Skip to content

Merge pull request #1507 from flux-iac/fix/goreleaser #291

Merge pull request #1507 from flux-iac/fix/goreleaser

Merge pull request #1507 from flux-iac/fix/goreleaser #291

name: Build and Publish Images
on:
workflow_dispatch:
push:
branches:
- main
permissions:
contents: read # for actions/checkout to fetch code
env:
CONTROLLER: ${{ github.event.repository.name }}
LIBCRYPTO_VERSION: "3.3.2-r4"
jobs:
test:
runs-on: ubuntu-latest
permissions:
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.0.0
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: go.mod
- name: Setup Terraform
run: |
export TF_VERSION=1.3.9
wget https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip
unzip -q terraform_${TF_VERSION}_linux_amd64.zip
mv terraform $(which terraform)
terraform --version
- name: Set up yq
uses: frenck/action-setup-yq@c4b5be8b4a215c536a41d436757d9feb92836d4f # v1.0.2
with:
version: 4.14.1
- name: Setup Kustomize
uses: fluxcd/pkg/actions/kustomize@30c101fc7c9fac4d84937ff4890a3da46a9db2dd # main
- name: Get branch names
id: branch-name
uses: tj-actions/branch-names@6871f53176ad61624f978536bbf089c574dc19a2 # v8.0.1
- name: Prepare
id: prep
run: |
BRANCH=$(sed 's/\//-/g' <<< ${{ steps.branch-name.outputs.current_branch }})
BUILD_SHA=$(git rev-parse --short HEAD)
VERSION="${BRANCH}-${GITHUB_SHA::8}"
BUILD_VERSION=${BRANCH}
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF/refs\/tags\//}
BUILD_VERSION=${VERSION}
fi
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "$GITHUB_OUTPUT"
echo "VERSION=${VERSION}" >> "$GITHUB_OUTPUT"
echo "BUILD_VERSION=${BUILD_VERSION}" >> "$GITHUB_OUTPUT"
echo "BUILD_SHA=${BUILD_SHA}" >> "$GITHUB_OUTPUT"
- name: Setup QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
with:
platforms: all
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
with:
buildkitd-flags: "--debug"
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Publish multi-arch tf-controller container image
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
push: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile
build-args: |
LIBCRYPTO_VERSION=${{ env.LIBCRYPTO_VERSION }}
platforms: linux/amd64,linux/arm64 #,linux/arm/v7
tags: |
ghcr.io/flux-iac/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
labels: |
org.opencontainers.image.title=${{ github.event.repository.name }}
org.opencontainers.image.description=${{ github.event.repository.description }}
org.opencontainers.image.url=${{ github.event.repository.html_url }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
- name: Build multi-arch tf-runner base image
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
push: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./runner-base.Dockerfile
build-args: |
LIBCRYPTO_VERSION=${{ env.LIBCRYPTO_VERSION }}
BUILD_VERSION=${{ steps.prep.outputs.BUILD_VERSION }}
BUILD_SHA=${{ steps.prep.outputs.BUILD_SHA }}
platforms: linux/amd64,linux/arm64 #,linux/arm/v7
tags: |
ghcr.io/flux-iac/tf-runner:${{ steps.prep.outputs.VERSION }}-base
labels: |
org.opencontainers.image.title=${{ github.event.repository.name }}
org.opencontainers.image.description=${{ github.event.repository.description }}
org.opencontainers.image.url=${{ github.event.repository.html_url }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
- name: Publish multi-arch tf-runner container image
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
push: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./runner.Dockerfile
platforms: linux/amd64,linux/arm64 #,linux/arm/v7
build-args: |
BASE_IMAGE=ghcr.io/flux-iac/tf-runner:${{ steps.prep.outputs.VERSION }}-base
tags: |
ghcr.io/flux-iac/tf-runner:${{ steps.prep.outputs.VERSION }}
labels: |
org.opencontainers.image.title=${{ github.event.repository.name }}
org.opencontainers.image.description=${{ github.event.repository.description }}
org.opencontainers.image.url=${{ github.event.repository.html_url }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
- name: Publish multi-arch branch-planner container image
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
push: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./planner.Dockerfile
platforms: linux/amd64,linux/arm64 #,linux/arm/v7
build-args: |
LIBCRYPTO_VERSION=${{ env.LIBCRYPTO_VERSION }}
tags: |
ghcr.io/flux-iac/branch-planner:${{ steps.prep.outputs.VERSION }}
labels: |
org.opencontainers.image.title=${{ github.event.repository.name }}
org.opencontainers.image.description=${{ github.event.repository.description }}
org.opencontainers.image.url=${{ github.event.repository.html_url }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}