Skip to content

Commit

Permalink
fix: [VIO-3010] Add and use build action
Browse files Browse the repository at this point in the history
  • Loading branch information
@AdamIsrael
AdamIsrael committed Jul 13, 2023
1 parent fd7511c commit dcfb99f
Show file tree
Hide file tree
Showing 3 changed files with 160 additions and 14 deletions.
47 changes: 47 additions & 0 deletions .github/actions/build-pr-image/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
## Build PR Image Action

This Action provides automation for a Docker builder for a PR. An image is then pushed to a given registry.

## Parameters

### Inputs

* `REGISTRY`: The image registry where the action is pulling from. Images can be found in https://hub.docker.com/?namespace=vaporio
* `BUILDERIMAGE`: A base image containing the build tool chain
* `SLIMIMAGE`: A smaller image for deploys
* `DOCKERFILE`: Name of the Dockerfile. Usually just `Dockerfile`
* `USERNAME`: Login user for the image registry
* `PASSWORD`: Password for image registry
* `IMAGENAME`: Name of the image to push into the registry

### Usage

Since this Action is located in a private repo, a step will checkout this repo with a token so then it can be used
in the next step.

```
# .github/workflows/deploy.yml
name: build
on: ['build']
jobs:
image_build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
repository: vapor-ware/workflows
token: ${{ secrets.VIO_REPO_READ }}
ref: main
path: vapor-ware-workflows # Checkouts directory path name for the next step
- uses: ./vapor-ware-workflows/.github/actions/build-pr-image
with:
REGISTRY: docker.io
BUILDERIMAGE: ubuntu:22.04
SLIMIMAGE: ubuntu:22.04
DOCKERFILE: Dockerfile
USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
IMAGENAME: my_image
```
99 changes: 99 additions & 0 deletions .github/actions/build-pr-image/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
name: build pr image
description: build an image for current pr
inputs:
REGISTRY:
required: true
default: "docker.io"
description: registry to use, defaults to docker.io
ORGANIZATION:
required: true
default: "vaporio"
description: organization name used in image
USERNAME:
required: true
PASSWORD:
required: true
BUILDERIMAGE:
required: true
SLIMIMAGE:
required: false
DOCKERFILE:
required: true
IMAGENAME:
required: true
IMAGETAG:
required: false

outputs:
timestamp:
value: ${{ steps.generate-timestamp.outputs.current-timestamp }}
description: timestamp for use in other actions
tag:
value: ${{ steps.generate-tag.outputs.tag }}
description: image tag for use in other actions, defaults to github.event.number
image-archive:
value: ${{ steps.image-archive.outputs.image-archive }}
description: docker image archive of built image
image:
value: ${{ steps.generate-image.outputs.image }}
description: full base image name

runs:
using: composite
steps:
- name: Log in to docker.io
uses: redhat-actions/podman-login@v1.5
with:
registry: ${{ inputs.REGISTRY }}
username: ${{ inputs.USERNAME }}
password: ${{ inputs.PASSWORD }}

- id: generate-image
run: echo "image=$(echo ${{ inputs.REGISTRY }}/${{ inputs.ORGANIZATION }}/${{ inputs.IMAGENAME }})" >> $GITHUB_OUTPUT
shell: bash

- id: generate-timestamp
run: echo "current-timestamp=$(date +%Y-%m-%dT%H:%M:%S)" >> $GITHUB_OUTPUT
shell: bash

- id: generate-tag
run: echo "tag=$(echo pr.${{ inputs.IMAGETAG || github.event.number }})" >> $GITHUB_OUTPUT
shell: bash

- name: Pull builder image
run: podman pull ${{ inputs.BUILDERIMAGE }}
shell: bash

- name: Pull slim image
run: podman pull ${{ inputs.SLIMIMAGE }}
if: ${{ inputs.SLIMIMAGE }}
shell: bash

- name: build image
run: |
podman build . \
-f ${{ inputs.DOCKERFILE }} \
--format docker \
--label org.opencontainers.image.created=${{ steps.generate-timestamp.outputs.timestamp }} \
--label org.opencontainers.image.revision=${{ github.sha }} \
--label org.opencontainers.image.version=${{ github.ref_name }} \
--label io.vapor.image.build.number=${{ github.run_id }} \
--label io.vapor.image.build.ref=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} \
--label io.vapor.image.build.id=${{ github.base_ref }} \
--label io.vapor.image.build.branch=${{ github.event.pull_request.head.ref }} \
-t ${{ steps.generate-image.outputs.image }}:${{ steps.generate-tag.outputs.tag }}
shell: bash

- name: save image
run: |
podman save --quiet -o ${{ inputs.IMAGENAME }}.tar ${{ steps.generate-image.outputs.image }}:${{ steps.generate-tag.outputs.tag }}
shell: bash

- id: image-archive
run: echo "image-archive=$(echo docker-archive:${{ inputs.IMAGENAME }}.tar)" >> $GITHUB_OUTPUT
shell: bash

- name: push image
run: |
podman push ${{ steps.generate-image.outputs.image }}:${{ steps.generate-tag.outputs.tag }}
shell: bash
28 changes: 14 additions & 14 deletions .github/workflows/build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,15 @@ jobs:
steps:
- uses: actions/checkout@v3

- name: Checkout vapor-ware workflows
uses: actions/checkout@v3
with:
repository: vapor-ware/workflows
token: ${{ secrets.GITHUB_TOKEN }}
ref: main
path: vapor-ware-workflows
# - name: Checkout vapor-ware workflows
# uses: actions/checkout@v3
# with:
# repository: vapor-ware/workflows
# token: ${{ secrets.GITHUB_TOKEN }}
# ref: main
# path: vapor-ware-workflows

- uses: ./vapor-ware-workflows/.github/actions/build-pr-image
- uses: ./.github/actions/build-pr-image
id: build-env
with:
REGISTRY: docker.io
Expand All @@ -30,9 +30,9 @@ jobs:
PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
IMAGENAME: synse-server

- uses: ./vapor-ware-workflows/.github/actions/scan-image
id: scan-image
with:
image: ${{ steps.build-env.outputs.image-archive }}
fail-build: false
severity-cutoff: high
# - uses: ./vapor-ware-workflows/.github/actions/scan-image
# id: scan-image
# with:
# image: ${{ steps.build-env.outputs.image-archive }}
# fail-build: false
# severity-cutoff: high

0 comments on commit dcfb99f

Please sign in to comment.