chore(deps): update k8s related bumps #921
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Publish Docker Images | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
workflow_dispatch: | |
env: | |
#DOCKERHUB_ORG: orangecloudfoundry | |
DOCKERHUB_ORG: elpaasoci | |
BASE_IMAGES: cf-cli curl-ssl git-ssh k8s-tools terraform bosh-cli-v2 spruce | |
IMAGES_WITH_DEPENDENCIES: awscli bosh-cli-v2-cf-cli | |
jobs: | |
build_and_publish: | |
name: build, test and publish | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ruby/setup-ruby@v1 | |
with: | |
bundler-cache: true # runs 'bundle install' and caches installed gems automatically | |
- | |
name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- | |
name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: build docker images | |
run: | # shellcheck disable=SC2086 | |
for image in $BASE_IMAGES;do | |
echo "Processing $image" | |
bundle exec rake build:$image | |
done | |
- | |
name: test docker images | |
run: | # shellcheck disable=SC2086 | |
for image in $BASE_IMAGES;do | |
echo "Processing $image" | |
bundle exec rake spec:$image | |
done | |
- | |
name: publish curl-ssl image | |
uses: docker/build-push-action@v6.9.0 | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: curl-ssl | |
- | |
name: publish git-ssh image | |
uses: docker/build-push-action@v6.9.0 | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: git-ssh | |
- | |
name: publish cf-cli image | |
uses: docker/build-push-action@v6.9.0 | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: cf-cli | |
- | |
name: publish k8s-tools image | |
uses: docker/build-push-action@v6.9.0 | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: k8s-tools | |
- | |
name: publish bosh-cli-v2 image | |
uses: docker/build-push-action@v6.9.0 | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: bosh-cli-v2 | |
- | |
name: publish terraform image | |
uses: docker/build-push-action@v6.9.0 | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: terraform | |
- | |
name: publish spruce image | |
uses: docker/build-push-action@v6.9.0 | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: spruce | |
- | |
name: build docker images with dependencies | |
run: | # shellcheck disable=SC2086 | |
for image in $IMAGES_WITH_DEPENDENCIES;do | |
echo "Processing $image" | |
bundle exec rake build:$image | |
done | |
- | |
name: test docker images with dependencies | |
run: |# shellcheck disable=SC2086 | |
for image in $IMAGES_WITH_DEPENDENCIES;do | |
echo "Processing $image" | |
bundle exec rake spec:$image | |
done | |
- | |
name: publish awscli image | |
uses: docker/build-push-action@v6.9.0 | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: awscli | |
- | |
name: publish bosh-cli-v2-cf-cli image | |
uses: docker/build-push-action@v6.9.0 | |
with: | |
context: ${{env.IMAGE}} | |
push: true | |
tags: | | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:latest | |
${{env.DOCKERHUB_ORG}}/${{env.IMAGE}}:${{github.sha}} | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:latest | |
ghcr.io/${{ github.repository }}/${{env.IMAGE}}:${{github.sha}} | |
env: | |
IMAGE: bosh-cli-v2-cf-cli | |
check_published_images: | |
name: check published images | |
runs-on: ubuntu-latest | |
needs: [ build_and_publish ] | |
steps: | |
- # Currently we cannot use `docker manifest` without authentication, it results in "unauthorized: access token has insufficient scopes" | |
# Also, to save network bandwidth and reduce build time we avoid using `docker pull` | |
name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- | |
name: check docker public images | |
run: | # shellcheck disable=SC2086 | |
for image in $BASE_IMAGES $IMAGES_WITH_DEPENDENCIES;do | |
echo "Processing $image: checking manifest for $DOCKERHUB_ORG/$image:$GITHUB_SHA" | |
docker manifest inspect $DOCKERHUB_ORG/$image:$GITHUB_SHA | |
done | |
push_for_renovate: | |
name: Publish commit for renovate | |
runs-on: ubuntu-latest | |
needs: [ check_published_images ] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: main | |
if: ${{ github.ref_name == 'main' }} | |
- | |
name: push | |
uses: github-actions-x/commit@v2.9 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
push-branch: 'main-validated' | |
force-push: true | |
if: ${{ github.ref_name == 'main' }} | |