Skip to content

Commit

Permalink
fix(cd): use correct sha for PR based docker build (#12115)
Browse files Browse the repository at this point in the history 
use github.event.pull_request.head.sha instead of github.sha on a PR, as github.sha on PR is the merged commit (temporary commit).

also correctly set the KONG_VERSION env var.

* fix(cd): use correct sha for PR based docker build

* fix(cd): set correct KONG_VERSION in docker image

KAG-3251

(cherry picked from commit 7e5a113)
  • Loading branch information
@fffonion @github-actions
fffonion authored and github-actions[bot] committed Nov 29, 2023
1 parent 2458993 commit 2e38827
Showing 1 changed file with 16 additions and 11 deletions.
27 changes: 16 additions & 11 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,8 @@ jobs:
deploy-environment: ${{ steps.build-info.outputs.deploy-environment }}
matrix: ${{ steps.build-info.outputs.matrix }}
arch: ${{ steps.build-info.outputs.arch }}
# use github.event.pull_request.head.sha instead of github.sha on a PR, as github.sha on PR is the merged commit (temporary commit)
commit-sha: ${{ github.event.pull_request.head.sha || github.sha }}

steps:
- uses: actions/checkout@v3
Expand Down Expand Up @@ -344,11 +346,13 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
env:
DOCKER_METADATA_PR_HEAD_SHA: true
with:
images: ${{ needs.metadata.outputs.prerelease-docker-repository }}
tags: |
type=raw,${{ github.sha }}-${{ matrix.label }}
type=raw,enable=${{ matrix.label == 'ubuntu' }},${{ github.sha }}
type=raw,${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}
type=raw,enable=${{ matrix.label == 'ubuntu' }},${{ needs.metadata.outputs.commit-sha }}
- name: Set up QEMU
if: matrix.docker-platforms != ''
Expand Down Expand Up @@ -392,6 +396,7 @@ jobs:
build-args: |
KONG_BASE_IMAGE=${{ matrix.base-image }}
KONG_ARTIFACT_PATH=bazel-bin/pkg/
KONG_VERSION=${{ needs.metadata.outputs.kong-version }}
RPM_PLATFORM=${{ steps.docker_rpm_platform_arg.outputs.rpm_platform }}
EE_PORTS=8002 8445 8003 8446 8004 8447
Expand All @@ -402,7 +407,7 @@ jobs:
token: ${{ secrets.GHA_COMMENT_TOKEN }}
body: |
### Bazel Build
Docker image available `${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}`
Docker image available `${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}`
Artifacts available https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
verify-manifest-images:
Expand Down Expand Up @@ -431,7 +436,7 @@ jobs:
# docker image verify requires sudo to set correct permissions, so we
# also install deps for root
sudo -E pip install -r requirements.txt
IMAGE=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ github.sha }}-${{ matrix.label }}
IMAGE=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}
sudo -E python ./main.py --image $IMAGE -f docker_image_filelist.txt -s docker-image
Expand All @@ -453,7 +458,7 @@ jobs:
matrix:
include: "${{ fromJSON(needs.metadata.outputs.matrix)['scan-vulnerabilities'] }}"
env:
IMAGE: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}-${{ matrix.label }}
IMAGE: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}
steps:
- name: Install regctl
uses: regclient/actions/regctl-installer@main
Expand Down Expand Up @@ -492,16 +497,16 @@ jobs:
if: steps.image_manifest_metadata.outputs.amd64_sha != ''
uses: Kong/public-shared-actions/security-actions/scan-docker-image@v1
with:
asset_prefix: kong-${{ github.sha }}-${{ matrix.label }}-linux-amd64
image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}-${{ matrix.label }}
asset_prefix: kong-${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}-linux-amd64
image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}

- name: Scan ARM64 Image digest
if: steps.image_manifest_metadata.outputs.manifest_list_exists == 'true' && steps.image_manifest_metadata.outputs.arm64_sha != ''
id: sbom_action_arm64
uses: Kong/public-shared-actions/security-actions/scan-docker-image@v1
with:
asset_prefix: kong-${{ github.sha }}-${{ matrix.label }}-linux-arm64
image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}-${{ matrix.label }}
asset_prefix: kong-${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}-linux-arm64
image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}

smoke-tests:
name: Smoke Tests - ${{ matrix.label }}
Expand Down Expand Up @@ -554,7 +559,7 @@ jobs:
--restart always \
--network=host -d \
--pull always \
${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ github.sha }}-${{ matrix.label }} \
${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }} \
sh -c "kong migrations bootstrap && kong start"
sleep 3
docker logs kong
Expand Down Expand Up @@ -699,7 +704,7 @@ jobs:
env:
TAGS: "${{ steps.meta.outputs.tags }}"
run: |
PRERELEASE_IMAGE=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ github.sha }}-${{ matrix.label }}
PRERELEASE_IMAGE=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}
docker pull $PRERELEASE_IMAGE
for tag in $TAGS; do
regctl -v debug image copy $PRERELEASE_IMAGE $tag
Expand Down

0 comments on commit 2e38827

Please sign in to comment.