Add reusable github actions

mozilla · Nov 11, 2024 · 89e4382 · 89e4382
1 parent 148d994
commit 89e4382
Show file tree

Hide file tree

Showing 3 changed files with 202 additions and 0 deletions.
diff --git a/.github/actions/context/action.yml b/.github/actions/context/action.yml
@@ -0,0 +1,131 @@
+name: 'Dump Context'
+description: 'Display context for action run'
+
+outputs:
+  # All github action outputs are strings, even if set to "true"
+  # so when using these values always assert against strings or convert from json
+  # \$\{{ needs.context.outputs.is_fork == 'true' }} // true
+  # \$\{{ fromJson(needs.context.outputs.is_fork) == false }} // true
+  # \$\{{ needs.context.outputs.is_fork == true }} // false
+  # \$\{{ needs.context.outputs.is_fork }} // false
+  is_fork:
+    description: ""
+    value: ${{ steps.context.outputs.is_fork }}
+  is_default_branch:
+    description: ""
+    value: ${{ steps.context.outputs.is_default_branch }}
+  is_release_master:
+    description: ""
+    value: ${{ steps.context.outputs.is_release_master }}
+  is_release_tag:
+    description: ""
+    value: ${{ steps.context.outputs.is_release_tag }}
+  docker_version:
+    description: ""
+    value: ${{ steps.context.outputs.docker_version }}
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Dump GitHub context
+      shell: bash
+      env:
+        GITHUB_CONTEXT: ${{ toJson(github) }}
+      run: echo "$GITHUB_CONTEXT"
+    - name: Dump job context
+      shell: bash
+      env:
+        JOB_CONTEXT: ${{ toJson(job) }}
+      run: echo "$JOB_CONTEXT"
+    - name: Dump steps context
+      shell: bash
+      env:
+        STEPS_CONTEXT: ${{ toJson(steps) }}
+      run: echo "$STEPS_CONTEXT"
+    - name: Dump runner context
+      shell: bash
+      env:
+        RUNNER_CONTEXT: ${{ toJson(runner) }}
+      run: echo "$RUNNER_CONTEXT"
+    - name: Dump env context
+      shell: bash
+      env:
+        ENV_CONTEXT: ${{ toJson(env) }}
+      run: |
+        echo "$ENV_CONTEXT"
+    - name: Dump inputs context
+      shell: bash
+      env:
+        INPUTS_CONTEXT: ${{ toJson(inputs) }}
+      run: |
+        echo "$INPUTS_CONTEXT"
+
+    - name: Set context
+      id: context
+      env:
+        # The default branch of the repository, in this case "master"
+        default_branch: ${{ github.event.repository.default_branch }}
+      shell: bash
+      run: |
+        event_name="${{ github.event_name }}"
+        event_action="${{ github.event.action }}"
+
+        # Stable check for if the workflow is running on the default branch
+        # https://stackoverflow.com/questions/64781462/github-actions-default-branch-variable
+        is_default_branch="${{ format('refs/heads/{0}', env.default_branch) == github.ref }}"
+
+        # In most events, the epository refers to the head which would be the fork
+        is_fork="${{ github.event.repository.fork }}"
+        # Default version is the branch name
+        docker_version="${{ github.ref_name }}"
+
+        # This is different in a pull_request where we need to check the head explicitly
+        if [[ "${{ github.event_name }}" == 'pull_request' ]]; then
+          # repository on a pull request refers to the base which is always mozilla/<repsotory>
+          is_head_fork="${{ github.event.pull_request.head.repo.fork }}"
+          # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
+          is_dependabot="${{ github.actor == 'dependabot[bot]' }}"
+
+          # For PRs we need to reference the head branch
+          docker_version="${{ github.head_ref }}"
+
+          # If the head repository is a fork or if the PR is opened by dependabot
+          # we consider the run to be a fork. Dependabot and proper forks are treated
+          # the same in terms of limited read only github token scope
+          if [[ "$is_head_fork" == 'true' || "$is_dependabot" == 'true' ]]; then
+            is_fork="true"
+          fi
+        fi
+
+        is_release_master="false"
+        is_release_tag="false"
+
+        # Releases can only happen if we are NOT on a fork
+        if [[ "$is_fork" == 'false' ]]; then
+          # A master release occurs on a push to the default branch of the origin repository
+          if [[ "$event_name" == 'push' && "$is_default_branch" == 'true' ]]; then
+            is_release_master="true"
+
+            # If we are releasing master, we tag latest
+            docker_version="latest"
+          fi
+
+          # A tag release occurs when a release is published
+          if [[ "$event_name" == 'release' && "$event_action" == 'published' ]]; then
+            is_release_tag="true"
+
+            # If we are releasing a tag, we tag the docker version as the git tag
+            docker_version="${{ github.event.release.tag_name }}"
+          fi
+        fi
+
+        echo "is_default_branch=$is_default_branch" >> $GITHUB_OUTPUT
+        echo "is_fork=$is_fork" >> $GITHUB_OUTPUT
+        echo "is_release_master=$is_release_master" >> $GITHUB_OUTPUT
+        echo "is_release_tag=$is_release_tag" >> $GITHUB_OUTPUT
+        echo "docker_version=$docker_version" >> $GITHUB_OUTPUT
+        echo "git_build_url=$git_repo_url/actions/runs/${{ github.run_id }}" >> $GITHUB_OUTPUT
+        echo "git_sha=${{ github.sha }}" >> $GITHUB_OUTPUT
+
+        echo "event_name: $event_name"
+        cat $GITHUB_OUTPUT
diff --git a/.github/actions/login-docker/action.yml b/.github/actions/login-docker/action.yml
@@ -0,0 +1,37 @@
+name: Login to dockerhub
+description: Login to dockerhub and return image configuration for building
+
+inputs:
+  username:
+    required: true
+    description: The docker username
+  password:
+    required: true
+    description: The docker password
+
+outputs:
+  registry:
+    description: The dockerhub registry
+    value: ${{ steps.context.outputs.registry }}
+  image:
+    description: The dockerhub image to push to
+    value: ${{ steps.context.outputs.image }}
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Set Context
+      id: context
+      shell: bash
+      run: |
+        echo "registry=docker.io" >> $GITHUB_OUTPUT
+        echo "image=${{ github.repository }}" >> $GITHUB_OUTPUT
+
+    - name: Login to Dockerhub
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ steps.context.outputs.registry }}
+        username: ${{ inputs.username }}
+        password: ${{ inputs.password }}
+
+
diff --git a/.github/actions/login-gar/action.yml b/.github/actions/login-gar/action.yml
@@ -0,0 +1,34 @@
+name: Login to Google Aritfact Registry
+description: Login to GAR and return image configuration for building
+
+inputs:
+  service_account:
+    required: true
+    description: The service account used for GCP
+  workload_identity_provider:
+    required: true
+    description: The workloadd
+  registry:
+    required: true
+    description: The GAR registry
+
+runs:
+  using: 'composite'
+  steps:
+    - name: get the GCP auth token
+      id: gcp-auth
+      uses: google-github-actions/auth@v2
+      with:
+        token_format: access_token
+        service_account: ${{ inputs.service_account }}
+        workload_identity_provider: ${{ inputs.workload_identity_provider }}
+
+    - name: login to GAR
+      if: steps.gcp-auth.outcome == 'success'
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ inputs.registry }}
+        username: oauth2accesstoken
+        password: ${{ steps.gcp-auth.outputs.access_token }}
+
+