Store access levels directly on the reported section (#2265) #2748
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Docker Images | |
on: | |
push: | |
tags: | |
- "*.*.*" | |
branches: | |
- main | |
pull_request: | |
paths: | |
- "Dockerfile*" | |
- "docker/**" | |
- "dockerV2/**" | |
- ".github/workflows/docker-build.yml" | |
- "requirements-all.txt" | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
split-build: | |
name: "Build split Docker images" # Do not rename without updating workflow defined in publish.yml | |
runs-on: ubuntu-latest | |
steps: | |
- name: Maximize build space | |
uses: easimon/maximize-build-space@master | |
with: | |
root-reserve-mb: 1024 | |
swap-size-mb: 20000 | |
overprovision-lvm: 'true' | |
remove-dotnet: 'true' | |
remove-android: 'true' | |
remove-haskell: 'true' | |
remove-docker-images: 'true' | |
remove-codeql: 'true' | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- name: Check free space before build | |
run: | | |
echo "Free space:" | |
df -h | |
- name: Get short commit SHA | |
id: sha | |
run: echo "short=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT | |
- name: Set build platforms | |
id: platform | |
run: | | |
GITHUB_REF="${{ github.ref }}" | |
GITHUB_TAG=${GITHUB_REF##*/} | |
if [ "${{ github.ref_type }}" = tag ]; then | |
echo "targets=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT | |
echo "uitag=latest" >> $GITHUB_OUTPUT | |
if [[ "$GITHUB_TAG" =~ [0-9]([ab]|rc)[0-9]* ]]; then | |
echo "latest=false" >> $GITHUB_OUTPUT | |
else | |
echo "latest=true" >> $GITHUB_OUTPUT | |
fi | |
else | |
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
echo "targets=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT | |
else | |
echo "targets=linux/amd64" >> $GITHUB_OUTPUT | |
fi | |
echo "uitag=edge" >> $GITHUB_OUTPUT | |
echo "latest=false" >> $GITHUB_OUTPUT | |
fi | |
- name: Check short commit SHA and build targets | |
run: | | |
echo ${{ steps.sha.outputs.short }} | |
echo ${{ steps.platform.outputs.targets }} | |
echo ${{ steps.platform.outputs.uitag }} | |
echo ${{ steps.platform.outputs.latest }} | |
- name: Docker fixinventorybase meta | |
id: basemeta | |
uses: docker/metadata-action@v4 | |
with: | |
images: | | |
someengineering/fixinventorybase | |
ghcr.io/someengineering/fixinventorybase | |
flavor: | | |
latest=${{ steps.platform.outputs.latest }} | |
tags: | | |
type=pep440,pattern={{version}} | |
type=pep440,pattern={{major}}.{{minor}} | |
type=pep440,pattern={{major}} | |
type=sha,prefix= | |
type=edge | |
labels: | | |
org.opencontainers.image.title=fixinventorybase | |
org.opencontainers.image.description=Fix Inventory base image | |
org.opencontainers.image.vendor=Some Engineering Inc. | |
- name: Docker fixcore meta | |
if: github.event_name != 'pull_request' | |
id: coremeta | |
uses: docker/metadata-action@v4 | |
with: | |
images: | | |
someengineering/fixcore | |
ghcr.io/someengineering/fixcore | |
flavor: | | |
latest=${{ steps.platform.outputs.latest }} | |
tags: | | |
type=pep440,pattern={{version}} | |
type=pep440,pattern={{major}}.{{minor}} | |
type=pep440,pattern={{major}} | |
type=sha,prefix= | |
type=edge | |
labels: | | |
org.opencontainers.image.title=fixcore | |
org.opencontainers.image.description=Fix Inventory Core | |
org.opencontainers.image.vendor=Some Engineering Inc. | |
- name: Docker fixworker meta | |
if: github.event_name != 'pull_request' | |
id: workermeta | |
uses: docker/metadata-action@v4 | |
with: | |
images: | | |
someengineering/fixworker | |
ghcr.io/someengineering/fixworker | |
flavor: | | |
latest=${{ steps.platform.outputs.latest }} | |
tags: | | |
type=pep440,pattern={{version}} | |
type=pep440,pattern={{major}}.{{minor}} | |
type=pep440,pattern={{major}} | |
type=sha,prefix= | |
type=edge | |
labels: | | |
org.opencontainers.image.title=fixworker | |
org.opencontainers.image.description=Fix Inventory Worker | |
org.opencontainers.image.vendor=Some Engineering Inc. | |
- name: Docker fixmetrics meta | |
if: github.event_name != 'pull_request' | |
id: metricsmeta | |
uses: docker/metadata-action@v4 | |
with: | |
images: | | |
someengineering/fixmetrics | |
ghcr.io/someengineering/fixmetrics | |
flavor: | | |
latest=${{ steps.platform.outputs.latest }} | |
tags: | | |
type=pep440,pattern={{version}} | |
type=pep440,pattern={{major}}.{{minor}} | |
type=pep440,pattern={{major}} | |
type=sha,prefix= | |
type=edge | |
labels: | | |
org.opencontainers.image.title=fixmetrics | |
org.opencontainers.image.description=Fix Inventory Metrics | |
org.opencontainers.image.vendor=Some Engineering Inc. | |
- name: Docker fixshell meta | |
if: github.event_name != 'pull_request' | |
id: shellmeta | |
uses: docker/metadata-action@v4 | |
with: | |
images: | | |
someengineering/fixshell | |
someengineering/resh | |
