chore(deps): update dependency kubernetes-sigs/kustomize to kustomize/v5.5.0 #900
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Publish Docker Images | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
workflow_dispatch: | |
env: | |
#DOCKERHUB_ORG: orangecloudfoundry | |
DOCKERHUB_ORG: elpaasoci | |
BASE_IMAGES: cf-cli curl-ssl git-ssh k8s-tools terraform bosh-cli-v2 spruce | |
IMAGES_WITH_DEPENDENCIES: awscli bosh-cli-v2-cf-cli | |
jobs: | |
build_and_publish: | |
name: build, test and publish | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ruby/setup-ruby@v1 | |
with: | |
bundler-cache: true # runs 'bundle install' and caches installed gems automatically | |
- | |
name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- | |
name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: build docker images | |
run: | # shellcheck disable=SC2086 | |
for image in $BASE_IMAGES;do | |
echo "Processing $image" | |
bundle exec rake build:$image | |
done | |
- | |
name: test docker images | |
run: | # shellcheck disable=SC2086 | |
for image in $BASE_IMAGES;do | |
echo "Processing $image" | |
bundle exec rake spec:$image | |
done | |
- | |
name: publish curl-ssl image | |
uses: docker/[email protected] | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: curl-ssl | |
- | |
name: publish git-ssh image | |
uses: docker/[email protected] | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: git-ssh | |
- | |
name: publish cf-cli image | |
uses: docker/[email protected] | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: cf-cli | |
- | |
name: publish k8s-tools image | |
uses: docker/[email protected] | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: k8s-tools | |
- | |
name: publish bosh-cli-v2 image | |
uses: docker/[email protected] | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: bosh-cli-v2 | |
- | |
name: publish terraform image | |
uses: docker/[email protected] | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: terraform | |
- | |
name: publish spruce image | |
uses: docker/[email protected] | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: spruce | |
- | |
name: build docker images with dependencies | |
run: | # shellcheck disable=SC2086 | |
for image in $IMAGES_WITH_DEPENDENCIES;do | |
echo "Processing $image" | |
bundle exec rake build:$image | |
done | |
- | |
name: test docker images with dependencies | |
run: |# shellcheck disable=SC2086 | |
for image in $IMAGES_WITH_DEPENDENCIES;do | |
echo "Processing $image" | |
bundle exec rake spec:$image | |
done | |
- | |
name: publish awscli image | |
uses: docker/[email protected] | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: awscli | |
- | |
name: publish bosh-cli-v2-cf-cli image | |
uses: docker/[email protected] | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: bosh-cli-v2-cf-cli | |
check_published_images: | |
name: check published images | |
runs-on: ubuntu-latest | |
needs: [ build_and_publish ] | |
steps: | |
- # Currently we cannot use `docker manifest` without authentication, it results in "unauthorized: access token has insufficient scopes" | |
# Also, to save network bandwidth and reduce build time we avoid using `docker pull` | |
name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- | |
name: check docker public images | |
run: | # shellcheck disable=SC2086 | |
for image in $BASE_IMAGES $IMAGES_WITH_DEPENDENCIES;do | |
echo "Processing $image: checking manifest for $DOCKERHUB_ORG/$image:$GITHUB_SHA" | |
docker manifest inspect $DOCKERHUB_ORG/$image:$GITHUB_SHA | |
done | |
push_for_renovate: | |
name: Publish commit for renovate | |
runs-on: ubuntu-latest | |
needs: [ check_published_images ] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: main | |
if: ${{ github.ref_name == 'main' }} | |
- | |
name: push | |
uses: github-actions-x/[email protected] | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
push-branch: 'main-validated' | |
force-push: true | |
if: ${{ github.ref_name == 'main' }} | |