Create ACA Docker Image #62
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create ACA Docker Image | |
on: | |
release: | |
types: [ published ] | |
workflow_dispatch: | |
inputs: | |
also_tag_latest: | |
description: 'Tag latest?' | |
required: false | |
type: boolean | |
env: | |
DOCKERFILE_ROCKY: aca-rocky | |
DOCKERFILE_WINDOWS: aca-windows | |
IMAGE_NAME_ROCKY: ghcr.io/nsacyber/hirs/aca-rocky | |
IMAGE_NAME_WINDOWS: ghcr.io/nsacyber/hirs/aca-windows | |
IMAGE_NAME_WINDOWS_COMPAT: ghcr.io/nsacyber/hirs/aca-windows-1809 | |
PUBLIC_IMAGE_NAME: ghcr.io/nsacyber/hirs/aca | |
PUBLIC_IMAGE_TAG_LATEST: ghcr.io/nsacyber/hirs/aca:latest | |
TAG_LATEST: ${{ github.event_name == 'release' || inputs.also_tag_latest }} # The public docker image will be tagged 'latest' for releases, or if this option is manually selected. | |
jobs: | |
setup: | |
runs-on: ubuntu-latest | |
outputs: | |
IMAGE_TAG: ${{ steps.setenv.outputs.IMAGE_TAG }} | |
ROCKY_IMAGE_TAG: ${{ steps.setenv.outputs.ROCKY_IMAGE_TAG }} | |
WINDOWS_IMAGE_TAG: ${{ steps.setenv.outputs.WINDOWS_IMAGE_TAG }} | |
WINDOWS_COMPAT_IMAGE_TAG: ${{ steps.setenv.outputs.WINDOWS_COMPAT_IMAGE_TAG }} | |
PUBLIC_IMAGE_TAG: ${{ steps.setenv.outputs.PUBLIC_IMAGE_TAG }} | |
steps: | |
- name: Set env | |
id: setenv | |
shell: bash | |
run: | | |
# Parse docker image tag from GitHub tag if available | |
if [ "${{ github.ref_type }}" = "tag" ]; then | |
# tags start with refs/tags/. Also remove v if it exists. | |
export IMAGE_TAG_VAR=${GITHUB_REF:10} | |
export IMAGE_TAG_VAR=${IMAGE_TAG_VAR//v/} | |
else | |
# Not a tag, use the commit hash. Do not tag as latest. | |
export IMAGE_TAG_VAR=${GITHUB_SHA:0:7} | |
fi | |
# To lowercase | |
export IMAGE_TAG_VAR=${IMAGE_TAG_VAR,,} | |
# Save to output | |
echo "IMAGE_TAG=$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" | |
echo "ROCKY_IMAGE_TAG=$IMAGE_NAME_ROCKY:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" | |
echo "WINDOWS_IMAGE_TAG=$IMAGE_NAME_WINDOWS:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" | |
echo "WINDOWS_COMPAT_IMAGE_TAG=$IMAGE_NAME_WINDOWS_COMPAT:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" | |
echo "PUBLIC_IMAGE_TAG=$PUBLIC_IMAGE_NAME:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" | |
- name: Print env | |
run: | | |
echo GITHUB_REF_NAME=${{ github.ref_name }} | |
echo DOCKERFILE_ROCKY=$DOCKERFILE_ROCKY | |
echo DOCKERFILE_WINDOWS=$DOCKERFILE_WINDOWS | |
echo IMAGE_NAME_ROCKY=$IMAGE_NAME_ROCKY | |
echo IMAGE_NAME_WINDOWS=$IMAGE_NAME_WINDOWS | |
echo IMAGE_NAME_WINDOWS_COMPAT=$IMAGE_NAME_WINDOWS_COMPAT | |
echo PUBLIC_IMAGE_NAME=$PUBLIC_IMAGE_NAME | |
echo PUBLIC_IMAGE_TAG_LATEST=$PUBLIC_IMAGE_TAG_LATEST | |
echo TAG_LATEST=$TAG_LATEST | |
echo IMAGE_TAG=${{ steps.setenv.outputs.IMAGE_TAG }} | |
echo ROCKY_IMAGE_TAG=${{ steps.setenv.outputs.ROCKY_IMAGE_TAG }} | |
echo WINDOWS_IMAGE_TAG=${{ steps.setenv.outputs.WINDOWS_IMAGE_TAG }} | |
