Pre-release (osint) - Release 3.1.5 #67
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pre-release (osint) | |
| run-name: Pre-release (osint) - ${{ github.event.pull_request.title }} | |
| on: | |
| pull_request: | |
| types: [labeled] | |
| branches: [main] | |
| paths-ignore: # not always respected. See https://github.com/actions/runner/issues/2324#issuecomment-1703345084 | |
| - ".github/**" | |
| - "**.md" | |
| env: | |
| # intermediate registry in which architecture-specific images and base images must be pushed | |
| INTERMEDIATE_IMAGES_BUILDS_REGISTRY: "nwodtuhs/exegol-builds" | |
| # base image is used as initial layer when building the final image | |
| BASE_IMAGE_REGISTRY: "nwodtuhs/exegol-misc-preprod" | |
| BASE_IMAGE_TAG: "base" | |
| # final image parameters | |
| IMAGE_TARGET_REGISTRY: "nwodtuhs/exegol-preprod" | |
| IMAGE_TAG: "osint" | |
| DOCKERFILE: "./sources/dockerfiles/osint.dockerfile" | |
| # ThePorgs/Exegol-docs branch for tools lists export | |
| DOCS_TARGET_BRANCH: "dev-images" | |
| jobs: | |
| # https://github.com/orgs/community/discussions/26671, "can’t pass ENV variables to the reusable workflow" | |
| init: | |
| if: github.event.label.name == 'base success' | |
| name: Initialize | |
| runs-on: self-hosted | |
| outputs: | |
| INTERMEDIATE_IMAGES_BUILDS_REGISTRY: ${{ steps.varset.outputs.INTERMEDIATE_IMAGES_BUILDS_REGISTRY }} | |
| IMAGE_TARGET_REGISTRY: ${{ steps.varset.outputs.IMAGE_TARGET_REGISTRY }} | |
| IMAGE_TAG: ${{ steps.varset.outputs.IMAGE_TAG }} | |
| IMAGE_VERSION: ${{ steps.varset.outputs.IMAGE_VERSION }} | |
| DOCKERFILE: ${{ steps.varset.outputs.DOCKERFILE }} | |
| BASE_IMAGE_REGISTRY: ${{ steps.varset.outputs.BASE_IMAGE_REGISTRY }} | |
| BASE_IMAGE_TAG: ${{ steps.varset.outputs.BASE_IMAGE_TAG }} | |
| DOCS_TARGET_BRANCH: ${{ steps.varset.outputs.DOCS_TARGET_BRANCH }} | |
| image_exists: ${{ steps.check_remote_image.outputs.image_exists }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@main | |
| - name: Setting variables | |
| id: varset | |
| run: | | |
| echo "INTERMEDIATE_IMAGES_BUILDS_REGISTRY=${{ env.INTERMEDIATE_IMAGES_BUILDS_REGISTRY }}" >> $GITHUB_OUTPUT | |
| echo "IMAGE_TARGET_REGISTRY=${{ env.IMAGE_TARGET_REGISTRY }}" >> $GITHUB_OUTPUT | |
| echo "IMAGE_TAG=${{ env.IMAGE_TAG }}" >> $GITHUB_OUTPUT | |
| echo "IMAGE_VERSION=$(echo ${{ github.event.pull_request.title }} | cut -d ' ' -f 2)" >> $GITHUB_OUTPUT | |
| echo "DOCKERFILE=${{ env.DOCKERFILE }}" >> $GITHUB_OUTPUT | |
| echo "BASE_IMAGE_REGISTRY=${{ env.BASE_IMAGE_REGISTRY }}" >> $GITHUB_OUTPUT | |
| echo "BASE_IMAGE_TAG=${{ env.BASE_IMAGE_TAG }}" >> $GITHUB_OUTPUT | |
| echo "DOCS_TARGET_BRANCH=${{ env.DOCS_TARGET_BRANCH }}" >> $GITHUB_OUTPUT | |
| cat $GITHUB_OUTPUT | |
| - name: Checking if remote image exists | |
| id: check_remote_image | |
| run: | | |
| echo "docker manifest inspect ${{ env.IMAGE_TARGET_REGISTRY }}:${{ env.IMAGE_TAG }}-${{ steps.varset.outputs.IMAGE_VERSION }}" | |
