Skip to content

Finalize Tags

Finalize Tags #231

Workflow file for this run

name: Finalize Tags
# Workflow this will update various mutable tags to match the full semver given in the input tag.
# E.g. if an image is tagged 0.1.2 and this workflow is triggered with a tag `latest-v0.1.2` then it will update tags:
# latest, 0, and 0.1 to point to the 0.1.2 image.
on:
create:
jobs:
update_latest_tag:
name: Build & Push to Registries
if: ${{ startsWith(github.ref, 'refs/tags/latest-v') }}
runs-on: ubuntu-latest
environment: production
permissions:
id-token: write
contents: read
steps:
- name: Check out the repo
uses: actions/checkout@v2
- name: Configure AWS credentials
uses: aws-actions/[email protected]
continue-on-error: true
with:
role-to-assume: ${{ secrets.ECR_REPO_ROLE }}
role-duration-seconds: 7200 # 2 hours
aws-region: us-east-1
- name: 2nd Attempt Configure AWS credentials
uses: aws-actions/[email protected]
if: ${{ env.AWS_ACCESS_KEY_ID == '' }}
with:
role-to-assume: ${{ secrets.ECR_REPO_ROLE }}
role-duration-seconds: 7200 # 2 hours
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Configure AWS credentials (Gov Cloud)
uses: aws-actions/[email protected]
continue-on-error: true
id: login-aws-gov-cloud
with:
output-credentials: true
unset-current-credentials: true
role-to-assume: ${{ secrets.ECR_GOV_CLOUD_REPO_ROLE }}
role-duration-seconds: 7200 # 2 hours
aws-region: us-gov-west-1
- name: 2nd Attempt Configure AWS credentials (Gov Cloud)
uses: aws-actions/[email protected]
if: ${{ steps.login-aws-gov-cloud.outputs.aws-access-key-id == '' }}
with:
unset-current-credentials: true
role-to-assume: ${{ secrets.ECR_GOV_CLOUD_REPO_ROLE }}
role-duration-seconds: 7200 # 2 hours
aws-region: us-gov-west-1
- name: Login to Amazon ECR (GovCloud)
id: login-ecr-gov-cloud
uses: aws-actions/amazon-ecr-login@v1
- name: Validate ECR Repos
run: |
# If something is wrong with the GovCloud login the GovCloud ECR login will succeed using the standard creds
# Make sure we have two different ECR repos to make this clear.
if [[ ${{ steps.login-ecr.outputs.registry }} = ${{ steps.login-ecr-gov-cloud.outputs.registry }} ]]; then
exit 1
fi
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
# If this workflow runs for a semver that hasn't been released, then we'll fail below. This workflow is only
# meant to add the `latest` tag onto an existing release.
- name: Determine the version from the tag
id: get_ver
run: |
SEM_VER=$(echo "${{ github.ref }}" | grep -E -o "[0-9]+\.[0-9]+.[0-9]*")
if [ -z $SEM_VER ]; then
exit 1
fi
echo "::set-output name=SEM_VER::$SEM_VER"
MAJOR_VERSION=$(echo "$SEM_VER" | grep -E -o "^[0-9]+")
echo "::set-output name=MAJOR_VERSION::$MAJOR_VERSION"
MINOR_VERSION=$(echo "$SEM_VER" | grep -E -o "^[0-9]+\.[0-9]+")
echo "::set-output name=MINOR_VERSION::$MINOR_VERSION"
# Right now just pull the image in order to tag it. There might be alternatives:
# https://stackoverflow.com/questions/37134929/how-to-tag-image-in-docker-registry-v2/38362476#38362476 (auth unclear)
# Use a shared context with original workflow?
- name: Pull, Tag, Push FrontEnd
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_GC_REGISTRY: ${{ steps.login-ecr-gov-cloud.outputs.registry }}
SEM_VER: ${{ steps.get_ver.outputs.SEM_VER }}
MAJOR_VERSION: ${{ steps.get_ver.outputs.MAJOR_VERSION }}
MINOR_VERSION: ${{ steps.get_ver.outputs.MINOR_VERSION }}
run: |
amd_tag=amd64-$SEM_VER
arm_tag=arm64-$SEM_VER
docker_hub=sublimesec/strelka-frontend
ecr=$ECR_REGISTRY/strelka-frontend
ecr_gc=$ECR_GC_REGISTRY/strelka-frontend
docker manifest create $docker_hub:latest \
$docker_hub:$amd_tag \
$docker_hub:$arm_tag
docker manifest create $ecr:latest \
$ecr:$amd_tag \
$ecr:$arm_tag
docker manifest create $ecr_gc:latest \
$ecr_gc:$amd_tag \
$ecr_gc:$arm_tag
docker manifest create $docker_hub:$MAJOR_VERSION \
$docker_hub:$amd_tag \
$docker_hub:$arm_tag
docker manifest create $ecr:$MAJOR_VERSION \
$ecr:$amd_tag \
$ecr:$arm_tag
docker manifest create $ecr_gc:$MAJOR_VERSION \
$ecr_gc:$amd_tag \
$ecr_gc:$arm_tag
docker manifest create $docker_hub:$MINOR_VERSION \
