permissions: package: write #460
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-opensearch-dashboards | ||
| on: | ||
| schedule: | ||
| - cron: '0 0 */14 * *' | ||
| workflow_dispatch: | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} | ||
| cancel-in-progress: true | ||
| jobs: | ||
| build: | ||
| name: Build | ||
| runs-on: firecracker | ||
| permissions: | ||
| packages: write | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| tag: [3.4.0, 3.1.0, 2.19.2, 2.19.0, 2.18.0, 2.17.1, 2.16.0, 2.14.0, 2.11.1, 2.8.0, 2.5.0, 2.0.1, 1.3.20, 1.3.19, 1.3.18, 1.3.13, 1.2.0] | ||
| steps: | ||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | ||
| - name: Set up Go | ||
| uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 | ||
| with: | ||
| go-version: '1.25' | ||
| - name: Generate LGTM App token | ||
| id: lgtm-app-token | ||
| uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3 | ||
| with: | ||
| permission-contents: write | ||
| client-id: ${{ secrets.LGTM_APP_CLIENT_ID }} | ||
| private-key: ${{ secrets.LGTM_APP_PRIVATE_KEY }} | ||
| owner: ${{ github.repository_owner }} | ||
| - name: Prepare git | ||
| env: | ||
| LGTM_APP_TOKEN: ${{ steps.lgtm-app-token.outputs.token }} | ||
| run: | | ||
| set -x | ||
| git config --global user.name "1gtm-app[bot]" | ||
| git config --global user.email "3686661+1gtm-app[bot]@users.noreply.github.com" | ||
| git config --global \ | ||
| url."https://x-access-token:${LGTM_APP_TOKEN}@github.com".insteadOf \ | ||
| "https://github.com" | ||
| - name: Set up QEMU | ||
| id: qemu | ||
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | ||
| with: | ||
| cache-image: false | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 | ||
| with: | ||
| platforms: linux/amd64,linux/arm64 | ||
| - uses: imjasonh/setup-crane@5146f708a817ea23476677995bf2133943b9be0b # v0.1 | ||
| - name: Install trivy | ||
| run: | | ||
| # wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb | ||
| # sudo dpkg -i trivy_0.18.3_Linux-64bit.deb | ||
| sudo apt-get install -y --no-install-recommends wget apt-transport-https gnupg lsb-release | ||
| wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - | ||
| echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list | ||
| sudo apt-get update | ||
| sudo apt-get install -y --no-install-recommends trivy | ||
| - name: Log in to the GitHub Container registry | ||
| uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| # - name: Setup upterm session | ||
| # uses: lhotari/action-upterm@v1 | ||
| # https://github.com/appscode-images/opensearch-build/tree/main/docker/release | ||
| - name: Build | ||
| run: | | ||
| git clone https://github.com/appscode-images/opensearch-build.git | ||
| cd opensearch-build | ||
| git checkout opensearch-${{ matrix.tag }} | ||
| cd docker/release | ||
| # Determine which Dockerfile to use based on version | ||
| VERSION="${{ matrix.tag }}" | ||
| MAJOR=$(echo $VERSION | cut -d. -f1) | ||
| MINOR=$(echo $VERSION | cut -d. -f2) | ||
| # Use al2.dockerfile for versions < 2.10, otherwise use al2023.dockerfile | ||
| if [ "$MAJOR" -lt 2 ] || ([ "$MAJOR" -eq 2 ] && [ "$MINOR" -lt 10 ]); then | ||
| DOCKERFILE="./dockerfiles/opensearch-dashboards.al2.dockerfile" | ||
| echo "Using AL2 Dockerfile for version $VERSION (< 2.10)" | ||
| else | ||
| DOCKERFILE="./dockerfiles/opensearch-dashboards.al2023.dockerfile" | ||
| echo "Using AL2023 Dockerfile for version $VERSION (>= 2.10)" | ||
| fi | ||
| ./build-image-multi-arch.sh -v ${{ matrix.tag }} -f $DOCKERFILE -p opensearch-dashboards -a "x64,arm64" -r "ghcr.io/appscode-images/daily/opensearch-dashboards" | ||
| crane cp ghcr.io/appscode-images/daily/opensearch-dashboards:${{ matrix.tag }} ghcr.io/appscode-images/daily/opensearch-dashboards:${{ matrix.tag }}_$(date -u +'%Y%m%d') | ||
| # report: | ||
| # name: Report | ||
| # runs-on: firecracker | ||
| # needs: build | ||
| # if: always() | ||
| # steps: | ||
| # - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | ||
| # - name: Set up Go | ||
| # uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 | ||
| # with: | ||
| # go-version: '1.25' | ||
| # - name: Prepare git | ||
| # env: | ||
| # GITHUB_USER: ${{ github.actor }} | ||
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| # run: | | ||
| # set -x | ||
| # git config --global user.name "${GITHUB_USER}" | ||
| # git config --global user.email "${GITHUB_USER}@appscode.com" | ||
| # git config --global \ | ||
| # url."https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com".insteadOf \ | ||
| # "https://github.com" | ||
| # # git remote set-url origin https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git | ||
| # - name: Set up QEMU | ||
| # id: qemu | ||
| # uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | ||
| # - name: Set up Docker Buildx | ||
| # uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 | ||
| # with: | ||
| # platforms: linux/amd64,linux/arm64 | ||
| # - name: Log in to the GitHub Container registry | ||
| # uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 | ||
| # with: | ||
| # registry: ghcr.io | ||
| # username: ${{ github.actor }} | ||
| # password: ${{ secrets.GITHUB_TOKEN }} | ||
| # - name: Install trivy | ||
| # run: | | ||
| # # wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb | ||
| # # sudo dpkg -i trivy_0.18.3_Linux-64bit.deb | ||
| # sudo apt-get install -y --no-install-recommends wget apt-transport-https gnupg lsb-release | ||
| # wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - | ||
| # echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list | ||
| # sudo apt-get update | ||
| # sudo apt-get install -y --no-install-recommends trivy | ||
| # - name: Build | ||
| # env: | ||
| # SMTP_ADDRESS: ${{ secrets.SMTP_ADDRESS }} | ||
| # SMTP_USERNAME: ${{ secrets.SMTP_USERNAME }} | ||
| # SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }} | ||
| # run: | | ||
| # go run cmd/mail-report/main.go --name=opensearch-dashboards | ||
| # - name: Update repo | ||
| # run: | | ||
| # git add --all | ||
| # if [[ $(git status --porcelain) ]]; then | ||
| # git commit -s -a -m "update opensearch-dashboards images $(date --rfc-3339=date)" | ||
| # git fetch origin | ||
| # # https://git-scm.com/docs/merge-strategies | ||
| # git pull --rebase -s ours origin master | ||
| # git push origin HEAD | ||
| # fi | ||
