Skip to content
.github/workflows/build-and-push.yml

fix(CI): Reduces CI time. Fixes #11768 #3

Sign in to view logs

fix(CI): Reduces CI time. Fixes #11768

fix(CI): Reduces CI time. Fixes #11768 #3

Workflow file for this run

.github/workflows/build-and-push.yml at c70427f
name: Build and Push images

Check failure on line 1 in .github/workflows/build-and-push.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/build-and-push.yml

Invalid workflow file 

(Line: 55, Col: 18): Unrecognized named-value: 'github'. Located at position 1 within expression: github.ref
run-name: Build images
on:
workflow_call:
inputs:
src_branch:
type: string
default: ''
description: 'Source branch to build KFP from'
required: true
target_tag:
type: string
default: 'X.Y.Z'
description: 'Target Image Tag'
required: true
fail_fast:
type: string
default: 'true'
description: 'Stop running entire Workflow if a single build fails'
required: false
overwrite_imgs:
type: string
default: 'true'
description: 'Overwrite images in GHCR if they already exist for this tag.'
required: true
set_latest:
type: string
default: 'true'
description: 'Set latest tag on build images.'
required: true
add_sha_tag:
type: string
default: 'true'
description: 'Add a sha image tag.'
required: false
app_to_build:
type: string
default: ''
description: 'Provide the app name to build'
required: true
image_context:
type: string
default: ''
description: 'Provide the docker file path'
required: true
docker_file:
type: string
default: ''
description: 'Provide the docker file name'
required: true
workflow_dispatch:
inputs:
src_branch:
type: string
default: ${{ github.ref }}
description: 'Source branch to build KFP from'
required: true
target_tag:
type: string
default: 'X.Y.Z'
description: 'Target Image Tag'
required: true
fail_fast:
type: string
default: 'true'
description: 'Stop running entire Workflow if a single build fails'
required: true
overwrite_imgs:
type: string
default: 'true'
description: 'Overwrite images in GHCR if they already exist for this tag.'
required: true
set_latest:
type: string
default: 'true'
description: 'Set latest tag on build images.'
required: true
add_sha_tag:
type: string
default: 'true'
description: 'Add a sha image tag.'
required: false
app_to_build:
type: string
default: ''
description: 'Provide the app name to build'
required: true
image_context:
type: string
default: ''
description: 'Provide the docker file path'
required: true
docker_file:
type: string
default: ''
description: 'Provide the docker file name'
required: true
env:
SOURCE_BRANCH: ${{ inputs.src_branch }}
TARGET_IMAGE_TAG: ${{ inputs.target_tag }}
OVERWRITE_IMAGES: ${{ inputs.overwrite_imgs }}
IMAGE_REGISTRY: ghcr.io
IMAGE_ORG: ${{ github.repository }}
SET_LATEST: ${{ inputs.set_latest }}
ADD_SHA_TAG: ${{ inputs.add_sha_tag }}
jobs:
build-and-push-images:
continue-on-error: false
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
attestations: write
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{env.SOURCE_BRANCH}}
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Check if image tag already exists
id: check_tag
env:
IMAGE: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_ORG }}/${{ inputs.app_to_build }}:${{env.TARGET_IMAGE_TAG}}
OVERWRITE: ${{ env.OVERWRITE_IMAGES }}
run: |
if docker manifest inspect ${IMAGE} > /dev/null 2>&1; then
echo "Image tag already exists!"
if [ "$OVERWRITE" == "false" ]; then
echo "Overwrite is set to false, exiting."
exit 1
else
echo "Overwrite is set to true, proceeding with push."
fi
else
echo "No tag conflict, safe to push."
fi
# This step uses docker/metadata-action to extract tags and labels
# that will be applied to the specified image. The id "meta" allows
# the output of this step to be referenced in a subsequent step.
# The images value provides the base name for the tags and labels.
- name: Extract metadata (tags, labels) for Build
id: meta
uses: docker/metadata-action@v5
if: steps.check_tag.outcome == 'success'
with:
images: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_ORG }}/${{ inputs.app_to_build }}
tags: |
type=raw,value=${{env.TARGET_IMAGE_TAG}}
type=raw,value=latest,enable=${{ env.SET_LATEST == 'true'}}
type=sha,enable=${{ env.ADD_SHA_TAG == 'true' }}
# Build the image. If the build succeeds, it pushes the image to GitHub
# Packages. It uses the context parameter to define the build's context
# as the set of files located in the specified path.
- name: Build and push Image
id: push
uses: docker/build-push-action@v6
if: steps.check_tag.outcome == 'success'
with:
context: ${{ inputs.image_context }}
file: ${{ inputs.docker_file }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# This step generates an artifact attestation for the image,
# which is an unforgeable statement about where and how it was built.
# It increases supply chain security for people who consume the
# image.
# Ref: https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
if: steps.check_tag.outcome == 'success'
with:
subject-name: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_ORG }}/${{ inputs.app_to_build }}
subject-digest: ${{ steps.push.outputs.digest }}