-
Notifications
You must be signed in to change notification settings - Fork 138
176 lines (169 loc) · 5.9 KB
/
publish-images.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
name: Publish images
on:
push:
tags:
- v[0-9]+.[0-9]+.[0-9]+
permissions:
contents: read
id-token: write
jobs:
prepare:
name: Prepare properties
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Prepare build parameters
id: prep
run: |
hack/build/ci/prepare-build-variables.sh
- name: Docker metadata
uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4.3.0
id: meta
with:
images: dynatrace/dynatrace-operator
tags: ${{ steps.prep.outputs.docker_image_tag }}
labels: |
${{ steps.prep.outputs.docker_image_labels }}
vcs-ref=${{ github.sha }}
outputs:
labels: ${{ steps.meta.outputs.labels }}
version: ${{ steps.prep.outputs.docker_image_tag }}
build:
name: Build images
runs-on: ubuntu-latest
needs: [prepare]
strategy:
matrix:
platform: [amd64, arm64]
steps:
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Build image
uses: ./.github/actions/build-image
with:
platform: ${{ matrix.platform }}
labels: ${{ needs.prepare.outputs.labels }}
image-tag: ${{ needs.prepare.outputs.version }}
push:
name: Push images
environment: Release
needs: [prepare, build]
runs-on: ubuntu-latest
permissions:
id-token: write
strategy:
matrix:
platform: [amd64, arm64]
registry: [gcr, dockerhub]
include:
- registry: gcr
url: gcr.io
repository: GCR_REPOSITORY
username: GCR_USERNAME
password: GCR_JSON_KEY
- registry: dockerhub
url: docker.io
repository: DOCKERHUB_REPOSITORY
username: DOCKERHUB_USERNAME
password: DOCKERHUB_PASSWORD
steps:
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Login to Registry
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
with:
registry: ${{ matrix.url }}
username: ${{ secrets[matrix.username] }}
password: ${{ secrets[matrix.password] }}
- name: Push ${{matrix.platform}} to ${{matrix.registry}}
uses: ./.github/actions/upload-image
with:
platform: ${{ matrix.platform }}
labels: ${{ needs.prepare.outputs.labels }}
version: ${{ needs.prepare.outputs.version }}
registry: ${{ matrix.url }}
repository: ${{ secrets[matrix.repository] }}
- name: Sign image for ${{matrix.registry}}
uses: ./.github/actions/sign-image
with:
image: ${{ matrix.url }}/${{ secrets[matrix.repository] }}:${{ needs.prepare.outputs.version }}-${{ matrix.platform }}
signing-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
signing-password: ${{ secrets.COSIGN_PASSWORD }}
push-rhcc:
name: Push amd64 image to RHCC
environment: Release
needs: [prepare, build]
runs-on: ubuntu-latest
env:
SCAN_REGISTRY: "quay.io"
steps:
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Login to Registry
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
with:
registry: ${{ env.SCAN_REGISTRY }}
username: ${{ secrets.RHCC_USERNAME }}
password: ${{ secrets.RHCC_PASSWORD }}
- name: Push amd64 image to scan registry
uses: ./.github/actions/upload-image
with:
platform: "amd64"
labels: ${{ needs.prepare.outputs.labels }}
version: ${{ needs.prepare.outputs.version }}
registry: ${{ env.SCAN_REGISTRY }}
repository: ${{ secrets.RHCC_REPOSITORY }}
skip-platform-suffix: true
- name: Run preflight
uses: ./.github/actions/preflight
with:
version: ${{ needs.prepare.outputs.version }}
registry: ${{ env.SCAN_REGISTRY }}
repository: ${{ secrets.RHCC_REPOSITORY }}
report-name: "preflight.json"
redhat-project-id: ${{ secrets.REDHAT_PROJECT_ID }}
pyxis-api-token: ${{ secrets.PYXIS_API_TOKEN }}
manifest:
name: Create manifest
environment: Release
needs: [prepare, push]
runs-on: ubuntu-latest
permissions:
id-token: write
strategy:
matrix:
registry: [gcr, dockerhub]
include:
- registry: gcr
url: gcr.io
repository: GCR_REPOSITORY
username: GCR_USERNAME
password: GCR_JSON_KEY
- registry: dockerhub
url: docker.io
repository: DOCKERHUB_REPOSITORY
username: DOCKERHUB_USERNAME
password: DOCKERHUB_PASSWORD
steps:
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Login to Registry
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
with:
registry: ${{ matrix.url }}
username: ${{ secrets[matrix.username] }}
password: ${{ secrets[matrix.password] }}
- name: Create manifests for ${{matrix.registry}}
uses: ./.github/actions/create-manifests
with:
version: ${{ needs.prepare.outputs.version }}
registry: ${{ matrix.url }}
repository: ${{ secrets[matrix.repository] }}
combined: true
- name: Sign manifests for ${{matrix.registry}}
uses: ./.github/actions/sign-image
with:
image: ${{ matrix.url }}/${{ secrets[matrix.repository] }}:${{ needs.prepare.outputs.version }}
signing-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
signing-password: ${{ secrets.COSIGN_PASSWORD }}