Mirror Container Image (attempt #1) #83
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Mirror Container Image | |
| run-name: | | |
| Mirror Container Image (attempt #${{ github.run_attempt }}) | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| image-repository-uri: | |
| description: | | |
| The image repository URI, like registry.k8s.io/git-sync/git-sync | |
| type: choice | |
| options: | |
| - registry.k8s.io/sig-storage/csi-node-driver-registrar | |
| - registry.k8s.io/sig-storage/csi-provisioner | |
| - registry.k8s.io/git-sync/git-sync | |
| image-index-manifest-tag: | |
| description: | | |
| The image index manifest tag, like 1.0.14 or v1.0.14 | |
| type: string | |
| required: true | |
| jobs: | |
| mirror-image: | |
| # even though we are dealing with multi-arch images, we can do all | |
| # operations from one arch. | |
| name: Mirror image (${{ matrix.arch }}) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: | |
| - amd64 | |
| - arm64 | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| persist-credentials: false | |
| - name: Pull container image | |
| shell: bash | |
| env: | |
| IMAGE_INDEX_MANIFEST_TAG: ${{ inputs.image-index-manifest-tag }} | |
| IMAGE_REPOSITORY_URI: ${{ inputs.image-repository-uri }} | |
| run: | | |
| docker pull \ | |
| --quiet \ | |
| --platform ${{ matrix.arch }} \ | |
| "$IMAGE_REPOSITORY_URI:$IMAGE_INDEX_MANIFEST_TAG" | |
| - name: Extract Repo Name | |
| env: | |
| IMAGE_REPOSITORY_URI: ${{ inputs.image-repository-uri }} | |
| run: | | |
| echo "IMAGE_REPOSITORY=$(.scripts/get_repo_name.sh)" | tee -a "$GITHUB_ENV" | |
| - name: Publish Container Image on docker.stackable.tech | |
| uses: stackabletech/actions/publish-image@320eae677555385b3d40e1c3a81d9263b72742e4 # 0.6.0 | |
| with: | |
| image-registry-uri: docker.stackable.tech | |
| image-registry-username: github | |
| image-registry-password: ${{ secrets.NEXUS_PASSWORD }} | |
| image-repository: ${{ format('k8s/{0}', env.IMAGE_REPOSITORY) }} | |
| image-manifest-tag: ${{ format('{0}-{1}', inputs.image-index-manifest-tag, matrix.arch) }} | |
| source-image-uri: ${{ format('{0}:{1}', inputs.image-repository-uri, inputs.image-index-manifest-tag) }} | |
| - name: Publish Container Image on oci.stackable.tech | |
| uses: stackabletech/actions/publish-image@320eae677555385b3d40e1c3a81d9263b72742e4 # 0.6.0 | |
| with: | |
| image-registry-uri: oci.stackable.tech | |
| image-registry-username: robot$sdp+github-action-build | |
| image-registry-password: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }} | |
| image-repository: ${{ format('sdp/{0}', env.IMAGE_REPOSITORY) }} | |
| image-manifest-tag: ${{ format('{0}-{1}', inputs.image-index-manifest-tag, matrix.arch) }} | |
| source-image-uri: ${{ format('{0}:{1}', inputs.image-repository-uri, inputs.image-index-manifest-tag) }} | |
| publish_manifests: | |
| name: Build/Publish Image Index Manifest | |
| needs: [mirror-image] | |
| permissions: | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| persist-credentials: false | |
| - name: Extract Repo Name | |
| env: | |
| IMAGE_REPOSITORY_URI: ${{ inputs.image-repository-uri }} | |
| run: | | |
| echo "IMAGE_REPOSITORY=$(.scripts/get_repo_name.sh)" | tee -a "$GITHUB_ENV" | |
| - name: Publish and Sign Image Index Manifest to docker.stackable.tech | |
| uses: stackabletech/actions/publish-index-manifest@320eae677555385b3d40e1c3a81d9263b72742e4 # 0.6.0 | |
| with: | |
| image-registry-uri: docker.stackable.tech | |
| image-registry-username: github | |
| image-registry-password: ${{ secrets.NEXUS_PASSWORD }} | |
| image-repository: ${{ format('k8s/{0}', env.IMAGE_REPOSITORY) }} | |
| image-index-manifest-tag: ${{ inputs.image-index-manifest-tag }} | |
| - name: Publish and Sign Image Index Manifest to oci.stackable.tech | |
| uses: stackabletech/actions/publish-index-manifest@320eae677555385b3d40e1c3a81d9263b72742e4 # 0.6.0 | |
| with: | |
| image-registry-uri: oci.stackable.tech | |
| image-registry-username: robot$sdp+github-action-build | |
| image-registry-password: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }} | |
| image-repository: ${{ format('sdp/{0}', env.IMAGE_REPOSITORY) }} | |
| image-index-manifest-tag: ${{ inputs.image-index-manifest-tag }} | |
| notify: | |
| name: Failure Notification | |
| needs: [mirror-image, publish_manifests] | |
| runs-on: ubuntu-latest | |
| if: failure() | |
| steps: | |
| - uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0 | |
| with: | |
| channel-id: "C07UG6JH44F" # notifications-container-images | |
| payload: | | |
| { | |
| "text": "*${{ github.workflow }}* failed (attempt ${{ github.run_attempt }})", | |
| "attachments": [ | |
| { | |
| "pretext": "See the details below for a summary of which job(s) failed.", | |
| "color": "#aa0000", | |
| "fields": [ | |
| { | |
| "title": "Mirror Image", | |
| "short": true, | |
| "value": "${{ needs.mirror-image.result }}" | |
| }, | |
| { | |
| "title": "Build/Publish Manifests", | |
| "short": true, | |
| "value": "${{ needs.publish_manifests.result }}" | |
| } | |
| ], | |
| "actions": [ | |
| { | |
| "type": "button", | |
| "text": "Go to workflow run", | |
| "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}" | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_CONTAINER_IMAGE_TOKEN }} |