v0.0.85 #85
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Push Stack Image | |
on: | |
release: | |
types: | |
- published | |
env: | |
REGISTRIES_FILENAME: "registries.json" | |
jobs: | |
preparation: | |
name: Preparation | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
DOCKERHUB_ORG: ${{ steps.set-dockerhub-org-namespace.outputs.DOCKERHUB_ORG}} | |
push_to_gcr: ${{ steps.parse_configs.outputs.push_to_gcr}} | |
push_to_dockerhub: ${{ steps.parse_configs.outputs.push_to_dockerhub}} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set matrix | |
id: set-matrix | |
run: | | |
release_version="$(jq -r '.release.tag_name' "${GITHUB_EVENT_PATH}" | sed s/^v//)" | |
# Strip off the org and slash from repo name | |
# paketo-buildpacks/repo-name --> repo-name | |
repo_name=$(echo "${{ github.repository }}" | sed 's/^.*\///') | |
asset_prefix="${repo_name}-${release_version}-" | |
oci_images=$(jq -c --arg asset_prefix "$asset_prefix" '[.release.assets[].name | select(endswith(".oci")) | split(".oci") | .[0] | split($asset_prefix) | .[1]]' "${GITHUB_EVENT_PATH}") | |
printf "matrix=%s\n" "${oci_images}" >> "$GITHUB_OUTPUT" | |
- name: Set DOCKERHUB_ORG namespace | |
id: set-dockerhub-org-namespace | |
run: echo "DOCKERHUB_ORG=${GITHUB_REPOSITORY_OWNER//-/}" >> "$GITHUB_OUTPUT" | |
- name: Parse Configs | |
id: parse_configs | |
run: | | |
registries_filename="${{ env.REGISTRIES_FILENAME }}" | |
push_to_dockerhub=true | |
push_to_gcr=true | |
if [[ -f $registries_filename ]]; then | |
if jq 'has("dockerhub")' $registries_filename > /dev/null; then | |
push_to_dockerhub=$(jq '.dockerhub' $registries_filename) | |
fi | |
if jq 'has("GCR")' $registries_filename > /dev/null; then | |
push_to_gcr=$(jq '.GCR' $registries_filename) | |
fi | |
fi | |
echo "push_to_dockerhub=${push_to_dockerhub}" >> "$GITHUB_OUTPUT" | |
echo "push_to_gcr=${push_to_gcr}" >> "$GITHUB_OUTPUT" | |
push: | |
name: Push | |
runs-on: ubuntu-22.04 | |
needs: preparation | |
strategy: | |
max-parallel: 4 | |
matrix: | |
oci_image: ${{ fromJSON(needs.preparation.outputs.matrix) }} | |
steps: | |
- name: Parse Event | |
id: event | |
run: | | |
echo "tag=$(jq -r '.release.tag_name' "${GITHUB_EVENT_PATH}" | sed s/^v//)" >> "$GITHUB_OUTPUT" | |
echo "${{ matrix.oci_image }}_download_url=$(jq -r '.release.assets[] | select(.name | endswith("${{ matrix.oci_image }}.oci")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT" | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Download ${{ matrix.oci_image }} Image | |
uses: paketo-buildpacks/github-config/actions/release/download-asset@main | |
with: | |
url: ${{ steps.event.outputs[format('{0}_download_url', matrix.oci_image)] }} | |
output: "/github/workspace/${{ matrix.oci_image }}.oci" | |
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} | |
- name: Get Registry Repo Name | |
id: registry-repo | |
run: | | |
# Strip off the Github org prefix and 'stack' suffix from repo name | |
# paketo-buildpacks/some-name-stack --> some-name | |
echo "name=$(echo "${{ github.repository }}" | sed 's/^.*\///' | sed 's/\-stack$//')" >> "$GITHUB_OUTPUT" | |
- name: Push ${{ matrix.oci_image }} Image to DockerHub | |
id: push | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }} | |
DOCKERHUB_PASSWORD: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }} | |
DOCKERHUB_ORG: "${{ needs.preparation.outputs.DOCKERHUB_ORG }}" | |
GCR_USERNAME: _json_key | |
GCR_PASSWORD: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }} | |
GCR_PROJECT: "${{ github.repository_owner }}" | |
run: | | |
if [ "${{ needs.preparation.outputs.push_to_dockerhub }}" == "true" ]; then | |
echo "${DOCKERHUB_PASSWORD}" | sudo skopeo login --username "${DOCKERHUB_USERNAME}" --password-stdin index.docker.io | |
sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/${{ matrix.oci_image }}.oci" "docker://${DOCKERHUB_ORG}/${{ matrix.oci_image }}-${{ steps.registry-repo.outputs.name }}:${{ steps.event.outputs.tag }}" | |
sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/${{ matrix.oci_image }}.oci" "docker://${DOCKERHUB_ORG}/${{ matrix.oci_image }}-${{ steps.registry-repo.outputs.name }}:latest" | |
fi | |
if [ "${{ needs.preparation.outputs.push_to_gcr }}" == "true" ]; then | |
echo "${GCR_PASSWORD}" | sudo skopeo login --username "${GCR_USERNAME}" --password-stdin gcr.io | |
sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/${{ matrix.oci_image }}.oci" "docker://gcr.io/${GCR_PROJECT}/${{ matrix.oci_image }}-${{ steps.registry-repo.outputs.name }}:${{ steps.event.outputs.tag }}" | |
sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/${{ matrix.oci_image }}.oci" "docker://gcr.io/${GCR_PROJECT}/${{ matrix.oci_image }}-${{ steps.registry-repo.outputs.name }}:latest" | |
fi | |
# If the repository name contains 'bionic', let's push it to legacy image locations as well: | |
# paketobuildpacks/{build/run}:{version}-{variant} | |
# paketobuildpacks/{build/run}:{version}-{variant}-cnb | |
# paketobuildpacks/{build/run}:{variant}-cnb | |
# paketobuildpacks/{build/run}:{variant} | |
registry_repo="${{ steps.registry-repo.outputs.name }}" | |
if [[ ${registry_repo} == "bionic"-* ]]; | |
then | |
# Strip the final part from a repo name after the `-` | |
# bionic-tiny --> tiny | |
variant="${registry_repo#bionic-}" | |
sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/${{ matrix.oci_image }}.oci" "docker://${DOCKERHUB_ORG}/${{ matrix.oci_image }}:${{ steps.event.outputs.tag }}-${variant}" | |
sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/${{ matrix.oci_image }}.oci" "docker://${DOCKERHUB_ORG}/${{ matrix.oci_image }}:${{ steps.event.outputs.tag }}-${variant}-cnb" | |
sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/${{ matrix.oci_image }}.oci" "docker://${DOCKERHUB_ORG}/${{ matrix.oci_image }}:${variant}-cnb" | |
sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/${{ matrix.oci_image }}.oci" "docker://${DOCKERHUB_ORG}/${{ matrix.oci_image }}:${variant}" | |
sudo skopeo copy "docker://${DOCKERHUB_ORG}/${{ matrix.oci_image }}:${variant}-cnb" "docker://gcr.io/${GCR_PROJECT}/${{ matrix.oci_image }}:${variant}-cnb" | |
fi | |
failure: | |
name: Alert on Failure | |
runs-on: ubuntu-22.04 | |
needs: [push] | |
if: ${{ always() && needs.push.result == 'failure' }} | |
steps: | |
- name: File Failure Alert Issue | |
uses: paketo-buildpacks/github-config/actions/issue/file@main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
repo: ${{ github.repository }} | |
label: "failure:push" | |
comment_if_exists: true | |
issue_title: "Failure: Push Image workflow" | |
issue_body: | | |
Push Image workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}). | |
Please take a look to ensure CVE patches can be released. (cc @paketo-buildpacks/stacks-maintainers). | |
comment_body: | | |
Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} |