Limit base and tool builds to 'trunk' (#26)

* Limit base and tool builds to 'trunk' * path filters shouldn't be necessary, yet * Add inputs and env vars * Move var step to be after repo clone * I believe assignment is required * Add short SHA step to build-tool-images
iodeslykos · Jan 16, 2024 · fb8688d · fb8688d
1 parent b7a1275
commit fb8688d
Showing 1 changed file with 32 additions and 14 deletions.
diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml
@@ -9,15 +9,25 @@ on:
     - cron: '45 16 * * 4' # Every Thursday at 16:45 UTC.
   push:
     branches:
-      - '*'
-  pull_request:
-    branches:
-      - '*'
+      - 'trunk'
   workflow_dispatch:
+    inputs:
+      push_images:
+        description: "Push built images to registries."
+        type: boolean
+        required: true
+        default: true
+      provenance:
+        description: "Enable provenance attestations."
+        type: boolean
+        required: true
+        default: false
 
 env:
-  PUSH_IMAGES: ${{ github.ref == 'refs/heads/trunk' }}
-  PROVENANCE: false
+  DEFAULT_TAG: 'latest'
+  PROVENANCE: ${{ inputs.provenance }}
+  PUSH_IMAGES: ${{ github.ref == 'refs/heads/trunk' || inputs.push_images }}
+  SHA_SHORT: ''
 
 jobs:
   build-base-images:
@@ -62,6 +72,10 @@ jobs:
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
+      - name: "Set environment variables."
+        run: |
+          sha_short=$(git rev-parse --short ${{ github.sha }})
+          echo "SHA_SHORT=$sha_short" >> $GITHUB_ENV
       - name: "Set up Docker Buildx."
         uses: docker/setup-buildx-action@v3
         with:
@@ -89,10 +103,10 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           tags: |
-            ${{ matrix.images.image_name }}:latest
-            ghcr.io/${{ matrix.images.image_name }}:latest
-            ${{ matrix.images.image_name }}:${{ github.sha }}
-            ghcr.io/${{ matrix.images.image_name }}:${{ github.sha }}
+            ${{ matrix.images.image_name }}:${{ env.DEFAULT_TAG }}
+            ghcr.io/${{ matrix.images.image_name }}:${{ env.DEFAULT_TAG }}
+            ${{ matrix.images.image_name }}:${{ env.SHA_SHORT }}
+            ghcr.io/${{ matrix.images.image_name }}:${{ env.SHA_SHORT }}
           platforms: ${{ join(matrix.images.supported_platforms, ',') }}
           labels: |-
             org.opencontainers.image.vendor=${{ github.repository_owner }}
@@ -134,6 +148,10 @@ jobs:
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
+      - name: "Set environment variables."
+        run: |
+          sha_short=$(git rev-parse --short ${{ github.sha }})
+          echo "SHA_SHORT=$sha_short" >> $GITHUB_ENV
       - name: "Set up Docker Buildx."
         uses: docker/setup-buildx-action@v3
         with:
@@ -160,10 +178,10 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           tags: |
-            ${{ matrix.images.image_name }}:latest
-            ghcr.io/${{ matrix.images.image_name }}:latest
-            ${{ matrix.images.image_name }}:${{ github.sha }}
-            ghcr.io/${{ matrix.images.image_name }}:${{ github.sha }}
+            ${{ matrix.images.image_name }}:${{ env.DEFAULT_TAG }}
+            ghcr.io/${{ matrix.images.image_name }}:${{ env.DEFAULT_TAG }}
+            ${{ matrix.images.image_name }}:${{ env.SHA_SHORT }}
+            ghcr.io/${{ matrix.images.image_name }}:${{ env.SHA_SHORT }}
           platforms: ${{ join(matrix.images.supported_platforms, ',') }}
           labels: |-
             org.opencontainers.image.vendor=${{ github.repository_owner }}