contents: read | |
id-token: write | |
pull-requests: write # for scout report | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJSON( needs.checks.outputs.image_matrix_nap ) }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Docker Buildx | |
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 | |
- name: Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 | |
with: | |
token_format: access_token | |
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} | |
service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} | |
- name: Login to GCR | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: gcr.io | |
username: oauth2accesstoken | |
password: ${{ steps.auth.outputs.access_token }} | |
- name: NAP modules | |
id: nap_modules | |
run: | | |
[[ "${{ matrix.nap_modules }}" == "waf,dos" ]] && modules="waf-dos" || modules="${{ matrix.nap_modules }}" | |
echo "modules=${modules}" >> $GITHUB_OUTPUT | |
[[ "${{ matrix.nap_modules }}" =~ waf ]] && agent="true" || agent="false" | |
echo "agent=${agent}" >> $GITHUB_OUTPUT | |
if: ${{ matrix.nap_modules != '' }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 | |
with: | |
images: | | |
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus | |
flavor: | | |
suffix=-${{ matrix.image }}-${{ steps.nap_modules.outputs.modules }},onlatest=false | |
tags: | | |
type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }} | |
- name: Build Base Container | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 | |
with: | |
file: build/Dockerfile | |
context: "." | |
cache-from: type=gha,scope=${{ matrix.image }}-${{ steps.nap_modules.outputs.modules }} | |
cache-to: type=gha,scope=${{ matrix.image }}-${{ steps.nap_modules.outputs.modules }},mode=max | |
target: common | |
tags: ${{ steps.meta.outputs.tags }} | |
platforms: ${{ matrix.platforms }} | |
pull: true | |
push: true | |
build-args: | | |
BUILD_OS=${{ matrix.image }} | |
IC_VERSION=${{ needs.checks.outputs.ic_version }} | |
NAP_MODULES=${{ matrix.nap_modules }} | |
${{ contains(matrix.nap_modules,'waf') && format('NGINX_AGENT={0}', steps.nap_modules.outputs.agent) || '' }} | |
secrets: | | |
"nginx-repo.crt=${{ secrets.NGINX_AP_CRT }}" | |
"nginx-repo.key=${{ secrets.NGINX_AP_KEY }}" | |
${{ contains(matrix.image, 'ubi') && format('"rhel_license={0}"', secrets.RHEL_LICENSE) || '' }} |