-
Notifications
You must be signed in to change notification settings - Fork 1
146 lines (125 loc) · 4.86 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: Create Cruise Control release
env:
DOCKERHUB_USER: devopsiaci
DOCKERHUB_REPO: cruise-control
GHCR_REGISTRY: ghcr.io
GHCR_REPO: ${{ github.repository }}
on:
workflow_dispatch:
push:
branches:
- main
paths:
- Dockerfile
jobs:
release:
name: Create tag release
runs-on: ubuntu-latest
strategy:
matrix:
jdk_version: [11, 17]
permissions:
contents: write
packages: write
id-token: write
attestations: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Read tags from Dockerfile
id: current_tag
run: |
# cc_tag
cc_current_tag=$(grep "ARG CC_TAG" Dockerfile | cut -d '=' -f 2)
echo "cc_current_tag=$cc_current_tag" >> $GITHUB_OUTPUT
# cc_ui_tag
cc_ui_current_tag=$(grep "ARG CC_UI_TAG" Dockerfile | cut -d '=' -f 2)
echo "cc_ui_current_tag=$cc_ui_current_tag" >> $GITHUB_OUTPUT
# iam_tag
iam_current_tag=$(grep "ARG AWS_MSK_IAM_AUTH_VERSION" Dockerfile | cut -d '=' -f 2)
echo "iam_current_tag=$iam_current_tag" >> $GITHUB_OUTPUT
# complete tag
echo "complete_tag=jdk${{ matrix.jdk_version }}-cc$cc_current_tag-iam$iam_current_tag" >> $GITHUB_OUTPUT
- name: "Set Docker metadata"
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKERHUB_USER }}/${{ env.DOCKERHUB_REPO }}
${{ env.GHCR_REGISTRY }}/${{ env.GHCR_REPO }}
labels: |
org.opencontainers.image.maintainer=ialejandro
org.opencontainers.image.title=Cruise Control
org.opencontainers.image.description=Cruise Control for Apache Kafka
org.opencontainers.image.vendor=DevOps IA
tags: |
type=raw,value=${{ steps.current_tag.outputs.complete_tag }}
type=sha,enable=false
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: "[DOCKERHUB] Log in to Docker Hub"
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: "[GHCR] Log in to the Container registry"
uses: docker/login-action@v3
with:
registry: ${{ env.GHCR_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: "Build and push Docker image"
id: push
uses: docker/build-push-action@v6
with:
build-args: OPENJDK_VERSION=${{ matrix.jdk_version }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
context: .
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
push: true
sbom: true
tags: ${{ steps.meta.outputs.tags }}
- name: "Update README.md default version"
run: |
# replace default version
sed -i "s/\* Cruise Control: .*/* Cruise Control: \`${{ steps.current_tag.outputs.cc_current_tag }}\`/" README.md
sed -i "s/\* Cruise Control UI: .*/* Cruise Control UI: \`${{ steps.current_tag.outputs.cc_ui_current_tag }}\`/" README.md
sed -i "s/\* AWS IAM Auth: .*/* AWS IAM Auth: \`${{ steps.current_tag.outputs.iam_current_tag }}\`/" README.md
# push changes
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git config --global user.name "github-actions[bot]"
git add README.md
git commit -m "chore: update README.md [skip ci]" || true
git push -f origin HEAD:main
- name: "[DOCKERHUB] Update Docker registry description"
uses: peter-evans/dockerhub-description@v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
repository: ${{ env.DOCKERHUB_USER }}/${{ env.DOCKERHUB_REPO }}
- name: "[GHCR] Generate artifact"
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_REPO }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
- # Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache