diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 18f054c..6ac9e6d 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -4,11 +4,10 @@ # # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners +# Default owners +* @bitwarden/team-secrets-manager-dev + # Workflows ownership -.github/workflows/build_ghcr.yml @bitwarden/dept-bre -.github/workflows/build.yml @bitwarden/dept-bre -.github/workflows/bump_version.yml @bitwarden/dept-bre -.github/workflows/release.yml @bitwarden/dept-bre .github/workflows/release.yml @bitwarden/dept-bre ## Dockerfile shared ownership diff --git a/.github/workflows/build-ghcr.yml b/.github/workflows/build-ghcr.yml deleted file mode 100644 index 26c243e..0000000 --- a/.github/workflows/build-ghcr.yml +++ /dev/null @@ -1,108 +0,0 @@ -name: Build for GitHub Container Registry - -on: - push: - branches: - - "main" - workflow_dispatch: - -permissions: - contents: read - packages: read - -jobs: - build-docker: - name: Build Docker images - runs-on: ubuntu-22.04 - env: - _GHCR_REGISTRY: ghcr.io/bitwarden - _PROJECT_NAME: sm-operator - - steps: - - name: Check out repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - - - name: Log in to GitHub Container Registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 - with: - registry: ghcr.io - username: ${{github.actor}} - password: ${{secrets.GITHUB_TOKEN}} - - - name: Test operator - id: test - run: | - sudo apt update && sudo apt install musl-tools -y - make setup - make test - - - name: Upload to codecov.io - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 - - - name: Generate Docker image tag - id: tag - run: | - IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") # slash safe branch name - if [[ "$IMAGE_TAG" == "main" ]]; then - IMAGE_TAG=dev - fi - echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT - - - name: Generate image full name - id: image-name - env: - IMAGE_TAG: ${{ steps.tag.outputs.image_tag }} - run: echo "name=${_GHCR_REGISTRY}/${_PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT - - - name: Build Docker image - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 - with: - file: Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: ${{ steps.image-name.outputs.name }} - - - name: Create kind cluster - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 - - - name: Smoke test image - id: smoke-test - env: - IMAGE: ${{ steps.image-name.outputs.name }} - run: | - make deploy IMG=$IMAGE - - count=0 - while [[ $(kubectl get pods -n sm-operator-system -l control-plane=controller-manager -o jsonpath="{.items[*].status.containerStatuses[*].ready}") != "true" ]]; do - sleep 1; - count=$count+1 - if [[ count -ge 30 ]]; then - break - fi - done - - #For review purposes - echo "*****DEPLOYMENTS*****" - kubectl get deployments -n sm-operator-system - - echo "*****PODS*****" - pods=$(kubectl get pods -n sm-operator-system -l control-plane=controller-manager | grep 2/2) - echo $pods - - if [[ -z "$pods" ]]; then - echo "::error::No pods found." - exit 1 - fi - - echo "*****OPERATOR OK*****" - - - name: Clean up - run: | - make undeploy - kind delete cluster diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ff58740..c2945bd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,38 +1,51 @@ -name: Build +name: Build and test on: + pull_request: + push: + branches: + - "main" workflow_dispatch: + inputs: + push_image: + description: "Push image to GitHub Container Registry (Always true on main)" + required: false + default: false + type: boolean + +env: + _PUSH_IMAGE: ${{ (inputs.push_image == true || github.ref == 'refs/heads/main') && 'true' || 'false' }} jobs: - build-docker: - name: Build Docker images - runs-on: ubuntu-22.04 + build-and-test: + name: Build image and test + runs-on: ubuntu-24.04 permissions: contents: read + packages: write + security-events: write id-token: write env: - _AZ_REGISTRY: bitwardenprod.azurecr.io - _PROJECT_NAME: sm-operator + _IMAGE_NAME: ghcr.io/bitwarden/sm-operator steps: - name: Check out repo uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - - name: Log in to Azure - uses: bitwarden/gh-actions/azure-login@main + - name: Log in to GitHub Container Registry + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: - subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - tenant_id: ${{ secrets.AZURE_TENANT_ID }} - client_id: ${{ secrets.AZURE_CLIENT_ID }} - - - name: Log in to ACR - run: az acr login -n ${_AZ_REGISTRY%.azurecr.io} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Test operator id: test @@ -42,45 +55,95 @@ jobs: make test - name: Upload to codecov.io - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 + uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 - name: Generate Docker image tag id: tag + env: + EVENT_TYPE: ${{ contains(github.event_name, 'pull_request') && 'pull_request' || '' }} run: | - IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") # slash safe branch name - if [[ "$IMAGE_TAG" == "main" ]]; then - IMAGE_TAG=dev + if [[ "$EVENT_TYPE" == "pull_request" ]]; then + IMAGE_TAG="pr-${{ github.event.pull_request.number }}" + else + ref="${GITHUB_REF:11}" + IMAGE_TAG="${ref//\//-}" + + if [[ "${IMAGE_TAG}" == "main" ]]; then + IMAGE_TAG="dev" + fi fi - echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT + echo "image_tag=$IMAGE_TAG" >> "$GITHUB_OUTPUT" - - name: Generate image full name - id: image-name + - name: Generate image tag(s) + id: image-tags env: IMAGE_TAG: ${{ steps.tag.outputs.image_tag }} - run: echo "name=${_AZ_REGISTRY}/${_PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT + SHA: ${{ github.sha }} + run: | + TAGS="$_IMAGE_NAME:$IMAGE_TAG" + echo "primary_tag=$TAGS" >> "$GITHUB_OUTPUT" + if [[ "$IMAGE_TAG" == "dev" ]]; then + SHORT_SHA="$(git rev-parse --short "${SHA}")" + TAGS="$TAGS,$TAGS-${SHORT_SHA}" + fi + echo "tags=$TAGS" >> "$GITHUB_OUTPUT" - name: Build Docker image - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + id: build-docker + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: file: Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: ${{ steps.image-name.outputs.name }} + platforms: ${{ env._PUSH_IMAGE == 'true' && 'linux/amd64,linux/arm64' || 'linux/amd64' }} # Can only do single arch when not pushing to support scan and testing locally + push: ${{ env._PUSH_IMAGE == 'true' }} + load: ${{ env._PUSH_IMAGE != 'true' }} + tags: ${{ steps.image-tags.outputs.tags }} + + - name: Install Cosign + if: ${{ env._PUSH_IMAGE == 'true' }} + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + + - name: Sign image with Cosign + if: ${{ env._PUSH_IMAGE == 'true' }} + id: cosign + env: + DIGEST: ${{ steps.build-docker.outputs.digest }} + TAGS: ${{ steps.image-tags.outputs.tags }} + run: | + IFS="," read -a tags <<< "${TAGS}" + images="" + for tag in "${tags[@]}"; do + images+="${tag}@${DIGEST} " + done + cosign sign --yes "${images}" + echo "images=${images}" >> "$GITHUB_OUTPUT" + + - name: Verify the signed image with Cosign + if: ${{ env._PUSH_IMAGE == 'true' }} + env: + GITHUB_SERVER_URL: "${{ github.server_url }}" + REF: "${{ github.workflow_ref }}" + IMAGES: "${{ steps.cosign.outputs.images }}" + run: | + cosign verify \ + --certificate-identity "$GITHUB_SERVER_URL/$REF" \ + --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ + "$IMAGES" - name: Create kind cluster - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 + uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 + + - name: Load image into kind + if: ${{ env._PUSH_IMAGE != 'true' }} + env: + IMAGE: ${{ steps.image-tags.outputs.primary_tag }} + run: kind load docker-image "$IMAGE" --name "$(kind get clusters)" - name: Smoke test image id: smoke-test env: - IMAGE: ${{ steps.image-name.outputs.name }} + IMAGE: ${{ steps.image-tags.outputs.primary_tag }} run: | - make deploy IMG=$IMAGE - - #Setup image pull secret (Until repo is made public) - kubectl create secret -n sm-operator-system docker-registry ghcr-login-secret --docker-server=ghcr.io --docker-username=bitwarden-devops-bot --docker-password=${{ secrets.GITHUB_TOKEN }} --docker-email=106330231+bitwarden-devops-bot@users.noreply.github.com - - kubectl patch deployment sm-operator-controller-manager -n sm-operator-system --patch-file "$GITHUB_WORKSPACE/.github/workflows/test_files/deployment-patch.yaml" + make deploy IMG="$IMAGE" count=0 while [[ $(kubectl get pods -n sm-operator-system -l control-plane=controller-manager -o jsonpath="{.items[*].status.containerStatuses[*].ready}") != "true" ]]; do @@ -97,7 +160,7 @@ jobs: echo "*****PODS*****" pods=$(kubectl get pods -n sm-operator-system -l control-plane=controller-manager | grep 2/2) - echo $pods + echo "$pods" if [[ -z "$pods" ]]; then echo "::error::No pods found." @@ -111,5 +174,5 @@ jobs: make undeploy kind delete cluster - - name: Log out from Azure - uses: bitwarden/gh-actions/azure-logout@main + - name: Log out of Docker + run: docker logout ghcr.io diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index e702a75..ce6a9df 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -4,22 +4,34 @@ on: workflow_dispatch: inputs: version_number: - description: "New version number" + description: "New version number (Ex 1.2.3)" required: true jobs: bump_version: name: Bump version runs-on: ubuntu-22.04 - environment: