From 0dd935958f91562f75c7527988dca6a93de5b4b4 Mon Sep 17 00:00:00 2001 From: Paul Abel <128620221+pdabelf5@users.noreply.github.com> Date: Tue, 18 Jun 2024 13:37:48 +0100 Subject: [PATCH] ensure wafv5 base images are created (#5771) --- .github/workflows/build-base-images.yml | 16 ++++++++++++++++ .github/workflows/build-oss.yml | 14 +++++++------- .github/workflows/build-plus.yml | 14 +++++++------- .github/workflows/cache-update.yml | 16 ++++++++++++++++ 4 files changed, 46 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index 0a5d0b4a22..969c0d0a4e 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -196,6 +196,22 @@ jobs: - image: alpine-plus-nap-fips platforms: "linux/amd64" nap_modules: waf + - image: alpine-plus-nap-v5-fips + target: goreleaser + platforms: "linux/amd64" + nap_modules: waf + - image: debian-plus-nap-v5 + target: goreleaser + platforms: "linux/amd64" + nap_modules: waf + - image: ubi-9-plus-nap-v5 + target: goreleaser + platforms: "linux/amd64" + nap_modules: waf + - image: ubi-8-plus-nap-v5 + target: goreleaser + platforms: "linux/amd64" + nap_modules: waf steps: - name: Checkout Repository uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml index 2aa0337b16..69f7bc9ae8 100644 --- a/.github/workflows/build-oss.yml +++ b/.github/workflows/build-oss.yml @@ -121,10 +121,10 @@ jobs: - name: Check if base images exist id: base_exists run: | - if docker manifest inspect gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/oss:${{ inputs.base-image-md5 }}-${{ inputs.image }}; then - echo "exists=0" >> $GITHUB_OUTPUT - else - echo "exists=1" >> $GITHUB_OUTPUT + base_image="gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/oss:${{ inputs.base-image-md5 }}-${{ inputs.image }}" + echo "image=${base_image}" >> $GITHUB_OUTPUT + if docker manifest inspect ${base_image}; then + echo "exists=true" >> $GITHUB_OUTPUT fi if: ${{ ! inputs.forked-workflow }} @@ -136,14 +136,14 @@ jobs: cache-from: type=gha,scope=${{ inputs.image }} cache-to: type=gha,scope=${{ inputs.image }},mode=max target: common - tags: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/oss:${{ inputs.base-image-md5 }}-${{ inputs.image }} + tags: ${{ steps.base_exists.outputs.image }} platforms: ${{ inputs.platforms }} pull: true push: true build-args: | BUILD_OS=${{ inputs.image }} IC_VERSION=${{ inputs.tag }} - if: ${{ ! inputs.forked-workflow && steps.base_exists.outputs.exists != 0 }} + if: ${{ ! inputs.forked-workflow && steps.base_exists.outputs.exists != 'true' }} - name: Get short tag id: tag @@ -206,7 +206,7 @@ jobs: provenance: false build-args: | BUILD_OS=${{ inputs.image }} - ${{ ! inputs.forked-workflow && format('PREBUILT_BASE_IMG=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/oss:{0}-{1}', inputs.base-image-md5, inputs.image) || '' }} + ${{ ! inputs.forked-workflow && format('PREBUILT_BASE_IMG={0}', steps.base_exists.outputs.image) || '' }} IC_VERSION=${{ (github.event_name == 'pull_request' || startsWith(github.ref, 'refs/heads/release-')) && 'CI' || steps.meta.outputs.version }} - name: Certify Images diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index 8cba060b1d..d7c7358368 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -153,10 +153,10 @@ jobs: - name: Check if base images exist id: base_exists run: | - if docker manifest inspect gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus:${{ inputs.base-image-md5 }}-${{ inputs.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }}; then - echo "exists=0" >> $GITHUB_OUTPUT - else - echo "exists=1" >> $GITHUB_OUTPUT + base_image="gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus:${{ inputs.base-image-md5 }}-${{ inputs.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }}${{ contains(inputs.image, 'v5') && '-v5' || '' }}" + echo "image=${base_image}" >> $GITHUB_OUTPUT + if docker manifest inspect ${base_image}; then + echo "exists=true" >> $GITHUB_OUTPUT fi if: ${{ ! inputs.forked-workflow }} @@ -168,7 +168,7 @@ jobs: cache-from: type=gha,scope=${{ inputs.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }} cache-to: type=gha,scope=${{ inputs.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }},mode=max target: common - tags: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus:${{ inputs.base-image-md5 }}-${{ inputs.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }} + tags: ${{ steps.base_exists.outputs.image }} platforms: ${{ inputs.platforms }} pull: true push: true @@ -180,7 +180,7 @@ jobs: "nginx-repo.crt=${{ inputs.nap_modules != '' && secrets.NGINX_AP_CRT || secrets.NGINX_CRT }}" "nginx-repo.key=${{ inputs.nap_modules != '' && secrets.NGINX_AP_KEY || secrets.NGINX_KEY }}" ${{ inputs.nap_modules != '' && contains(inputs.image, 'ubi') && format('"rhel_license={0}"', secrets.RHEL_LICENSE) || '' }} - if: ${{ ! inputs.forked-workflow && steps.base_exists.outputs.exists != 0 }} + if: ${{ ! inputs.forked-workflow && steps.base_exists.outputs.exists != 'true' }} - name: Build Plus Docker image uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 @@ -202,7 +202,7 @@ jobs: provenance: false build-args: | BUILD_OS=${{ inputs.image }} - PREBUILT_BASE_IMG=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus:${{ inputs.base-image-md5 }}-${{ inputs.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }} + ${{ ! inputs.forked-workflow && format('PREBUILT_BASE_IMG={0}', steps.base_exists.outputs.image) || '' }} IC_VERSION=${{ (github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true') && steps.meta.outputs.version || 'CI' }} ${{ inputs.nap_modules != '' && format('NAP_MODULES={0}', steps.nap_modules.outputs.modules) || '' }} ${{ contains(inputs.image, 'v5') && 'WAF_VERSION=v5' || '' }} diff --git a/.github/workflows/cache-update.yml b/.github/workflows/cache-update.yml index f4cc5615d8..77be39d20b 100644 --- a/.github/workflows/cache-update.yml +++ b/.github/workflows/cache-update.yml @@ -168,6 +168,22 @@ jobs: target: goreleaser platforms: "linux/amd64" nap_modules: waf + - image: alpine-plus-nap-v5-fips + target: goreleaser + platforms: "linux/amd64" + nap_modules: waf + - image: debian-plus-nap-v5 + target: goreleaser + platforms: "linux/amd64" + nap_modules: waf + - image: ubi-9-plus-nap-v5 + target: goreleaser + platforms: "linux/amd64" + nap_modules: waf + - image: ubi-8-plus-nap-v5 + target: goreleaser + platforms: "linux/amd64" + nap_modules: waf uses: ./.github/workflows/build-plus.yml with: platforms: ${{ matrix.platforms }}