Skip to content
Push to GCR GitHub Action

Bug fix for push_only image tag selection #92

Sign in to view logs

Bug fix for push_only image tag selection

Bug fix for push_only image tag selection #92

Workflow file for this run

.github/workflows/build_and_push.yaml at 0a08841
name: Push to GCR GitHub Action
on:
push:
branches:
- master
pull_request:
branches:
- master
jobs:
# example with Workload Identity Federation
build-and-push-to-gcr-workload-identity:
name: Build & push - with workload identity
runs-on: ubuntu-latest
permissions: # <- this section is needed for workload identity
contents: 'read'
id-token: 'write'
steps:
- uses: actions/checkout@v3
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: projects/331888282073/locations/global/workloadIdentityPools/push-to-gcr-pool/providers/gh-action
service_account: push-to-gcr-storage-object-adm@pro-chesta.iam.gserviceaccount.com
- name: Building and pushing the image
uses: ./
# uses: RafikFarhad/push-to-gcr-github-action@v5-rc1 # <- use this on your workflow
with:
# gcloud_service_key: ${{ secrets.JSON_GCLOUD_SERVICE_ACCOUNT_JSON }} # <- not needed when used with google-github-actions/auth@v2
registry: gcr.io
project_id: pro-chesta
image_name: hello-world-by-push-to-gcr-0
image_tag: test-${{ github.sha }}, ${{ github.sha }}
dockerfile: ./test/Dockerfile.test
context: ./test
target: build
# example with gcloud service account key
build-and-push-to-gcr-service-account:
name: Build & push - with service account
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
credentials_json: '${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }}'
- name: Building and pushing the image
uses: ./
# uses: RafikFarhad/push-to-gcr-github-action@v5-rc1 # <- use this on your workflow
with:
# gcloud_service_key: ${{ secrets.JSON_GCLOUD_SERVICE_ACCOUNT_JSON }} # <- not needed when used with google-github-actions/auth@v2
registry: gcr.io
project_id: pro-chesta
image_name: hello-world-by-push-to-gcr-1
image_tag: test-${{ github.sha }}, ${{ github.sha }}
dockerfile: ./test/Dockerfile.test
context: ./test
target: build
# example with gcloud service account key, except using google-github-actions/auth step. the login is handled by this action
build-and-push-to-gcr-without-gcloud-auth-action:
name: Build & push - without gcloud auth action
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Building and pushing the image
uses: ./
# uses: RafikFarhad/push-to-gcr-github-action@v5-rc1 # <- use this on your workflow
with:
gcloud_service_key: "${{ secrets.JSON_GCLOUD_SERVICE_ACCOUNT_JSON }}"
registry: gcr.io
project_id: pro-chesta
image_name: hello-world-by-push-to-gcr-2
image_tag: test-${{ github.sha }}, ${{ github.sha }}
dockerfile: ./test/Dockerfile.test
context: ./test
target: build
# example with push-only
push-only-image:
name: Push only - with workload identity
runs-on: ubuntu-latest
permissions: # <- this section is needed for workload identity
contents: 'read'
id-token: 'write'
steps:
- uses: actions/checkout@v3
- name: Prepare the image for push_only
run: |
docker pull hello-world:latest
docker tag hello-world:latest gcr.io/pro-chesta/hello-world-by-push-to-gcr-3:${{ github.sha }}
# this step mimics your build step which produce a docker image that will be pushed to gcr
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: projects/331888282073/locations/global/workloadIdentityPools/push-to-gcr-pool/providers/gh-action
service_account: push-to-gcr-storage-object-adm@pro-chesta.iam.gserviceaccount.com
- name: Pushing the image
uses: ./
# uses: RafikFarhad/push-to-gcr-github-action@v5-rc1 # <- use this on your workflow
with:
# gcloud_service_key: ${{ secrets.JSON_GCLOUD_SERVICE_ACCOUNT_JSON }} # <- not needed when used with google-github-actions/auth@v2
registry: gcr.io
project_id: pro-chesta
image_name: hello-world-by-push-to-gcr-3
image_tag: ${{ github.sha }}
push_only: true
# if you are checking this file to use this action in your project,
# you only need obe of the above steps 👆.
test-images:
name: Test images from registry
needs:
- build-and-push-to-gcr-workload-identity
- build-and-push-to-gcr-service-account
- build-and-push-to-gcr-without-gcloud-auth-action
- push-only-image
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
type: [0, 1, 2]
steps:
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.JSON_GCLOUD_SERVICE_ACCOUNT_JSON }}
- name: Testing the image
run: |
cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin gcr.io
exit $([ "$(docker run gcr.io/pro-chesta/hello-world-by-push-to-gcr-${{ matrix.type }}:${{ github.sha }})" = "Hello World from Push To GCR github action" ])
cleanup:
name: Clean up images
needs:
- build-and-push-to-gcr-workload-identity
- build-and-push-to-gcr-service-account
- build-and-push-to-gcr-without-gcloud-auth-action
- push-only-image
- test-images
if: always()
continue-on-error: true
runs-on: ubuntu-latest
steps:
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.JSON_GCLOUD_SERVICE_ACCOUNT_JSON }}
- name: Delete images
run: |
gcloud container images delete gcr.io/pro-chesta/hello-world-by-push-to-gcr-0:${{ github.sha }} --force-delete-tags --quiet
gcloud container images delete gcr.io/pro-chesta/hello-world-by-push-to-gcr-1:${{ github.sha }} --force-delete-tags --quiet
gcloud container images delete gcr.io/pro-chesta/hello-world-by-push-to-gcr-2:${{ github.sha }} --force-delete-tags --quiet
gcloud container images delete gcr.io/pro-chesta/hello-world-by-push-to-gcr-3:${{ github.sha }} --force-delete-tags --quiet