Add sudo #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker publish | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'Version (optional)' | |
required: false | |
push: | |
branches: | |
- 'main' | |
jobs: | |
docker-base-image: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
strategy: | |
fail-fast: false | |
matrix: | |
component: | |
- chartserver | |
- trivy-adapter | |
- core | |
- db | |
- exporter | |
- jobservice | |
- log | |
- nginx | |
- notary-server | |
- notary-signer | |
- portal | |
- prepare | |
- redis | |
- registry | |
- registryctl | |
defaults: | |
run: | |
working-directory: ./ | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: docker/setup-qemu-action@v3 | |
- uses: docker/setup-buildx-action@v3 | |
with: | |
driver: docker-container | |
driver-opts: network=host | |
- uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- run: make patch | |
- id: prepare | |
run: echo "tag=$(cat ./version)" >> $GITHUB_ENV | |
- name: Compare Versions | |
id: compare | |
run: | | |
version1="${{ env.tag }}" | |
version2="v2.9.0" | |
compareVersions() { | |
local v1="$(awk '{ gsub(/^v/, ""); print }' <<< "$1")" | |
local v2="$(awk '{ gsub(/^v/, ""); print }' <<< "$2")" | |
awk -v n1="$v1" -v n2="$v2" 'BEGIN { if (n1 < n2) print "ver_check=true"; else print "ver_check=false" }' | |
} | |
echo $(compareVersions "$version1" "$version2") >> $GITHUB_ENV | |
echo $(compareVersions "$version1" "$version2") | |
- name: Check if component is db | |
if: ${{ (matrix.component == 'db') && (env.ver_check == 'true') }} | |
run: | | |
bash ./scripts/convert.sh ./harbor/make/photon/${{ matrix.component }}/Dockerfile.base | |
cat ./harbor/make/photon/${{ matrix.component }}/Dockerfile.base | |
- name: Build base image | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./harbor | |
file: ./harbor/make/photon/${{ matrix.component }}/Dockerfile.base | |
platforms: linux/amd64,linux/arm64 | |
labels: | | |
org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
org.opencontainers.image.revision=${{ env.tag }} | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ghcr.io/${{ github.repository }}/harbor-${{ matrix.component }}-base:${{ env.tag }} | |
docker-image: | |
needs: | |
- docker-base-image | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
strategy: | |
fail-fast: false | |
matrix: | |
component: | |
- prepare | |
- db | |
- portal | |
- core | |
- jobservice | |
- log | |
- nginx | |
- registryctl | |
- notary | |
- trivy_adapter | |
- redis | |
- chart_server | |
- standalone_db_migrator | |
- exporter | |
defaults: | |
run: | |
working-directory: ./ | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '^1.20.x' | |
- uses: docker/setup-qemu-action@v3 | |
- uses: docker/setup-buildx-action@v3 | |
with: | |
driver: docker-container | |
driver-opts: network=host | |
- run: make patch | |
- uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- id: prepare | |
run: echo "tag=$(cat ./version)" >> $GITHUB_ENV | |
- name: Compare Versions | |
id: compare | |
run: | | |
version1="${{ env.tag }}" | |
version2="v2.9.0" | |
compareVersions() { | |
local v1="$(awk '{ gsub(/^v/, ""); print }' <<< "$1")" | |
local v2="$(awk '{ gsub(/^v/, ""); print }' <<< "$2")" | |
awk -v n1="$v1" -v n2="$v2" 'BEGIN { if (n1 < n2) print "ver_check=true"; else print "ver_check=false" }' | |
} | |
echo $(compareVersions "$version1" "$version2") >> $GITHUB_ENV | |
echo $(compareVersions "$version1" "$version2") | |
- name: Check if component is db | |
if: ${{ (matrix.component == 'db') && (env.ver_check == 'true') }} | |
run: | | |
bash ./scripts/convert.sh ./harbor/make/photon/${{ matrix.component }}/Dockerfile.base | |
cat ./harbor/make/photon/${{ matrix.component }}/Dockerfile.base | |
