-
Notifications
You must be signed in to change notification settings - Fork 255
155 lines (136 loc) · 5.6 KB
/
build-images-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
name: Image Release Build
# Any change in triggers needs to be reflected in the concurrency group.
on:
push:
branches:
- main
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
pull_request:
branches:
- main
- v*
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }}
cancel-in-progress: true
permissions: read-all
jobs:
determine-deployment:
if: ${{ github.repository == 'cilium/hubble' }}
name: Determine Deployment
runs-on: ubuntu-24.04
steps:
- name: Determine deployment environment
id: environment
# use 'release' deployment if the workflow was triggered on a pushed tag starting with "v"
run: |
echo "deployment=${{ (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) && 'release' || '' }}" >> $GITHUB_OUTPUT
outputs:
name: ${{ steps.environment.outputs.deployment }}
build-and-push:
if: ${{ github.repository == 'cilium/hubble' }}
environment: ${{ needs.determine-deployment.outputs.name }}
runs-on: ubuntu-24.04
needs: determine-deployment
strategy:
# matrix for easier code-sharing with workflows from cilium/cilium
matrix:
include:
- name: hubble
dockerfile: ./Dockerfile
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Login to quay.io
if: ${{ needs.determine-deployment.outputs.name == 'release' }}
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME_RELEASE_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD_RELEASE_PASSWORD }}
- name: Getting image tag
id: tag
run: |
echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
- name: Checkout Source Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Release Build ${{ matrix.name }}
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
id: docker_build_release
with:
context: .
file: ${{ matrix.dockerfile }}
push: ${{ needs.determine-deployment.outputs.name == 'release' }}
platforms: linux/amd64,linux/arm64
tags: |
quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}
- name: Image Release Digest
shell: bash
run: |
mkdir -p image-digest/
job_name=${{ matrix.name }}
job_name_capital=${job_name^^}
job_name_underscored=${job_name_capital//-/_}
echo "${job_name_underscored}_DIGEST := \"${{ steps.docker_build_release.outputs.digest }}\"" > image-digest/makefile-digest.txt
echo "### ${{ matrix.name }}" > image-digest/${{ matrix.name }}.txt
echo "" >> image-digest/${{ matrix.name }}.txt
echo "\`quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_release.outputs.digest }}\`" >> image-digest/${{ matrix.name }}.txt
echo "" >> image-digest/${{ matrix.name }}.txt
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: image-digest ${{ matrix.name }}
path: image-digest
retention-days: 1
image-digests:
if: ${{ github.repository == 'cilium/hubble' }}
name: Display Digests
runs-on: ubuntu-24.04
needs: build-and-push
steps:
- name: Getting image tag
id: tag
run: |
echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
- name: Downloading Image Digests
shell: bash
run: |
mkdir -p image-digest/
- name: Download digests of all images built
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
pattern: "*image-digest *"
path: image-digest/
- name: Image Digests Output
shell: bash
run: |
cd image-digest/
echo "## Docker Manifests" > ../image-digest-output.txt
echo "" >> ../image-digest-output.txt
find -type f -not -name "makefile-digest.txt" | sort | xargs -d '\n' cat >> ../image-digest-output.txt
- name: Image Makefile Digests
shell: bash
run: |
cd image-digest/
echo "# File generated by .github/workflows/build-images-releases.yaml; DO NOT EDIT." > ../Makefile.digests
echo "# Copyright "$(date +'%Y')" Authors of Cilium" >> ../Makefile.digests
echo "# SPDX-License-Identifier: Apache-2.0" >> ../Makefile.digests
echo "" >> ../Makefile.digests
find -type f -name "makefile-digest.txt" | sort | xargs -d '\n' cat >> ../Makefile.digests
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: image-digest-output.txt-${{ steps.tag.outputs.tag }}
path: image-digest-output.txt
retention-days: 1
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: Makefile.digests-${{ steps.tag.outputs.tag }}
path: Makefile.digests
retention-days: 1