Bump crazy-max/ghaction-import-gpg from 3 to 6 #74
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build-vpnclient-deployer | |
on: | |
pull_request: | |
types: [ opened, synchronize, reopened, closed ] | |
branches: [ main, master ] | |
paths: | |
- '.github/workflows/build-release-vpnc-deployer.yml' | |
- 'cli/CHANGELOG-VPNC-DEPLOYER.md' | |
- 'cli/ansible/**' | |
- '!cli/ansible/*.md' | |
push: | |
branches: [ main, master ] | |
tags: | |
- 'vpnc-deployer/v*' | |
paths: | |
- '.github/workflows/build-release-vpnc-deployer.yml' | |
- 'cli/CHANGELOG-VPNC-DEPLOYER.md' | |
- 'cli/ansible/**' | |
- '!cli/ansible/*.md' | |
env: | |
APP_CODE: vpnc-deployer | |
APP_IMAGE: playio-vpnc-deployer | |
APP_FOLDER: cli/ansible | |
PLATFORMS: linux/amd64 | |
ANSIBLE_VERSION: 2.9-tools | |
DOCKER_WORKDIR: cli/ansible | |
DOCKER_FILE: cli/ansible/docker/vpnc-deployer.Dockerfile | |
DOCKER_USERNAME: beeio | |
DOCKER_IMAGE: playio/vpnc-deployer | |
GHCR_IMAGE: ghcr.io/play-iot/vpnc-deployer | |
TAG_PREFIX: vpnc-deployer/v | |
BRAND_VERSION: v2 | |
BRAND_REPO: play-iot/brand | |
CLI_APP_CODE: vpnc-deployer-cli | |
CLI_APP_IMAGE: playio-vpnc-deployer-cli | |
CLI_ARGBASH_VERSION: 2.10.0 | |
CLI_DOCKER_FILE: cli/ansible/docker/vpnc-deployer-cli.Dockerfile | |
jobs: | |
context: | |
runs-on: ubuntu-latest | |
outputs: | |
branch: ${{ steps.context.outputs.branch }} | |
shouldBuild: ${{ steps.context.outputs.decision_build }} | |
shouldPublish: ${{ steps.context.outputs.decision_publish }} | |
isRelease: ${{ steps.context.outputs.isTag }} | |
afterRelease: ${{ steps.context.outputs.isAfterMergedReleasePR }} | |
sha: ${{ steps.context.outputs.shortCommitId }} | |
version: ${{ steps.context.outputs.version }} | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
token: ${{ secrets.BEEIO_CI_TOKEN }} | |
- name: Import GPG key | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
git-user-signingkey: true | |
git-commit-gpgsign: true | |
git-tag-gpgsign: true | |
git-push-gpgsign: false | |
gpg-private-key: ${{ secrets.OSS_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.OSS_GPG_PASSPHARSE }} | |
- name: Project context | |
id: context | |
uses: zero88/[email protected] | |
with: | |
mustSign: true | |
nextVerMode: PATCH | |
tagPrefix: ${{ env.TAG_PREFIX }} | |
releaseBranchPrefix: release/${{ env.APP_CODE }}/ | |
mergedReleaseMsgRegex: "^Merge pull request #[0-9]+ from .+/release/${{ env.APP_CODE }}/.+$" | |
patterns: | | |
${{ env.APP_FOLDER }}/version.py::(APP_VERSION\s?=\s?)(')([^']+)(')::2 | |
build: | |
runs-on: ubuntu-latest | |
needs: context | |
if: needs.context.outputs.shouldBuild == 'true' | |
services: | |
registry: | |
image: zero88/gh-registry:latest | |
ports: | |
- 5000:5000 | |
options: >- | |
-v /home/runner:/var/lib/registry | |
--name registry | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Inject brand | |
run: | | |
docker run --rm -v /tmp:/tmp zero88/ghrd:latest -a "banner.txt" -r ${{ env.BRAND_VERSION }} -o /tmp ${{ env.BRAND_REPO }} | |
mv /tmp/banner.txt ${{ env.APP_FOLDER }}/docker | |
- name: Inject Hash version | |
run: | | |
hash_ver="${{ needs.context.outputs.sha }}" | |
[[ ${{ needs.context.outputs.isRelease }} == 'true' ]] || hash_ver="$hash_ver-${{ needs.context.outputs.branch }}" | |
