-
Notifications
You must be signed in to change notification settings - Fork 3.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build,workflows: add a workflow to build and push builder image
Release note: None Epic: none
- Loading branch information
healthy-pod
committed
Oct 4, 2023
1 parent
916f096
commit e0eb946
Showing
4 changed files
with
173 additions
and
0 deletions.
There are no files selected for viewing
48 changes: 48 additions & 0 deletions
48
.github/workflows/gar-workflows-build-push-acceptance-gss-images.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| name: Build and Push acceptance gss compose images | ||
|
|
||
| on: | ||
| pull_request | ||
|
|
||
| jobs: | ||
| tags: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| time_tag: ${{ steps.vars.outputs.TIME_TAG }} | ||
| steps: | ||
| - | ||
| name: Set TAG value | ||
| id: vars | ||
| run: echo "TIME_TAG=$(date +%Y%m%d-%H%M%S)" >> $GITHUB_OUTPUT | ||
|
|
||
| acceptance-kdc-docker: | ||
| needs: tags | ||
| uses: ./.github/workflows/gar-workflows-reusable-build-push-multiplatform-images.yml | ||
| with: | ||
| tags: | | ||
| us-east1-docker.pkg.dev/crl-ci-images/cockroach/acceptance-gss-kdc:${{ needs.tags.outputs.time_tag }} | ||
| context: "{{defaultContext}}:pkg/acceptance/compose/gss/kdc" | ||
| secrets: | ||
| gcp_wif_provider: ${{ secrets.GCP_CRL_CI_IMAGES_WIF_PROVIDER }} | ||
| gcp_wif_service_account: ${{ secrets.GCP_CRL_CI_IMAGES_SERVICE_ACCOUNT }} | ||
|
|
||
| acceptance-psql-docker: | ||
| needs: tags | ||
| uses: ./.github/workflows/gar-workflows-reusable-build-push-multiplatform-images.yml | ||
| with: | ||
| tags: | | ||
| us-east1-docker.pkg.dev/crl-ci-images/cockroach/acceptance-gss-psql:${{ needs.tags.outputs.time_tag }} | ||
| context: "{{defaultContext}}:pkg/acceptance/compose/gss/psql" | ||
| secrets: | ||
| gcp_wif_provider: ${{ secrets.GCP_CRL_CI_IMAGES_WIF_PROVIDER }} | ||
| gcp_wif_service_account: ${{ secrets.GCP_CRL_CI_IMAGES_SERVICE_ACCOUNT }} | ||
|
|
||
| acceptance-python-docker: | ||
| needs: tags | ||
| uses: ./.github/workflows/gar-workflows-reusable-build-push-multiplatform-images.yml | ||
| with: | ||
| tags: | | ||
| us-east1-docker.pkg.dev/crl-ci-images/cockroach/acceptance-gss-python:${{ needs.tags.outputs.time_tag }} | ||
| context: "{{defaultContext}}:pkg/acceptance/compose/gss/python" | ||
| secrets: | ||
| gcp_wif_provider: ${{ secrets.GCP_CRL_CI_IMAGES_WIF_PROVIDER }} | ||
| gcp_wif_service_account: ${{ secrets.GCP_CRL_CI_IMAGES_SERVICE_ACCOUNT }} |
25 changes: 25 additions & 0 deletions
25
.github/workflows/gar-workflows-build-push-acceptance-image.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| name: Build and Push acceptance image | ||
|
|
||
| on: | ||
| pull_request | ||
|
|
||
| jobs: | ||
| tags: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| time_tag: ${{ steps.vars.outputs.TIME_TAG }} | ||
| steps: | ||
| - | ||
| name: Set TAG value | ||
| id: vars | ||
| run: echo "TIME_TAG=$(date +%Y%m%d-%H%M%S)" >> $GITHUB_OUTPUT | ||
| docker: | ||
| needs: tags | ||
| uses: ./.github/workflows/gar-workflows-reusable-build-push-multiplatform-images.yml | ||
| with: | ||
| tags: | | ||
| us-east1-docker.pkg.dev/crl-ci-images/cockroach/acceptance:${{ needs.tags.outputs.time_tag }} | ||
| context: "{{defaultContext}}:pkg/acceptance/testdata" | ||
| secrets: | ||
| gcp_wif_provider: ${{ secrets.GCP_CRL_CI_IMAGES_WIF_PROVIDER }} | ||
| gcp_wif_service_account: ${{ secrets.GCP_CRL_CI_IMAGES_SERVICE_ACCOUNT }} |
26 changes: 26 additions & 0 deletions
26
.github/workflows/gar-workflows-build-push-bazel-builder-image.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| name: Build and Push bazel-builder image | ||