ghcr.io/someengineering/fixshell | |
ghcr.io/someengineering/resh | |
flavor: | | |
latest=${{ steps.platform.outputs.latest }} | |
tags: | | |
type=pep440,pattern={{version}} | |
type=pep440,pattern={{major}}.{{minor}} | |
type=pep440,pattern={{major}} | |
type=sha,prefix= | |
type=edge | |
labels: | | |
org.opencontainers.image.title=fixshell | |
org.opencontainers.image.description=Fix Inventory Shell (fixsh) | |
org.opencontainers.image.vendor=Some Engineering Inc. | |
- name: Set up QEMU | |
id: qemu | |
uses: docker/setup-qemu-action@v2 | |
with: | |
platforms: arm64,amd64 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Log in to Docker Hub | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_PASS }} | |
- name: Log in to GitHub Container Registry | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push fixinventorybase Docker image | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
file: ./Dockerfile.fixinventorybase | |
platforms: ${{ steps.platform.outputs.targets }} | |
push: ${{ github.event_name != 'pull_request' }} | |
build-args: | | |
UI_IMAGE_TAG=${{ steps.platform.outputs.uitag }} | |
SOURCE_COMMIT=${{ github.sha }} | |
TESTS=false | |
tags: ${{ steps.basemeta.outputs.tags }} | |
labels: ${{ steps.basemeta.outputs.labels }} | |
provenance: false # Temporary workaround for https://github.com/docker/buildx/issues/1533 | |
- name: Build and push fixcore Docker image | |
if: github.event_name != 'pull_request' | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
file: ./Dockerfile.fixcore | |
platforms: ${{ steps.platform.outputs.targets }} | |
push: ${{ github.event_name != 'pull_request' }} | |
build-args: | | |
IMAGE_TAG=${{ steps.sha.outputs.short }} | |
tags: ${{ steps.coremeta.outputs.tags }} | |
labels: ${{ steps.coremeta.outputs.labels }} | |
provenance: false # Temporary workaround for https://github.com/docker/buildx/issues/1533 | |
- name: Build and push fixworker Docker image | |
if: github.event_name != 'pull_request' | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
file: ./Dockerfile.fixworker | |
platforms: ${{ steps.platform.outputs.targets }} | |
push: ${{ github.event_name != 'pull_request' }} | |
build-args: | | |
IMAGE_TAG=${{ steps.sha.outputs.short }} | |
tags: ${{ steps.workermeta.outputs.tags }} | |
labels: ${{ steps.workermeta.outputs.labels }} | |
provenance: false # Temporary workaround for https://github.com/docker/buildx/issues/1533 | |
- name: Build and push fixmetrics Docker image | |
if: github.event_name != 'pull_request' | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
file: ./Dockerfile.fixmetrics | |
platforms: ${{ steps.platform.outputs.targets }} | |
push: ${{ github.event_name != 'pull_request' }} | |
build-args: | | |
IMAGE_TAG=${{ steps.sha.outputs.short }} | |
tags: ${{ steps.metricsmeta.outputs.tags }} | |
labels: ${{ steps.metricsmeta.outputs.labels }} | |
provenance: false # Temporary workaround for https://github.com/docker/buildx/issues/1533 | |
- name: Build and push fixshell Docker image | |
if: github.event_name != 'pull_request' | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
file: ./Dockerfile.fixshell | |
platforms: ${{ steps.platform.outputs.targets }} | |
push: ${{ github.event_name != 'pull_request' }} | |
build-args: | | |
IMAGE_TAG=${{ steps.sha.outputs.short }} | |
tags: ${{ steps.shellmeta.outputs.tags }} | |
labels: ${{ steps.shellmeta.outputs.labels }} | |
provenance: false # Temporary workaround for https://github.com/docker/buildx/issues/1533 | |
- name: Check free space after build | |
run: | | |
echo "Free space:" | |
df -h | |
- name: Trigger workflow in fix-collect-single | |
if: github.event_name != 'pull_request' | |
run: | | |
curl -X POST \ | |
-H "Authorization: token ${{ secrets.SOME_CI_PAT }}" \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
https://api.github.com/repos/someengineering/fix-collect-single/actions/workflows/docker_build.yml/dispatches \ | |
-d '{"ref":"main"}' | |
- name: Authenticate with GitHub CLI | |
if: github.event_name != 'pull_request' | |
run: | | |
gh auth login --with-token <<< "${{ secrets.SOME_CI_PAT }}" | |
- name: Bump tag version | |
if: github.event_name != 'pull_request' | |
env: | |
GITHUB_TOKEN: ${{ secrets.SOME_CI_PAT }} | |
run: | | |
git config --global user.email "[email protected]" | |
git config --global user.name "Some CI" | |
git clone "https://[email protected]/someengineering/setup-infra.git" | |
git_sha="${{ github.sha }}" | |
short_sha="${git_sha:0:7}" | |
echo "Use short SHA: $short_sha" | |
# update the tag | |
cd setup-infra | |
yq eval ".images[] |= select(.name == \"someengineering/fixcore\").newTag |= \"${short_sha}\"" -i argocd/envs/dev/inventory/kustomization.yaml | |
git add . | |
git commit -m "Bump fix-inventory on dev to ${short_sha}" || true | |
git push origin main |