Finalize Tags #245
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Finalize Tags | |
# Workflow this will update various mutable tags to match the full semver given in the input tag. | |
# E.g. if an image is tagged 0.1.2 and this workflow is triggered with a tag `latest-v0.1.2` then it will update tags: | |
# latest, 0, and 0.1 to point to the 0.1.2 image. | |
on: | |
create: | |
jobs: | |
update_latest_tag: | |
name: Build & Push to Registries | |
if: ${{ startsWith(github.ref, 'refs/tags/latest-v') }} | |
runs-on: ubuntu-latest | |
environment: production | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v2 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4.0.2 | |
continue-on-error: true | |
with: | |
role-to-assume: ${{ secrets.ECR_REPO_ROLE }} | |
role-duration-seconds: 7200 # 2 hours | |
aws-region: us-east-1 | |
- name: 2nd Attempt Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4.0.2 | |
if: ${{ env.AWS_ACCESS_KEY_ID == '' }} | |
with: | |
role-to-assume: ${{ secrets.ECR_REPO_ROLE }} | |
role-duration-seconds: 7200 # 2 hours | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Configure AWS credentials (Gov Cloud) | |
uses: aws-actions/configure-aws-credentials@v4.0.2 | |
continue-on-error: true | |
id: login-aws-gov-cloud | |
with: | |
output-credentials: true | |
unset-current-credentials: true | |
role-to-assume: ${{ secrets.ECR_GOV_CLOUD_REPO_ROLE }} | |
role-duration-seconds: 7200 # 2 hours | |
aws-region: us-gov-west-1 | |
- name: 2nd Attempt Configure AWS credentials (Gov Cloud) | |
uses: aws-actions/configure-aws-credentials@v4.0.2 | |
if: ${{ steps.login-aws-gov-cloud.outputs.aws-access-key-id == '' }} | |
with: | |
unset-current-credentials: true | |
role-to-assume: ${{ secrets.ECR_GOV_CLOUD_REPO_ROLE }} | |
role-duration-seconds: 7200 # 2 hours | |
aws-region: us-gov-west-1 | |
- name: Login to Amazon ECR (GovCloud) | |
id: login-ecr-gov-cloud | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Validate ECR Repos | |
run: | | |
# If something is wrong with the GovCloud login the GovCloud ECR login will succeed using the standard creds | |
# Make sure we have two different ECR repos to make this clear. | |
if [[ ${{ steps.login-ecr.outputs.registry }} = ${{ steps.login-ecr-gov-cloud.outputs.registry }} ]]; then | |
exit 1 | |
fi | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
# If this workflow runs for a semver that hasn't been released, then we'll fail below. This workflow is only | |
# meant to add the `latest` tag onto an existing release. | |
- name: Determine the version from the tag | |
id: get_ver | |
run: | | |
SEM_VER=$(echo "${{ github.ref }}" | grep -E -o "[0-9]+\.[0-9]+.[0-9]*") | |
if [ -z $SEM_VER ]; then | |
exit 1 | |
fi | |
echo "::set-output name=SEM_VER::$SEM_VER" | |
MAJOR_VERSION=$(echo "$SEM_VER" | grep -E -o "^[0-9]+") | |
echo "::set-output name=MAJOR_VERSION::$MAJOR_VERSION" | |
MINOR_VERSION=$(echo "$SEM_VER" | grep -E -o "^[0-9]+\.[0-9]+") | |
echo "::set-output name=MINOR_VERSION::$MINOR_VERSION" | |
# Right now just pull the image in order to tag it. There might be alternatives: | |
# https://stackoverflow.com/questions/37134929/how-to-tag-image-in-docker-registry-v2/38362476#38362476 (auth unclear) | |
# Use a shared context with original workflow? | |
- name: Pull, Tag, Push FrontEnd | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_GC_REGISTRY: ${{ steps.login-ecr-gov-cloud.outputs.registry }} | |
SEM_VER: ${{ steps.get_ver.outputs.SEM_VER }} | |
MAJOR_VERSION: ${{ steps.get_ver.outputs.MAJOR_VERSION }} | |
MINOR_VERSION: ${{ steps.get_ver.outputs.MINOR_VERSION }} | |
run: | | |
amd_tag=amd64-$SEM_VER | |
arm_tag=arm64-$SEM_VER | |
docker_hub=sublimesec/strelka-frontend | |
ecr=$ECR_REGISTRY/strelka-frontend | |
ecr_gc=$ECR_GC_REGISTRY/strelka-frontend | |
docker manifest create $docker_hub:latest \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:latest \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $ecr_gc:latest \ | |
$ecr_gc:$amd_tag \ | |
$ecr_gc:$arm_tag | |
docker manifest create $docker_hub:$MAJOR_VERSION \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$MAJOR_VERSION \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $ecr_gc:$MAJOR_VERSION \ | |
$ecr_gc:$amd_tag \ | |
$ecr_gc:$arm_tag | |
