rudderlabs
diff --git a/‎.github/workflows/builds.yml‎
Lines changed: 39 additions & 244 deletions b/‎.github/workflows/builds.yml‎
Lines changed: 39 additions & 244 deletions
@@ -1,258 +1,53 @@
 name: builds
 on:
   release:
-    types: [ created ]
+    types: [created]
   push:
     branches:
       - main
   pull_request:
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.sha }}
   cancel-in-progress: true
+
 permissions:
   id-token: write # allows the JWT to be requested from GitHub's OIDC provider
   contents: read  # This is required for actions/checkout
-env:
-  arch_amd64: amd64
-  arch_arm64: arm64
-  docker_images_keydb: |
-    name=rudderstack/rudder-keydb
-  docker_tags_keydb: |
-    type=ref,event=branch
-    type=raw,value=${{ github.head_ref }},enable=${{ github.event_name == 'pull_request' }}
-    type=raw,value=latest,enable=${{ github.event_name == 'release' }}
-    type=semver,pattern={{version}},enable=${{ github.ref == format('refs/heads/{0}', 'main') || github.event_name == 'release' }}
-    type=semver,pattern={{major}},enable=${{ github.ref == format('refs/heads/{0}', 'main') || github.event_name == 'release' }}
-    type=semver,pattern={{major}}.{{minor}},enable=${{ github.ref == format('refs/heads/{0}', 'main') || github.event_name == 'release' }}
-  docker_images_keydb_scaler: |
-    name=rudderstack/rudder-keydb-scaler
-  docker_tags_keydb_scaler: |
-    type=ref,event=branch
-    type=raw,value=${{ github.head_ref }},enable=${{ github.event_name == 'pull_request' }}
-    type=raw,value=latest,enable=${{ github.event_name == 'release' }}
-    type=semver,pattern={{version}},enable=${{ github.ref == format('refs/heads/{0}', 'main') || github.event_name == 'release' }}
-    type=semver,pattern={{major}},enable=${{ github.ref == format('refs/heads/{0}', 'main') || github.event_name == 'release' }}
-    type=semver,pattern={{major}}.{{minor}},enable=${{ github.ref == format('refs/heads/{0}', 'main') || github.event_name == 'release' }}
-jobs:
-  docker-meta-keydb:
-    runs-on: ubuntu-latest
-    outputs:
-      labels: ${{ steps.meta.outputs.labels }}
-      build-date: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
-      version: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
-      revision: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
-      tags: ${{ steps.meta.outputs.tags }}
-      arm64_tags: ${{ steps.arm64_meta.outputs.tags }}
-      arm64_labels: ${{ steps.arm64_meta.outputs.labels }}
-      amd64_tags: ${{ steps.amd64_meta.outputs.tags }}
-      amd64_labels: ${{ steps.amd64_meta.outputs.labels }}
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
-        with:
-          egress-policy: audit
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
-        with:
-          images: ${{env.docker_images_keydb}}
-          tags: ${{env.docker_tags_keydb}}
-      - name: Docker arm64 meta
-        id: arm64_meta
-        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
-        with:
-          images: ${{env.docker_images_keydb}}
-          tags: ${{env.docker_tags_keydb}}
-          flavor: |
-            suffix=-${{env.arch_arm64}},onlatest=true
-      - name: Docker amd64 meta
-        id: amd64_meta
-        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
-        with:
-          images: ${{env.docker_images_keydb}}
-          tags: ${{env.docker_tags_keydb}}
-          flavor: |
-            suffix=-${{env.arch_amd64}},onlatest=true
-  docker-keydb:
-    needs:
-      - docker-meta-keydb
-    strategy:
-      matrix:
-        build-config:
-          - os: [ self-hosted, Linux, ARM64, ubuntu-22 ]
-            tags: ${{needs.docker-meta-keydb.outputs.arm64_tags}}
-            labels: ${{needs.docker-meta-keydb.outputs.arm64_labels}}
-            platform: linux/arm64
-          - os: ubuntu-latest
-            tags: ${{needs.docker-meta-keydb.outputs.amd64_tags}}
-            labels: ${{needs.docker-meta-keydb.outputs.amd64_labels}}
-            platform: linux/amd64
-    runs-on: ${{matrix.build-config.os}}
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
-        with:
-          egress-policy: audit
-
-      - name: Checkout
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-      - name: Build, scan and push
-        uses: rudderlabs/build-scan-push-action@d4991410238cec1b416875f1eb0e7a4565ac29aa # v1.8.2
-        with:
-          context: .