Production permissions: contents: write pull-requests: write id-token: write + env: + _VERSION_NUMBER: ${{ inputs.version_number }} steps: + - name: Setup and validate version number + id: setup + run: | + if ! [[ "$_VERSION_NUMBER" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Error: Version number ($_VERSION_NUMBER) is not in semantic version format (X.Y.Z)" + exit 1 + fi + echo "branch_name=version_bump_$_VERSION_NUMBER" >> "$GITHUB_OUTPUT" + - name: Check out repo uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: true - name: Log in to Azure uses: bitwarden/gh-actions/azure-login@main @@ -39,7 +51,7 @@ jobs: uses: bitwarden/gh-actions/azure-logout@main - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 + uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 with: gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }} passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }} @@ -47,11 +59,13 @@ jobs: git_commit_gpgsign: true - name: Create branch - run: git switch -c version_bump_${{ github.event.inputs.version_number }} + env: + BRANCH_NAME: "${{ steps.setup.outputs.branch_name }}" + run: git switch -c "$BRANCH_NAME" - name: Bump version run: | - sed -i -E '/^VERSION\s+\?=\s+[^\s]+/!b;cVERSION ?= ${{ github.event.inputs.version_number }}' Makefile + sed -i "s/^VERSION ?= .*/VERSION ?= $_VERSION_NUMBER/" Makefile - name: Set up Git run: | @@ -62,34 +76,34 @@ jobs: id: version-changed run: | if [ -n "$(git status --porcelain)" ]; then - echo "changes_to_commit=TRUE" >> $GITHUB_OUTPUT + echo "changes_to_commit=TRUE" >> "$GITHUB_OUTPUT" else - echo "changes_to_commit=FALSE" >> $GITHUB_OUTPUT + echo "changes_to_commit=FALSE" >> "$GITHUB_OUTPUT" echo "No changes to commit!"; fi - name: Commit files if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} - run: git commit -m "Bumped version to ${{ github.event.inputs.version_number }}" -a + run: git commit -m "Bumped version to $_VERSION_NUMBER" -a - name: Push changes if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} - run: git push -u origin version_bump_${{ github.event.inputs.version_number }} + env: + BRANCH_NAME: "${{ steps.setup.outputs.branch_name }}" + run: git push -u origin "$BRANCH_NAME" - name: Create version PR if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} id: create-pr env: - PR_BRANCH: "version_bump_${{ github.event.inputs.version_number }}" + PR_BRANCH: "${{ steps.setup.outputs.branch_name }}" GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" BASE_BRANCH: main - TITLE: "Bump version to ${{ github.event.inputs.version_number }}" + TITLE: "Bump version to ${{ env._VERSION_NUMBER }}" run: | gh pr create --title "$TITLE" \ --base "$BASE" \ --head "$PR_BRANCH" \ - --label "version update" \ - --label "automated pr" \ --body " ## Type of change - [ ] Bug fix @@ -99,4 +113,4 @@ jobs: - [X] Other ## Objective - Automated version bump to ${{ github.event.inputs.version_number }}" + Automated version bump to $_VERSION_NUMBER" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4795991..59b665b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,16 +1,15 @@ name: Release -run-name: Release ${{ github.event.inputs.release_type }} +run-name: Release ${{ inputs.release_type }} on: workflow_dispatch: inputs: release_type: description: "Release Options" - default: "Initial Release" + default: "Release" type: choice options: - - Initial Release - - Redeploy + - Release - Dry Run jobs: @@ -18,13 +17,12 @@ jobs: name: Setup permissions: contents: read - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 outputs: release_version: ${{ steps.version.outputs.version }} - branch-name: ${{ steps.branch.outputs.branch-name }} steps: - - name: Branch check - if: ${{ github.event.inputs.release_type != 'Dry Run' }} + - name: Check branch + if: ${{ inputs.release_type != 'Dry Run' }} run: | if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then echo "===================================" @@ -35,160 +33,66 @@ jobs: - name: Check out repo uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Get version id: version run: | VERSION=$(sed -nE 's/^VERSION\s+\?