[feat] Allow expiration of web tokens #2120
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build someengineering/fixbackend Docker image | |
on: | |
push: | |
tags: | |
- '*.*.*' | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: | |
jobs: | |
split-build: | |
name: Build split Docker images | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v3 | |
- name: Set build platforms | |
id: platform | |
run: | | |
GITHUB_REF="${{ github.ref }}" | |
GITHUB_TAG=${GITHUB_REF##*/} | |
echo "targets=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT | |
if [ "${{ github.ref_type }}" = tag ]; then | |
if [[ "$GITHUB_TAG" =~ [0-9]([ab]|rc)[0-9]* ]]; then | |
echo "latest=false" >> $GITHUB_OUTPUT | |
else | |
echo "latest=true" >> $GITHUB_OUTPUT | |
fi | |
else | |
echo "latest=false" >> $GITHUB_OUTPUT | |
fi | |
- name: Check short commit SHA and build targets | |
run: | | |
echo ${{ steps.platform.outputs.targets }} | |
echo ${{ steps.platform.outputs.latest }} | |
- name: Docker metadata | |
id: metadata | |
uses: docker/metadata-action@v4 | |
with: | |
images: | | |
someengineering/fixbackend | |
ghcr.io/someengineering/fixbackend | |
flavor: | | |
latest=${{ steps.platform.outputs.latest }} | |
tags: | | |
type=pep440,pattern={{version}} | |
type=pep440,pattern={{major}}.{{minor}} | |
type=pep440,pattern={{major}} | |
type=sha,format=long,prefix= | |
type=edge | |
labels: | | |
org.opencontainers.image.title=fixbackend | |
org.opencontainers.image.description=coordinate jobs | |
org.opencontainers.image.vendor=Some Engineering Inc. | |
- name: Set up QEMU | |
id: qemu | |
uses: docker/setup-qemu-action@v2 | |
with: | |
platforms: arm64,amd64 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Log in to Docker Hub | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_PASS }} | |
- name: Log in to GitHub Container Registry | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push fixbackend Docker image | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
file: ./Dockerfile | |
platforms: ${{ steps.platform.outputs.targets }} | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.metadata.outputs.tags }} | |
labels: ${{ steps.metadata.outputs.labels }} | |
provenance: false # Temporary workaround for https://github.com/docker/buildx/issues/1533 | |
- name: Authenticate with GitHub CLI | |
if: github.event_name != 'pull_request' | |
run: | | |
gh auth login --with-token <<< "${{ secrets.SOME_CI_PAT }}" | |
- name: Bump tag version | |
if: github.event_name != 'pull_request' | |
env: | |
GITHUB_TOKEN: ${{ secrets.SOME_CI_PAT }} | |
run: | | |
git config --global user.email "[email protected]" | |
git config --global user.name "Some CI" | |
git clone "https://[email protected]/someengineering/setup-infra.git" | |
# update the tag | |
cd setup-infra | |
sed -i 's/newTag:.*/newTag: ${{ github.sha }}/g' argocd/envs/dev/fixbackend/kustomization.yaml | |
git add . | |
git commit -m "Bump fixbackend on dev to ${{ github.sha }}" | |
git push origin main |