Build Authentik Image #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build-Authentik | |
permissions: | |
id-token: write | |
contents: read | |
on: | |
workflow_dispatch: | |
inputs: | |
environment: | |
description: Select the Environment for Building the Image | |
required: true | |
options: | |
- dev2 | |
- test | |
- production | |
type: choice | |
with-sbom: | |
type: boolean | |
default: true | |
description: Build with SBOM? | |
workflow_call: | |
inputs: | |
environment: | |
type: string | |
required: true | |
jobs: | |
Build-Authentik: | |
name: Build Authentik Image | |
runs-on: ubuntu-latest | |
environment: ${{ inputs.environment }} | |
env: | |
ENVIRONMENT: ${{ inputs.environment }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.SCRIBE2_GITHUB_ROLE }} | |
role-session-name: Github | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
mask-password: 'true' | |
- name: Build, Tag and Push Authentik Image to Amazon ECR | |
id: build-image | |
run: | | |
DOCKER_BUILDKIT=1 docker build -t ${{ steps.login-ecr.outputs.registry }}/authentik:${{ github.sha }} . | |
docker push ${{ steps.login-ecr.outputs.registry }}/authentik:${{ github.sha }} | |
Commit-New-Image: | |
if: ${{ always() && (needs.Build-Authentik.result == 'success') }} | |
name: Commit new image versions | |
runs-on: ubuntu-latest | |
environment: ${{ inputs.environment }} | |
needs: [Build-Authentik] | |
env: | |
ENVIRONMENT: ${{ inputs.environment }} | |
steps: | |
- name: Checkout Private Tools | |
uses: actions/checkout@v4 | |
with: | |
ref: main | |
fetch-depth: 1 | |
sparse-checkout: | | |
k8s/helm/authentik/${{ env.ENVIRONMENT }}-custom-values.yaml | |
repository: scribe-security/scribe2 | |
token: ${{ secrets.K8S_GH_TOKEN }} | |
sparse-checkout-cone-mode: true | |
- name: Get version | |
id: get-versions | |
run: | | |
echo "authentik_version=${{ github.sha }}" >> $GITHUB_OUTPUT | |
- name: Update Image Versions in the HelmChart | |
uses: fjogeleit/yaml-update-action@main | |
with: | |
repository: scribe-security/scribe2 | |
branch: main | |
commitChange: true | |
message: 'Update images versions' | |
token: ${{ secrets.K8S_GH_TOKEN }} | |
changes: | | |
{ | |
"k8s/helm/authentik/${{ env.ENVIRONMENT }}-custom-values.yaml": { | |
"global.image.tag": "${{steps.get-versions.outputs.authentik_version}}" | |
} | |
} |