diff --git a/.github/workflows/ci-docker.yaml b/.github/workflows/ci-docker.yaml index 558fd94..59b54d1 100644 --- a/.github/workflows/ci-docker.yaml +++ b/.github/workflows/ci-docker.yaml @@ -19,52 +19,21 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 - - uses: hadolint/hadolint-action@v3.1.0 - with: - dockerfile: Dockerfile - build-docker: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Docker meta - id: docker_meta - uses: docker/metadata-action@v5 - with: - images: inseefrlab/s3-operator # list of Docker images to use as base name for tags - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to DockerHub - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - id: build_push - uses: docker/build-push-action@v6 + - uses: hadolint/hadolint-action@v3.1.0 with: - context: . - file: ./Dockerfile - push: ${{ github.event_name != 'pull_request' }} - # Use tags computed before - tags: | - ${{ steps.docker_meta.outputs.tags }} - labels: ${{ steps.docker_meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 + dockerfile: Dockerfile - - name: Image digest - run: echo ${{ steps.build_push.outputs.digest }} + build-and-publish-docker: + needs: lint-docker + uses: ./.github/workflows/publish.yaml + permissions: + id-token: write + contents: read + with: + ref: ${{ github.ref }} + image-tag: ${{ github.ref }} + secrets: + registry_username: ${{ secrets.DOCKERHUB_USERNAME }} + registry_password: ${{ secrets.DOCKERHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 0000000..33700bb --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,61 @@ +name: Reusable workflow to publish docker image + +on: + workflow_call: + inputs: + ref: + required: false + default: main + type: string + image-tag: + required: false + type: string + secrets: + registry_username: + required: true + registry_password: + required: true + +jobs: + build-and-publish-docker: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 # Ensure full history + ref: ${{ github.event.inputs.source_ref }} + + - name: Docker meta + id: docker_meta + uses: docker/metadata-action@v5 + with: + images: inseefrlab/s3-operator # list of Docker images to use as base name for tags + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + username: ${{ github.event.secrets.registry_username }} + password: ${{ github.event.secrets.registry_password }} + + - name: Build and push + id: build_push + uses: docker/build-push-action@v6 + with: + context: . + file: ./Dockerfile + push: ${{ github.event_name != 'pull_request' }} + tags: | + ${{ github.event.inputs.image-tag }} + labels: ${{ steps.docker_meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + + - name: Image digest + run: echo ${{ steps.build_push.outputs.digest }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yml similarity index 54% rename from .github/workflows/release.yaml rename to .github/workflows/release.yml index b2660df..2d640b0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yml @@ -15,48 +15,70 @@ on: default: false type: boolean + name: Make release jobs: - tags: + + create-release-branch: runs-on: ubuntu-latest permissions: - id-token: write - contents: write - repository-projects: write + contents: write # Allows pushing branches steps: - - name: Checkout + - name: Checkout repository uses: actions/checkout@v4 with: - fetch-depth: 0 + fetch-depth: 0 # Ensure full history + ref: ${{ github.event.inputs.source_ref }} - name: Configure Git run: | git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: Tag branch + - name: Create and push new branch env: VERSION: ${{ github.event.inputs.version }} run: | - git tag -f -a ${VERSION} -m "Release ${VERSION}." - git push -f origin ${VERSION} + NEW_BRANCH="release-${VERSION}" + git checkout -b $NEW_BRANCH + git push origin $NEW_BRANCH + + + + + build-and-publish-docker: + needs: + - create-release-branch + uses: ./.github/workflows/publish.yaml + permissions: + id-token: write + contents: read + with: + ref: ${{ github.ref }} + image-tag: ${{ github.event.inputs.version }} + secrets: + registry_username: ${{ secrets.DOCKERHUB_USERNAME }} + registry_password: ${{ secrets.DOCKERHUB_TOKEN }} release: name: Make release runs-on: ubuntu-latest needs: - - tags + - create-release-branch steps: + - name: Checkout code uses: actions/checkout@v4 + - name: Create Release id: create_release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: softprops/action-gh-release@v2 with: tag_name: ${{ github.event.inputs.version }} - release_name: Release ${{ github.event.inputs.version }} + name: Release ${{ github.event.inputs.version }} draft: false prerelease: ${{ github.event.inputs.pre_release }} + token: ${{ secrets.GITHUB_TOKEN }} + generate_release_notes: true + append_body: true \ No newline at end of file