Add github-action for releasing container image

aerospike · Apr 8, 2024 · 75688db · 75688db
1 parent db15cd9
commit 75688db
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 2 deletions.
diff --git a/.github/workflows/docker-image-release.yaml b/.github/workflows/docker-image-release.yaml
@@ -0,0 +1,60 @@
+name: Release Container Image
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  build-and-push:
+    name: Build and push image
+    runs-on: ubuntu-latest
+    env:
+      IMG_BASE: ${{ github.repository }}
+      TAG: ${{ github.ref_name }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          submodules: 'true'
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to Quay.io
+        uses: docker/login-action@v2
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_TOKEN }}
+
+      - name: Build and push image on Dockerhub
+        run: make docker-buildx IMG=${{ env.IMG_BASE }}:${{ env.TAG }} VERSION=${{ env.TAG }}
+
+      - name: Build and push image on Quay
+        run: make docker-buildx IMG=quay.io/${{ env.IMG_BASE }}:${{ env.TAG }} VERSION=${{ env.TAG }}
+
+      - name: Run Snyk image security scan
+        uses: snyk/actions/docker@master
+        continue-on-error: true
+        id: docker-image-scan
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: ${{ env.IMG_BASE }}:${{ env.TAG }}
+          args: --file=Dockerfile --severity-threshold=high --fail-on=all # fail on vulnerabilities with fix available
+
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk.sarif
+
+      - name: Check docker image scan status
+        if: ${{ steps.docker-image-scan.outcome == 'failure' }}
+        run: exit 1
diff --git a/Makefile b/Makefile
@@ -65,7 +65,6 @@ endif
 
 # Image URL to use all building/pushing operator manager image targets
 IMG ?= controller:latest
-IMG_TAGS ?= ""
 
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.26
@@ -164,7 +163,7 @@ docker-buildx: ## Build and push docker image for the manager for cross-platform
 docker-buildx-openshift: ## Build and push docker image for the manager for openshift cross-platform support
 	- docker buildx create --name project-v3-builder
 	docker buildx use project-v3-builder
-	- docker buildx build --push --no-cache --provenance=false --platform=$(PLATFORMS) --tag ${IMG} --tag ${IMG_TAGS} --build-arg VERSION=$(VERSION) --build-arg USER=1001 .
+	- docker buildx build --push --no-cache --provenance=false --platform=$(PLATFORMS) --tag ${IMG} --build-arg VERSION=$(VERSION) --build-arg USER=1001 .
 	- docker buildx rm project-v3-builder
 
 .PHONY: docker-push