Update to DSE 6.9.5 (#1807) #951
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# @author Ivan Senic | |
name: Publish Docker Image | |
# runs on | |
# * every push on the "main" | |
# * manual trigger | |
on: | |
push: | |
branches: [ "main" ] | |
workflow_dispatch: | |
# global env vars, available in all jobs and steps | |
env: | |
MAVEN_OPTS: '-Xmx4g' | |
# Jobs structure: | |
# | |
# 1. Runs unit tests | |
# 2. Then 2 jobs in parallel | |
# a) Integration tests with docker image | |
jobs: | |
# builds and pushes the docker image | |
main: | |
name: Main | |
runs-on: ubuntu-latest | |
# matrix props: | |
strategy: | |
matrix: | |
type: [ docker ] | |
include: | |
- type: docker | |
profile: '' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: '21' | |
cache: maven | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.ECR_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.ECR_SECRET_KEY }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
mask-password: 'true' | |
- name: Build and push (Amazon ECR) | |
run: | | |
./mvnw -B -ntp clean package -DskipTests -Dquarkus.container-image.build=true -Dquarkus.docker.buildx.platform=linux/amd64,linux/arm64 -Dquarkus.container-image.push=true -Dquarkus.container-image.registry=${{ secrets.ECR_REPOSITORY }} -Dquarkus.container-image.tag=${{ github.sha }} -Dquarkus.container-image.additional-tags='' ${{ matrix.profile }} | |
- name: Build and push image for profiling (Amazon ECR) | |
run: | | |
./mvnw -B -ntp clean package -DskipTests -Dquarkus.container-image.build=true -Dquarkus.docker.buildx.platform=linux/amd64,linux/arm64 -Dquarkus.container-image.push=true -Dquarkus.container-image.registry=${{ secrets.ECR_REPOSITORY }} -Dquarkus.container-image.tag=${{ github.sha }} -Dquarkus.container-image.additional-tags='' -Dquarkus.container-image.name=jsonapi-profiling -Dquarkus.docker.dockerfile-jvm-path=src/main/docker/Dockerfile-profiling.jvm ${{ matrix.profile }} | |
# signs docker image with cosign | |
sign: | |
name: Sign image | |
needs: [main] | |
runs-on: ubuntu-latest | |
# matrix props: | |
strategy: | |
matrix: | |
image: [jsonapi ] | |
env: | |
# not a newest version, this reflects riptano action target version | |
COSIGN_VERSION: v1.9.0 | |
steps: | |
- name: Install Cosign | |
uses: sigstore/cosign-installer@main | |
with: | |
cosign-release: ${COSIGN_VERSION} | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.ECR_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.ECR_SECRET_KEY }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
mask-password: 'true' | |
- name: Sign a docker image | |
shell: bash | |
env: | |
COSIGN_IMAGE: ${{ secrets.ECR_REPOSITORY }}/stargateio/${{ matrix.image }}:${{ github.sha }} | |
COSIGN_PRIVATE_BASE64: ${{ secrets.COSIGN_PRIVATE_BASE64 }} | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
COSIGN_KEY_FILE: _cosign_key_ | |
AUX_KEY: signedby | |
AUX_VALUE: stargate | |
run: | | |
echo $COSIGN_PRIVATE_BASE64 | base64 --decode > $COSIGN_KEY_FILE | |
echo "=== signing image [$COSIGN_IMAGE] ..." | |
cosign sign --key $COSIGN_KEY_FILE -a $AUX_KEY=$AUX_VALUE $COSIGN_IMAGE | |
- name: Sign profiling docker image | |
shell: bash | |
env: | |
COSIGN_IMAGE: ${{ secrets.ECR_REPOSITORY }}/stargateio/${{ matrix.image }}-profiling:${{ github.sha }} | |
COSIGN_PRIVATE_BASE64: ${{ secrets.COSIGN_PRIVATE_BASE64 }} | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
COSIGN_KEY_FILE: _cosign_key_ | |
AUX_KEY: signedby | |
AUX_VALUE: stargate | |
run: | | |
echo $COSIGN_PRIVATE_BASE64 | base64 --decode > $COSIGN_KEY_FILE | |
echo "=== signing image [$COSIGN_IMAGE] ..." | |
cosign sign --key $COSIGN_KEY_FILE -a $AUX_KEY=$AUX_VALUE $COSIGN_IMAGE |