$docker_hub:$amd_tag \
$docker_hub:$arm_tag
docker manifest create $ecr:$MINOR_VERSION \
$ecr:$amd_tag \
$ecr:$arm_tag
docker manifest create $ecr_gc:$MINOR_VERSION \
$ecr_gc:$amd_tag \
$ecr_gc:$arm_tag
docker manifest push $docker_hub:latest
docker manifest push $ecr:latest
docker manifest push $ecr_gc:latest
docker manifest push $docker_hub:$MAJOR_VERSION
docker manifest push $ecr:$MAJOR_VERSION
docker manifest push $ecr_gc:$MAJOR_VERSION
docker manifest push $docker_hub:$MINOR_VERSION
docker manifest push $ecr:$MINOR_VERSION
docker manifest push $ecr_gc:$MAJOR_VERSION
- name: Pull, Tag, Push BackEnd
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_GC_REGISTRY: ${{ steps.login-ecr-gov-cloud.outputs.registry }}
SEM_VER: ${{ steps.get_ver.outputs.SEM_VER }}
MAJOR_VERSION: ${{ steps.get_ver.outputs.MAJOR_VERSION }}
MINOR_VERSION: ${{ steps.get_ver.outputs.MINOR_VERSION }}
run: |
amd_tag=amd64-$SEM_VER
arm_tag=arm64-$SEM_VER
docker_hub=sublimesec/strelka-backend
ecr=$ECR_REGISTRY/strelka-backend
ecr_gc=$ECR_GC_REGISTRY/strelka-backend
docker manifest create $docker_hub:latest \
$docker_hub:$amd_tag \
$docker_hub:$arm_tag
docker manifest create $ecr:latest \
$ecr:$amd_tag \
$ecr:$arm_tag
docker manifest create $ecr_gc:latest \
$ecr_gc:$amd_tag \
$ecr_gc:$arm_tag
docker manifest create $docker_hub:$MAJOR_VERSION \
$docker_hub:$amd_tag \
$docker_hub:$arm_tag
docker manifest create $ecr:$MAJOR_VERSION \
$ecr:$amd_tag \
$ecr:$arm_tag
docker manifest create $ecr_gc:$MAJOR_VERSION \
$ecr_gc:$amd_tag \
$ecr_gc:$arm_tag
docker manifest create $docker_hub:$MINOR_VERSION \
$docker_hub:$amd_tag \
$docker_hub:$arm_tag
docker manifest create $ecr:$MINOR_VERSION \
$ecr:$amd_tag \
$ecr:$arm_tag
docker manifest create $ecr_gc:$MINOR_VERSION \
$ecr_gc:$amd_tag \
$ecr_gc:$arm_tag
docker manifest push $docker_hub:latest
docker manifest push $ecr:latest
docker manifest push $ecr_gc:latest
docker manifest push $docker_hub:$MAJOR_VERSION
docker manifest push $ecr:$MAJOR_VERSION
docker manifest push $ecr_gc:$MAJOR_VERSION
docker manifest push $docker_hub:$MINOR_VERSION
docker manifest push $ecr:$MINOR_VERSION
docker manifest push $ecr_gc:$MAJOR_VERSION
- name: Pull, Tag, Push Manager
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_GC_REGISTRY: ${{ steps.login-ecr-gov-cloud.outputs.registry }}
SEM_VER: ${{ steps.get_ver.outputs.SEM_VER }}
MAJOR_VERSION: ${{ steps.get_ver.outputs.MAJOR_VERSION }}
MINOR_VERSION: ${{ steps.get_ver.outputs.MINOR_VERSION }}
run: |
amd_tag=amd64-$SEM_VER
arm_tag=arm64-$SEM_VER
docker_hub=sublimesec/strelka-manager
ecr=$ECR_REGISTRY/strelka-manager
ecr_gc=$ECR_GC_REGISTRY/strelka-manager
docker manifest create $docker_hub:latest \
$docker_hub:$amd_tag \
$docker_hub:$arm_tag
docker manifest create $ecr:latest \
$ecr:$amd_tag \
$ecr:$arm_tag
docker manifest create $ecr_gc:latest \
$ecr_gc:$amd_tag \
$ecr_gc:$arm_tag
docker manifest create $docker_hub:$MAJOR_VERSION \
$docker_hub:$amd_tag \
$docker_hub:$arm_tag
docker manifest create $ecr:$MAJOR_VERSION \
$ecr:$amd_tag \
$ecr:$arm_tag
docker manifest create $ecr_gc:$MAJOR_VERSION \
$ecr_gc:$amd_tag \
$ecr_gc:$arm_tag
docker manifest create $docker_hub:$MINOR_VERSION \
$docker_hub:$amd_tag \
$docker_hub:$arm_tag
docker manifest create $ecr:$MINOR_VERSION \
$ecr:$amd_tag \
$ecr:$arm_tag
docker manifest create $ecr_gc:$MINOR_VERSION \
$ecr_gc:$amd_tag \
$ecr_gc:$arm_tag
docker manifest push $docker_hub:latest
docker manifest push $ecr:latest
docker manifest push $ecr_gc:latest
docker manifest push $docker_hub:$MAJOR_VERSION
docker manifest push $ecr:$MAJOR_VERSION
docker manifest push $ecr_gc:$MAJOR_VERSION
docker manifest push $docker_hub:$MINOR_VERSION
docker manifest push $ecr:$MINOR_VERSION
docker manifest push $ecr_gc:$MAJOR_VERSION
- name: Validate All X-Region Replication
run: |
.github/workflows/check_images_x_region.sh latest
if [ $? != 0 ]; then
exit 1
fi
- name: Slack Notification
uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_Z_LOG_DOCKER_BUILDS }}
SLACK_TITLE: Strelka Images latest tag updated to ${{ steps.get_ver.outputs.SEM_VER }}