docker manifest create $docker_hub:$MINOR_VERSION \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$MINOR_VERSION \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $ecr_gc:$MINOR_VERSION \ | |
$ecr_gc:$amd_tag \ | |
$ecr_gc:$arm_tag | |
docker manifest push $docker_hub:latest | |
docker manifest push $ecr:latest | |
docker manifest push $ecr_gc:latest | |
docker manifest push $docker_hub:$MAJOR_VERSION | |
docker manifest push $ecr:$MAJOR_VERSION | |
docker manifest push $ecr_gc:$MAJOR_VERSION | |
docker manifest push $docker_hub:$MINOR_VERSION | |
docker manifest push $ecr:$MINOR_VERSION | |
docker manifest push $ecr_gc:$MAJOR_VERSION | |
- name: Pull, Tag, Push BackEnd | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_GC_REGISTRY: ${{ steps.login-ecr-gov-cloud.outputs.registry }} | |
SEM_VER: ${{ steps.get_ver.outputs.SEM_VER }} | |
MAJOR_VERSION: ${{ steps.get_ver.outputs.MAJOR_VERSION }} | |
MINOR_VERSION: ${{ steps.get_ver.outputs.MINOR_VERSION }} | |
run: | | |
amd_tag=amd64-$SEM_VER | |
arm_tag=arm64-$SEM_VER | |
docker_hub=sublimesec/strelka-backend | |
ecr=$ECR_REGISTRY/strelka-backend | |
ecr_gc=$ECR_GC_REGISTRY/strelka-backend | |
docker manifest create $docker_hub:latest \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:latest \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $ecr_gc:latest \ | |
$ecr_gc:$amd_tag \ | |
$ecr_gc:$arm_tag | |
docker manifest create $docker_hub:$MAJOR_VERSION \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$MAJOR_VERSION \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $ecr_gc:$MAJOR_VERSION \ | |
$ecr_gc:$amd_tag \ | |
$ecr_gc:$arm_tag | |
docker manifest create $docker_hub:$MINOR_VERSION \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$MINOR_VERSION \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $ecr_gc:$MINOR_VERSION \ | |
$ecr_gc:$amd_tag \ | |
$ecr_gc:$arm_tag | |
docker manifest push $docker_hub:latest | |
docker manifest push $ecr:latest | |
docker manifest push $ecr_gc:latest | |
docker manifest push $docker_hub:$MAJOR_VERSION | |
docker manifest push $ecr:$MAJOR_VERSION | |
docker manifest push $ecr_gc:$MAJOR_VERSION | |
docker manifest push $docker_hub:$MINOR_VERSION | |
docker manifest push $ecr:$MINOR_VERSION | |
docker manifest push $ecr_gc:$MAJOR_VERSION | |
- name: Pull, Tag, Push Manager | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_GC_REGISTRY: ${{ steps.login-ecr-gov-cloud.outputs.registry }} | |
SEM_VER: ${{ steps.get_ver.outputs.SEM_VER }} | |
MAJOR_VERSION: ${{ steps.get_ver.outputs.MAJOR_VERSION }} | |
MINOR_VERSION: ${{ steps.get_ver.outputs.MINOR_VERSION }} | |
run: | | |
amd_tag=amd64-$SEM_VER | |
arm_tag=arm64-$SEM_VER | |
docker_hub=sublimesec/strelka-manager | |
ecr=$ECR_REGISTRY/strelka-manager | |
ecr_gc=$ECR_GC_REGISTRY/strelka-manager | |
docker manifest create $docker_hub:latest \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:latest \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $ecr_gc:latest \ | |
$ecr_gc:$amd_tag \ | |
$ecr_gc:$arm_tag | |
docker manifest create $docker_hub:$MAJOR_VERSION \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$MAJOR_VERSION \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $ecr_gc:$MAJOR_VERSION \ | |
$ecr_gc:$amd_tag \ | |
$ecr_gc:$arm_tag | |
docker manifest create $docker_hub:$MINOR_VERSION \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$MINOR_VERSION \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest create $ecr_gc:$MINOR_VERSION \ | |
$ecr_gc:$amd_tag \ | |
$ecr_gc:$arm_tag | |
docker manifest push $docker_hub:latest | |
docker manifest push $ecr:latest | |
docker manifest push $ecr_gc:latest | |
docker manifest push $docker_hub:$MAJOR_VERSION | |
docker manifest push $ecr:$MAJOR_VERSION | |
docker manifest push $ecr_gc:$MAJOR_VERSION | |
docker manifest push $docker_hub:$MINOR_VERSION | |
docker manifest push $ecr:$MINOR_VERSION | |
docker manifest push $ecr_gc:$MAJOR_VERSION | |
- name: Validate All X-Region Replication | |
run: | | |
.github/workflows/check_images_x_region.sh latest | |
if [ $? != 0 ]; then | |
exit 1 | |
fi | |
- name: Slack Notification | |
uses: rtCamp/action-slack-notify@v2 | |
env: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_Z_LOG_DOCKER_BUILDS }} | |
SLACK_TITLE: Strelka Images latest tag updated to ${{ steps.get_ver.outputs.SEM_VER }} |