Skip to content
Publish release image

chore(deps): bump alpine from 3.20 to 3.21 #268

Sign in to view logs

chore(deps): bump alpine from 3.20 to 3.21

chore(deps): bump alpine from 3.20 to 3.21 #268

Workflow file for this run

.github/workflows/publish-release.yaml at 3e19bb7
# Publish flant/addon-operator imageon hub.docker.com.
# Build 'latest' tag if started manually on default branch.
# Build 'latest' tag when PR is merged into the default branch.
# Build 'v*.*.*' and 'latest' tags on push released tag.
name: Publish release image
on:
workflow_dispatch:
pull_request:
types: [closed]
push:
tags:
- 'v*'
env:
QEMU_PLATFORMS: arm64,arm
BUILDX_PLATFORMS: "linux/amd64,linux/arm64,linux/arm/v7"
IMAGE_REPO: flant/addon-operator
jobs:
check:
name: Check
runs-on: ubuntu-latest
outputs:
run_publish: ${{ steps.check.outputs.run_publish }}
image_tag: ${{ steps.check.outputs.image_tag }}
additional_tag: ${{ steps.check.outputs.additional_tag }}
steps:
- uses: actions/github-script@v7
id: check
with:
script: |
const SKIP_LATEST_LABEL_NAME = 'skip/image/latest';
const event = context.payload;
const eventName = context.eventName;
let runPublish = false;
let imageTag = '';
let additionalTag = ''; // Also push additional tag when building a released tag.
// Check ref name for manual running.
if (eventName === 'workflow_dispatch') {
if (event.ref !== 'refs/heads/main') {
return core.setFailed(`Detect manual execution for '${event.ref}'. Use only default branch. Skip 'publish latest image'.`);
}
console.log(`Detect manual execution for default branch. Run 'publish latest image'.`);
runPublish = true;
imageTag = 'latest';
}
// Check for 'skip' label on pull request.
if (eventName == 'pull_request' && event.action == 'closed') {
if (!event.pull_request.merged) {
return console.log(`PR ${event.number} not merged. Skip 'publish latest image'.`);
}
const hasSkipLabel = event.pull_request.labels.some(l => l.name === SKIP_LATEST_LABEL_NAME);
if (hasSkipLabel) {
return console.log(`Detect skip label '${SKIP_LATEST_LABEL_NAME}' on merged PR ${event.number}. Skip 'publish latest image'.`);
}
console.log(`No skip labels on merged PR ${event.number}. Run 'publish latest image'.`);
runPublish = true;
imageTag = 'latest';
}
// Check if tag is pushed.
if (eventName == 'push') {
if (!event.ref.startsWith('refs/tags/')) {
return console.log(`Detect non-release ref: ${event.ref}. Skip 'publish latest image'.`);
}
runPublish = true;
imageTag = context.ref.replace('refs/tags/', '');
additionalTag = 'latest';
}
console.log(`Outputs: run_publish=${runPublish} image_tag=${imageTag} additional_tag=${additionalTag}`);
if (!runPublish) {
console.log(`DEBUG: eventName=${eventName} action=${event.action} ref=${event.ref} merged=${event.pull_request && event.pull_request.merged} prLabels=${JSON.stringify(event.pull_request && event.pull_request.labels)}`)
return console.log(`Skip 'publish latest image'.`);
}
core.setOutput('run_publish', 'true');
core.setOutput('image_tag', imageTag);
core.setOutput('additional_tag', additionalTag);
publish_image:
name: Build and publish
runs-on: [ubuntu-latest]
needs:
- check
if: needs.check.outputs.run_publish == 'true'
steps:
- uses: actions/checkout@v4
- name: Prepare environment
env:
IMAGE_TAG: ${{ needs.check.outputs.image_tag }}
ADDITIONAL_TAG: ${{ needs.check.outputs.additional_tag }}
run: |
: Setup FINAL_IMAGE_NAME and APP_VERSION for image build
APP_VERSION=${IMAGE_TAG}
if [[ $APP_VERSION == "latest" ]] ; then
APP_VERSION=${GITHUB_REF#refs/heads/}-${GITHUB_SHA::8}-$(date +'%Y.%m.%d_%H:%M:%S')
fi
FINAL_IMAGE_NAME="${IMAGE_REPO}:${IMAGE_TAG}"
if [[ -n $ADDITIONAL_TAG ]] ; then
ADDITIONAL_IMAGE_NAME="${IMAGE_REPO}:${ADDITIONAL_TAG}"
fi
echo "APP_VERSION=${APP_VERSION}" >> ${GITHUB_ENV}
echo "FINAL_IMAGE_NAME=${FINAL_IMAGE_NAME}" >> ${GITHUB_ENV}
echo "ADDITIONAL_IMAGE_NAME=${ADDITIONAL_IMAGE_NAME}" >> ${GITHUB_ENV}
echo "========================================="
echo "APP_VERSION = $APP_VERSION"
echo "FINAL_IMAGE_NAME = $FINAL_IMAGE_NAME"
[ -n $ADDITIONAL_IMAGE_NAME ] && \
echo "ADDITIONAL_IMAGE_NAME = $ADDITIONAL_IMAGE_NAME"
echo "========================================="
- name: Set up QEMU
uses: docker/setup-qemu-action@v3.2.0
with:
platforms: "${{ env.QEMU_PLATFORMS }}"
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
with:
version: latest
- name: Login to DockerHub
uses: docker/login-action@v3.3.0
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASS }}
- name: Build and push multi-arch image
run: |
echo "Build and push $FINAL_IMAGE_NAME with version '$APP_VERSION'."
[ -n "$ADDITIONAL_IMAGE_NAME" ] && echo "Also push $ADDITIONAL_IMAGE_NAME."
echo
docker buildx build \
--build-arg appVersion=$APP_VERSION \
--platform $BUILDX_PLATFORMS \
--tag $FINAL_IMAGE_NAME \
$( [ -n "$ADDITIONAL_IMAGE_NAME" ] && echo "--tag $ADDITIONAL_IMAGE_NAME" ) \
--push \
.
- name: Inspect binaries
run: |
# Image for one arhitecture has digest in config field.
# Image with multiple manifests has digest in each manifest.
manifests=$(docker buildx imagetools inspect "${FINAL_IMAGE_NAME}" --raw)
if grep manifests <<<"${manifests}" 2>&1 >/dev/null ; then
jq -r '.manifests[]? | .digest + " " + .platform.os + "/" + .platform.architecture' <<<"${manifests}"
else
echo $(echo -n "${manifests}" | openssl dgst -sha256 | sed s/^.stdin.*\ //) ' linux/amd64'
fi \
| while read digest platform ; do
image=$FINAL_IMAGE_NAME@${digest}
echo "====================================="
echo "Inspect image for platform ${platform}"
echo " ${image}"
echo "====================================="
docker run --rm --platform ${platform} --entrypoint sh ${image} -c \
'apk add file > /dev/null; file /bin/kubectl; file /bin/busybox; file /addon-operator; file /bin/helm'
done