Building gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/AlexFenlon-dev/nginx-ic/nginx-plus-ingress:cert-key by @AlexFenlon #31

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/build-single-image.yml at d366019

	name: Build single image
	run-name: Building gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/${{ github.actor }}-dev/${{ inputs.prefix }}:${{ inputs.tag }} by @${{ github.actor }}

	on:
	workflow_dispatch:
	inputs:
	target:
	description: 'Image build make target to call'
	required: true
	type: string
	prefix:
	description: 'Image prefix to use in GCR, e.g. nginx-ic/nginx-ingress'
	required: true
	type: string
	tag:
	description: 'Image tag to use in GCR, e.g. 3.7.0-SNAPSHOT'
	required: true
	type: string
	branch:
	description: 'Branch to checkout for build'
	required: false
	type: string
	default: main
	plus_repo:
	description: 'Plus repo to install from'
	required: true
	default: 'pkgs.nginx.com'
	type: choice
	options:
	- pkgs.nginx.com
	- pkgs-test.nginx.com

	defaults:
	run:
	shell: bash

	permissions:
	contents: read

	jobs:
	build:
	permissions:
	contents: read # for docker/build-push-action to read repo content
	id-token: write # for login to GCP
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout Repository
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	ref: ${{ inputs.branch }}
	fetch-depth: 0

	- name: Setup Golang Environment
	uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
	with:
	go-version-file: go.mod

	- name: Output Variables
	id: vars
	run: \|
	./.github/scripts/variables.sh go_code_md5 >> $GITHUB_OUTPUT
	echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT
	source .github/data/version.txt
	echo "ic_version=${IC_VERSION}" >> $GITHUB_OUTPUT
	cat $GITHUB_OUTPUT

	- name: Authenticate to Google Cloud
	id: auth
	uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
	with:
	token_format: access_token
	workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
	service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }}

	- name: Login to GCR
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: gcr.io
	username: oauth2accesstoken
	password: ${{ steps.auth.outputs.access_token }}

	- name: Azure login
	uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
	with:
	client-id: ${{ secrets.AZURE_VAULT_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_VAULT_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_VAULT_SUBSCRIPTION_ID }}
	if: ${{ contains(inputs.target, 'plus') }}

	- name: Setup secrets
	id: secrets
	run: \|
	echo "Setting secrets for job"
	PLUS_CREDS=$(az keyvault secret show --name plus-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
	echo "::add-mask::$PLUS_CREDS"
	echo $PLUS_CREDS \| jq -r '.crt' > nginx-repo.crt
	echo $PLUS_CREDS \| jq -r '.key' > nginx-repo.key
	if: ${{ contains(inputs.target, 'plus') }}

	- name: Setup plus credentials
	run: \|
	if [[ "${{ inputs.target }}" =~ ubi ]]; then
	printf '%s\n' "${RHEL}" > rhel_license
	fi
	env:
	RHEL: ${{ secrets.RHEL_LICENSE }}
	if: ${{ contains(inputs.target, 'plus') }}

	- name: Fetch Cached Binary Artifacts
	id: binary-cache
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
	with:
	path: ${{ github.workspace }}/dist
	key: nginx-ingress-${{ steps.vars.outputs.go_code_md5 }}

	- name: Build binaries
	uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
	with:
	version: latest
	args: build --snapshot --clean
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	GOPATH: ${{ steps.vars.outputs.go_path }}
	AWS_PRODUCT_CODE: ${{ secrets.AWS_PRODUCT_CODE }}
	AWS_PUB_KEY: ${{ secrets.AWS_PUB_KEY }}
	AWS_NAP_DOS_PRODUCT_CODE: ${{ secrets.AWS_NAP_DOS_PRODUCT_CODE }}
	AWS_NAP_DOS_PUB_KEY: ${{ secrets.AWS_NAP_DOS_PUB_KEY }}
	AWS_NAP_WAF_PRODUCT_CODE: ${{ secrets.AWS_NAP_WAF_PRODUCT_CODE }}
	AWS_NAP_WAF_PUB_KEY: ${{ secrets.AWS_NAP_WAF_PUB_KEY }}
	AWS_NAP_WAF_DOS_PRODUCT_CODE: ${{ secrets.AWS_NAP_WAF_DOS_PRODUCT_CODE }}
	AWS_NAP_WAF_DOS_PUB_KEY: ${{ secrets.AWS_NAP_WAF_DOS_PUB_KEY }}
	GORELEASER_CURRENT_TAG: "v${{ steps.vars.outputs.ic_version }}"
	if: ${{ steps.binary-cache.outputs.binary_cache_hit != 'true' }}

	- name: Store Artifacts in Cache
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
	with:
	path: ${{ github.workspace }}/dist
	key: nginx-ingress-${{ steps.vars.outputs.go_code_md5 }}
	if: ${{ steps.binary-cache.outputs.binary_cache_hit != 'true' }}

	- name: Build Image
	run: \|
	make ${{ inputs.target }}
	env:
	REGISTRY: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev
	PREFIX: ${{ inputs.prefix }}
	TAG: ${{ inputs.tag }}
	PLUS_REPO: ${{ inputs.plus_repo }}
	TARGET: goreleaser

	- name: Push image
	run:
	docker push ${REGISTRY}/${PREFIX}:${TAG}
	env:
	REGISTRY: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev
	PREFIX: ${{ inputs.prefix }}
	TAG: ${{ inputs.tag }}

	- name: Clean up secrets
	run: \|
	rm -f nginx-repo.crt nginx-repo.key
	if: always()

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Building gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/AlexFenlon-dev/nginx-ic/nginx-plus-ingress:cert-key by @AlexFenlon #31

Workflow file

Building gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/AlexFenlon-dev/nginx-ic/nginx-plus-ingress:cert-key by @AlexFenlon #31

Uh oh!

Jobs

Run details

Workflow file for this run