forked from epam/ai-dial-ci
-
Notifications
You must be signed in to change notification settings - Fork 1
103 lines (98 loc) · 3.86 KB
/
generic_docker_release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
name: Generic Docker Release workflow
on:
workflow_call:
inputs:
bypass_checks:
type: boolean
default: false
description: Do not fail pipeline if checks failed
enable_style_checks:
type: boolean
default: true
description: Enable style_checks
bypass_style_checks:
type: boolean
default: false
description: Do not fail pipeline if style_checks failed
enable_code_checks:
type: boolean
default: true
description: Enable code_checks
bypass_code_checks:
type: boolean
default: false
description: Do not fail pipeline if code_checks failed
enable_ort:
type: boolean
default: true
description: Enable ORT scanning
bypass_ort:
type: boolean
default: false
description: Do not fail pipeline if ORT scan failed
enable_trivy:
type: boolean
default: true
description: Enable Trivy scanning
bypass_trivy:
type: boolean
default: false
description: Do not fail pipeline if Trivy failed
env:
IMAGE_NAME: ${{ github.repository }}
jobs:
test:
uses: ./.github/workflows/generic_docker_test.yml
with:
bypass_checks: ${{ inputs.bypass_checks }}
enable_style_checks: ${{ inputs.enable_style_checks }}
bypass_style_checks: ${{ inputs.bypass_style_checks }}
enable_ort: ${{ inputs.enable_ort }}
bypass_ort: ${{ inputs.bypass_ort }}
calculate_version:
runs-on: ubuntu-latest
outputs:
next_version: ${{ steps.semantic_versioning.outputs.next_version }}
is_latest: ${{ steps.semantic_versioning.outputs.is_latest }}
latest_tag: ${{ steps.semantic_versioning.outputs.latest_tag }}
steps:
- uses: alexey-ban/ai-dial-ci/actions/semantic_versioning@main
id: semantic_versioning
release:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
security-events: write
needs:
- calculate_version
- test
steps:
- uses: alexey-ban/ai-dial-ci/actions/generate_release_notes@main
with:
latest_tag: ${{ needs.calculate_version.outputs.latest_tag }}
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
lfs: true
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
- uses: alexey-ban/ai-dial-ci/actions/build_docker@main
with:
ghcr_username: ${{ github.actor }}
ghcr_password: ${{ secrets.ACTIONS_BOT_TOKEN }}
dockerhub_username: ${{ secrets.DOCKERHUB_LOGIN }}
dockerhub_password: ${{ secrets.DOCKERHUB_TOKEN }}
image_name: ghcr.io/${{ env.IMAGE_NAME }}
image_tag: ${{ needs.calculate_version.outputs.next_version }}
push: true
scan: ${{ inputs.enable_trivy }}
bypass_checks: ${{ inputs.bypass_trivy }}
image_extra_aliases: |
${{ env.IMAGE_NAME }}:${{ needs.calculate_version.outputs.next_version }}
${{ github.ref == 'refs/heads/development' && format('{0}:{1}', env.IMAGE_NAME, 'development') || ''}}
${{ github.ref == 'refs/heads/development' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'development') || ''}}
${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}:{1}', env.IMAGE_NAME, 'latest') || ''}}
${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'latest') || ''}}
- uses: alexey-ban/ai-dial-ci/actions/publish_tag_release@main
with:
tag_version: ${{ needs.calculate_version.outputs.next_version }}
changelog_file: "/tmp/my_changelog" # comes from generate_release_notes step; TODO: beautify