ci/cd - use gh cache for docker cache and pushes to ghcr.io
This commit is contained in:
bunkerity
parent
9feb66710b
commit
87b4053402
|
|
@ -32,10 +32,6 @@ on:
|
|||
required: true
|
||||
DOCKER_TOKEN:
|
||||
required: true
|
||||
PRIVATE_REGISTRY:
|
||||
required: false
|
||||
PRIVATE_REGISTRY_TOKEN:
|
||||
required: false
|
||||
ARM_SSH_KEY:
|
||||
required: false
|
||||
ARM_SSH_IP:
|
||||
|
|
@ -46,6 +42,8 @@ on:
|
|||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
|
|
@ -78,13 +76,18 @@ jobs:
|
|||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
- name: Login to private repository
|
||||
- name: Login to ghcr
|
||||
if: inputs.PUSH == true
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
username: registry
|
||||
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
registry: ghcr.io
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
# Compute metadata
|
||||
- name: Extract metadata
|
||||
id: meta
|
||||
uses: docker/metadata-action@v4
|
||||
with:
|
||||
images: bunkerity/${{ inputs.IMAGE }}
|
||||
# Build cached image
|
||||
- name: Build image
|
||||
if: inputs.CACHE == true
|
||||
|
|
@ -95,8 +98,9 @@ jobs:
|
|||
platforms: ${{ inputs.ARCH }}
|
||||
load: true
|
||||
tags: local/${{ inputs.IMAGE }}
|
||||
cache-from: type=registry,ref=bunkerity/cache:${{ inputs.IMAGE }}-${{ inputs.RELEASE }}
|
||||
cache-to: type=registry,ref=bunkerity/cache:${{ inputs.IMAGE }}-${{ inputs.RELEASE }},mode=min
|
||||
cache-from: type=gha,scope=${{ inputs.IMAGE }}-${{ inputs.RELEASE }}
|
||||
cache-to: type=gha,scope=${{ inputs.IMAGE }}-${{ inputs.RELEASE }},mode=min
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
# Build non-cached image
|
||||
- name: Build image
|
||||
if: inputs.CACHE != true
|
||||
|
|
@ -107,7 +111,8 @@ jobs:
|
|||
platforms: ${{ inputs.ARCH }}
|
||||
load: ${{ inputs.CACHE_SUFFIX != 'arm' }}
|
||||
tags: local/${{ inputs.IMAGE }}
|
||||
cache-to: type=registry,ref=bunkerity/cache:${{ inputs.IMAGE }}-${{ inputs.RELEASE }}-${{ inputs.CACHE_SUFFIX }},mode=min
|
||||
cache-to: type=gha,scope=${{ inputs.IMAGE }}-${{ inputs.RELEASE }}-${{ inputs.CACHE_SUFFIX }},mode=min
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
# Check OS vulnerabilities
|
||||
- name: Check OS vulnerabilities
|
||||
if: ${{ inputs.CACHE_SUFFIX != 'arm' }}
|
||||
|
|
@ -124,6 +129,7 @@ jobs:
|
|||
# Push image
|
||||
- name: Push image
|
||||
if: inputs.PUSH == true
|
||||
run: docker tag local/${{ inputs.IMAGE }} ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.IMAGE }}-tests:$TAG && docker push ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.IMAGE }}-tests:$TAG
|
||||
run: docker tag local/$IMAGE ghcr.io/bunkerity/$IMAGE:$TAG && docker push ghcr.io/bunkerity/$IMAGE:$TAG
|
||||
env:
|
||||
IMAGE: "${{ inputs.IMAGE }}"
|
||||
TAG: "${{ inputs.RELEASE }}"
|
||||
|
|
|
|||
|
|
@ -31,8 +31,6 @@ jobs:
|
|||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
||||
# Python code security
|
||||
code-security:
|
||||
|
|
@ -64,9 +62,6 @@ jobs:
|
|||
uses: ./.github/workflows/tests-ui.yml
|
||||
with:
|
||||
RELEASE: dev
|
||||
secrets:
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
||||
# Core tests
|
||||
prepare-tests-core:
|
||||
|
|
@ -91,31 +86,41 @@ jobs:
|
|||
with:
|
||||
TEST: ${{ matrix.test }}
|
||||
RELEASE: dev
|
||||
secrets:
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
||||
# Push with dev tag
|
||||
push-dev:
|
||||
needs: [tests-ui, tests-core]
|
||||
runs-on: ubuntu-latest
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
- name: Login to private repository
|
||||
- name: Login to ghcr
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
username: registry
|
||||
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
registry: ghcr.io
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Push BW image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:dev bunkerity/bunkerweb:dev && docker push bunkerity/bunkerweb:dev
|
||||
run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
|
||||
env:
|
||||
FROM: "bunkerweb"
|
||||
TO: "bunkerweb"
|
||||
- name: Push scheduler image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:dev bunkerity/bunkerweb-scheduler:dev && docker push bunkerity/bunkerweb-scheduler:dev
|
||||
run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
|
||||
env:
|
||||
FROM: "scheduler"
|
||||
TO: "bunkerweb-scheduler"
|
||||
- name: Push UI image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/ui-tests:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/ui-tests:dev bunkerity/bunkerweb-ui:dev && docker push bunkerity/bunkerweb-ui:dev
|
||||
run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
|
||||
env:
|
||||
FROM: "ui"
|
||||
TO: "bunkerweb-ui"
|
||||
- name: Push autoconf image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests:dev bunkerity/bunkerweb-autoconf:dev && docker push bunkerity/bunkerweb-autoconf:dev
|
||||
run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
|
||||
env:
|
||||
FROM: "autoconf"
|
||||
TO: "bunkerweb-autoconf"
|
||||
|
|
|
|||
|
|
@ -9,11 +9,6 @@ on:
|
|||
RELEASE:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
PRIVATE_REGISTRY:
|
||||
required: true
|
||||
PRIVATE_REGISTRY_TOKEN:
|
||||
required: true
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
|
|
@ -21,16 +16,10 @@ jobs:
|
|||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Login to private repository
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
username: registry
|
||||
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
- name: Pull BW image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
|
||||
run: docker pull ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
|
||||
- name: Pull Scheduler image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
|
||||
run: docker pull ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
|
||||
# Temp fix "is not connected to the network" until compose v2.19.1 is available
|
||||
- name: Downgrade compose
|
||||
run: |
|
||||
|
|
|
|||
|
|
@ -6,11 +6,6 @@ on:
|
|||
RELEASE:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
PRIVATE_REGISTRY:
|
||||
required: true
|
||||
PRIVATE_REGISTRY_TOKEN:
|
||||
required: true
|
||||
jobs:
|
||||
tests:
|
||||
runs-on: ubuntu-latest
|
||||
|
|
@ -25,11 +20,11 @@ jobs:
|
|||
username: registry
|
||||
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
- name: Pull BW image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
|
||||
run: docker pull ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
|
||||
- name: Pull Scheduler image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
|
||||
run: docker pull ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
|
||||
- name: Pull UI image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/ui-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/ui-tests:${{ inputs.RELEASE }} ui-tests
|
||||
run: docker pull ghcr.io/bunkerity/ui-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/ui-tests:${{ inputs.RELEASE }} ui-tests
|
||||
# Do tests
|
||||
- name: Run tests
|
||||
run: ./tests/ui/tests.sh
|
||||
|
|
|
|||
Loading…
Reference in New Issue