-
Notifications
You must be signed in to change notification settings - Fork 0
138 lines (118 loc) · 4.48 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: Create ECR Token release
env:
DOCKERHUB_USER: devopsiaci
DOCKERHUB_REPO: ecr-token
GHCR_REGISTRY: ghcr.io
GHCR_REPO: ${{ github.repository }}
on:
workflow_dispatch:
push:
branches:
- main
paths:
- Dockerfile
jobs:
release:
name: Create tag release
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
id-token: write
attestations: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Read tags from Dockerfile
id: current_tag
run: |
# awscli_tag
awscli_current_tag=$(grep "ARG AWSCLI_VERSION" Dockerfile | cut -d '=' -f 2)
echo "awscli_current_tag=$awscli_current_tag" >> $GITHUB_OUTPUT
# kubectl_tag
kubectl_current_tag=$(grep "ARG KUBECTL_VERSION" Dockerfile | cut -d '=' -f 2)
echo "kubectl_current_tag=$kubectl_current_tag" >> $GITHUB_OUTPUT
# complete tag
echo "complete_tag=aws$awscli_current_tag-kubectl$kubectl_current_tag" >> $GITHUB_OUTPUT
- name: "Set Docker metadata"
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKERHUB_USER }}/${{ env.DOCKERHUB_REPO }}
${{ env.GHCR_REGISTRY }}/${{ env.GHCR_REPO }}
labels: |
org.opencontainers.image.maintainer=ialejandro
org.opencontainers.image.title=ECR Token
org.opencontainers.image.description=ECR Token to authenticate with AWS ECR
org.opencontainers.image.vendor=DevOps IA
tags: |
type=raw,value=${{ steps.current_tag.outputs.complete_tag }}
type=sha,enable=false
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: "[DOCKERHUB] Log in to Docker Hub"
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: "[GHCR] Log in to the Container registry"
uses: docker/login-action@v3
with:
registry: ${{ env.GHCR_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: "Build and push Docker image"
id: push
uses: docker/build-push-action@v6
with:
build-args: OPENJDK_VERSION=${{ matrix.jdk_version }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
context: .
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64
push: true
sbom: true
tags: ${{ steps.meta.outputs.tags }}
- name: "Update README.md default version"
run: |
# replace default version
sed -i "s/\* aws-cli: .*/* aws-cli: \`${{ steps.current_tag.outputs.awscli_current_tag }}\`/" README.md
sed -i "s/\* kubectl: .*/* kubectl: \`${{ steps.current_tag.outputs.kubectl_current_tag }}\`/" README.md
# push changes
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git config --global user.name "github-actions[bot]"
git add README.md
git commit -m "chore: update README.md [skip ci]" || true
git push -f origin HEAD:main
- name: "[DOCKERHUB] Update Docker registry description"
uses: peter-evans/dockerhub-description@v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
repository: ${{ env.DOCKERHUB_USER }}/${{ env.DOCKERHUB_REPO }}
- name: "[GHCR] Generate artifact"
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_REPO }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
- # Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache