Upgrade Workbench for GCW to 2023.09.1 #14
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| schedule: | |
| - cron: '0 14 * * 1' # If updating this value, be sure to update logic for all `push-image` arguments! | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| pull_request: | |
| name: Workbench for GCW - Build, Test, Scan, and Push | |
| jobs: | |
| build-workbench-for-google-cloud-workstations: | |
| runs-on: ubuntu-latest | |
| name: build-workbench-for-google-cloud-workstations | |
| permissions: | |
| contents: read | |
| packages: write | |
| concurrency: | |
| group: build-products-${{ matrix.config.product }}-${{ matrix.config.os }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| steps: | |
| - name: Check Out Repo - cron main | |
| if: github.event.schedule == '0 14 * * 1' | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: main | |
| - name: Check Out Repo | |
| if: github.event.schedule != '0 14 * * 1' | |
| uses: actions/checkout@v3 | |
| - name: Set up Just | |
| uses: extractions/setup-just@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get Version | |
| id: get-version | |
| run: | | |
| VERSION=$(just workbench-for-google-cloud-workstations/get-version) | |
| echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | |
| - name: Get build args | |
| id: get-build-args | |
| run: | | |
| EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
| BUILD_ARGS=$(just workbench-for-google-cloud-workstations/get-build-args) | |
| echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT | |
| echo "$BUILD_ARGS" >> $GITHUB_OUTPUT | |
| echo "$EOF" >> $GITHUB_OUTPUT | |
| - name: Get tags | |
| id: get-tags | |
| run: | | |
| IMAGE_TAGS=$(just workbench-for-google-cloud-workstations/get-build-tags) | |
| echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT | |
| - name: Build/Test/Scan/Push base pro image | |
| id: build1 | |
| uses: ./.github/actions/build-test-scan-push | |
| continue-on-error: true | |
| with: | |
| context: ./workbench-for-google-cloud-workstations | |
| os: ubuntu2004 | |
| product: workbench-for-google-cloud-workstations | |
| image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
| build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
| push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 14 * * 1' }} | |
| snyk-token: ${{ secrets.SNYK_TOKEN }} | |
| snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
| ghcr-token: ${{ secrets.GITHUB_TOKEN }} | |
| dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
| gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' | |
| # Begin retry logic | |
| - name: Wait 60s on failure before retrying | |
| if: steps.build1.outcome == 'failure' | |
| run: sleep 60 | |
| - name: Retry - Build/Test/Scan/Push base pro image | |
| id: build2 | |
| if: steps.build1.outcome == 'failure' | |
| uses: ./.github/actions/build-test-scan-push | |
| with: | |
| context: ./workbench-for-google-cloud-workstations | |
| os: ubuntu2004 | |
| product: workbench-for-google-cloud-workstations | |
| image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
| build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
| push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 14 * * 1' }} | |
| snyk-token: ${{ secrets.SNYK_TOKEN }} | |
| snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
| ghcr-token: ${{ secrets.GITHUB_TOKEN }} | |
| dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
| gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' | |
| # End retry logic |