-
Notifications
You must be signed in to change notification settings - Fork 0
153 lines (140 loc) · 5.79 KB
/
container-image-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: container-image-build
#Note: this uses buildx for multiarchitecture builds, maybe make an opt-out for this in the future?
on:
workflow_call:
inputs:
registry:
type: string
description: e.g. ghcr.io/gh-user, xyz.azurecr.io or docker.io
required: true
repository:
type: string
description: If empty the repository will derive from name of the repo, e.g. gh-user/my-repo-name
default: ''
repository-prefix:
type: string
description: e.g. prefix/
default: ''
dockerfile:
type: string
description: Location of the Dockerfile in the local repository you wish to build.
default: Dockerfile
tag:
type: string
description: e.g. 1.2.301-feature-my-feature.12
required: true
tag-major:
type: string
description: If the tag is 1.2.301-feature-my-feature.12 then pass in only the major version, e.g. 1
required: true
tag-minor:
type: string
description: If the tag is 1.2.301-feature-my-feature.12 then pass in only the minor version, e.g. 2
required: true
default-branch-tag:
type: string
description: Default branch tag, e.g. latest
default: latest
feature-branch-tag:
type: string
description: Feature branch tag, e.g. latest-dev
default: latest-dev
platform:
type: string
description: Specify the target platform for the build output, e.g. linux/amd64,linux/arm64,linux/arm/v7
default: linux/amd64,linux/arm64,linux/arm/v7
args:
type: string
description: Used to pass optional build arguments.
default: ''
default-branch:
type: string
description: Workflow behaves differently on the default branch.
default: refs/heads/main
push-image:
type: boolean
description: By default always push the newly built container image.
default: true
github-private-packages-auth:
type: boolean
description: Set to true when you want to acccess private nuget packages in a private github packages feed.
default: false
jobs:
container-image-build:
runs-on: ubuntu-latest
if: github.actor != 'dependabot[bot]'
#https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
#https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
steps:
- uses: actions/checkout@v4
- name: github private packages auth
if: inputs.github-private-packages-auth == true
run: |
dotnet nuget remove source github
dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/${{ github.actor }}/index.json" --configfile NuGet.config
- name: set vars
id: setupvars
run: |
REPOSITORY=${{ inputs.repository }}
if [[ -z "$REPOSITORY" ]]; then
#set the repository to the current gh repository, then strip the repository_owner away
REPOSITORY=${{ github.repository }}
REPOSITORY=$(echo $REPOSITORY | sed "s|${{ github.repository_owner }}\/||g")
fi
#lowercase
REPOSITORY=${REPOSITORY,,}
IMAGE_NAME=${REPOSITORY,,}
echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV
echo "REPOSITORY=${{ inputs.repository-prefix }}$REPOSITORY" >> $GITHUB_ENV
TAG=${{ inputs.tag }}
TAG=${TAG,,}
echo "TAG=$TAG" >> $GITHUB_ENV
echo "REGISTRY=${{ inputs.registry }}" >> $GITHUB_ENV
- name: docker login ${{ inputs.registry }}
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login $REGISTRY -u ${{ github.actor }} --password-stdin
- name: docker buildx build/push
id: build
run: |
docker buildx create --name multiarchtest --use
TAGS=()
TAGS+=(-t "$REGISTRY/$REPOSITORY:$TAG")
if [[ "${{ github.ref }}" == "${{ inputs.default-branch }}" ]]; then
ADDITIONAL_TAG=${{ inputs.default-branch-tag }}
TAGS+=(-t "$REGISTRY/$REPOSITORY:${{ inputs.tag-major }}")
TAGS+=(-t "$REGISTRY/$REPOSITORY:${{ inputs.tag-major }}.${{ inputs.tag-minor }}")
else
ADDITIONAL_TAG=${{ inputs.feature-branch-tag }}
fi
ADDITIONAL_TAG=${ADDITIONAL_TAG,,}
TAGS+=(-t "$REGISTRY/$REPOSITORY:$ADDITIONAL_TAG")
ARGS=()
if [[ "${{ inputs.push-image }}" == "true" ]]; then
ARGS+=(--push)
fi
if [[ ! -z "${{ inputs.args }}" ]]; then
ARGS+=(${{ inputs.args }})
fi
echo "REGISTRY=$REGISTRY"
echo "REPOSITORY=$REPOSITORY"
echo "TAG=$TAG"
echo "TAGS=${TAGS[@]}"
echo "args=${{ inputs.args }}"
echo "ARGS=${ARGS[@]}"
echo "DockerFile=${{ inputs.dockerfile }}"
docker buildx build \
-f "${{ inputs.dockerfile }}" \
"${TAGS[@]}" \
--label "GITHUB_RUN_ID=${{ github.run_id }}" \
--label "IMAGE_NAME=$IMAGE_NAME" \
--label "org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}" \
--build-arg GIT_REPOSITORY=${{ github.repository }} \
--build-arg GIT_BRANCH=${{ github.ref }} \
--build-arg GIT_COMMIT=${{ github.sha }} \
--build-arg GIT_TAG=$TAG \
--build-arg GITHUB_WORKFLOW="${{ github.workflow }}" \
--build-arg GITHUB_RUN_ID=${{ github.run_id }} \
--build-arg GITHUB_RUN_NUMBER=${{ github.run_number }} \
--platform ${{ inputs.platform }} \
--pull \
"${ARGS[@]}" \
.