| if docker manifest inspect ${{ env.IMAGE_TARGET_REGISTRY }}:${{ env.IMAGE_TAG }}-${{ steps.varset.outputs.IMAGE_VERSION }}; then | |
| echo "Image exists" | |
| echo "image_exists=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "Image does not exist" | |
| echo "image_exists=false" >> $GITHUB_OUTPUT | |
| fi | |
| cat $GITHUB_OUTPUT | |
| code_check: | |
| name: Code compliance check | |
| if: github.event.label.name == 'base success' | |
| uses: ./.github/workflows/sub_code_check.yml | |
| build: | |
| name: Image build | |
| needs: [ init, code_check ] | |
| # running build if ccc was a success and if image doesn't already exist | |
| if: needs.code_check.result == 'success' && needs.init.outputs.image_exists == 'false' && github.event.label.name == 'base success' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: [ arm64, amd64 ] | |
| uses: ./.github/workflows/sub_build_belt.yml | |
| with: | |
| # ex: nwodtuhs/exegol-builds | |
| IMAGE_REGISTRY: ${{ needs.init.outputs.INTERMEDIATE_IMAGES_BUILDS_REGISTRY }} | |
| # ex: full | |
| IMAGE_TAG: ${{ needs.init.outputs.IMAGE_TAG }} | |
| # ex: full-1.2.3-arm64 | |
| IMAGE_NAME: ${{ needs.init.outputs.IMAGE_TAG }}-${{ needs.init.outputs.IMAGE_VERSION }}-${{ matrix.arch }} | |
| # ex: 1.2.3 | |
| IMAGE_VERSION: ${{ needs.init.outputs.IMAGE_VERSION }} | |
| # ex: Dockerfile | |
| DOCKERFILE: ${{ needs.init.outputs.DOCKERFILE }} | |
| # ex: arm64 | |
| ARCH: ${{ matrix.arch }} | |
| # ex: nwodtuhs/exegol-misc-preprod | |
| BASE_IMAGE_REGISTRY: ${{ needs.init.outputs.BASE_IMAGE_REGISTRY }} | |
| # ex: base-1.2.3 | |
| BASE_IMAGE_NAME: ${{ needs.init.outputs.BASE_IMAGE_TAG }}-${{ needs.init.outputs.IMAGE_VERSION }} | |
| EXPORT_TOOLS: true | |
| DOCS_TARGET_BRANCH: ${{ needs.init.outputs.DOCS_TARGET_BRANCH }} | |
| PUSH_IMAGE: true | |
| secrets: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| EXEGOL_DOCS_SSH_DEPLOY_KEY: ${{ secrets.EXEGOL_DOCS_SSH_DEPLOY_KEY }} | |
| publish: | |
| name: Publish image | |
| needs: [ init, build ] | |
| # only publishing if the tests were a success (implicit by the success of build). | |
| if: github.event.label.name == 'base success' && needs.build.result == 'success' | |
| timeout-minutes: 60 | |
| runs-on: self-hosted | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: [ "${{ needs.init.outputs.IMAGE_TAG }}", "${{ needs.init.outputs.IMAGE_TAG }}-${{ needs.init.outputs.IMAGE_VERSION }}" ] | |
| steps: | |
| - name: Login to Dockerhub | |
| if: success() | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Create manifest | |
| id: create_manifest | |
| if: success() | |
| # ex: docker manifest create nwodtuhs/exegol-preprod:full nwodtuhs/exegol-builds:full-1.2.3-arm64 nwodtuhs/exegol-builds:full-1.2.3-amd64 | |
| # ex: docker manifest create nwodtuhs/exegol-preprod:full-1.2.3 nwodtuhs/exegol-builds:full-1.2.3-arm64 nwodtuhs/exegol-builds:full-1.2.3-amd64 | |
