diff --git a/.github/workflows/ci-docker.yaml b/.github/workflows/ci-docker.yaml index 558fd94..3a1dc2f 100644 --- a/.github/workflows/ci-docker.yaml +++ b/.github/workflows/ci-docker.yaml @@ -19,52 +19,21 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 - - uses: hadolint/hadolint-action@v3.1.0 - with: - dockerfile: Dockerfile - build-docker: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Docker meta - id: docker_meta - uses: docker/metadata-action@v5 - with: - images: inseefrlab/s3-operator # list of Docker images to use as base name for tags - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to DockerHub - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - id: build_push - uses: docker/build-push-action@v6 + - uses: hadolint/hadolint-action@v3.1.0 with: - context: . - file: ./Dockerfile - push: ${{ github.event_name != 'pull_request' }} - # Use tags computed before - tags: | - ${{ steps.docker_meta.outputs.tags }} - labels: ${{ steps.docker_meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 + dockerfile: Dockerfile - - name: Image digest - run: echo ${{ steps.build_push.outputs.digest }} + build-and-publish-docker: + needs: lint-docker + uses: ./.github/workflows/publish.yaml + permissions: + id-token: write + contents: read + with: + ref: ${{ github.ref }} + image_tag: ${{ github.ref }} + secrets: + registry_username: ${{ secrets.DOCKERHUB_USERNAME }} + registry_password: ${{ secrets.DOCKERHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 0000000..d4b9ae1 --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,66 @@ +name: Reusable workflow to publish docker image + +on: + workflow_call: + inputs: + ref: + required: false + default: main + type: string + image_tag: + required: false + type: string + secrets: + registry_username: + required: true + registry_password: + required: true + +jobs: + build-and-publish-docker: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 # Ensure full history + ref: ${{ github.event.inputs.source_ref }} + + - name: Docker meta + id: docker_meta + uses: docker/metadata-action@v5 + with: + images: inseefrlab/s3-operator # list of Docker images to use as base name for tags + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + username: ${{ secrets.registry_username }} + password: ${{ secrets.registry_password }} + + - name: Build and push + id: build_push + uses: docker/build-push-action@v6 + with: + context: . + file: ./Dockerfile + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.docker_meta.outputs.tags }} + labels: ${{ steps.docker_meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + + - name: Image digest + run: echo ${{ steps.build_push.outputs.digest }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b2660df..74a5c41 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -15,11 +15,38 @@ on: default: false type: boolean + name: Make release jobs: + + create-branch: + runs-on: ubuntu-latest + permissions: + contents: write # Allows pushing branches + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 # Ensure full history + ref: ${{ github.event.inputs.source_ref }} + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Create and push new branch + env: + VERSION: ${{ github.event.inputs.version }} + run: | + NEW_BRANCH="release-${VERSION}" + git checkout -b $NEW_BRANCH + git push origin $NEW_BRANCH + tags: runs-on: ubuntu-latest + needs: create-branch permissions: id-token: write contents: write @@ -29,6 +56,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + ref: ${{ github.event.inputs.source_ref }} - name: Configure Git run: | @@ -46,17 +74,20 @@ jobs: name: Make release runs-on: ubuntu-latest needs: - - tags + - create-release-branch steps: + - name: Checkout code uses: actions/checkout@v4 + - name: Create Release id: create_release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: softprops/action-gh-release@v2 with: tag_name: ${{ github.event.inputs.version }} - release_name: Release ${{ github.event.inputs.version }} + name: Release ${{ github.event.inputs.version }} draft: false prerelease: ${{ github.event.inputs.pre_release }} + token: ${{ secrets.GITHUB_TOKEN }} + generate_release_notes: true + append_body: true \ No newline at end of file