sed -i "s/dev/${hash_ver//\//-}/" ${{ env.APP_FOLDER }}/version.py | |
- name: Cache Docker layers | |
uses: actions/cache@v2 | |
with: | |
path: /home/runner/docker | |
key: ${{ runner.os }}-${{ env.APP_IMAGE }}-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.APP_IMAGE }}- | |
- name: Validate cache | |
run: | | |
docker buildx imagetools inspect localhost:5000/${{ env.APP_IMAGE }}:buildcache || echo "Not Found" | |
- name: Docker meta | |
id: docker_meta | |
uses: crazy-max/ghaction-docker-meta@v2 | |
with: | |
images: ${{ env.GHCR_IMAGE }},${{ env.DOCKER_IMAGE }} | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=sha | |
type=match,pattern=${{ env.APP_CODE }}-v(.*),group=1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
driver-opts: network=host | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.BEEIO_CI_TOKEN }} | |
- name: Login to Docker Hub Registry | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ secrets.BEEIO_CI_DOCKERHUB }} | |
- name: Docker build | |
uses: docker/build-push-action@v2 | |
with: | |
context: ${{ env.DOCKER_WORKDIR }} | |
file: ${{ env.DOCKER_FILE }} | |
platforms: ${{ env.PLATFORMS }} | |
build-args: | | |
BASE_IMAGE_VERSION=${{ env.ANSIBLE_VERSION }} | |
APP_VERSION=${{ needs.context.outputs.version }} | |
COMMIT_SHA=${{ needs.context.outputs.sha }} | |
cache-from: type=registry,ref=localhost:5000/${{ env.APP_IMAGE }}:buildcache | |
cache-to: type=registry,ref=localhost:5000/${{ env.APP_IMAGE }}:buildcache,mode=max | |
tags: ${{ steps.docker_meta.outputs.tags }} | |
labels: ${{ steps.docker_meta.outputs.labels }} | |
pull: true | |
push: true | |
- name: Build CLI tool | |
uses: docker/build-push-action@v2 | |
with: | |
context: ${{ env.DOCKER_WORKDIR }} | |
file: ${{ env.CLI_DOCKER_FILE }} | |
platforms: ${{ env.PLATFORMS }} | |
build-args: | | |
BASE_IMAGE_VERSION=${{ env.CLI_ARGBASH_VERSION }} | |
cache-from: type=registry,ref=localhost:5000/${{ env.CLI_APP_IMAGE }}:buildcache | |
cache-to: type=registry,ref=localhost:5000/${{ env.CLI_APP_IMAGE }}:buildcache,mode=max | |
tags: localhost:5000/${{ env.CLI_APP_IMAGE }}:build | |
pull: true | |
push: true | |
- name: Copy CLI tool | |
run: | | |
docker create --name ${{ env.CLI_APP_IMAGE }} localhost:5000/${{ env.CLI_APP_IMAGE }}:build | |
docker cp ${{ env.CLI_APP_IMAGE }}:/app/${{ env.CLI_APP_CODE }} /tmp/${{ env.CLI_APP_CODE }} | |
docker rm -f ${{ env.CLI_APP_IMAGE }} | |
chmod +x /tmp/${{ env.CLI_APP_CODE }} | |
- name: Upload CLI tool | |
uses: actions/upload-artifact@v2 | |
with: | |
name: ${{ env.CLI_APP_CODE }} | |
path: /tmp/${{ env.CLI_APP_CODE }} | |
retention-days: 2 | |
- name: Cleanup Docker build cache if any | |
run: | | |
docker buildx imagetools inspect localhost:5000/${{ env.APP_IMAGE }}:buildcache || echo "Not Found" | |
echo "======================================================" | |
docker buildx prune --filter until=72h --keep-storage 3GB -f | |
- name: Create Release | |
if: needs.context.outputs.isRelease == 'true' | |
uses: softprops/action-gh-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ env.TAG_PREFIX }}${{ needs.context.outputs.version }} | |
name: Release VPNC deployer v${{ needs.context.outputs.version }} | |
draft: false | |
prerelease: false | |
files: /tmp/${{ env.CLI_APP_CODE }} |