-
Notifications
You must be signed in to change notification settings - Fork 79
184 lines (178 loc) · 7.86 KB
/
container.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
name: Container Image Builds
on:
push:
branches: [main, stable, oldstable]
tags: ["v*"]
pull_request:
branches: [main, stable, oldstable]
workflow_dispatch:
jobs:
production:
name: Production Images
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: "set IS_VERSION_TAG"
run: |
echo "IS_VERSION_TAG=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }}" >> $GITHUB_ENV
# set defaults
echo "IS_LATEST_TAG=false" >> $GITHUB_ENV
- name: "set IS_LATEST_TAG"
if: ( env.IS_VERSION_TAG )
run: |
# find the latest version that is not ourself
export LATEST_VERSION=$(git tag -l | grep -v '${{ github.ref_name }}' | sort -r --version-sort)
# get major minor patch versions
IFS='.' read -r latest_major latest_minor latest_patch << EOF
$LATEST_VERSION
EOF
IFS='.' read -r tag_major tag_minor tag_patch << EOF
${{ github.ref_name }}
EOF
# remove leading v
latest_major=$(echo $latest_major | cut -c2-)
tag_major=$(echo $tag_major | cut -c2-)
echo "$tag_major >= $latest_major"
if [[ $tag_major -ge $latest_major && ($tag_minor -ne 0 || $tag_patch -ne 0) ]]; then
# set this tag to latest and stable
echo "IS_LATEST_TAG=true" >> $GITHUB_ENV
fi
- name: "Setup meta information debian:stable"
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ github.repository }}
labels: |
org.opencontainers.image.vendor=Greenbone
org.opencontainers.image.base.name=debian:stable-slim
flavor: latest=false # no auto latest container tag for git tags
tags: |
# when IS_LATEST_TAG is set create a stable and a latest tag
type=raw,value=latest,enable=${{ env.IS_LATEST_TAG }}
type=raw,value=stable,enable=${{ env.IS_LATEST_TAG }}
# if tag version is set than create a version tags
type=semver,pattern={{version}},enable=${{ env.IS_VERSION_TAG }}
type=semver,pattern={{major}}.{{minor}},enable=${{ env.IS_VERSION_TAG }}
type=semver,pattern={{major}},enable=${{ env.IS_VERSION_TAG }}
# if we are on the main branch set edge
type=edge,branch=main
# use branch-sha otherwise for pushes to branches other then main (will not be uploaded)
type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
# use pr-$PR_ID for pull requests (will not be uploaded)
type=ref,event=pr
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push Container image
uses: docker/build-push-action@v5
with:
context: .
push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }}
file: .docker/prod.Dockerfile
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: "Setup meta information debian:oldstable"
id: old_stable_meta
uses: docker/metadata-action@v5
with:
images: ${{ github.repository }}
labels: |
org.opencontainers.image.vendor=Greenbone
org.opencontainers.image.base.name=debian:stable-slim
flavor: latest=false # no auto latest container tag for git tags
tags: |
# for the images provided for debian:oldstable we just provide
# oldstable on an new version or oldstable-edge when it is on main.
# oldstable-branch-sha on a branch
type=raw,value=oldstable,enable=${{ env.IS_LATEST_TAG }}
type=raw,value=oldstable-edge,enable=${{ github.ref_name == 'main' }}
type=raw,value=oldstable-{{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
type=ref,event=pr
- name: Build and push Container image
uses: docker/build-push-action@v5
with:
context: .
push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }}
file: .docker/prod-oldstable.Dockerfile
platforms: linux/amd64,linux/arm64
tags: ${{ steps.old_stable_meta.outputs.tags }}
labels: ${{ steps.old_stable_meta.outputs.labels }}
- name: "Setup meta information debian:testing"
id: testing_meta
uses: docker/metadata-action@v5
with:
images: ${{ github.repository }}
labels: |
org.opencontainers.image.vendor=Greenbone
org.opencontainers.image.base.name=debian:testing-slim
flavor: latest=false # no auto latest container tag for git tags
tags: |
# for the images provided for debian:testing we just provide
# testing on an new version or testing-edge when it is on main.
# testing-branch-sha on a branch
type=raw,value=testing,enable=${{ env.IS_LATEST_TAG }}
type=raw,value=testing-edge,enable=${{ github.ref_name == 'main' }}
type=raw,value=testing-{{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
type=ref,event=pr
- name: Build and push Container image
uses: docker/build-push-action@v5
with:
context: .
push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }}
file: .docker/prod-testing.Dockerfile
platforms: linux/amd64,linux/arm64
tags: ${{ steps.testing_meta.outputs.tags }}
labels: ${{ steps.testing_meta.outputs.labels }}
# triggers projects that work with stable branches on a new stable tag
trigger-stable-projects:
needs: production
if: github.ref_type == 'tag' && startsWith(github.ref_name, 'v')
name: Trigger update container images in related projects for new tags
strategy:
fail-fast: false
matrix:
repository: ["greenbone/gvmd", "greenbone/gsad"]
runs-on: ubuntu-latest
steps:
- name: Trigger ${{ matrix.repository }} build container image build
uses: greenbone/actions/trigger-workflow@v3
with:
token: ${{ secrets.GREENBONE_BOT_TOKEN }}
repository: ${{ matrix.repository }}
workflow: build-container.yml
ref: main
- name: Trigger ${{ matrix.repository }} container image build
uses: greenbone/actions/trigger-workflow@v3
with:
token: ${{ secrets.GREENBONE_BOT_TOKEN }}
repository: ${{ matrix.repository }}
workflow: container.yml
ref: main
trigger-related-projects:
needs: production
if: github.event_name != 'pull_request'
name: Trigger update container images in related projects
strategy:
fail-fast: false
matrix:
repository:
- "greenbone/openvas-scanner"
- "greenbone/boreas"
runs-on: ubuntu-latest
steps:
- name: Trigger main ${{ matrix.repository }} container image build
uses: greenbone/actions/trigger-workflow@v3
with:
token: ${{ secrets.GREENBONE_BOT_TOKEN }}
repository: ${{ matrix.repository }}
workflow: container.yml
ref: main