echo WINDOWS_COMPAT_IMAGE_TAG=${{ steps.setenv.outputs.WINDOWS_COMPAT_IMAGE_TAG }} | |
echo PUBLIC_IMAGE_TAG=${{ steps.setenv.outputs.PUBLIC_IMAGE_TAG }} | |
rocky-image: | |
needs: setup | |
runs-on: ubuntu-latest | |
env: | |
TAG: ${{ needs.setup.outputs.ROCKY_IMAGE_TAG }} | |
steps: | |
- name: Checkout main | |
uses: actions/checkout@v4 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push a release Docker image for ${{ github.repository }} | |
uses: docker/build-push-action@v5 | |
with: | |
context: "{{defaultContext}}:.ci/docker" | |
file: Dockerfile.${{env.DOCKERFILE_ROCKY}} | |
build-args: REF=${{ github.ref_name }} | |
tags: ${{env.TAG}} | |
push: true | |
windows-11-image: | |
needs: setup | |
runs-on: windows-latest | |
env: | |
TAG: ${{ needs.setup.outputs.WINDOWS_IMAGE_TAG }} | |
steps: | |
- name: Checkout main | |
uses: actions/checkout@v4 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build the docker image for ${{ github.repository }} | |
run: | | |
cd ./.ci/docker | |
docker build --build-arg REF=${{ github.ref_name }} -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} . | |
- name: Push the docker image | |
run: | | |
docker push ${{env.TAG}} | |
windows-compat-image: # This job uses a different runner and build arg than the other windows job. | |
needs: setup | |
runs-on: windows-2019 | |
env: | |
TAG: ${{ needs.setup.outputs.WINDOWS_COMPAT_IMAGE_TAG }} | |
steps: | |
- name: Checkout main | |
uses: actions/checkout@v4 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build the docker image for ${{ github.repository }} | |
run: | | |
cd ./.ci/docker | |
docker build --build-arg REF=${{ github.ref_name }} -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} --build-arg BASE_IMAGE_TAG=lts-windowsservercore-1809 . | |
- name: Push the docker image | |
run: | | |
docker push ${{env.TAG}} | |
manifest: | |
needs: [setup, rocky-image, windows-11-image, windows-compat-image] | |
runs-on: ubuntu-latest | |
env: | |
IMAGE1: ${{ needs.setup.outputs.ROCKY_IMAGE_TAG }} | |
IMAGE2: ${{ needs.setup.outputs.WINDOWS_IMAGE_TAG }} | |
IMAGE3: ${{ needs.setup.outputs.WINDOWS_COMPAT_IMAGE_TAG }} | |
PUB: ${{ needs.setup.outputs.PUBLIC_IMAGE_TAG }} | |
steps: | |
- name: Print env | |
run: | | |
echo IMAGE1=${{env.IMAGE1}} | |
echo IMAGE2=${{env.IMAGE2}} | |
echo IMAGE3=${{env.IMAGE3}} | |
echo PUB=${{env.PUB}} | |
- name: Checkout main | |
uses: actions/checkout@v4 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create a new manifest | |
run: | | |
docker manifest create ${{env.PUB}} --amend ${{env.IMAGE1}} --amend ${{env.IMAGE2}} --amend ${{env.IMAGE3}} | |
- name: Push the new manifest | |
run: | | |
docker manifest push ${{env.PUB}} | |
- name: Create and push manifest latest if selected | |
if: env.TAG_LATEST != 'false' | |
run: | | |
docker manifest create $PUBLIC_IMAGE_TAG_LATEST --amend $IMAGE1 --amend $IMAGE2 --amend $IMAGE3 | |
docker manifest push $PUBLIC_IMAGE_TAG_LATEST | |