From 57a16c675de067012d67056c93481dc3e8d92db9 Mon Sep 17 00:00:00 2001 From: Alex Layton Date: Wed, 14 Jul 2021 13:54:37 -0400 Subject: [PATCH] Update actions workflow --- .github/workflows/build-and-push-services.yml | 102 ++++++++---------- 1 file changed, 44 insertions(+), 58 deletions(-) diff --git a/.github/workflows/build-and-push-services.yml b/.github/workflows/build-and-push-services.yml index f6cb782..0ea9e10 100644 --- a/.github/workflows/build-and-push-services.yml +++ b/.github/workflows/build-and-push-services.yml @@ -7,7 +7,7 @@ on: env: # Set to true to push images to DockerHub # NB: images are public unless you configure DockerHub repo properly - DOCKERHUB_PUSH: 1 + DOCKERHUB_PUSH: true jobs: setup: @@ -48,9 +48,9 @@ jobs: elif [[ $GITHUB_REF == refs/heads/* ]]; then VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') - # Expect for the default_branch, which gets version "next" + # Expect for the default_branch, which gets version "edge" if [ "$VERSION" == "${{ github.event.repository.default_branch }}" ]; then - VERSION=next + VERSION=edge fi # PR versions are pr- @@ -97,7 +97,7 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v1.3.0 + uses: docker/setup-buildx-action@v1.5.1 with: version: latest @@ -118,11 +118,10 @@ jobs: ${{ runner.os }}-buildx-${{ matrix.service }}- ${{ runner.os }}-buildx- - - name: Prepare Tags - id: prepare - # TODO: Clean up this monstrosity... one day... + - name: Prepare Images + id: images run: | - # Nameo on DockerHub (Doesn't like upper case) + # Name on DockerHub (Doesn't like upper case) DOCKER_IMAGE=$(echo ${{ matrix.service }} | tr '[:upper:]' '[:lower:]') # Name on GHCR GHCR_IMAGE=ghcr.io/${DOCKER_IMAGE} @@ -131,73 +130,55 @@ jobs: DOCKER_IMAGE=$(echo ${{ matrix.service }} | sed 's/${{ github.repository_owner }}/${{ secrets.DOCKER_REPO }}/g') fi - TAGS="${GHCR_IMAGE}:${{ needs.setup.outputs.version }}" - DH_TAGS="${DOCKER_IMAGE}:${{ needs.setup.outputs.version }}" - if [[ "${{ needs.setup.outputs.release }}" ]]; then - if [[ "${{ needs.setup.outputs.prerelease }}" ]]; then - TAGS="${GHCR_IMAGE}:${{ needs.setup.outputs.major }}.${{ needs.setup.outputs.minor }}.${{ needs.setup.outputs.patch }}-${{ needs.setup.outputs.prerelease }}" - DH_TAGS="${DOCKER_IMAGE}:${{ needs.setup.outputs.major }}.${{ needs.setup.outputs.minor }}.${{ needs.setup.outputs.patch }}-${{ needs.setup.outputs.prerelease }}" - # TODO: Keep old prerelease builds? - else - TAGS="$TAGS,${GHCR_IMAGE}:latest" - TAGS="$TAGS,${GHCR_IMAGE}:${{ needs.setup.outputs.major }}" - TAGS="$TAGS,${GHCR_IMAGE}:${{ needs.setup.outputs.major }}.${{ needs.setup.outputs.minor }}" - DH_TAGS="$DH_TAGS,${DOCKER_IMAGE}:latest" - DH_TAGS="$DH_TAGS,${DOCKER_IMAGE}:${{ needs.setup.outputs.major }}" - DH_TAGS="$DH_TAGS,${DOCKER_IMAGE}:${{ needs.setup.outputs.major }}.${{ needs.setup.outputs.minor }}" - fi - fi - - if [ "${{ github.event_name }}" = "push" ]; then - TAGS="$TAGS,${GHCR_IMAGE}:sha-${GITHUB_SHA::8}" - DH_TAGS="$DH_TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}" - fi - - if [[ "${{ env.DOCKERHUB_PUSH }}" ]]; then - TAGS="$TAGS,${DH_TAGS}" - fi - - echo ::set-output name=tags::${TAGS} - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') - - echo ${{ github.event.repository.license }} + echo ::set-output name=dockerhub::${DOCKER_IMAGE} + echo ::set-output name=ghcr::${GHCR_IMAGE} - name: Login to DockerHub - if: ${{ env.DOCKERHUB_PUSH && github.event_name != 'pull_request' }} - uses: docker/login-action@v1.9.0 + #if: ${{ env.DOCKERHUB_PUSH && github.event_name != 'pull_request' }} + uses: docker/login-action@v1.10.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - if: github.event_name != 'pull_request' - uses: docker/login-action@v1.9.0 + #if: github.event_name != 'pull_request' + uses: docker/login-action@v1.10.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v3 + with: + images: | + ${{ steps.images.outputs.dockerhub }} + ${{ steps.images.outputs.ghcr}} + # Don't update latest on prereleases? + flavor: + latest=${{ !!(needs.setup.outputs.release && !needs.setup.outputs.prerelease) }} + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=schedule,pattern=nightly + type=edge + type=ref,event=pr + type=sha + - name: Build and push images - uses: docker/build-push-action@v2.5.0 + uses: docker/build-push-action@v2.6.1 with: context: ${{ matrix.context }} file: ${{ matrix.context }}/Dockerfile platforms: linux/amd64 - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.prepare.outputs.tags }} + push: true + tags: ${{ steps.meta.outputs.tags }} build-args: | - VERSION=${{ steps.prepare.outputs.version }} - BUILD_DATE=${{ steps.prepare.outputs.created }} GIT_REF=${{ github.sha }} SERVICE=${{ matrix.service }} - labels: | - org.opencontainers.image.title=${{ matrix.service }} - org.opencontainers.image.url=${{ github.event.repository.html_url }} - org.opencontainers.image.source=${{ github.event.repository.clone_url }} - org.opencontainers.image.version=${{ needs.setup.outputs.version }} - org.opencontainers.image.created=${{ steps.prepare.outputs.created }} - org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }} + labels: ${{ steps.meta.outputs.labels }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new @@ -252,17 +233,22 @@ jobs: DOCKER_IMAGE=$(echo ${{ matrix.service }} | sed 's/${{ github.repository_owner }}/${{ secrets.DOCKER_REPO }}/g') fi - TAG="${GHCR_IMAGE}:next" + TAG="${GHCR_IMAGE}:edge" if [[ "${{ needs.setup.outputs.release }}" ]]; then if [[ "${{ needs.setup.outputs.prerelease }}" ]]; then - TAG="${GHCR_IMAGE}:next" + TAG="${GHCR_IMAGE}:edge" else TAG="${GHCR_IMAGE}:latest" fi fi echo ::set-output name=tag::${TAG} - echo ::set-output name=org::${OWNER} + # Allow overriding Snyk org if different from GitHub? + if [[ "${{ secrets.SNYK_ORG }}" ]]; then + echo ::set-output name=org::${{ secrets.SNYK_ORG }} + else + echo ::set-output name=org::${OWNER} + fi echo ::set-output name=cur::${GHCR_IMAGE}:sha-${GITHUB_SHA::8} - name: Monitor Service image with Snyk