ensure wafv5 base images are created (nginx#5771)

pdabelf5 · web-flow · commit b0a36f4d80c0 · 2024-06-18T13:37:48.000+01:00
diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml
@@ -196,6 +196,22 @@ jobs:
           - image: alpine-plus-nap-fips
             platforms: "linux/amd64"
             nap_modules: waf
+          - image: alpine-plus-nap-v5-fips
+            target: goreleaser
+            platforms: "linux/amd64"
+            nap_modules: waf
+          - image: debian-plus-nap-v5
+            target: goreleaser
+            platforms: "linux/amd64"
+            nap_modules: waf
+          - image: ubi-9-plus-nap-v5
+            target: goreleaser
+            platforms: "linux/amd64"
+            nap_modules: waf
+          - image: ubi-8-plus-nap-v5
+            target: goreleaser
+            platforms: "linux/amd64"
+            nap_modules: waf
     steps:
       - name: Checkout Repository
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml
@@ -121,10 +121,10 @@ jobs:
       - name: Check if base images exist
         id: base_exists
         run: |
-          if docker manifest inspect gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/oss:${{ inputs.base-image-md5 }}-${{ inputs.image }}; then
-            echo "exists=0" >> $GITHUB_OUTPUT
-          else
-            echo "exists=1" >> $GITHUB_OUTPUT
+          base_image="gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/oss:${{ inputs.base-image-md5 }}-${{ inputs.image }}"
+          echo "image=${base_image}" >> $GITHUB_OUTPUT
+          if docker manifest inspect ${base_image}; then
+            echo "exists=true" >> $GITHUB_OUTPUT
           fi
         if: ${{ ! inputs.forked-workflow }}
 
@@ -136,14 +136,14 @@ jobs:
           cache-from: type=gha,scope=${{ inputs.image }}
           cache-to: type=gha,scope=${{ inputs.image }},mode=max
           target: common
-          tags: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/oss:${{ inputs.base-image-md5 }}-${{ inputs.image }}
+          tags: ${{ steps.base_exists.outputs.image }}
           platforms: ${{ inputs.platforms }}
           pull: true
           push: true
           build-args: |
             BUILD_OS=${{ inputs.image }}
             IC_VERSION=${{ inputs.tag }}
-        if: ${{ ! inputs.forked-workflow && steps.base_exists.outputs.exists != 0 }}
+        if: ${{ ! inputs.forked-workflow && steps.base_exists.outputs.exists != 'true' }}
 
       - name: Get short tag
         id: tag
@@ -206,7 +206,7 @@ jobs:
           provenance: false
           build-args: |
             BUILD_OS=${{ inputs.image }}
-            ${{ ! inputs.forked-workflow && format('PREBUILT_BASE_IMG=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/oss:{0}-{1}', inputs.base-image-md5, inputs.image) || '' }}
+            ${{ ! inputs.forked-workflow && format('PREBUILT_BASE_IMG={0}', steps.base_exists.outputs.image) || '' }}
             IC_VERSION=${{ (github.event_name == 'pull_request' || startsWith(github.ref, 'refs/heads/release-')) && 'CI' || steps.meta.outputs.version }}
 
       - name: Certify Images
diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml
@@ -153,10 +153,10 @@ jobs:
       - name: Check if base images exist
         id: base_exists
         run: |
-          if docker manifest inspect gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus:${{ inputs.base-image-md5 }}-${{ inputs.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }}; then
-            echo "exists=0" >> $GITHUB_OUTPUT
-          else
-            echo "exists=1" >> $GITHUB_OUTPUT
+          base_image="gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus:${{ inputs.base-image-md5 }}-${{ inputs.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }}${{ contains(inputs.image, 'v5') && '-v5' || '' }}"
+          echo "image=${base_image}" >> $GITHUB_OUTPUT
+          if docker manifest inspect ${base_image}; then
+            echo "exists=true" >> $GITHUB_OUTPUT
           fi
         if: ${{ ! inputs.forked-workflow }}
 
@@ -168,7 +168,7 @@ jobs:
           cache-from: type=gha,scope=${{ inputs.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }}
           cache-to: type=gha,scope=${{ inputs.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }},mode=max
           target: common
-          tags: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus:${{ inputs.base-image-md5 }}-${{ inputs.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }}
+          tags: ${{ steps.base_exists.outputs.image }}
           platforms: ${{ inputs.platforms }}
           pull: true
           push: true
@@ -180,7 +180,7 @@ jobs:
             "nginx-repo.crt=${{ inputs.nap_modules != '' && secrets.NGINX_AP_CRT || secrets.NGINX_CRT }}"
             "nginx-repo.key=${{ inputs.nap_modules != '' && secrets.NGINX_AP_KEY || secrets.NGINX_KEY }}"
             ${{ inputs.nap_modules != '' && contains(inputs.image, 'ubi') && format('"rhel_license={0}"', secrets.RHEL_LICENSE) || '' }}
-        if: ${{ ! inputs.forked-workflow && steps.base_exists.outputs.exists != 0 }}
+        if: ${{ ! inputs.forked-workflow && steps.base_exists.outputs.exists != 'true' }}
 
       - name: Build Plus Docker image
         uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
@@ -202,7 +202,7 @@ jobs:
           provenance: false
           build-args: |
             BUILD_OS=${{ inputs.image }}
-            PREBUILT_BASE_IMG=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus:${{ inputs.base-image-md5 }}-${{ inputs.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }}
+            ${{ ! inputs.forked-workflow && format('PREBUILT_BASE_IMG={0}', steps.base_exists.outputs.image) || '' }}
             IC_VERSION=${{ (github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true') && steps.meta.outputs.version || 'CI' }}
             ${{ inputs.nap_modules != '' && format('NAP_MODULES={0}', steps.nap_modules.outputs.modules) || '' }}
             ${{ contains(inputs.image, 'v5') && 'WAF_VERSION=v5' || '' }}
diff --git a/.github/workflows/cache-update.yml b/.github/workflows/cache-update.yml
@@ -168,6 +168,22 @@ jobs:
             target: goreleaser
             platforms: "linux/amd64"
             nap_modules: waf
+          - image: alpine-plus-nap-v5-fips
+            target: goreleaser
+            platforms: "linux/amd64"
+            nap_modules: waf
+          - image: debian-plus-nap-v5
+            target: goreleaser
+            platforms: "linux/amd64"
+            nap_modules: waf
+          - image: ubi-9-plus-nap-v5
+            target: goreleaser
+            platforms: "linux/amd64"
+            nap_modules: waf
+          - image: ubi-8-plus-nap-v5
+            target: goreleaser
+            platforms: "linux/amd64"
+            nap_modules: waf
     uses: ./.github/workflows/build-plus.yml
     with:
       platforms: ${{ matrix.platforms }}
