Merge pull request #54 from kachick/remove-staging-suffix #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Containers | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| branches: [main] | |
| paths: | |
| - '**Containerfile' | |
| - '.containerignore' | |
| - '.github/workflows/containers.yml' | |
| pull_request: | |
| paths: | |
| - '**Containerfile' | |
| - '.containerignore' | |
| - '.github/workflows/containers.yml' | |
| workflow_dispatch: | |
| jobs: | |
| # podman can handle lowercase. So normalize the outputs | |
| get-meta: | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 5 | |
| outputs: | |
| started_at: ${{ steps.timestamp.outputs.started_at }} | |
| ref_tag: ${{ steps.tags.outputs.ref }} | |
| special_tag: ${{ steps.tags.outputs.special }} | |
| timestamp_tag: ${{ steps.tags.outputs.timestamp }} | |
| steps: | |
| - name: Get started timestamp | |
| id: timestamp | |
| run: | | |
| # Do not use ":" delimiter as iso-8601/rfc-3339, it cannot be used in container tag | |
| echo started_at="$(date --utc '+%Y%m%d-%H%M%S-%Z')" | ruby -pe '$_.downcase!' | tee -a "$GITHUB_OUTPUT" | |
| - name: Generate tags for the image | |
| id: tags | |
| # https://github.com/orgs/community/discussions/26557#discussioncomment-3252327 | |
| run: | | |
| echo "timestamp=${{ steps.timestamp.outputs.started_at }}" | tee -a "$GITHUB_OUTPUT" | |
| special='' | |
| ref='' | |
| if [ '${{ github.event_name }}' = 'pull_request' ]; then | |
| special='pr-${{ github.event.number }}-${{ github.event.pull_request.head.sha }}' | |
| ref='${{ github.event.pull_request.head.sha }}' | |
| elif [ '${{ github.event_name }}' = 'push' ] && [ '${{ github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| special='latest' | |
| ref='${{ github.sha }}' | |
| else | |
| exit 1 | |
| fi | |
| echo "special=${special}" | tee -a "$GITHUB_OUTPUT" | |
| echo "ref=${ref}" | tee -a "$GITHUB_OUTPUT" | |
| ubuntu-nix-sudoer: | |
| needs: [get-meta] | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| outputs: | |
| package-json: ${{ steps.inspect-package.outputs.json }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install gh-action-escape | |
| run: curl -fsSL https://raw.githubusercontent.com/kachick/gh-action-escape/main/scripts/install-in-github-action.sh | sh -s v0.2.0 | |
| - name: Build Image | |
| id: build-image | |
| uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 #v2.13 | |
| with: | |
| image: ubuntu-nix-sudoer | |
| tags: ${{ needs.get-meta.outputs.special_tag }} ${{ needs.get-meta.outputs.ref_tag }} ${{ needs.get-meta.outputs.timestamp_tag }} | |
| containerfiles: | | |
| ./images/ubuntu-nix-sudoer/Containerfile | |
| build-args: | | |
| username=user | |
| oci: true | |
| - name: Inspect the created image | |
| run: 'podman inspect ${{ steps.build-image.outputs.image }}' | |
| - name: Push To ghcr.io | |
| id: push-to-ghcr | |
| if: ${{ github.actor == github.repository_owner }} | |
| uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c #v2.8 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ghcr.io/${{ github.repository_owner }} | |
| username: ${{ github.repository_owner }} | |
| password: ${{ github.token }} | |
| - name: Log outputs | |
| if: ${{ github.event_name != 'pull_request' }} | |
| run: echo "${{ toJSON(steps.push-to-ghcr.outputs) }}" | |
| - name: Inspect the package | |
| id: inspect-package | |
| if: ${{ github.actor == github.repository_owner }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -euxo pipefail | |
| echo "${{ toJSON(steps.push-to-ghcr.outputs) }}" | |
| gh api --paginate \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| /users/${{ github.repository_owner }}/packages/container/ubuntu-nix-sudoer/versions \ | |
| --jq '.[] | select(.name == "${{ steps.push-to-ghcr.outputs.digest }}")' | \ | |
| jq | gh-action-escape -name=json | tee -a "$GITHUB_OUTPUT" | |
| ubuntu-nix-systemd: | |
| needs: [get-meta] | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| outputs: | |
| package-json: ${{ steps.inspect-package.outputs.json }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install gh-action-escape | |
| run: curl -fsSL https://raw.githubusercontent.com/kachick/gh-action-escape/main/scripts/install-in-github-action.sh | sh -s v0.2.0 | |
| - name: Build Image | |
| id: build-image | |
| uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 #v2.13 | |
| with: | |
| image: ubuntu-nix-systemd | |
| tags: ${{ needs.get-meta.outputs.special_tag }} ${{ needs.get-meta.outputs.ref_tag }} ${{ needs.get-meta.outputs.timestamp_tag }} | |
| containerfiles: | | |
| ./images/ubuntu-nix-systemd/Containerfile | |
| oci: true | |
| - name: Inspect the created image | |
| run: 'podman inspect ${{ steps.build-image.outputs.image }}' | |
| - name: Push To ghcr.io | |
| id: push-to-ghcr | |
| if: ${{ github.actor == github.repository_owner }} | |
| uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c #v2.8 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ghcr.io/${{ github.repository_owner }} | |
| username: ${{ github.repository_owner }} | |
| password: ${{ github.token }} | |
| - name: Log outputs | |
| if: ${{ github.event_name != 'pull_request' }} | |
| run: echo "${{ toJSON(steps.push-to-ghcr.outputs) }}" | |
| - name: Inspect the package | |
| id: inspect-package | |
| if: ${{ github.actor == github.repository_owner }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -euxo pipefail | |
| echo "${{ toJSON(steps.push-to-ghcr.outputs) }}" | |
| gh api --paginate \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| /users/${{ github.repository_owner }}/packages/container/ubuntu-nix-systemd/versions \ | |
| --jq '.[] | select(.name == "${{ steps.push-to-ghcr.outputs.digest }}")' | \ | |
| jq | gh-action-escape -name=json | tee -a "$GITHUB_OUTPUT" | |
| announce-staging: | |
| needs: [get-meta, ubuntu-nix-systemd, ubuntu-nix-sudoer] | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Prepare git to run gh commands | |
| uses: actions/checkout@v4 | |
| - name: Post comments | |
| if: ${{ (github.actor == github.repository_owner) && (github.event_name == 'pull_request') }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| ( | |
| cat <<'EOF' | |
| ⬢🦭 Staging container-image has been deployed 🚀\ | |
| You can check in package URL | |
| * systemd: https://github.com/${{ github.repository }}/pkgs/container/ubuntu-nix-systemd/${{ fromJson(needs.ubuntu-nix-systemd.outputs.package-json).id }}?tag=${{ needs.get-meta.outputs.special_tag }} | |
| * sudoer: https://github.com/${{ github.repository }}/pkgs/container/ubuntu-nix-sudoer/${{ fromJson(needs.ubuntu-nix-sudoer.outputs.package-json).id }}?tag=${{ needs.get-meta.outputs.special_tag }} | |
| This image will be automatically 🤖 removed from ghcr.io 🗑️ if you merged/closed this PR 😌 | |
| EOF | |
| ) | gh pr comment ${{ github.event.number }} --body-file - |