| run: docker manifest create ${{ env.IMAGE_TARGET_REGISTRY }}:${{ matrix.image }} ${{ env.INTERMEDIATE_IMAGES_BUILDS_REGISTRY }}:${{ env.IMAGE_TAG }}-${{ needs.init.outputs.IMAGE_VERSION }}-arm64 ${{ env.INTERMEDIATE_IMAGES_BUILDS_REGISTRY }}:${{ env.IMAGE_TAG }}-${{ needs.init.outputs.IMAGE_VERSION }}-amd64 | |
| - name: Push manifest to remote | |
| if: success() | |
| # ex: docker manifest push nwodtuhs/exegol-preprod:full | |
| # ex: docker manifest push nwodtuhs/exegol-preprod:full-1.2.3 | |
| run: docker manifest push ${{ env.IMAGE_TARGET_REGISTRY }}:${{ matrix.image }} | |
| - name: Remove manifest locally | |
| if: always() && steps.create_manifest.outcome == 'success' | |
| # ex: docker manifest rm nwodtuhs/exegol-preprod:full | |
| # ex: docker manifest rm nwodtuhs/exegol-preprod:full-1.2.3 | |
| run: docker manifest rm ${{ env.IMAGE_TARGET_REGISTRY }}:${{ matrix.image }} | |
| clean_runners: | |
| name: Clean runner | |
| needs: [ init, publish ] | |
| if: always() && github.event.label.name == 'base success' | |
| # even if this job fails, it won't affect the success/fail status of the whole workflow | |
| continue-on-error: true | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: [ arm64, amd64 ] | |
| runs-on: | |
| - self-hosted | |
| - builder | |
| - ${{ matrix.arch }} | |
| steps: | |
| - name: List docker images | |
| run: docker image ls | |
| - name: Remove local image | |
| # always removing image, no need to keep it on the runner | |
| if: always() | |
| # ex: docker rmi nwodtuhs/exegol-builds:full-1.2.3-arm64 | |
| run: docker rmi ${{ env.INTERMEDIATE_IMAGES_BUILDS_REGISTRY }}:${{ env.IMAGE_TAG }}-${{ needs.init.outputs.IMAGE_VERSION }}-${{ matrix.arch }} | |
| clean_registries: | |
| name: Clean registries | |
| needs: [ init, publish ] | |
| if: always() && github.event.label.name == 'base success' && needs.publish.result == 'success' | |
| runs-on: self-hosted | |
| # only cleaning if publish was a success. And publish requires that tests were a success. | |
| # If tests were a success, there's no need for debugging the images, they can be removed from the exegol-builds registry | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: [ arm64, amd64 ] | |
| steps: | |
| - name: Remove remote arch-specific images in ${{ env.INTERMEDIATE_IMAGES_BUILDS_REGISTRY }} | |
| # ex: curl [...] --request DELETE [...]exegol-builds/tags/full-1.2.3-arm64 | |
| run: | | |
| HUB_TOKEN=$(curl --silent --header "Content-Type: application/json" --request POST --data "{\"username\": \"${{ secrets.DOCKER_USERNAME }}\", \"password\": \"${{ secrets.DOCKER_PASSWORD }}\"}" https://hub.docker.com/v2/users/login/ | jq -r .token) | |
| curl --fail-with-body --include --request DELETE -H "Accept: application/json" --header "Authorization: JWT $HUB_TOKEN" https://hub.docker.com/v2/repositories/${{ env.INTERMEDIATE_IMAGES_BUILDS_REGISTRY }}/tags/${{ env.IMAGE_TAG }}-${{ needs.init.outputs.IMAGE_VERSION }}-${{ matrix.arch }}/ |