-
Notifications
You must be signed in to change notification settings - Fork 9
112 lines (99 loc) · 4.94 KB
/
publish_scheduled.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: Scheduled publish
on:
schedule:
- cron: '20 8 * * 1'
workflow_dispatch:
jobs:
deployment:
name: Rebuild and publish the latest tagged image
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
packages: write
steps:
- name: Get latest tag
uses: oprypin/find-latest-tag@v1
id: latest-tag
with:
repository: ${{ github.repository }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout repository code
uses: actions/checkout@main
with:
ref: ${{ steps.latest-tag.outputs.tag }}
fetch-depth: 0
- name: Set current date as env variable
run: echo "TODAY=$(date +'%Y%m%d')" >> $GITHUB_ENV
- name: Set nicely formatted current date as env variable
run: echo "TODAY_FORMATTED=$(date +'%Y-%m-%d')" >> $GITHUB_ENV
- name: Create weekly tag
id: tag
env:
TAG: ${{ steps.latest-tag.outputs.tag }}_${{ env.TODAY }}
run: |
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git config --global user.name "github-actions[bot]"
git tag -a $TAG -m "Weekly rebuild of ${{ steps.latest-tag.outputs.tag }}"
git push origin $TAG
echo "TAG=$TAG" >> $GITHUB_OUTPUT
- name: Build and push weekly image (w/ aws cli)
uses: ./.github/workflows/publish
with:
bake_target: aws
aws_role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
github_token: ${{ secrets.GITHUB_TOKEN }}
git_tag: ${{ steps.tag.outputs.TAG }}
publish_release: true
release_title: ${{ steps.latest-tag.outputs.tag }} - weekly release (${{ env.TODAY_FORMATTED }})
release_body: |
## Weekly rebuild
This is a weekly rebuild of the latest image (`${{ steps.latest-tag.outputs.tag }}`).
The image is rebuilt to ensure that it is up to date with the latest security patches.
## Updated images
### Image with aws cli
- `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:latest`
- `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:${{ steps.tag.outputs.TAG }}`
- `ghcr.io/spacelift-io/runner-terraform:latest`
- `ghcr.io/spacelift-io/runner-terraform:${{ steps.tag.outputs.TAG }}`
### Image with gcloud cli
- `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:gcp-latest`
- `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:gcp-${{ steps.tag.outputs.TAG }}`
- `ghcr.io/spacelift-io/runner-terraform:gcp-latest`
- `ghcr.io/spacelift-io/runner-terraform:gcp-${{ steps.tag.outputs.TAG }}`
### Image with az cli
- `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-latest`
- `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-${{ steps.tag.outputs.TAG }}`
- `ghcr.io/spacelift-io/runner-terraform:azure-latest`
- `ghcr.io/spacelift-io/runner-terraform:azure-${{ steps.tag.outputs.TAG }}`
bake_set: |
aws.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:latest
aws.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:${{ steps.tag.outputs.TAG }}
aws.tags=ghcr.io/spacelift-io/runner-terraform:latest
aws.tags=ghcr.io/spacelift-io/runner-terraform:${{ steps.tag.outputs.TAG }}
- name: Build and push weekly image (w/ gcloud cli)
uses: ./.github/workflows/publish
with:
bake_target: gcp
aws_role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
github_token: ${{ secrets.GITHUB_TOKEN }}
git_tag: ${{ steps.latest-tag.outputs.tag }}
publish_release: false
bake_set: |
gcp.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:gcp-latest
gcp.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:gcp-${{ steps.tag.outputs.TAG }}
gcp.tags=ghcr.io/spacelift-io/runner-terraform:gcp-latest
gcp.tags=ghcr.io/spacelift-io/runner-terraform:gcp-${{ steps.tag.outputs.TAG }}
- name: Build and push weekly image (w/ az cli)
uses: ./.github/workflows/publish
with:
bake_target: azure
aws_role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
github_token: ${{ secrets.GITHUB_TOKEN }}
git_tag: ${{ steps.latest-tag.outputs.tag }}
publish_release: false
bake_set: |
azure.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-latest
azure.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-${{ steps.tag.outputs.TAG }}
azure.tags=ghcr.io/spacelift-io/runner-terraform:azure-latest
azure.tags=ghcr.io/spacelift-io/runner-terraform:azure-${{ steps.tag.outputs.TAG }}