Skip to content
.github/workflows/release.yml

.github/workflows/release.yml #29

Sign in to view logs

.github/workflows/release.yml

.github/workflows/release.yml #29

Workflow file for this run

.github/workflows/release.yml at 59824a1
on:
release:
types: [published]
env:
GITHUB_ACTION_TAG: ${{ github.ref_name }}
jobs:
build-amd64-digest:
permissions:
contents: read
id-token: write
runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }}
outputs:
digest: ${{ steps.digest.outputs.digest }}
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Set the ENV values
id: get-Envs
run: |
echo "$(make -s log | grep TAG)" >> "$GITHUB_ENV"
echo "$(make -s log | grep ARCH)" >> "$GITHUB_ENV"
echo "$(make -s log | grep REGISTRY_IMAGE)" >> "$GITHUB_ENV"
- name: Docker meta
id: meta-amd64
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_IMAGE }}
- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD
- name: Build and push container image
id: build-amd64
uses: rancher/ecm-distro-tools/actions/publish-image@master
env:
META_LABELS: ${{ steps.meta-amd64.outputs.labels }}
with:
image: hardened-calico
tag: ${{ github.event.release.tag_name }}
platforms: linux/amd64
public-repo: rancher
public-username: ${{ env.DOCKER_USERNAME }}
public-password: ${{ env.DOCKER_PASSWORD }}
prime-repo: rancher
prime-registry: ${{ env.PRIME_REGISTRY }}
prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
- name: Digest
id: digest
run: |
IMAGE_DIGEST=$(jq -r '.["containerimage.digest"]' /tmp/metadata.json)
echo "digest=$IMAGE_DIGEST" >> "$GITHUB_OUTPUT"
build-arm64-digest:
permissions:
contents: read
id-token: write
runs-on: runs-on,runner=4cpu-linux-arm64,run-id=${{ github.run_id }}
outputs:
digest: ${{ steps.digest.outputs.digest }}
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Set the ENV values
id: get-Envs
run: |
echo "$(make -s log | grep TAG)" >> "$GITHUB_ENV"
echo "$(make -s log | grep ARCH)" >> "$GITHUB_ENV"
- name: Docker meta
id: meta-arm64
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_IMAGE }}
- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD
- name: Build and push container image
id: build-arm64
uses: rancher/ecm-distro-tools/actions/publish-image@master
env:
META_LABELS: ${{ steps.meta-arm64.outputs.labels }}
with:
image: hardened-calico
tag: ${{ github.event.release.tag_name }}
platforms: linux/arm64
public-repo: rancher
public-username: ${{ env.DOCKER_USERNAME }}
public-password: ${{ env.DOCKER_PASSWORD }}
prime-repo: rancher
prime-registry: ${{ env.PRIME_REGISTRY }}
prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
- name: Digest
id: digest
run: |
IMAGE_DIGEST=$(jq -r '.["containerimage.digest"]' /tmp/metadata.json)
echo "digest=$IMAGE_DIGEST" >> "$GITHUB_OUTPUT"
merge:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
needs:
- build-amd64-digest
- build-arm64-digest
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_IMAGE }}
- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD
- name: Create manifest list and push
id: push-manifest
uses: rancher/ecm-distro-tools/actions/publish-image@master
env:
DOCKER_METADATA_OUTPUT_JSON: ${{ steps.meta.outputs.json }}
REGISTRY_IMAGE: ${{ env.REGISTRY_IMAGE }}
IMAGE_DIGESTS: ${{ needs.build-amd64-digest.outputs.digest }} ${{ needs.build-arm64-digest.outputs.digest }}
with:
make-target: manifest-push
image: hardened-calico
tag: ${{ github.event.release.tag_name }}
public-repo: rancher
public-username: ${{ env.DOCKER_USERNAME }}
public-password: ${{ env.DOCKER_PASSWORD }}
prime-repo: rancher
prime-registry: ${{ env.PRIME_REGISTRY }}
prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}