Build and deploy Bay images #880
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-deploy-bay-images | |
| run-name: Build and deploy Bay images | |
| on: | |
| pull_request: | |
| types: | |
| - closed | |
| - opened | |
| - synchronize | |
| issue_comment: | |
| types: | |
| - created | |
| schedule: | |
| - cron: '23 20 * * 0' | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| jobs: | |
| debug: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get PR branch | |
| if: github.event.issue.pull_request | |
| id: pr-branch | |
| uses: xt0rted/pull-request-comment-branch@v3 | |
| - name: Echo PR Base Branch | |
| run: echo "The base branch for this PR is ${{ toJson(steps.pr-branch.outputs) }}" | |
| buildx: | |
| if: | | |
| github.event.pull_request.merged == true || | |
| contains(fromJson('["schedule", "workflow_dispatch"]'), github.event_name) || | |
| (github.event_name == 'pull_request' && startsWith(github.head_ref,'build/')) || | |
| (github.event.issue.pull_request && contains(github.event.comment.body, '/build')) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| images: ${{ fromJson(vars.IMAGES) }} | |
| steps: | |
| - name: Get PR branch | |
| if: github.event.issue.pull_request | |
| id: pr-branch | |
| uses: xt0rted/pull-request-comment-branch@v3 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - uses: actions/checkout@v4 | |
| if: | | |
| github.event.pull_request.merged == true || | |
| contains(fromJson('["schedule", "workflow_dispatch"]'), github.event_name) || | |
| (github.event_name == 'pull_request' && startsWith(github.head_ref,'build/')) | |
| - uses: actions/checkout@v4 | |
| if: ( github.event.issue.pull_request && contains(github.event.comment.body, '/build') ) | |
| with: | |
| ref: refs/pull/${{ github.event.issue.number }}/head | |
| - name: Login to registry ${{ env.REGISTRY }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ secrets.REGISTRY_USER }} | |
| password: ${{ secrets.REGISTRY_TOKEN }} | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.images }} | |
| context: ${{ github.event.issue.pull_request && 'workflow' || 'git' }} | |
| tags: | | |
| # PR images (not merged): pr-<num> | |
| type=ref,event=pr,enable=${{ github.event.pull_request.merged == false }} | |
| # Tag with the PR base branch name on merge | |
| type=raw,value=${{ github.event.pull_request.base.ref }},enable=${{ github.event.pull_request.merged == true }} | |
| # Manual/scheduled runs tag by branch ref | |
| type=ref,event=branch,enable=${{ contains(fromJson('["schedule", "workflow_dispatch"]'), github.event_name) }} | |
| # Comment-triggered builds: pr-<num> | |
| type=raw,value=pr-${{ github.event.issue.number }},enable=${{ github.event.issue.pull_request != null }} | |
| # Supported release branches - use the fetched branch name for comments | |
| type=raw,value=5.x,enable=${{ github.ref_name == '5.x' || github.event.pull_request.base.ref == '5.x' || steps.pr-branch.outputs.base_ref == '5.x' }} | |
| type=raw,value=6.x,enable=${{ github.ref_name == '6.x' || github.event.pull_request.base.ref == '6.x' || steps.pr-branch.outputs.base_ref == '6.x' }} | |
| type=raw,value=7.x,enable=${{ github.ref_name == '7.x' || github.event.pull_request.base.ref == '7.x' || steps.pr-branch.outputs.base_ref == '7.x' }} | |
| # Always add an immutable sha tag | |
| type=raw,value=sha-${{ github.event.pull_request.head.sha || steps.pr-branch.outputs.head_sha || github.sha }} | |
| labels: | | |
| maintainer=Victorian Department of Government Services | |
| repository=${{ github.repositoryUrl }} | |
| org.opencontainers.image.authors=Victorian Department of Government Services | |
| org.opencontainers.image.source=https://github.com/${{ github.repository }}/tree/${{ (contains(fromJson('["opened","synchronize"]'), github.event.action)) && github.head_ref || github.event.action == 'closed' && github.base_ref || github.ref_name }}/images/${{ matrix.images }}/Dockerfile | |
| org.opencontainers.image.title=${{ matrix.images }} | |
| org.opencontainers.image.description=${{ matrix.images }} image for Bay container platform | |
| - name: Create the AWX-EE context | |
| if: matrix.images == 'awx-ee' | |
| run: | | |
| pip install --upgrade ansible-builder | |
| ansible-builder create \ | |
| --output-filename Dockerfile \ | |
| --verbosity 3 | |
| working-directory: ./images/awx-ee | |
| - name: Upload AWX-EE context for review | |
| if: matrix.images == 'awx-ee' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: awx-ee-context | |
| path: ./images/awx-ee/context | |
| retention-days: 1 | |
| - name: Build and push the images | |
| uses: docker/bake-action@v5 | |
| with: | |
| push: true | |
| source: . | |
| files: | | |
| ./gh-actions-bake.hcl | |
| ${{ steps.meta.outputs.bake-file }} | |
| # Target the default group - probably unnecessary. | |
| targets: ${{ matrix.images }} |