build

fix: update numpy,pandas, and geopandas versions #726

Workflow file for this run

	# NOTE refs
	# - https://github.blog/changelog/2020-04-15-github-actions-new-workflow-features/#new-fromjson-method-in-expressions
	# - https://stackoverflow.com/questions/59977364/github-actions-how-use-strategy-matrix-with-script

	name: build
	on:
	push:
	paths:
	- .github/workflows/build.yml
	- "images/**"
	- config.yaml
	schedule:
	- cron: "0 0 * * MON"
	workflow_dispatch: {}
	permissions:
	id-token: write
	packages: write
	contents: write
	concurrency:
	group: ${{ github.run_id }}
	cancel-in-progress: false
	jobs:
	prepare:
	runs-on: ubuntu-latest
	outputs:
	matrix-docker: ${{ steps.set.outputs.matrix-docker }}
	matrix-apko: ${{ steps.set.outputs.matrix-apko }}
	matrix-arm: ${{ steps.set.outputs.matrix-arm }}
	steps:
	- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
	- id: set
	env:
	REF: ${{ github.ref }}
	run: \|
	echo "matrix-docker=$(jq --arg REF "$REF" -rMc '.build[] \| select(.source \| contains("Dockerfile")) \| select(.buildOnMainOnly == null or $REF == "refs/heads/main") \| . as $config \| .destination \| capture("(?<registry>.)/(?<imageName>.):(?<tag>.)") \| . as $imgSplit \| $config \| .source \| capture("(?<context>.)/Dockerfile") \| . as $context \| $config + $imgSplit + $context' -r -c <<< "$(yq e . -o json config.yaml)" \| jq -rcsM '{"include":.}')" >> $GITHUB_OUTPUT
	echo "matrix-apko=$(jq -rMc '.build[] \| select(.source \| contains("image.yaml"))' -r -c <<< "$(yq e . -o json config.yaml)" \| jq -rcsM '{"include":.}')" >> $GITHUB_OUTPUT
	- name: check output
	run: \|
	jq . <<< '${{ steps.set.outputs.matrix-docker }}'
	jq . <<< '${{ steps.set.outputs.matrix-apko }}'
	build-docker:
	needs: prepare
	if: fromJSON(needs.prepare.outputs.matrix-docker) != null
	strategy:
	fail-fast: false
	matrix: ${{ fromJSON(needs.prepare.outputs.matrix-docker) }}
	uses: GeoNet/Actions/.github/workflows/reusable-docker-build.yml@main
	with:
	context: ${{ fromJSON(toJSON(matrix)).context }}
	dockerfile: ${{ fromJSON(toJSON(matrix)).source }}
	imageName: ${{ fromJSON(toJSON(matrix)).imageName }}
	tags: ${{ fromJSON(toJSON(matrix)).tag }}
	platforms: linux/amd64
	push: ${{ github.ref == 'refs/heads/main' }}
	build-apko:
	needs: prepare
	if: fromJSON(needs.prepare.outputs.matrix-apko) != null
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix: ${{ fromJSON(needs.prepare.outputs.matrix-apko) }}
	steps:
	- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
	- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
	- uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
	- uses: GeoNet/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # main
	- id: apko-options
	env:
	DESTINATION: ${{ fromJSON(toJSON(matrix)).destination }}
	REF: ${{ github.ref }}
	run: \|
	TAG="$DESTINATION"
	if [ ! "$REF" = "refs/heads/main" ]; then
	TAG="${DESTINATION//ghcr.io\/geonet/localhost}"
	fi
	echo "tag=$TAG" >> $GITHUB_OUTPUT
	- uses: GeoNet/chainguard-images-actions/apko-publish@cfc56ba1a26d410474fe453d9c9a865fdd422fa7 # main
	if: ${{ github.ref == 'refs/heads/main' }}
	id: build
	name: apko build
	with:
	tag: ${{ fromJSON(toJSON(matrix)).destination }}
	config: ${{ fromJSON(toJSON(matrix)).source }}
	source-date-epoch: ${{ steps.snapshot-date.outputs.epoch }}
	apko-image: "ghcr.io/wolfi-dev/apko@sha256:ed7bbf853ec77fa4b5ad4840fd42c1391a0341b86541063217277b678e324686"
	- uses: GeoNet/chainguard-images-actions/apko-build@cfc56ba1a26d410474fe453d9c9a865fdd422fa7 # main
	if: ${{ github.ref != 'refs/heads/main' }}
	id: build-local
	name: apko build local
	with:
	tag: ${{ steps.apko-options.outputs.tag }}
	config: ${{ fromJSON(toJSON(matrix)).source }}
	source-date-epoch: ${{ steps.snapshot-date.outputs.epoch }}
	apko-image: "ghcr.io/wolfi-dev/apko@sha256:ed7bbf853ec77fa4b5ad4840fd42c1391a0341b86541063217277b678e324686"
	- name: crane get-digests
	id: get-digests
	if: ${{ github.ref == 'refs/heads/main' }}
	env:
	DESTINATION: ${{ fromJSON(toJSON(matrix)).destination }}
	run: \|
	DESTINATION_DIGEST="$(crane digest "${DESTINATION}" \|\| true)"
	(
	echo "DESTINATION_DIGEST"
	echo "${DESTINATION_DIGEST}"
	) \| column -t
	echo "destination=${DESTINATION_DIGEST}" >> $GITHUB_OUTPUT
	- name: cosign sign image with a key
	if: ${{ github.ref == 'refs/heads/main' }}
	env:
	COSIGN_YES: "true"
	run: \|
	cosign sign ${{ fromJSON(toJSON(matrix)).destination }}@${{ steps.get-digests.outputs.destination }} -y
	- uses: anchore/sbom-action@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8
	name: sbom generate
	if: ${{ steps.determine-type.outputs.typeIsDocker == 'true' && github.ref == 'refs/heads/main' }}
	with:
	image: ${{ fromJSON(toJSON(matrix)).destination }}@${{ steps.get-digests.outputs.destination }}
	artifact-name: sbom-spdx.json
	output-file: /tmp/sbom-spdx.json
	- name: cosign download unsigned sbom
	if: ${{ steps.determine-type.outputs.typeIsDocker != 'true' && github.ref == 'refs/heads/main' }}
	run: \|
	cosign download sbom ${{ fromJSON(toJSON(matrix)).destination }}@${{ steps.get-digests.outputs.destination }} > /tmp/sbom-spdx.json
	- name: cosign publish sbom blob as blob
	if: ${{ github.ref == 'refs/heads/main' }}
	env:
	COSIGN_YES: "true"
	run: \|
	cosign attest --predicate /tmp/sbom-spdx.json ${{ fromJSON(toJSON(matrix)).destination }}@${{ steps.get-digests.outputs.destination }} -y

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: update numpy,pandas, and geopandas versions #726

Workflow file

fix: update numpy,pandas, and geopandas versions #726

Jobs

Run details

Workflow file for this run