Skip to content

Update to DSE 6.9.5 (#1807) #951

Update to DSE 6.9.5 (#1807)

Update to DSE 6.9.5 (#1807) #951

# @author Ivan Senic
name: Publish Docker Image
# runs on
# * every push on the "main"
# * manual trigger
on:
push:
branches: [ "main" ]
workflow_dispatch:
# global env vars, available in all jobs and steps
env:
MAVEN_OPTS: '-Xmx4g'
# Jobs structure:
#
# 1. Runs unit tests
# 2. Then 2 jobs in parallel
# a) Integration tests with docker image
jobs:
# builds and pushes the docker image
main:
name: Main
runs-on: ubuntu-latest
# matrix props:
strategy:
matrix:
type: [ docker ]
include:
- type: docker
profile: ''
steps:
- uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'
cache: maven
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.ECR_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.ECR_SECRET_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
mask-password: 'true'
- name: Build and push (Amazon ECR)
run: |
./mvnw -B -ntp clean package -DskipTests -Dquarkus.container-image.build=true -Dquarkus.docker.buildx.platform=linux/amd64,linux/arm64 -Dquarkus.container-image.push=true -Dquarkus.container-image.registry=${{ secrets.ECR_REPOSITORY }} -Dquarkus.container-image.tag=${{ github.sha }} -Dquarkus.container-image.additional-tags='' ${{ matrix.profile }}
- name: Build and push image for profiling (Amazon ECR)
run: |
./mvnw -B -ntp clean package -DskipTests -Dquarkus.container-image.build=true -Dquarkus.docker.buildx.platform=linux/amd64,linux/arm64 -Dquarkus.container-image.push=true -Dquarkus.container-image.registry=${{ secrets.ECR_REPOSITORY }} -Dquarkus.container-image.tag=${{ github.sha }} -Dquarkus.container-image.additional-tags='' -Dquarkus.container-image.name=jsonapi-profiling -Dquarkus.docker.dockerfile-jvm-path=src/main/docker/Dockerfile-profiling.jvm ${{ matrix.profile }}
# signs docker image with cosign
sign:
name: Sign image
needs: [main]
runs-on: ubuntu-latest
# matrix props:
strategy:
matrix:
image: [jsonapi ]
env:
# not a newest version, this reflects riptano action target version
COSIGN_VERSION: v1.9.0
steps:
- name: Install Cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: ${COSIGN_VERSION}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.ECR_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.ECR_SECRET_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
mask-password: 'true'
- name: Sign a docker image
shell: bash
env:
COSIGN_IMAGE: ${{ secrets.ECR_REPOSITORY }}/stargateio/${{ matrix.image }}:${{ github.sha }}
COSIGN_PRIVATE_BASE64: ${{ secrets.COSIGN_PRIVATE_BASE64 }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_KEY_FILE: _cosign_key_
AUX_KEY: signedby
AUX_VALUE: stargate
run: |
echo $COSIGN_PRIVATE_BASE64 | base64 --decode > $COSIGN_KEY_FILE
echo "=== signing image [$COSIGN_IMAGE] ..."
cosign sign --key $COSIGN_KEY_FILE -a $AUX_KEY=$AUX_VALUE $COSIGN_IMAGE
- name: Sign profiling docker image
shell: bash
env:
COSIGN_IMAGE: ${{ secrets.ECR_REPOSITORY }}/stargateio/${{ matrix.image }}-profiling:${{ github.sha }}
COSIGN_PRIVATE_BASE64: ${{ secrets.COSIGN_PRIVATE_BASE64 }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_KEY_FILE: _cosign_key_
AUX_KEY: signedby
AUX_VALUE: stargate
run: |
echo $COSIGN_PRIVATE_BASE64 | base64 --decode > $COSIGN_KEY_FILE
echo "=== signing image [$COSIGN_IMAGE] ..."
cosign sign --key $COSIGN_KEY_FILE -a $AUX_KEY=$AUX_VALUE $COSIGN_IMAGE