Build and Push Docker Images #148
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push Docker Images | |
| # This workflow builds and pushes Docker images on version tags. | |
| # It runs after CI completes successfully and checks if the commit has a version tag. | |
| on: | |
| workflow_run: | |
| workflows: ["CI"] | |
| types: | |
| - completed | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_PREFIX: ghcr.io/varnish | |
| jobs: | |
| check-tag: | |
| runs-on: ubuntu-latest | |
| # Only proceed if CI succeeded and this is a version tag | |
| if: github.event.workflow_run.conclusion == 'success' | |
| outputs: | |
| is-tag: ${{ steps.check.outputs.is_tag }} | |
| tag-name: ${{ steps.check.outputs.tag_name }} | |
| steps: | |
| - name: Check if commit has a version tag | |
| id: check | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const sha = context.payload.workflow_run.head_sha; | |
| core.info(`Checking for tags on commit ${sha}`); | |
| // Get all version tags | |
| const { data: refs } = await github.rest.git.listMatchingRefs({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| ref: 'tags/v' | |
| }); | |
| // Check each tag - need to handle annotated tags | |
| for (const ref of refs) { | |
| let commitSha = ref.object.sha; | |
| // If it's an annotated tag, dereference to get the commit | |
| if (ref.object.type === 'tag') { | |
| const { data: tag } = await github.rest.git.getTag({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| tag_sha: ref.object.sha | |
| }); | |
| commitSha = tag.object.sha; | |
| } | |
| if (commitSha === sha) { | |
| const tagName = ref.ref.replace('refs/tags/', ''); | |
| core.info(`Found tag: ${tagName}`); | |
| core.setOutput('is_tag', 'true'); | |
| core.setOutput('tag_name', tagName); | |
| return; | |
| } | |
| } | |
| core.info('No version tag found for this commit'); | |
| core.setOutput('is_tag', 'false'); | |
| build-operator: | |
| needs: [check-tag] | |
| if: needs.check-tag.outputs.is-tag == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract version | |
| id: version | |
| run: echo "version=$(cat .version)" >> $GITHUB_OUTPUT | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE_PREFIX }}/gateway-operator | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }} | |
| type=raw,value=${{ steps.version.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: docker/operator.Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-chaperone: | |
| needs: [check-tag] | |
| if: needs.check-tag.outputs.is-tag == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract version | |
| id: version | |
| run: echo "version=$(cat .version)" >> $GITHUB_OUTPUT | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE_PREFIX }}/gateway-chaperone | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }} | |
| type=raw,value=${{ steps.version.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: docker/chaperone.Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-varnish: | |
| needs: [check-tag] | |
| if: needs.check-tag.outputs.is-tag == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract version | |
| id: version | |
| run: echo "version=$(cat .version)" >> $GITHUB_OUTPUT | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE_PREFIX }}/varnish-ghost | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }} | |
| type=raw,value=${{ steps.version.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: docker/varnish.Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| publish-helm-chart: | |
| needs: [check-tag] | |
| if: needs.check-tag.outputs.is-tag == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Helm | |
| uses: azure/setup-helm@v4 | |
| with: | |
| version: '3.14.0' | |
| - name: Log in to GitHub Container Registry | |
| run: | | |
| echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin | |
| - name: Extract version | |
| id: version | |
| run: | | |
| VERSION=$(cat .version) | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "chart_version=${VERSION#v}" >> $GITHUB_OUTPUT | |
| - name: Package Helm chart | |
| run: | | |
| helm package charts/varnish-gateway -d dist/charts --version ${{ steps.version.outputs.chart_version }} --app-version ${{ steps.version.outputs.version }} | |
| - name: Push Helm chart to OCI registry | |
| run: | | |
| helm push dist/charts/varnish-gateway-${{ steps.version.outputs.chart_version }}.tgz oci://${{ env.REGISTRY }}/varnish/charts |