Skip to content
This repository has been archived by the owner on Oct 9, 2024. It is now read-only.

Docker

Docker #1801

name: Docker
on:
push:
# Publish `main` as Docker `latest` image.
branches:
- main
# Publish `v1.2.3` tags as releases.
tags:
- v*
schedule:
- cron: '47 19 * * *'
# Run tests for any PRs.
pull_request:
env:
# renovate: datasource=github-releases depName=roboll/helmfile
HELMFILE_VERSION: v0.144.0
# renovate: datasource=github-releases depName=helm/helm
HELM_VERSION: v3.10.3
# renovate: datasource=github-releases depName=kubernetes/kubernetes
KUBECTL_VERSION: v1.28.4
# renovate: datasource=github-releases depName=gruntwork-io/terragrunt
TERRAGRUNT_VERSION: v0.40.2
# renovate: datasource=github-releases depName=hashicorp/vault
VAULT_VERSION: v1.12.2
# renovate: datasource=github-releases depName=sigstore/cosign
COSIGN_VERSION: v1.13.1
jobs:
# Push image to GitHub Packages.
# See also https://docs.docker.com/docker-hub/builds/
package:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
terraform: ['1.1', '1.2','1.3', 'latest']
steps:
- uses: actions/checkout@v3
# Docker see https://blog.oddbit.com/post/2020-09-25-building-multi-architecture-im/
- name: Prepare
id: prep
run: |
REPONAME=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]' )
DOCKER_IMAGE=ghcr.io/$REPONAME
VERSION=latest
TERRAFORM_VERSION=""
if [ "${{ matrix.terraform }}" != 'latest' ]; then
VERSION="v${{ matrix.terraform }}"
TAG_PAGE=1
while [ -z "$TERRAFORM_VERSION" -a $TAG_PAGE -le 10 ]; do
echo "$TERRAFORM_VERSION - $TAG_PAGE"
TERRAFORM_VERSION=$(curl -sSL "https://api.github.com/repos/hashicorp/terraform/tags?page=$TAG_PAGE" | jq -r '.[] | .name | select(. | startswith("v${{ matrix.terraform }}."))' | head -n1)
let "TAG_PAGE=TAG_PAGE+1"
sleep 10
done
else
TERRAFORM_VERSION="$(curl -sSL https://api.github.com/repos/hashicorp/terraform/tags | jq -r '.[] | .name' | grep -v "\-dev"| head -n1)"
fi
SHORTREF=${GITHUB_SHA::8}
UBUNTU_TAGS="${DOCKER_IMAGE}:${VERSION},${DOCKER_IMAGE}:${TERRAFORM_VERSION}"
ALPINE_TAGS="${DOCKER_IMAGE}:${VERSION}-alpine,${DOCKER_IMAGE}:${TERRAFORM_VERSION}-alpine"
BUSTER_TAGS="${DOCKER_IMAGE}:${VERSION}-buster,${DOCKER_IMAGE}:${TERRAFORM_VERSION}-buster"
# Set output parameters.
echo "shortref=${SHORTREF}">> $GITHUB_OUTPUT
echo "ubuntu_tags=${UBUNTU_TAGS}" >> $GITHUB_OUTPUT
echo "alpine_tags=${ALPINE_TAGS}" >> $GITHUB_OUTPUT
echo "buster_tags=${BUSTER_TAGS}" >> $GITHUB_OUTPUT
echo "docker_image=${DOCKER_IMAGE}" >> $GITHUB_OUTPUT
echo "terraform_version=${TERRAFORM_VERSION:1}" >> $GITHUB_OUTPUT
echo "terragrunt_version=${TERRAGRUNT_VERSION:1}" >> $GITHUB_OUTPUT
echo "cosign_version=${COSIGN_VERSION}" >> $GITHUB_OUTPUT
echo "vault_version=${VAULT_VERSION:1}" >> $GITHUB_OUTPUT
echo "kubectl_version=${KUBECTL_VERSION:1}" >> $GITHUB_OUTPUT
echo "helm_version=${HELM_VERSION:1}" >> $GITHUB_OUTPUT
echo "helmfile_version=${HELMFILE_VERSION:1}" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@master
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build Alpine
uses: docker/build-push-action@v3
with:
builder: ${{ steps.buildx.outputs.name }}
context: ./alpine
file: ./alpine/Dockerfile
platforms: linux/amd64,linux/arm64
build-args: |
HELMFILE_VERSION=${{ steps.prep.outputs.helmfile_version }}
HELM_VERSION=${{ steps.prep.outputs.helm_version }}
KUBECTL_VERSION=${{ steps.prep.outputs.kubectl_version }}
TERRAFORM_VERSION=${{ steps.prep.outputs.terraform_version }}
TERRAGRUNT_VERSION=${{ steps.prep.outputs.terragrunt_version }}
VAULT_VERSION=${{ steps.prep.outputs.vault_version }}
COSGIN_VERSION=${{ steps.prep.outputs.cosign_version }}
push: ${{ github.ref_name == 'main' }}
tags: ${{ steps.prep.outputs.alpine_tags }}
- name: Build Ubuntu
uses: docker/build-push-action@v3
with:
builder: ${{ steps.buildx.outputs.name }}
context: ./ubuntu
file: ./ubuntu/Dockerfile
platforms: linux/amd64,linux/arm64
build-args: |
HELMFILE_VERSION=${{ steps.prep.outputs.helmfile_version }}
HELM_VERSION=${{ steps.prep.outputs.helm_version }}
KUBECTL_VERSION=${{ steps.prep.outputs.kubectl_version }}
TERRAFORM_VERSION=${{ steps.prep.outputs.terraform_version }}
TERRAGRUNT_VERSION=${{ steps.prep.outputs.terragrunt_version }}
VAULT_VERSION=${{ steps.prep.outputs.vault_version }}
COSGIN_VERSION=${{ steps.prep.outputs.cosign_version }}
push: ${{ github.ref_name == 'main' }}
tags: ${{ steps.prep.outputs.ubuntu_tags }}
- name: Build Buster
uses: docker/build-push-action@v3
with:
builder: ${{ steps.buildx.outputs.name }}
context: ./buster
file: ./buster/Dockerfile
platforms: linux/amd64,linux/arm64
build-args: |
HELMFILE_VERSION=${{ steps.prep.outputs.helmfile_version }}
HELM_VERSION=${{ steps.prep.outputs.helm_version }}
KUBECTL_VERSION=${{ steps.prep.outputs.kubectl_version }}
TERRAFORM_VERSION=${{ steps.prep.outputs.terraform_version }}
TERRAGRUNT_VERSION=${{ steps.prep.outputs.terragrunt_version }}
VAULT_VERSION=${{ steps.prep.outputs.vault_version }}
COSGIN_VERSION=${{ steps.prep.outputs.cosign_version }}
push: ${{ github.ref_name == 'main' }}
tags: ${{ steps.prep.outputs.buster_tags }}