Skip to content

Bump docker/build-push-action from 4 to 5 (#154) #1001

Bump docker/build-push-action from 4 to 5 (#154)

Bump docker/build-push-action from 4 to 5 (#154) #1001

Workflow file for this run

name: Continuous Delivery
on:
push:
branches:
- main
workflow_dispatch:
env:
IMAGE_STAGING: enterprisedb/postgresql-testing
IMAGE_RELEASE: enterprisedb/postgresql
jobs:
generate-jobs:
name: Generate Jobs
runs-on: ubuntu-22.04
outputs:
strategy: ${{ steps.generate-jobs.outputs.strategy }}
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Generate Jobs
id: generate-jobs
shell: bash
run: |
bash .github/generate-strategy.sh
build:
needs: generate-jobs
strategy: ${{ fromJson(needs.generate-jobs.outputs.strategy) }}
name: ${{ matrix.name }}
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Docker meta
env:
TAGS: ${{ toJson(matrix.tags) }}
run: |
RESULT=""
for tag in $(jq -r '.[]' <<< "${TAGS}")
do
RESULT="${RESULT},quay.io/${IMAGE_STAGING}:${tag},ghcr.io/${IMAGE_STAGING}:${tag}"
# If we are running the pipeline in the main branch images are pushed in both -testing and PROD repo
if [ "${GITHUB_REF#refs/heads/}" == main ]
then
RESULT="${RESULT},quay.io/${IMAGE_RELEASE}:${tag},ghcr.io/${IMAGE_RELEASE}:${tag}"
fi
done
echo "TAGS=${RESULT%,}" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to quay.io
uses: docker/login-action@v2
with:
registry: quay.io/enterprisedb
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Log in to the GitHub Container registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and load
uses: docker/build-push-action@v5
with:
context: ${{ matrix.dir }}
provenance: false
file: ${{ matrix.file }}
secrets: |
"cs_token=${{ secrets.CS_TOKEN }}"
"subscription=${{ secrets.SUBSCRIPTION }}"
push: false
load: true
tags: ${{ env.TAGS }}
build-args: |
SUBSCRIPTION_NAME=docker-postgresql-cicd-${{ github.run_number }}
- name: Dockle scan
uses: erzz/dockle-action@v1
env:
DOCKLE_IGNORES: CIS-DI-0009
with:
image: "quay.io/${{ env.IMAGE_STAGING }}:${{ matrix.tags[0] }}"
exit-code: '1'
failure-threshold: WARN
accept-keywords: key
accept-filenames: usr/share/cmake/Templates/Windows/Windows_TemporaryKey.pfx,etc/trusted-key.key,usr/share/doc/perl-IO-Socket-SSL/certs/server_enc.p12,usr/share/doc/perl-IO-Socket-SSL/certs/server.p12,usr/local/lib/python3.8/site-packages/azure/core/settings.py,usr/share/postgresql-common/pgdg/apt.postgresql.org.asc,usr/local/lib/python3.7/dist-packages/azure/core/settings.py,etc/ssl/private/ssl-cert-snakeoil.key
- name: Build and push
uses: docker/build-push-action@v5
with:
context: ${{ matrix.dir }}
file: ${{ matrix.file }}
secrets: |
"cs_token=${{ secrets.CS_TOKEN }}"
"subscription=${{ secrets.SUBSCRIPTION }}"
# Available architecture on UBI8 are: linux/amd64, linux/s390x, linux/ppc64le, linux/arm64
platforms: ${{ matrix.platforms }}
provenance: false
push: true
tags: ${{ env.TAGS }}
labels: ${{ github.ref != 'refs/heads/main' && 'quay.expires-after=7d' || '' }}
build-args: |
SUBSCRIPTION_NAME=docker-postgresql-cicd-${{ github.run_number }}
# Send a notification on release failure
- name: Slack Notification
uses: rtCamp/action-slack-notify@v2
if: ${{ failure() && github.ref == 'refs/heads/main' }}
env:
SLACK_COLOR: ${{ job.status }}
SLACK_ICON: https://avatars.githubusercontent.com/u/44036562?size=48
SLACK_USERNAME: ghBot
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_MESSAGE: "Failure releasing PostgreSQL ${{ matrix.name }} image"