Update docker/build-push-action digest to fdf7f43 #102
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| helm-lint: | |
| name: "Helm Lint" | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-java@v3 | |
| with: | |
| distribution: "zulu" | |
| java-version: "17" | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| - name: Execute Gradle Tasks | |
| uses: gradle/gradle-build-action@v2.8.0 | |
| with: | |
| gradle-version: 8.3 | |
| arguments: k8sResource k8sHelm | |
| - name: Run helm lint | |
| run: helm lint build/jkube/helm/spring-boot-starter-k8s/kubernetes/ | |
| - name: Upload Chart | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: chart | |
| path: build/jkube/helm/spring-boot-starter-k8s/kubernetes/ | |
| retention-days: 7 | |
| java-unit-tests: | |
| name: "Test" | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-java@v3 | |
| with: | |
| distribution: "zulu" | |
| java-version: "17" | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| - name: Execute Gradle Tasks | |
| uses: gradle/gradle-build-action@v2.8.0 | |
| with: | |
| gradle-version: 8.3 | |
| arguments: spotlessCheck test jacocoReport bootJar | |
| - name: Upload Build | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: jar | |
| path: build/libs | |
| retention-days: 7 | |
| - name: Upload Coverage | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: coverage | |
| path: build/jacoco | |
| retention-days: 7 | |
| - name: Upload Coverage Reports | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: coverage-reports | |
| path: build/reports | |
| retention-days: 7 | |
| - name: Output Gradle Version | |
| id: version | |
| run: | | |
| echo "version=$(./gradlew --console=plain -q printVersion)" >> $GITHUB_OUTPUT | |
| build-image: | |
| name: Build Image | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| needs: | |
| - helm-lint | |
| - java-unit-tests | |
| timeout-minutes: 10 | |
| env: | |
| REGISTRY: ghcr.io/bryopsida | |
| IMAGE_NAME: spring-boot-starter-k8s | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-java@v3 | |
| with: | |
| distribution: "zulu" | |
| java-version: "17" | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| - name: Download Artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: jar | |
| path: build/libs/ | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@master | |
| with: | |
| platforms: all | |
| - name: Setup Docker buildx | |
| id: buildx | |
| timeout-minutes: 4 | |
| uses: docker/setup-buildx-action@dedd61cf5d839122591f5027c89bf3ad27691d18 | |
| - name: Log into registry | |
| timeout-minutes: 5 | |
| uses: docker/login-action@b4bedf8053341df3b5a9f9e0f2cf4e79e27360c6 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get Default Branch Name | |
| id: default-branch | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: echo ":name=$(gh repo view --json defaultBranchRef --jq .defaultBranchRef.name) >> $GITHUB_OUTPUT" | |
| - name: Extract Docker metadata | |
| id: meta | |
| timeout-minutes: 5 | |
| uses: docker/metadata-action@6dfb6f1404065e66f9af1a56a7d39ad09efaaf9a | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=schedule | |
| type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', steps.default-branch.outputs.name) }} | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha | |
| type=raw,value={{date 'YYYYMMDD'}}-{{sha}} | |
| type=raw,value=${{ needs.java-unit-tests.outputs.version }} | |
| - name: Build Docker image | |
| id: build | |
| timeout-minutes: 25 | |
| uses: docker/build-push-action@fdf7f43ecf7c1a5c7afe936410233728a8c2d9c2 | |
| with: | |
| context: . | |
| load: true | |
| push: false | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache | |
| cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max | |
| - name: Get Short SHA | |
| id: short-sha | |
| run: | | |
| export SHORT_SHA=$(git rev-parse --short HEAD) | |
| export SHORT_SHA_TAG_ONLY=sha-$SHORT_SHA | |
| echo "sha_short=$SHORT_SHA" >> $GITHUB_OUTPUT | |
| echo "build_tag=$SHORT_SHA_TAG_ONLY" >> $GITHUB_OUTPUT | |
| echo "sha_tag=${{ env.REGISTRY}}/${{ env.IMAGE_NAME }}:sha-$SHORT_SHA" >> $GITHUB_OUTPUT | |
| - name: Scan image | |
| id: scan | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ steps.short-sha.outputs.sha_tag }} | |
| - name: Push image | |
| id: push | |
| timeout-minutes: 60 | |
| uses: docker/build-push-action@fdf7f43ecf7c1a5c7afe936410233728a8c2d9c2 | |
| with: | |
| context: . | |
| builder: ${{ steps.buildx.outputs.name }} | |
| load: false | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache | |
| cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max | |
| platforms: linux/amd64,linux/arm64 | |
| helm-install: | |
| name: Test Install | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-image | |
| - helm-lint | |
| strategy: | |
| matrix: | |
| k8s-version: | |
| - v1.27.4-k3s1 | |
| - v1.26.7-k3s1 | |
| - v1.25.12-k3s1 | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Install K3D | |
| run: wget -q -O - https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash | |
| - name: Start K3D | |
| run: k3d cluster create test-cluster --image rancher/k3s:${{ matrix.k8s-version }} | |
| - name: Log into registry | |
| timeout-minutes: 5 | |
| uses: docker/login-action@b4bedf8053341df3b5a9f9e0f2cf4e79e27360c6 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create Namespace | |
| run: kubectl create namespace test | |
| - name: Create Pull Secret in K3D | |
| run: kubectl --namespace test create secret docker-registry regcred --docker-username=bryopsida --docker-password=$GITHUB_TOKEN --docker-server=ghcr.io | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Download Artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: chart | |
| path: chart/ | |
| - name: Set up chart-testing | |
| uses: helm/chart-testing-action@v2.4.0 | |
| - name: Install | |
| run: ct install --charts chart/ --namespace test | |
| helm-upgrade: | |
| name: Test Upgrade | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-image | |
| - helm-lint | |
| timeout-minutes: 15 | |
| strategy: | |
| matrix: | |
| k8s-version: | |
| - v1.27.4-k3s1 | |
| - v1.26.7-k3s1 | |
| - v1.25.12-k3s1 | |
| steps: | |
| - name: Install K3D | |
| run: wget -q -O - https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash | |
| - name: Start K3D | |
| run: k3d cluster create test-cluster --image rancher/k3s:${{ matrix.k8s-version }} | |
| - name: Log into registry | |
| timeout-minutes: 5 | |
| uses: docker/login-action@b4bedf8053341df3b5a9f9e0f2cf4e79e27360c6 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create Namespace | |
| run: kubectl create namespace test | |
| - name: Create Pull Secret in K3D | |
| run: kubectl --namespace test create secret docker-registry regcred --docker-username=bryopsida --docker-password=$GITHUB_TOKEN --docker-server=ghcr.io | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Download Artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: chart | |
| path: chart/ | |
| - name: Set up chart-testing | |
| uses: helm/chart-testing-action@v2.4.0 | |
| - name: Install | |
| run: ct install --charts chart/ --namespace test |