|
|
||
| on: | ||
| pull_request | ||
|
|
||
| jobs: | ||
| tags: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| time_tag: ${{ steps.vars.outputs.TIME_TAG }} | ||
| steps: | ||
| - | ||
| name: Set TAG value | ||
| id: vars | ||
| run: echo "TIME_TAG=$(date +%Y%m%d-%H%M%S)" >> $GITHUB_OUTPUT | ||
| docker: | ||
| needs: tags | ||
| uses: ./.github/workflows/gar-workflows-reusable-build-push-multiplatform-images.yml | ||
| with: | ||
| tags: | | ||
| us-east1-docker.pkg.dev/crl-ci-images/cockroach/bazel-builder:latest-do-not-use | ||
| us-east1-docker.pkg.dev/crl-ci-images/cockroach/bazel-builder:${{ needs.tags.outputs.time_tag }} | ||
| context: "{{defaultContext}}:build/bazelbuilder" | ||
| secrets: | ||
| gcp_wif_provider: ${{ secrets.GCP_CRL_CI_IMAGES_WIF_PROVIDER }} | ||
| gcp_wif_service_account: ${{ secrets.GCP_CRL_CI_IMAGES_SERVICE_ACCOUNT }} |
74 changes: 74 additions & 0 deletions
74
.github/workflows/gar-workflows-reusable-build-push-multiplatform-images.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,74 @@ | ||
| name: Build and Push Multi-Platform Docker Images | ||
| # Note: This workflow is adapted to work with GAR only and specifically `us-east1-docker.pkg.dev` registry. | ||
| # If supporting more registries (within GAR) is needed in the future, we can pass the registry as an input from the | ||
| # calling workflow. | ||
| # To support pushing outside GAR, we will need to support authenticating to other non-google registries. | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| tags: | ||
| # Example: | ||
| # tags: | | ||
| # us-east1-docker.pkg.dev/crl-ci-images/cockroach/bazel-builder:latest-do-not-use | ||
| # us-east1-docker.pkg.dev/crl-ci-images/cockroach/bazel-builder:${{ needs.tags.outputs.time_tag }} | ||
| required: true | ||
| type: string | ||
| context: | ||
| type: string | ||
| required: true | ||
| secrets: | ||
| gcp_wif_provider: | ||
| required: true | ||
| gcp_wif_service_account: | ||
| required: true | ||
|
|
||
| jobs: | ||
| reusable-workflow: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: 'read' | ||
| id-token: 'write' | ||
| steps: | ||
| - | ||
| name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
| - | ||
| name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| # Below we will build without pushing, then authenticate, then build and push. We do this | ||
| # dance because the token will only be valid for one hour and building + pushing might | ||
| # take more than one hour. The second build will use the cache so it's not bad. | ||
| - | ||
| name: Build (but do not push) | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| push: false | ||
| tags: ${{ inputs.tags }} | ||
| platforms: linux/amd64,linux/arm64 | ||
| context: ${{ inputs.context }} | ||
| - | ||
| name: GCP Auth | ||
| id: auth | ||
| uses: 'google-github-actions/auth@v1' | ||
| with: | ||
| token_format: access_token | ||
| workload_identity_provider: '${{ secrets.gcp_wif_provider }}' | ||
| service_account: '${{ secrets.gcp_wif_service_account }}' | ||
| access_token_lifetime: 600s # 10 minutes | ||
| - | ||
| name: Login to Artifact Registry | ||
| uses: docker/login-action@v1 | ||
| with: | ||
| registry: us-east1-docker.pkg.dev | ||
| username: oauth2accesstoken | ||
| password: ${{ steps.auth.outputs.access_token }} | ||
| - | ||
| name: Build (will use cache) and push (using recently generated token above) | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| push: true | ||
| tags: ${{ inputs.tags }} | ||
| platforms: linux/amd64,linux/arm64 | ||
| context: ${{ inputs.context }} |