- name: Build & Publish images | |
env: | |
IMAGENAMESPACE: ghcr.io/${{ github.repository }} | |
BASEIMAGENAMESPACE: ghcr.io/${{ github.repository }} | |
IMAGELABELS: org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
MULTIARCH: true | |
TRIVYFLAG: true | |
CHARTFLAG: true | |
NOTARYFLAG: true | |
run: | | |
cd ./harbor; | |
set -eux; | |
CTX="BUILDBIN=true VERSIONTAG=${{ env.tag }} BASEIMAGETAG=${{ env.tag }} MULTIARCH=${MULTIARCH} " | |
CTX+="IMAGENAMESPACE=${IMAGENAMESPACE} BASEIMAGENAMESPACE=${BASEIMAGENAMESPACE} TRIVYFLAG=${TRIVYFLAG} " | |
CTX+="CHARTFLAG=${CHARTFLAG} NOTARYFLAG=${NOTARYFLAG} IMAGELABELS=${IMAGELABELS}" | |
sudo make versions_prepare ${CTX}; | |
case ${{ matrix.component }} in | |
core) sudo make compile_core ${CTX} ;; | |
jobservice) sudo make compile_jobservice ${CTX};; | |
registryctl) sudo make compile_registryctl ${CTX};; | |
notary*) sudo make compile_notary_migrate_patch ${CTX} ;; | |
standalone_db_migrator) sudo make compile_standalone_db_migrator ${CTX} ;; | |
esac; | |
case ${{ matrix.component }} in | |
exporter) sudo make build BUILDTARGET="_compile_and_build_exporter" ${CTX} ;; | |
registryctl) sudo make build BUILDTARGET="_build_registry _build_registryctl" ${CTX} ;; | |
*) sudo make build BUILDTARGET="_build_${{ matrix.component }}" ${CTX} ;; | |
esac; | |
harbor-building: | |
needs: | |
- 'docker-image' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
strategy: | |
fail-fast: false | |
defaults: | |
run: | |
working-directory: ./ | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '^1.20.x' | |
- uses: docker/setup-qemu-action@v3 | |
- uses: docker/setup-buildx-action@v3 | |
with: | |
driver: docker-container | |
driver-opts: network=host | |
- run: make patch | |
- uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- id: prepare | |
run: echo "tag=$(cat ./version)" >> $GITHUB_ENV | |
- name: Load remote Docker images | |
run: | | |
load_remote_image() { | |
image_name="$1" | |
docker pull --platform=linux/arm64 "ghcr.io/${{ github.repository }}/$image_name:${{ env.tag }}" | |
} | |
images=( | |
"harbor-log" | |
"harbor-exporter" | |
"harbor-db" | |
"harbor-jobservice" | |
"harbor-registryctl" | |
"harbor-portal" | |
"harbor-core" | |
"nginx-photon" | |
"redis-photon" | |
"trivy-adapter-photon" | |
"registry-photon" | |
"prepare" | |
"notary-server-photon" | |
"notary-signer-photon" | |
"chartmuseum-photon" | |
) | |
for image in "${images[@]}"; do | |
load_remote_image "$image" | |
done | |
- name: Retag Docker images | |
run: | | |
retag_image() { | |
image_name="$1" | |
docker tag "ghcr.io/${{ github.repository }}/$image_name:${{ env.tag }}" "goharbor/$image_name:${{ env.tag }}" | |
} | |
images=( | |
"harbor-log" | |
"harbor-exporter" | |
"harbor-db" | |
"harbor-jobservice" | |
"harbor-registryctl" | |
"harbor-portal" | |
"harbor-core" | |
"nginx-photon" | |
"redis-photon" | |
"trivy-adapter-photon" | |
"registry-photon" | |
"prepare" | |
"notary-server-photon" | |
"notary-signer-photon" | |
"chartmuseum-photon" | |
) | |
for image in "${images[@]}"; do | |
retag_image "$image" | |
done | |
- name: Docker packaging Offline installer | |
run: | | |
# Run the 'package_offline' command in ./harbor/Makefile | |
cd ./harbor | |
sed -i 's/package_offline: update_prepare_version compile build/package_offline: update_prepare_version/' Makefile | |
sed -i 's/TRIVYFLAG=false/TRIVYFLAG=true/' Makefile | |
sed -i 's/NOTARYFLAG=false/NOTARYFLAG=true/' Makefile | |
sed -i 's/CHARTFLAG=false/CHARTFLAG=true/' Makefile | |
sed -i '0,/VERSIONTAG=dev/s//VERSIONTAG=v2.7.4/' Makefile | |
make package_offline | |
- run: ls -al | grep harbor-offline-installer | |
- run: ls -al ./harbor | grep harbor-offline-installer |