Daily build #603
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Github workflow that rebuilds already released images | |
name: Daily build | |
on: | |
schedule: | |
- cron: "0 1 * * 1-5" | |
workflow_dispatch: | |
inputs: | |
image_repo: | |
type: choice | |
description: "Target image repository for built images" | |
default: mongodb/mongodb-atlas-kubernetes-operator-prerelease | |
required: true | |
options: | |
- mongodb/mongodb-atlas-kubernetes-operator-prerelease | |
- mongodb/mongodb-atlas-kubernetes-operator | |
releases: | |
type: string | |
description: "Custom list of releases to rebuild" | |
default: "" | |
required: false | |
jobs: | |
read-versions: | |
name: Read config file | |
runs-on: ubuntu-latest | |
outputs: | |
date: ${{ steps.set-date.outputs.date }} | |
releases: ${{ steps.releases.outputs.releases }} | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
fetch-depth: 0 | |
- name: Set date | |
id: set-date | |
run: | | |
DATE=$(date +'%Y-%m-%d') | |
echo date=${DATE} >> $GITHUB_OUTPUT | |
- name: Releases | |
id: releases | |
run: | | |
if [ "${{ github.event.inputs.releases }}" == "" ]; then | |
echo "Computing supported releases..." | |
git fetch --tags | |
echo "releases=$(./scripts/supported-releases.sh)" | tee -a $GITHUB_OUTPUT | |
else | |
echo "Formatting ${{ github.event.inputs.releases }} as JSON array" | |
json_releases=$(echo "${{ github.event.inputs.releases }}" |tr "," "\n" |xargs -n1 |awk '{print "\""$1"\""}' |tr "\n" "," |sed 's/,$//' |awk '{print "["$1"]"}') | |
echo "releases=$json_releases" | tee -a $GITHUB_OUTPUT | |
fi | |
build-and-publish-image: | |
environment: release | |
runs-on: ubuntu-latest | |
needs: | |
- read-versions | |
env: | |
IMAGE_REPOSITORY: ${{ github.event.inputs.image_repo || 'mongodb/mongodb-atlas-kubernetes-operator' }} | |
QUAY_ROBOT_NAME: mongodb+mongodb_atlas_kubernetes | |
PLATFORMS: "linux/arm64,linux/amd64" | |
strategy: | |
matrix: | |
version: ${{ fromJSON(needs.read-versions.outputs.releases) }} | |
steps: | |
- name: Print daily tag | |
id: daily-tag | |
run: | | |
DAILY_TAG="${{ matrix.version }}-${{needs.read-versions.outputs.date}}" | |
echo "daily-tag=${DAILY_TAG}" >> $GITHUB_OUTPUT | |
- name: Rebuild ${{matrix.version}} | |
run: | | |
echo "Building ${{matrix.version}} version" | |
- name: Check out code | |
uses: actions/checkout@v4 | |
with: | |
ref: "v${{ matrix.version }}" | |
submodules: true | |
fetch-depth: 0 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: "${{ github.workspace }}/go.mod" | |
cache: false | |
- name: Setup cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-build-${{ hashFiles('**/go.sum', '**/go.mod') }} | |
- name: Download go build dependencies | |
shell: bash | |
run: | | |
go mod download | |
- name: Choose Dockerfile | |
id: pick-dockerfile | |
run: | | |
if test -f "fast.Dockerfile"; then | |
echo "dockerfile=fast.Dockerfile" >> $GITHUB_OUTPUT | |
else | |
echo "dockerfile=Dockerfile" >> $GITHUB_OUTPUT | |
fi | |
- name: Check signing supported | |
id: check-signing-support | |
run: | | |
if test -f "./scripts/sign-multiarch.sh"; then | |
echo "sign=true" >> $GITHUB_OUTPUT | |
else | |
echo "sign=false" >> $GITHUB_OUTPUT | |
fi | |
- name: Build all platforms & check version | |
if: steps.pick-dockerfile.outputs.dockerfile == 'fast.Dockerfile' | |
run: | | |
make all-platforms VERSION=${{ matrix.version }} | |
# not all versiions Makefiles support the version check | |
if make |grep -q check-version; then | |
echo "Checking version..." | |
make check-version VERSION=${{ matrix.version }} | |
else | |
echo "Skipped version check" | |
fi | |
- name: "Set up Docker Buildx" | |
uses: docker/setup-buildx-action@v3 | |
with: | |
platforms: ${{ env.PLATFORMS }} | |
- name: Login to docker registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Login to quay.io registry | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ env.QUAY_ROBOT_NAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: Build and push operator to the DockerHub (daily-tag & release-tag) | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ${{ steps.pick-dockerfile.outputs.dockerfile }} | |
build-args: VERSION=${{ matrix.version }} | |
platforms: ${{ env.PLATFORMS }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
push: true | |
sbom: true | |
tags: | | |
${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }} | |
${{ env.IMAGE_REPOSITORY }}:${{ matrix.version }} | |
quay.io/${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }} | |
quay.io/${{ env.IMAGE_REPOSITORY }}:${{ matrix.version }} | |
- name: Login to artifactory.corp.mongodb.com | |
if: steps.check-signing-support.outputs.sign == 'true' | |
uses: docker/login-action@v3 | |
with: | |
registry: artifactory.corp.mongodb.com | |
username: ${{ secrets.MDB_ARTIFACTORY_USERNAME }} | |
password: ${{ secrets.MDB_ARTIFACTORY_PASSWORD }} | |
- name: Sign images | |
if: steps.check-signing-support.outputs.sign == 'true' | |
env: | |
PKCS11_URI: ${{ secrets.PKCS11_URI }} | |
GRS_USERNAME: ${{ secrets.GRS_USERNAME }} | |
GRS_PASSWORD: ${{ secrets.GRS_PASSWORD }} | |
run: | | |
make sign IMG="${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }}" SIGNATURE_REPO=${{ env.IMAGE_REPOSITORY }} | |
make sign IMG="quay.io/${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }}" SIGNATURE_REPO=${{ env.IMAGE_REPOSITORY }} | |
make sign IMG="${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }}" SIGNATURE_REPO=mongodb/signatures | |
- name: Self-verify images | |
if: steps.check-signing-support.outputs.sign == 'true' | |
env: | |
PKCS11_URI: ${{ secrets.PKCS11_URI }} | |
GRS_USERNAME: ${{ secrets.GRS_USERNAME }} | |
GRS_PASSWORD: ${{ secrets.GRS_PASSWORD }} | |
run: | | |
make verify IMG="${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }}" SIGNATURE_REPO=${{ env.IMAGE_REPOSITORY }} | |
make verify IMG="quay.io/${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }}" SIGNATURE_REPO=${{ env.IMAGE_REPOSITORY }} | |
make verify IMG="${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }}" SIGNATURE_REPO=mongodb/signatures |