Merge pull request #78 from open-horizon/security_77 #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Name of the workflow | |
name: build-push | |
# This workflow triggers on any push (or merge) to the listed branch(es) | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
# Variables available to all jobs | |
env: | |
IMAGE_REPO: ${{ vars.DOCKERHUB_REPO }} | |
GITHUB_CONTAINER_REGISTRY: ghcr.io/${{ github.repository_owner }} | |
RUN_NUMBER: ${{ github.run_number }} | |
RUN_NUMBER_OFFSET: ${{ vars.RUN_NUMBER_OFFSET }} | |
# Jobs that will run when the workflow is triggered | |
jobs: | |
# Build and pushes to Dockerhub | |
build-push: | |
runs-on: ubuntu-20.04 | |
# Environment variables available to all steps | |
env: | |
GOPATH: ${{ github.workspace }}/go | |
REPO_DIR: ${{ github.workspace }}/go/src/github.com/${{ github.repository }} | |
IMAGE_NAME: amd64_vault | |
BINARY_NAME: hznvaultauth | |
# Executed sequentially when job runs | |
steps: | |
- name: Check User Set Variables | |
run: | | |
if [[ -z "$DOCKER_USER" ]]; then \ | |
echo "::error::Secret DOCKER_USER was not set"; \ | |
exit 1; \ | |
fi | |
if [[ -z "$DOCKER_TOKEN" ]]; then \ | |
echo "::error::Secret DOCKER_TOKEN was not set"; \ | |
exit 1; \ | |
fi | |
if [[ -z "$IMAGE_REPO" ]]; then \ | |
echo "::error::Variable DOCKERHUB_REPO was not set"; \ | |
exit 1; \ | |
fi | |
if [[ -z "$RUN_NUMBER_OFFSET" ]]; then \ | |
echo "::error::Variable RUN_NUMBER_OFFSET was not set"; \ | |
exit 1; \ | |
fi | |
env: | |
DOCKER_USER: ${{ secrets.DOCKER_USER }} | |
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} | |
# Offset our version build number to prevent collisions | |
- name: Offset Build Number | |
id: offset | |
run: | | |
echo "BUILD_NUMBER=$(($RUN_NUMBER + $RUN_NUMBER_OFFSET))" >> "$GITHUB_OUTPUT" | |
# Upgrade Docker engine version, needed for building images. | |
- name: Install Latest Docker Version | |
run: | | |
sudo apt-get purge docker-ce docker-ce-cli containerd.io runc containerd moby-buildx moby-cli moby-compose moby-containerd moby-engine moby-runc | |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - | |
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | |
sudo apt-get update | |
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin | |
# Authenticate Dockerhub to allow pushing to our image repo | |
- name: Login to Dockerhub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_USER }} | |
password: ${{ secrets.DOCKER_TOKEN }} | |
# Authenticate GHCR to allow pushing to our alternate image registry | |
- name: Login to Github Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
# Checkout our Github repo | |
- name: Checkout Github Repo | |
uses: actions/checkout@v2 | |
with: | |
path: go/src/github.com/${{ github.repository }} | |
# Prepare the environment | |
- name: Set up golang 1.21 | |
uses: actions/setup-go@v2 | |
with: | |
go-version: '1.21' | |
check-latest: true | |
# Configure version variables for later steps, stored in our workflow env. variables | |
- name: Config Version Variables | |
id: config-version | |
run: | | |
cd ${REPO_DIR} | |
echo "VERSION=$(sed -n 's/^VERSION ?= //p' Makefile | cut -d '$' -f 1)" >> $GITHUB_OUTPUT | |
# Compile Vault and Build Docker Images | |
- name: Compile and Build Docker Images | |
run: | | |
cd ${REPO_DIR} | |
make clean | |
make | |
env: | |
VERSION: '${{ steps.config-version.outputs.VERSION }}-${{ steps.offset.outputs.BUILD_NUMBER }}' | |
DOCKER_INAME: '${{ env.IMAGE_REPO }}/${{ env.IMAGE_NAME }}' | |
# Push Docker Images to Dockerhub | |
- name: Push Image to Dockerhub | |
run: | | |
if [[ $GITHUB_REF == 'refs/heads/master' ]]; then \ | |
docker tag ${IMAGE_REPO}/${IMAGE_NAME}:${VERSION} ${IMAGE_REPO}/${IMAGE_NAME}:testing && \ | |
docker push ${IMAGE_REPO}/${IMAGE_NAME}:testing; \ | |
docker tag ${IMAGE_REPO}/${IMAGE_NAME}:${VERSION} ${GITHUB_CONTAINER_REGISTRY}/${IMAGE_NAME}:testing && \ | |
docker push ${GITHUB_CONTAINER_REGISTRY}/${IMAGE_NAME}:testing; \ | |
fi | |
env: | |
VERSION: '${{ steps.config-version.outputs.VERSION }}-${{ steps.offset.outputs.BUILD_NUMBER }}' |