Configuration free certs #4295
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ACME Tests | |
on: [push, pull_request] | |
env: | |
NAMESPACE: ${{ vars.REGISTRY_NAMESPACE || github.repository_owner }} | |
BASE_IMAGE: ${{ vars.BASE_IMAGE || 'registry.fedoraproject.org/fedora:latest' }} | |
COPR_REPO: ${{ vars.COPR_REPO || '@pki/master' }} | |
jobs: | |
init: | |
name: Initialization | |
uses: ./.github/workflows/init.yml | |
secrets: inherit | |
build: | |
name: Building ACME images | |
needs: init | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Cache Docker layers | |
id: cache-buildx | |
uses: actions/cache@v3 | |
with: | |
key: buildx-${{ hashFiles('pki.spec') }} | |
path: /tmp/.buildx-cache | |
- name: Build pki-deps image | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
build-args: | | |
BASE_IMAGE=${{ env.BASE_IMAGE }} | |
COPR_REPO=${{ env.COPR_REPO }} | |
tags: pki-deps | |
target: pki-deps | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
if: steps.cache-buildx.outputs.cache-hit != 'true' | |
- name: Build pki-builder-deps image | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
build-args: | | |
BASE_IMAGE=${{ env.BASE_IMAGE }} | |
COPR_REPO=${{ env.COPR_REPO }} | |
tags: pki-builder-deps | |
target: pki-builder-deps | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
if: steps.cache-buildx.outputs.cache-hit != 'true' | |
- name: Build pki-runner image | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
build-args: | | |
BASE_IMAGE=${{ env.BASE_IMAGE }} | |
COPR_REPO=${{ env.COPR_REPO }} | |
BUILD_OPTS=--with-pkgs=base,server,ca,acme --without-test | |
tags: pki-runner | |
target: pki-runner | |
cache-from: type=local,src=/tmp/.buildx-cache | |
outputs: type=docker | |
- name: Build pki-acme image | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
build-args: | | |
BASE_IMAGE=${{ env.BASE_IMAGE }} | |
COPR_REPO=${{ env.COPR_REPO }} | |
BUILD_OPTS=--with-pkgs=base,server,ca,acme --without-test | |
tags: pki-acme | |
target: pki-acme | |
cache-from: type=local,src=/tmp/.buildx-cache | |
outputs: type=docker | |
- name: Save ACME images | |
run: | | |
docker images | |
docker save -o acme-images.tar pki-runner pki-acme | |
- name: Store ACME images | |
uses: actions/cache@v3 | |
with: | |
key: acme-images-${{ github.sha }} | |
path: acme-images.tar | |
acme-certbot-test: | |
name: ACME with certbot | |
needs: [init, build] | |
uses: ./.github/workflows/acme-certbot-test.yml | |
with: | |
db-image: ${{ needs.init.outputs.db-image }} | |
acme-switchover-test: | |
name: ACME server switchover | |
needs: [init, build] | |
uses: ./.github/workflows/acme-switchover-test.yml | |
with: | |
db-image: ${{ needs.init.outputs.db-image }} | |
acme-container-test: | |
name: ACME container | |
needs: [init, build] | |
uses: ./.github/workflows/acme-container-test.yml | |
with: | |
db-image: ${{ needs.init.outputs.db-image }} | |
acme-postgresql-test: | |
name: ACME with postgresql back-end | |
needs: [init, build] | |
uses: ./.github/workflows/acme-postgresql-test.yml | |
with: | |
db-image: ${{ needs.init.outputs.db-image }} | |
publish: | |
if: github.event_name == 'push' && github.ref_name == 'master' | |
name: Publishing ACME images | |
needs: [init, build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Log in to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ vars.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
if: vars.REGISTRY == 'ghcr.io' | |
- name: Log in to other container registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ vars.REGISTRY }} | |
username: ${{ secrets.REGISTRY_USERNAME }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
if: vars.REGISTRY != 'ghcr.io' | |
- name: Retrieve ACME images | |
uses: actions/cache@v3 | |
with: | |
key: acme-images-${{ github.sha }} | |
path: acme-images.tar | |
- name: Load ACME images | |
run: docker load --input acme-images.tar | |
- name: Publish pki-acme image | |
run: | | |
docker tag pki-acme ${{ vars.REGISTRY }}/$NAMESPACE/pki-acme:latest | |
docker push ${{ vars.REGISTRY }}/$NAMESPACE/pki-acme:latest |