=\s+([^\s]+)/\1/p' Makefile) - echo "version=$VERSION" >> $GITHUB_OUTPUT - - - name: Get branch name - id: branch - run: | - BRANCH_NAME=$(basename ${{ github.ref }}) - echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT + echo "version=$VERSION" >> "$GITHUB_OUTPUT" - release-github: + release: name: Release - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: setup + env: + _PKG_VERSION: ${{ needs.setup.outputs.release_version }} permissions: contents: write + steps: - name: Create release - uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0 with: commit: ${{ github.sha }} - tag: "v${{ needs.setup.outputs.release_version }}" - name: "Version ${{ needs.setup.outputs.release_version }}" + tag: v${{ env._PKG_VERSION }} + name: v${{ env._PKG_VERSION }} body: "" token: ${{ secrets.GITHUB_TOKEN }} draft: true - release-docker: - name: Build Docker images - runs-on: ubuntu-22.04 + release-ghcr: + name: Push Release to GitHub Container Registry + runs-on: ubuntu-24.04 needs: - setup - - release-github - permissions: - contents: read - id-token: write + - release env: - _AZ_REGISTRY: bitwardenprod.azurecr.io - _PROJECT_NAME: sm-operator - _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} - _BRANCH_NAME: ${{ needs.setup.outputs.branch-name }} - _RELEASE_OPTION: ${{ github.event.inputs.release_type }} + _MAIN_TAG: dev + _RELEASE_TAG: ${{ needs.setup.outputs.release_version }} + _IMAGE_NAME: ghcr.io/bitwarden/sm-operator + permissions: + packages: write steps: - - name: Print environment - run: | - whoami - docker --version - echo "GitHub ref: $GITHUB_REF" - echo "GitHub event: $GITHUB_EVENT" - echo "Github Release Option: $_RELEASE_OPTION" - - - name: Log in to Azure - uses: bitwarden/gh-actions/azure-login@main - with: - subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - tenant_id: ${{ secrets.AZURE_TENANT_ID }} - client_id: ${{ secrets.AZURE_CLIENT_ID }} - - - name: Log in to Azure ACR - run: az acr login -n ${_AZ_REGISTRY%.azurecr.io} - - - name: Set up DCT - id: setup-dct - uses: bitwarden/gh-actions/setup-docker-trust@main + - name: Log in to GitHub Container Registry + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: - azure-keyvault-name: "bitwarden-ci" + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Pull image + - name: Tag release run: | - if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then - docker pull $_AZ_REGISTRY/$_PROJECT_NAME:dev - else - docker pull $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME - fi + docker pull "$_IMAGE_NAME:$_MAIN_TAG" + docker tag "$_IMAGE_NAME:$_MAIN_TAG" "$_IMAGE_NAME:$_RELEASE_TAG" - - name: Tag version and latest + - name: Push release + if: ${{ inputs.release_type != 'Dry Run' }} run: | - if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then - docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:dryrun - else - docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION - docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$_PROJECT_NAME:latest - - docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION - docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME bitwarden/$_PROJECT_NAME:latest - fi - - - name: Push release version and latest image to ACR - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - run: | - docker push $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION - docker push $_AZ_REGISTRY/$_PROJECT_NAME:latest - - - name: Push release version and latest image to Docker Hub - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - env: - DOCKER_CONTENT_TRUST: 1 - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} - run: | - docker push bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION - docker push bitwarden/$_PROJECT_NAME:latest + docker push "$_IMAGE_NAME:$_RELEASE_TAG" - name: Log out of Docker - run: docker logout - - - name: Log out from Azure - uses: bitwarden/gh-actions/azure-logout@main - - check-failures: - name: Check for failures - if: always() - runs-on: ubuntu-22.04 - needs: - - release-docker - - release-github - - setup - permissions: - id-token: write - steps: - - name: Check if any job failed - if: | - github.ref == 'refs/heads/main' - && contains(needs.*.result, 'failure') - run: exit 1 - - - name: Log in to Azure - if: failure() - uses: bitwarden/gh-actions/azure-login@main - with: - subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - tenant_id: ${{ secrets.AZURE_TENANT_ID }} - client_id: ${{ secrets.AZURE_CLIENT_ID }} - - - name: Retrieve secrets - id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main - if: failure() - with: - keyvault: "bitwarden-ci" - secrets: "devops-alerts-slack-webhook-url" - - - name: Log out from Azure - if: failure() - uses: bitwarden/gh-actions/azure-logout@main - - - name: Notify Slack on failure - uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 - if: failure() - env: - SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} - with: - status: ${{ job.status }} + run: docker logout ghcr.io diff --git a/Dockerfile b/Dockerfile index de55589..1418fd8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23 as builder +FROM golang:1.23 AS builder ARG TARGETOS ARG TARGETARCH