-
Notifications
You must be signed in to change notification settings - Fork 38
151 lines (151 loc) · 6.44 KB
/
build_and_push.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Push to GCR GitHub Action
on:
push:
branches:
- master
pull_request:
branches:
- master
jobs:
# example with Workload Identity Federation
build-and-push-to-gcr-workload-identity:
name: Build & push - with workload identity
runs-on: ubuntu-latest
permissions: # <- this section is needed for workload identity
contents: 'read'
id-token: 'write'
steps:
- uses: actions/checkout@v3
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: projects/331888282073/locations/global/workloadIdentityPools/push-to-gcr-pool/providers/gh-action
service_account: push-to-gcr-storage-object-adm@pro-chesta.iam.gserviceaccount.com
- name: Building and pushing the image
uses: ./
# uses: RafikFarhad/push-to-gcr-github-action@v5-rc1 # <- use this on your workflow
with:
# gcloud_service_key: ${{ secrets.JSON_GCLOUD_SERVICE_ACCOUNT_JSON }} # <- not needed when used with google-github-actions/auth@v2
registry: gcr.io
project_id: pro-chesta
image_name: hello-world-by-push-to-gcr-0
image_tag: test-${{ github.sha }}, ${{ github.sha }}
dockerfile: ./test/Dockerfile.test
context: ./test
target: build
# example with gcloud service account key
build-and-push-to-gcr-service-account:
name: Build & push - with service account
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
credentials_json: '${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }}'
- name: Building and pushing the image
uses: ./
# uses: RafikFarhad/push-to-gcr-github-action@v5-rc1 # <- use this on your workflow
with:
# gcloud_service_key: ${{ secrets.JSON_GCLOUD_SERVICE_ACCOUNT_JSON }} # <- not needed when used with google-github-actions/auth@v2
registry: gcr.io
project_id: pro-chesta
image_name: hello-world-by-push-to-gcr-1
image_tag: test-${{ github.sha }}, ${{ github.sha }}
dockerfile: ./test/Dockerfile.test
context: ./test
target: build
# example with gcloud service account key, except using google-github-actions/auth step. the login is handled by this action
build-and-push-to-gcr-without-gcloud-auth-action:
name: Build & push - without gcloud auth action
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Building and pushing the image
uses: ./
# uses: RafikFarhad/push-to-gcr-github-action@v5-rc1 # <- use this on your workflow
with:
gcloud_service_key: "${{ secrets.JSON_GCLOUD_SERVICE_ACCOUNT_JSON }}"
registry: gcr.io
project_id: pro-chesta
image_name: hello-world-by-push-to-gcr-2
image_tag: test-${{ github.sha }}, ${{ github.sha }}
dockerfile: ./test/Dockerfile.test
context: ./test
target: build
# example with push-only
push-only-image:
name: Push only - with workload identity
runs-on: ubuntu-latest
permissions: # <- this section is needed for workload identity
contents: 'read'
id-token: 'write'
steps:
- uses: actions/checkout@v3
# this step mimics your build step which produce a docker image that will be pushed to gcr
- name: Prepare the image for push_only
run: |
docker build -t gcr.io/pro-chesta/hello-world-by-push-to-gcr-3:${{ github.sha }} --file test/Dockerfile.test test
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: projects/331888282073/locations/global/workloadIdentityPools/push-to-gcr-pool/providers/gh-action
service_account: push-to-gcr-storage-object-adm@pro-chesta.iam.gserviceaccount.com
- name: Pushing the image
uses: ./
# uses: RafikFarhad/push-to-gcr-github-action@v5-rc1 # <- use this on your workflow
with:
# gcloud_service_key: ${{ secrets.JSON_GCLOUD_SERVICE_ACCOUNT_JSON }} # <- not needed when used with google-github-actions/auth@v2
registry: gcr.io
project_id: pro-chesta
image_name: hello-world-by-push-to-gcr-3
image_tag: ${{ github.sha }}
push_only: true
# if you are checking this file to use this action in your project,
# you only need obe of the above steps 👆.
test-images:
name: Test images from registry
needs:
- build-and-push-to-gcr-workload-identity
- build-and-push-to-gcr-service-account
- build-and-push-to-gcr-without-gcloud-auth-action
- push-only-image
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
type: [0, 1, 2, 3]
steps:
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.JSON_GCLOUD_SERVICE_ACCOUNT_JSON }}
- name: Testing the image
run: |
cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin gcr.io
exit $([ "$(docker run gcr.io/pro-chesta/hello-world-by-push-to-gcr-${{ matrix.type }}:${{ github.sha }})" = "Hello World from Push To GCR github action" ])
cleanup:
name: Clean up images
needs:
- build-and-push-to-gcr-workload-identity
- build-and-push-to-gcr-service-account
- build-and-push-to-gcr-without-gcloud-auth-action
- push-only-image
- test-images
if: always()
continue-on-error: true
runs-on: ubuntu-latest
steps:
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.JSON_GCLOUD_SERVICE_ACCOUNT_JSON }}
- name: Delete images
run: |
gcloud container images delete gcr.io/pro-chesta/hello-world-by-push-to-gcr-0:${{ github.sha }} --force-delete-tags --quiet
gcloud container images delete gcr.io/pro-chesta/hello-world-by-push-to-gcr-1:${{ github.sha }} --force-delete-tags --quiet
gcloud container images delete gcr.io/pro-chesta/hello-world-by-push-to-gcr-2:${{ github.sha }} --force-delete-tags --quiet
gcloud container images delete gcr.io/pro-chesta/hello-world-by-push-to-gcr-3:${{ github.sha }} --force-delete-tags --quiet