Skip to content

Update temporal submodule for branch release/1.23.x #2436

Update temporal submodule for branch release/1.23.x

Update temporal submodule for branch release/1.23.x #2436

Workflow file for this run

name: Build Docker Images
permissions:
contents: read
security-events: write
on:
push:
branches:
- main
- release/*
pull_request:
branches:
- main
workflow_dispatch:
inputs:
commit:
description: "Commit sha"
required: true
jobs:
build-push-images:
runs-on: ubuntu-latest-16-cores
# Usually, a successful job takes ~17 mins.
# Anything more than 30 mins is a sign that job is stuck.
# This is a workaround until we find the root cause.
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: "true"
ref: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.commit || '' }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: ${{ !env.ACT }}
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PAT }}
- name: Prepare build args
id: build_args
run: |
github_sha_short=${GITHUB_SHA:0:7}
echo "IMAGE_TAG=sha-${github_sha_short}" >> $GITHUB_ENV
TEMPORAL_SHA=$(git submodule status -- temporal | awk '{print $1}')
echo "TEMPORAL_SHA=${TEMPORAL_SHA}" >> $GITHUB_ENV
TCTL_SHA=$(git submodule status -- tctl | awk '{print $1}')
echo "TCTL_SHA=${TCTL_SHA}" >> $GITHUB_ENV
TAG_LATEST=${{(github.event_name == 'push' && github.ref == 'refs/heads/main') && 'true' || 'false'}}
echo "TAG_LATEST=${TAG_LATEST}" >> $GITHUB_ENV
# Cache params are a bit of a pain
echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
cachefor () {
echo "$1.cache-from=type=local,src=/tmp/.buildx-cache/$1"
echo "$1.cache-to=type=local,dest=/tmp/.buildx-cache-new/$1"
}
echo 'cache_params<<EOF' >> $GITHUB_OUTPUT
for img in server admin-tools auto-setup; do
cachefor $img >> $GITHUB_OUTPUT
done
echo 'EOF' >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
- name: Restore Cached Docker Layers
id: restore-cache
uses: actions/cache/restore@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-cache-go-build-${{ hashFiles('**/go.sum') }}-${{steps.build_args.outputs.branch}}
restore-keys: |
${{ runner.os }}-cache-go-build-${{ hashFiles('**/go.sum') }}-
${{ runner.os }}-cache-go-build-
# You can't use `load` when building a multiarch image, so we build and load the
# native image and build multiarch images later
- name: Bake native images for security scanning
uses: docker/bake-action@v4
with:
load: true
set: |
server.platform=linux/amd64
admin-tools.platform=linux/amd64
auto-setup.platform=linux/amd64
${{ steps.build_args.outputs.cache_params }}
- name: Bake and push multiarch images
if: ${{ github.event_name == 'push' && !env.ACT }}
uses: docker/bake-action@v4
with:
push: true
set: |
${{ steps.build_args.outputs.cache_params }}
# This prevents the cache from growing in size indefinitely
- name: Move Docker Layers Cache
if: always()
run: |
test -d /tmp/.buildx-cache && rm -rf /tmp/.buildx-cache
test -d /tmp/.buildx-cache-new && mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Save Docker Layers Cache
uses: actions/cache/save@v3
if: always()
with:
path: /tmp/.buildx-cache
key: ${{ steps.restore-cache.outputs.cache-primary-key }}
# TODO: can we loop this somehow?
- name: Run Trivy vulnerability scanner on Server image
uses: ./.github/actions/trivy
with:
image-tags: temporaliotest/server:${{ env.IMAGE_TAG }}
image-name: server
- name: Run Trivy vulnerability scanner on Admin Tools image
if: ${{ github.event_name == 'push' && !env.ACT }}
uses: ./.github/actions/trivy
with:
image-tags: temporaliotest/admin-tools:${{ env.IMAGE_TAG }}
image-name: admin-tools
- name: Run Trivy vulnerability scanner on Auto Setup image
if: ${{ github.event_name == 'push' && !env.ACT }}
uses: ./.github/actions/trivy
with:
image-tags: temporaliotest/auto-setup:${{ env.IMAGE_TAG }}
image-name: auto-setup