remove scoping from the check (#17) #295
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Containerize | |
on: | |
push: | |
workflow_dispatch: | |
env: | |
GITHUB_USERNAME: baronfel | |
GITHUB_TOKEN: ${{ secrets.CONTAINER_PUSH_PAT }} | |
jobs: | |
azure-admin-credentials: | |
name: "Azure Container Registry - admin credentials" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- name: Log in to container registry | |
uses: azure/docker-login@v1 | |
with: | |
login-server: sdkcontainerdemo.azurecr.io | |
username: sdkcontainerdemo | |
password: ${{ secrets.ACR_PAT }} | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: azure | |
variant: admin-credential | |
azure-ad-credentials: | |
name: Azure Container Registry - AD OIDC credentials | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
environment: production | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- name: login to Azure using AD credentials | |
uses: Azure/login@v1 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: get ACR access token | |
uses: azure/CLI@v1 | |
with: | |
# login to the ACR using the login we just did above. | |
# this will perform a 'docker login' with the identity-token-based credential from that Azure identity | |
inlineScript: | | |
echo "DOCKER_TOKEN=$(az acr login --name sdkcontainerdemo --expose-token --output tsv --query accessToken)" >> $GITHUB_ENV | |
- name: Log in to container registry | |
uses: azure/docker-login@v1 | |
with: | |
login-server: sdkcontainerdemo.azurecr.io | |
username: "00000000-0000-0000-0000-000000000000" | |
password: ${{ env.DOCKER_TOKEN }} | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: azure | |
variant: ad-credential | |
azure-managed-identity: | |
name: Azure Container Registry - Managed Identity | |
runs-on: ubuntu-latest | |
environment: production | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- name: login to azure with managed identity | |
uses: Azure/login@v1 | |
with: | |
creds: '{"clientId":"${{ secrets.AZURE_MANAGED_IDENTITY_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_MANAGED_IDENTITY_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}' | |
- name: get ACR access token | |
uses: azure/CLI@v1 | |
with: | |
# login to the ACR using the login we just did above. | |
# this will perform a 'docker login' with the identity-token-based credential from that Azure identity | |
inlineScript: | | |
echo "DOCKER_TOKEN=$(az acr login --name sdkcontainerdemo --expose-token --output tsv --query accessToken)" >> $GITHUB_ENV | |
- name: Log in to container registry | |
uses: azure/docker-login@v1 | |
with: | |
login-server: sdkcontainerdemo.azurecr.io | |
username: "00000000-0000-0000-0000-000000000000" | |
password: ${{ env.DOCKER_TOKEN }} | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: azure | |
variant: azure-managed-identity | |
github: | |
name: GitHub Package Registry | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- name: Log in to container registry | |
uses: azure/docker-login@v1 | |
with: | |
login-server: ghcr.io | |
username: baronfel | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: github | |
github-raw: | |
name: GitHub Package Registry - Raw CLI calls | |
runs-on: ubuntu-latest | |
env: | |
SDK_CONTAINER_REGISTRY_CHUNKED_UPLOAD: true | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- name: Log in to container registry via docker CLI | |
run: echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u baronfel --password-stdin | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: github | |
variant: docker-cli | |
aws-private: | |
name: AWS ECR (Private) | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
mask-password: true | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: aws-private | |
aws-private-credhelper: | |
name: AWS ECR (Private) with Docker Credential Helper | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: install ECR Credential Provider | |
run: | | |
go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@latest | |
echo "$(go env GOPATH)" >> $GITHUB_PATH | |
- name: setup ECR Credential Provider | |
run: | | |
echo "DOCKER_CONFIG=$PWD/ecr-example" >> "$GITHUB_ENV" | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: aws-private | |
aws-public: | |
name: AWS ECR (Public) | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: public | |
mask-password: true | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: aws-public | |
chunked: false | |
gitlab: | |
name: GitLab Container Registry | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- name: Log in to container registry | |
uses: azure/docker-login@v1 | |
with: | |
login-server: registry.gitlab.com | |
username: chet.husk | |
password: ${{ secrets.GITLAB_CONTAINER_PAT }} | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: gitlab | |
gcp: | |
name: Google Cloud Artifact Registry | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
# Setup gcloud CLI | |
- uses: google-github-actions/auth@v1 | |
with: | |
credentials_json: ${{ secrets.GOOGLE_CLOUD_SERVICE_ACCOUNT_KEY }} | |
# Configure docker to use the gcloud command-line tool as a credential helper | |
- run: gcloud auth configure-docker us-south1-docker.pkg.dev | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: gcp | |
chunked: false # GCP doesn't support chunking at all, so don't test that method | |
localdocker: | |
name: Local Docker Daemon | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: localdocker | |
- name: List images | |
run: docker image list --all | |
- name: List images (podman) | |
run: podman image list --all | |
localdocker-trimmedandchiseled: | |
name: Local Docker Daemon, Chiseled Ubuntu container | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: localdocker | |
variant: trimmedandchiseled | |
selfContained: "true" | |
- name: List images | |
run: docker image list --all | |
- name: List images (podman) | |
run: podman image list --all | |
localpodman: | |
name: Local Podman installation | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: localpodman | |
- name: List images (podman) | |
run: podman image list --all | |
- name: List images (docker) | |
run: docker image list --all | |
dockerhub: | |
name: Push to Docker hub | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- name: Log in to container registry | |
uses: azure/docker-login@v1 | |
with: | |
login-server: registry-1.docker.io | |
username: chusk3 | |
password: ${{ secrets.DOCKERHUB_PAT }} | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: dockerhub | |
quay: | |
name: Push to Quay.io | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- name: Log in to container registry | |
uses: azure/docker-login@v1 | |
with: | |
login-server: quay.io | |
username: baronfel | |
password: ${{ secrets.QUAY_PAT }} | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: quay | |
harbor: | |
name: Push to Harbor | |
runs-on: ubuntu-latest | |
# harbor is disabled because we don't have a persistent account/location to push to | |
if: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v2 | |
- name: Log in to container registry | |
uses: azure/docker-login@v1 | |
with: | |
login-server: demo.goharbor.io | |
username: "robot$net-sdk-container-demo+push-daemon" | |
password: ${{ secrets.HARBOR_PASSWORD }} | |
- uses: ./.github/actions/publishAndLog | |
with: | |
profile: harbor | |
dockerfile: | |
name: Build Dockerfile as a comparison | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: publish self-contained | |
uses: docker/build-push-action@v4 | |
with: | |
context: ./src/sdk-container-demo | |
tags: chusk3/net-sdk-container-demo:dockerfile | |
file: ./src/sdk-container-demo/Dockerfile-sc | |
- name: publish framework-dependent | |
uses: docker/build-push-action@v4 | |
with: | |
context: ./src/sdk-container-demo | |
tags: chusk3/net-sdk-container-demo:dockerfile | |
file: ./src/sdk-container-demo/Dockerfile-fdd | |
local-archive: | |
name: Publish an image to a local archive and read it in | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET SDK | |
uses: actions/setup-dotnet@v3 | |
- name: Publish container to an archive | |
working-directory: ./src/sdk-container-demo | |
run: | | |
mkdir images \ | |
&& dotnet publish -t:PublishContainer -p ContainerArchiveOutputPath=images /bl -r linux-x64 /check | |
- name: List tarballs | |
run: ls -l ./src/sdk-container-demo/images | |
- name: Load image into Docker | |
run: docker load -i ./src/sdk-container-demo/images/* | |
- name: Show loaded image | |
run: docker image list sdk-container-demo |