Build #2106
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: "Build" | |
on: | |
push: | |
branches: | |
- '**' | |
pull_request: | |
release: | |
types: | |
- edited | |
- published | |
schedule: | |
- cron: '0 10 * * *' # everyday at 10am | |
workflow_dispatch: | |
permissions: | |
actions: read | |
contents: read | |
jobs: | |
diagnostics: | |
name: "Diagnostics" | |
uses: ./.github/workflows/diagnostics.yml | |
config: | |
name: "Config" | |
uses: ./.github/workflows/_config.yml | |
metadata: | |
name: "Metadata" | |
needs: [config] | |
uses: ./.github/workflows/docker-metadata.yml | |
with: | |
image_name: ${{ needs.config.outputs.image_name }} | |
lint: | |
name: "Lint" | |
uses: ./.github/workflows/common-lint.yml | |
build-image-for-testing: | |
name: "Build image for testing" | |
needs: | |
- config | |
- lint | |
- metadata | |
uses: ./.github/workflows/docker-build-image.yml | |
with: | |
artifact_name: ${{ needs.config.outputs.image_artifact_name_stem }}-${{ needs.config.outputs.test_platform }} | |
cache_from_scopes: ${{ needs.config.outputs.test_platform }} | |
cache_to_scope: ${{ needs.config.outputs.test_platform }} | |
image_archive_name_stem: ${{ needs.config.outputs.test_platform }} | |
image_labels: ${{ needs.metadata.outputs.image_labels }} | |
platforms: ${{ needs.config.outputs.test_platform }} | |
test-image: | |
name: "Test image" | |
needs: | |
- build-image-for-testing | |
- config | |
uses: ./.github/workflows/docker-pytest-image.yml | |
with: | |
data_artifact_name: ${{ needs.config.outputs.data_artifact_name }} | |
image_artifact_name: ${{ needs.build-image-for-testing.outputs.artifact_name }} | |
image_archive_name: ${{ needs.build-image-for-testing.outputs.image_archive_name }} | |
build-each-platform: | |
name: "Build platforms" | |
needs: | |
- config | |
- lint | |
- metadata | |
- test-image | |
if: github.event_name != 'pull_request' | |
strategy: | |
matrix: | |
platform: ${{ fromJson(needs.config.outputs.platforms_json) }} | |
exclude: | |
- platform: ${{ needs.config.outputs.test_platform }} | |
uses: ./.github/workflows/docker-build-image.yml | |
with: | |
artifact_name: ${{ needs.config.outputs.image_artifact_name_stem }}-${{ matrix.platform }} | |
cache_from_scopes: ${{ matrix.platform }} | |
cache_to_scope: ${{ matrix.platform }} | |
image_labels: ${{ needs.metadata.outputs.image_labels }} | |
image_archive_name_stem: ${{ matrix.platform }} | |
platforms: ${{ matrix.platform }} | |
generate-sboms: | |
name: "Bill of Materials" | |
needs: | |
- build-each-platform | |
- config | |
permissions: | |
contents: write | |
strategy: | |
matrix: | |
platform: ${{ fromJson(needs.config.outputs.platforms_json) }} | |
uses: ./.github/workflows/sbom-artifact.yml | |
with: | |
image_artifact_name: ${{ needs.config.outputs.image_artifact_name_stem }}-${{ matrix.platform }} | |
sbom_artifact_name: ${{ needs.config.outputs.sbom_artifact_name_stem }}-${{ matrix.platform }} | |
docker-secrets: | |
name: "Docker secrets" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 | |
with: | |
egress-policy: block | |
- name: Check docker.com credentials | |
run: | | |
return_code=0 | |
if [ -z "${{ secrets.DOCKER_USERNAME }}" ]; then | |
echo "::warning::Set the DOCKER_USERNAME secret." | |
return_code=1 | |
fi | |
if [ -z "${{ secrets.DOCKER_PASSWORD }}" ]; then | |
echo "::warning::Set the DOCKER_PASSWORD secret." | |
return_code=1 | |
fi | |
exit $return_code | |
build-multi-arch-image: | |
name: "Publish image" | |
needs: | |
- build-each-platform | |
- config | |
- docker-secrets | |
- metadata | |
if: github.event_name != 'pull_request' | |
permissions: | |
packages: write | |
uses: ./.github/workflows/docker-multi-arch-push.yml | |
with: | |
artifact_name_pattern: ${{ needs.config.outputs.image_artifact_name_stem }}-* | |
image_tags: ${{ needs.metadata.outputs.image_tags }} | |
secrets: | |
docker_password: ${{ secrets.DOCKER_PASSWORD }} | |
docker_username: ${{ secrets.DOCKER_USERNAME }} | |
publish-readme: | |
name: "Publish docs" | |
needs: | |
- build-multi-arch-image | |
- config | |
- docker-secrets | |
- metadata | |
if: needs.metadata.outputs.latest == 'true' | |
uses: ./.github/workflows/docker-publish-description.yml | |
with: | |
image_name: ${{ needs.config.outputs.image_name }} | |
secrets: | |
docker_password: ${{ secrets.DOCKER_PASSWORD }} | |
docker_username: ${{ secrets.DOCKER_USERNAME }} |