Change: Use new docker build and release workflows

greenbone · Jun 29, 2023 · da50c60 · da50c60
1 parent 18f73cc
commit da50c60
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 38 deletions.
diff --git a/.docker/prod.Dockerfile b/.docker/prod.Dockerfile
@@ -1,7 +1,7 @@
-ARG VERSION=unstable
+ARG VERSION=stable
 ARG DEBIAN_FRONTEND=noninteractive
 
-FROM --platform=linux/amd64 debian:stable-slim as builder
+FROM --platform=linux/amd64 debian:oldstable-slim as builder
 
 ENV NODE_VERSION=node_14.x
 ENV NODE_KEYRING=/usr/share/keyrings/nodesource.gpg

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
@@ -2,26 +2,25 @@ name: Container Image Builds
 
 on:
   push:
-    branches: [main, stable, oldstable]
+    branches:
+      - main
     tags: ["v*"]
   pull_request:
-    branches: [main, stable, oldstable]
+    branches:
+      - main
   workflow_dispatch:
 
 jobs:
   images:
-    name: Production Images
+    name: Build and upload container images
     runs-on: ubuntu-latest
-
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
-      - name: Login to Docker Registry
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          fetch-depth: 0
+      - uses: greenbone/actions/is-latest-tag@v2
+        id: latest
       - name: Setup container meta information
         id: meta
         uses: docker/metadata-action@v4
@@ -30,20 +29,36 @@ jobs:
           labels: |
             org.opencontainers.image.vendor=Greenbone
             org.opencontainers.image.base.name=greenbone/gsad
-          flavor: latest=false # no auto latest container tag for git tags
+          flavor: latest=false # no latest container tag for git tags
           tags: |
-            # use container tag for git tags
-            type=match,pattern=v(.*),group=1
-            # use latest for latest tag from stable branch
-            type=raw,value=latest,enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v22.4') }}
-            # use stable for latest 22.4 tag
-            type=raw,value=stable,enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v22.4') }}
+            # use version, major.minor and major  for tags
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
             # use edge for default branch
             type=edge
-            # use branch-sha otherwise for pushes to branches other then main (will not be uploaded)
-            type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
-            # use pr-$PR_ID for pull requests (will not be uploaded)
+
+            # set label for non-published pull request builds
             type=ref,event=pr
+
+            # when a new git tag is created set stable and a latest tags
+            type=raw,value=latest,enable=${{ steps.latest.outputs.is-latest-tag == 'true' }}
+            type=raw,value=stable,enable=${{ steps.latest.outputs.is-latest-tag == 'true' }}
+      - name: Set container build options
+        id: container-opts
+        run: |
+          if [[ "${{ github.ref_type }}" = 'tag' ]]; then
+            echo "version=stable" >> $GITHUB_OUTPUT
+          else
+            echo "version=edge" >> $GITHUB_OUTPUT
+          fi
+      - name: Login to Docker Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
       - name: Set up Docker Buildx
@@ -53,6 +68,8 @@ jobs:
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }}
+          build-args: |
+            VERSION=${{ steps.container-opts.outputs.version }}
           file: .docker/prod.Dockerfile
           platforms: linux/amd64,linux/arm64
           tags: ${{ steps.meta.outputs.tags }}

diff --git a/.github/workflows/release-pontos.yml b/.github/workflows/release-pontos.yml
@@ -4,34 +4,52 @@ on:
   pull_request:
     types: [closed]
   workflow_dispatch:
+    inputs:
+      release-type:
+        type: choice
+        description: What kind of release do you want to do (pontos --release-type argument)?
+        options:
+          - patch
+          - minor
+          - major
+      release-version:
+        type: string
+        description: Set an explicit version, that will overwrite release-type. Fails if version is not compliant.
 
 jobs:
   release:
-    name: Create a new release with pontos
-    # If the event is a workflow_dispatch or the label 'make release' is set and PR is closed because of a merge
-    if: (github.event_name == 'workflow_dispatch') || (contains( github.event.pull_request.labels.*.name, 'make release') && github.event.pull_request.merged == true)
-    runs-on: "ubuntu-latest"
-    outputs:
-      release-version: ${{ steps.release.outputs.release-version }}
-      git-release-tag: ${{ steps.release.outputs.git-release-tag }}
+    name: Create a new release
+    # If the event is a workflow_dispatch or on of the labels 'pre release',
+    # 'patch release', 'minor release' or 'major release' is set and PR is
+    # closed because of a merge
+    # NOTE: priority of set labes will be alpha > release-candidate > patch > minor > major,
+    #       so if 'major' and 'patch' labes are set, it will create a patch release.
+    if: |
+      ( github.event_name == 'workflow_dispatch') || (
+        ( contains(github.event.pull_request.labels.*.name, 'alpha release') ||
+          contains(github.event.pull_request.labels.*.name, 'rc release') ||
+          contains(github.event.pull_request.labels.*.name, 'patch release') ||
+          contains(github.event.pull_request.labels.*.name, 'minor release') ||
+          contains(github.event.pull_request.labels.*.name, 'major release')) &&
+          github.event.pull_request.merged == true )
+    runs-on: 'ubuntu-latest'
     steps:
-      - name: Setting the Reference
-        id: reference
-        run: |
-          if [[ "${{ github.event_name }}" = "workflow_dispatch" ]]; then
-            echo "ref=${{ github.ref_name }}" >> $GITHUB_OUTPUT
-          else
-            echo "ref=${{ github.base_ref }}" >> $GITHUB_OUTPUT
-          fi
+      - name: Selecting the Release type
+        id: release-type
+        uses: greenbone/actions/release-type@v2
+        with:
+          release-type-input: ${{ inputs.release-type }}
       - name: Release with release action
         id: release
         uses: greenbone/actions/release@v2
         with:
           github-user: ${{ secrets.GREENBONE_BOT }}
           github-user-mail: ${{ secrets.GREENBONE_BOT_MAIL }}
           github-user-token: ${{ secrets.GREENBONE_BOT_TOKEN }}
-          release-type: calendar
-          ref: ${{ steps.reference.outputs.ref }}
+          release-type: ${{ steps.release-type.outputs.release-type }}
+          release-version: ${{ inputs.release-version }}
+          ref: ${{ steps.release-type.outputs.release-ref }}
+          versioning-scheme: "semver"
           sign-release-files: false
 
   build-dist: