diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 886a614..0000000 --- a/.drone.yml +++ /dev/null @@ -1,95 +0,0 @@ ---- -kind: pipeline -type: kubernetes -name: build-fpm-centos-8 - -trigger: - branch: - - master - event: - include: - - push - -steps: - - name: fpm-centos 8 - image: docker - environment: - REPO: quay.io - settings: - username: - from_secret: QUAYIO_DOCKER_USERNAME - password: - from_secret: QUAYIO_DOCKER_PASSWORD - volumes: - - name: dockersock - path: /var/run - commands: - # wait for docker to start - - timeout 15s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - - docker pull $REPO/gravitational/fpm-centos:8 || true - - cd centos/8 && docker build -t $REPO/gravitational/fpm-centos:8 . - - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" $REPO - - docker push $REPO/gravitational/fpm-centos:8 - -services: - - name: Start Docker - image: docker:dind - privileged: true - volumes: - - name: dockersock - path: /var/run - -volumes: - - name: dockersock - temp: {} - ---- -kind: pipeline -type: kubernetes -name: build-fpm-debian-8 - -trigger: - branch: - - master - event: - include: - - push - -steps: - - name: fpm-debian 8 - image: docker - environment: - REPO: quay.io - settings: - username: - from_secret: QUAYIO_DOCKER_USERNAME - password: - from_secret: QUAYIO_DOCKER_PASSWORD - volumes: - - name: dockersock - path: /var/run - commands: - # wait for docker to start - - timeout 15s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - - docker pull $REPO/gravitational/fpm-debian:8 || true - - cd debian/8 && docker build -t $REPO/gravitational/fpm-debian:8 . - - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" $REPO - - docker push $REPO/gravitational/fpm-debian:8 - -services: - - name: Start Docker - image: docker:dind - privileged: true - volumes: - - name: dockersock - path: /var/run - -volumes: - - name: dockersock - temp: {} - ---- -kind: signature -hmac: a290f829b8bc8d6c5816625d5eba87aacffe22e6f9513864beb2515317a478f4 - -... diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 1f65a06..a7dfd9a 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -8,9 +8,62 @@ name: Build FPM Images on: workflow_dispatch: + inputs: + version: + description: The version to use in the image label + required: true + type: string + push: + tags: [ '*' ] + jobs: - dummy: + build: + strategy: + matrix: + include: + - directory: centos/8 + label: centos8 + - directory: debian/12 + label: debian12 runs-on: ubuntu-latest + permissions: + id-token: write # required for aws-actions/configure-aws-credentials + contents: read steps: - - name: Greeting - run: echo "This is a dummy build to placate GitHub." + - name: version + env: + VERSION: ${{ inputs.version }} + REF_NAME: ${{ github.ref_name }} + run: | + V="${VERSION:-${REF_NAME}}" + if [[ -z "$V" ]]; then + echo "No version or ref_name set" >&2 + exit 1 + fi + echo "V=$V" >> "$GITHUB_ENV" + - name: Assume AWS ECR Push Role + uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::146628656107:role/fpm-oci-tag-build-gha + role-session-name: "gha-fpm-build=${{ github.run_number }}" + role-duration-seconds: 900 + - name: Log into ECR + uses: docker/login-action@v3 + with: + registry: public.ecr.aws + env: + AWS_REGION: us-east-1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + - name: Checkout repository + uses: actions/checkout@v4 + - name: Build FPM Image + uses: docker/build-push-action@v3 + with: + push: true + context: ${{ matrix.directory }} + file: ${{ matrix.directory }}/Dockerfile + platforms: linux/amd64,linux/arm64 + tags: | + public.ecr.aws/gravitational/fpm:${{ matrix.label }}-${{ env.V }}