generated from DeerHide/template_container_image
-
Notifications
You must be signed in to change notification settings - Fork 0
127 lines (107 loc) · 4.07 KB
/
release.yaml
File metadata and controls
127 lines (107 loc) · 4.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
name: Release
on:
push:
branches: [main]
permissions:
contents: write
packages: write
jobs:
validate:
uses: ./.github/workflows/validate.yaml
release:
name: Semantic release
needs: validate
runs-on: ubuntu-latest
outputs:
new_release_published: ${{ steps.semantic.outputs.new_release_published }}
new_release_version: ${{ steps.semantic.outputs.new_release_version }}
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: cycjimmy/semantic-release-action@v4
id: semantic
with:
extra_plugins: |
@semantic-release/changelog
@semantic-release/git
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build-and-push:
name: Build & push
needs: release
if: needs.release.outputs.new_release_published == 'true'
runs-on: ubuntu-latest
env:
IMAGE_VERSION: ${{ needs.release.outputs.new_release_version }}
steps:
- uses: actions/checkout@v4
- name: Install build tools
run: ./scripts/install_tools.sh
- name: Read manifest
id: manifest
run: |
echo "image_name=$(yq e '.name' manifest.yaml)" >> "$GITHUB_OUTPUT"
echo "registry=$(yq e '.registry' manifest.yaml)" >> "$GITHUB_OUTPUT"
echo "format=$(yq e '.build.format' manifest.yaml)" >> "$GITHUB_OUTPUT"
- name: Build image
env:
IMAGE_NAME: ${{ steps.manifest.outputs.image_name }}
IMAGE_FORMAT: ${{ steps.manifest.outputs.format }}
run: |
# Build args from manifest
BUILD_ARGS=()
while IFS= read -r arg; do
BUILD_ARGS+=(--build-arg "${arg}")
done < <(yq e '.build.args[]' manifest.yaml)
# Labels from manifest
LABELS=()
while IFS= read -r label; do
if [[ -n "${label}" ]]; then
label_key="${label%%=*}"
label_value="${label#*=}"
label_value="${label_value%\"}"
label_value="${label_value#\"}"
LABELS+=(--label "${label_key}=${label_value}")
fi
done < <(yq e '.build.labels[]' manifest.yaml)
# Add version label
LABELS+=(--label "org.opencontainers.image.version=${IMAGE_VERSION}")
buildah build \
--squash \
--pull-always \
--format "${IMAGE_FORMAT}" \
"${BUILD_ARGS[@]}" \
"${LABELS[@]}" \
--tag "${IMAGE_NAME}:${IMAGE_VERSION}" \
.
# Save to OCI archive for pushing
mkdir -p build
buildah push "${IMAGE_NAME}:${IMAGE_VERSION}" "oci-archive:build/${IMAGE_NAME}.tar"
- name: Login to GHCR
env:
REGISTRY: ${{ steps.manifest.outputs.registry }}
run: skopeo login ghcr.io -u "${{ github.actor }}" -p "${{ secrets.GITHUB_TOKEN }}"
- name: Push to registry
env:
IMAGE_NAME: ${{ steps.manifest.outputs.image_name }}
REGISTRY: ${{ steps.manifest.outputs.registry }}
run: |
IFS='.' read -r MAJOR MINOR PATCH <<< "${IMAGE_VERSION}"
if [ -z "${MAJOR}" ] || [ -z "${MINOR}" ] || [ -z "${PATCH}" ]; then
echo "Error: IMAGE_VERSION '${IMAGE_VERSION}' is not valid semver (expected MAJOR.MINOR.PATCH)"
exit 1
fi
# Push semantic version tag (1.2.3)
skopeo copy "oci-archive:build/${IMAGE_NAME}.tar" "docker://${REGISTRY}:${IMAGE_VERSION}"
# Push major.minor tag (1.2)
skopeo copy "oci-archive:build/${IMAGE_NAME}.tar" "docker://${REGISTRY}:${MAJOR}.${MINOR}"
# Push major tag (1)
skopeo copy "oci-archive:build/${IMAGE_NAME}.tar" "docker://${REGISTRY}:${MAJOR}"
# Push latest tag
skopeo copy "oci-archive:build/${IMAGE_NAME}.tar" "docker://${REGISTRY}:latest"
- name: Verify pushed image
env:
REGISTRY: ${{ steps.manifest.outputs.registry }}
run: |
skopeo inspect "docker://${REGISTRY}:${IMAGE_VERSION}" --format '{{.Labels}}'