-          platforms: ${{ matrix.build-config.platform }}
-          push: true
-          tags: ${{ matrix.build-config.tags }}
-          labels: ${{ matrix.build-config.labels }}
-          build-args: |
-            BUILD_DATE=${{ needs.docker-meta-keydb.outputs.build-date }}
-            VERSION=${{ needs.docker-meta-keydb.outputs.version }}
-            COMMIT_HASH=${{ github.sha }}
-            REVISION=${{ needs.docker-meta-keydb.outputs.revision }}
-
-  create-manifest:
-    runs-on: ubuntu-latest
-    needs: [ docker-keydb, docker-meta-keydb ]
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
-        with:
-          egress-policy: audit
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Create multi-arch manifest for Docker
-        run: |
-          while read -r tag; do
-            echo "$tag"
-            arm_tag=$(echo "${{ needs.docker-meta-keydb.outputs.arm64_tags }}" | grep "$tag")
-            echo "$arm_tag"
-            amd_tag=$(echo "${{ needs.docker-meta-keydb.outputs.amd64_tags }}" | grep "$tag")
-            echo "$amd_tag"
-            docker buildx imagetools create -t $tag $arm_tag $amd_tag
-          done <<< "${{ needs.docker-meta-keydb.outputs.tags }}"
-
-  docker-meta-keydb-scaler:
-    runs-on: ubuntu-latest
-    outputs:
-      labels: ${{ steps.meta.outputs.labels }}
-      build-date: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
-      version: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
-      revision: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
-      tags: ${{ steps.meta.outputs.tags }}
-      arm64_tags: ${{ steps.arm64_meta.outputs.tags }}
-      arm64_labels: ${{ steps.arm64_meta.outputs.labels }}
-      amd64_tags: ${{ steps.amd64_meta.outputs.tags }}
-      amd64_labels: ${{ steps.amd64_meta.outputs.labels }}
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
-        with:
-          egress-policy: audit
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
-        with:
-          images: ${{env.docker_images_keydb_scaler}}
-          tags: ${{env.docker_tags_keydb_scaler}}
-      - name: Docker arm64 meta
-        id: arm64_meta
-        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
-        with:
-          images: ${{env.docker_images_keydb_scaler}}
-          tags: ${{env.docker_tags_keydb_scaler}}
-          flavor: |
-            suffix=-${{env.arch_arm64}},onlatest=true
-      - name: Docker amd64 meta
-        id: amd64_meta
-        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
-        with:
-          images: ${{env.docker_images_keydb_scaler}}
-          tags: ${{env.docker_tags_keydb_scaler}}
-          flavor: |
-            suffix=-${{env.arch_amd64}},onlatest=true
-  docker-keydb-scaler:
-    needs:
-      - docker-meta-keydb-scaler
-    strategy:
-      matrix:
-        build-config:
-          - os: [ self-hosted, Linux, ARM64, ubuntu-22 ]
-            tags: ${{needs.docker-meta-keydb-scaler.outputs.arm64_tags}}
-            labels: ${{needs.docker-meta-keydb-scaler.outputs.arm64_labels}}
-            platform: linux/arm64
-          - os: ubuntu-latest
-            tags: ${{needs.docker-meta-keydb-scaler.outputs.amd64_tags}}
-            labels: ${{needs.docker-meta-keydb-scaler.outputs.amd64_labels}}
-            platform: linux/amd64
-    runs-on: ${{matrix.build-config.os}}
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
-        with:
-          egress-policy: audit
-
-      - name: Checkout
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-      - name: Build, scan and push
-        uses: rudderlabs/build-scan-push-action@d4991410238cec1b416875f1eb0e7a4565ac29aa # v1.8.2
-        with:
-          context: .
-          file: ./Dockerfile-scaler
-          platforms: ${{ matrix.build-config.platform }}
-          push: true
-          tags: ${{ matrix.build-config.tags }}
-          labels: ${{ matrix.build-config.labels }}
-          build-args: |
-            BUILD_DATE=${{ needs.docker-meta-keydb-scaler.outputs.build-date }}
-            VERSION=${{ needs.docker-meta-keydb-scaler.outputs.version }}
-            COMMIT_HASH=${{ github.sha }}
-            REVISION=${{ needs.docker-meta-keydb-scaler.outputs.revision }}
-
-  create-manifest-keydb-scaler:
-    runs-on: ubuntu-latest
-    needs: [ docker-keydb-scaler, docker-meta-keydb-scaler ]
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
-        with:
-          egress-policy: audit
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Create multi-arch manifest for Docker
-        run: |
-          while read -r tag; do
-            echo "$tag"
-            arm_tag=$(echo "${{ needs.docker-meta-keydb-scaler.outputs.arm64_tags }}" | grep "$tag")
-            echo "$arm_tag"
-            amd_tag=$(echo "${{ needs.docker-meta-keydb-scaler.outputs.amd64_tags }}" | grep "$tag")
-            echo "$amd_tag"
-            docker buildx imagetools create -t $tag $arm_tag $amd_tag
-          done <<< "${{ needs.docker-meta-keydb-scaler.outputs.tags }}"
+jobs:
+  # DockerHub builds
+  keydb-dockerhub:
+    uses: ./.github/workflows/docker-build-dockerhub.yml
+    with:
+      image_name: rudderstack/rudder-keydb
+      dockerfile: Dockerfile
+    secrets:
+      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
+
+  keydb-scaler-dockerhub:
+    uses: ./.github/workflows/docker-build-dockerhub.yml
+    with:
+      image_name: rudderstack/rudder-keydb-scaler
+      dockerfile: Dockerfile-scaler
+    secrets:
+      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
+
+  # ECR builds
+  keydb-ecr:
+    uses: ./.github/workflows/docker-build-ecr.yml
+    with:
+      image_name: rudderstack/rudder-keydb
+      dockerfile: Dockerfile
+      aws_ecr_iam_role_arn: ${{ vars.AWS_ECR_IAM_ROLE_ARN }}
+      aws_ecr_region: ${{ vars.AWS_ECR_REGION }}
+
+  keydb-scaler-ecr:
+    uses: ./.github/workflows/docker-build-ecr.yml
+    with:
+      image_name: rudderstack/rudder-keydb-scaler
+      dockerfile: Dockerfile-scaler
+      aws_ecr_iam_role_arn: ${{ vars.AWS_ECR_IAM_ROLE_ARN }}
+      aws_ecr_region: ${{ vars.AWS_ECR_REGION }}