forked from repo-mirrors/cnpg-postgres-containers
d4ff233abc
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v1.6.0...v1.7.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
96 lines
2.9 KiB
YAML
96 lines
2.9 KiB
YAML
name: Continuous Delivery
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
IMAGE_STAGING: cloudnative-pg/postgresql-testing
|
|
IMAGE_RELEASE: cloudnative-pg/postgresql
|
|
|
|
jobs:
|
|
generate-jobs:
|
|
name: Generate Jobs
|
|
runs-on: ubuntu-20.04
|
|
outputs:
|
|
strategy: ${{ steps.generate-jobs.outputs.strategy }}
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v3
|
|
- name: Generate Jobs
|
|
id: generate-jobs
|
|
shell: bash
|
|
run: |
|
|
bash .github/generate-strategy.sh
|
|
|
|
build:
|
|
needs: generate-jobs
|
|
strategy: ${{ fromJson(needs.generate-jobs.outputs.strategy) }}
|
|
name: ${{ matrix.name }}
|
|
runs-on: ubuntu-20.04
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v1.2.0
|
|
|
|
- name: Docker meta
|
|
id: docker-meta
|
|
env:
|
|
TAGS: ${{ toJson(matrix.tags) }}
|
|
run: |
|
|
RESULT=""
|
|
for tag in $(jq -r '.[]' <<< "${TAGS}")
|
|
do
|
|
RESULT="${RESULT},ghcr.io/${IMAGE_STAGING}:${tag}"
|
|
# If we are running the pipeline in the main branch images are pushed in both -testing and PROD repo
|
|
if [ "${GITHUB_REF#refs/heads/}" == main ]
|
|
then
|
|
RESULT="${RESULT},ghcr.io/${IMAGE_RELEASE}:${tag}"
|
|
fi
|
|
done
|
|
echo "::set-output name=tags::${RESULT%,}"
|
|
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@v1.7.0
|
|
|
|
- name: Log in to the GitHub Container registry
|
|
uses: docker/login-action@v1.14.1
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build and load
|
|
uses: docker/build-push-action@v2.10.0
|
|
with:
|
|
context: ${{ matrix.dir }}
|
|
file: ${{ matrix.file }}
|
|
push: false
|
|
load: true
|
|
tags: ${{ steps.docker-meta.outputs.tags }}
|
|
|
|
- name: Dockle scan
|
|
uses: erzz/dockle-action@v1.2.0
|
|
with:
|
|
image: "ghcr.io/${{ env.IMAGE_STAGING }}:${{ matrix.tags[0] }}"
|
|
exit-code: '1'
|
|
failure-threshold: WARN
|
|
accept-filenames: usr/share/cmake/Templates/Windows/Windows_TemporaryKey.pfx,etc/trusted-key.key,usr/share/doc/perl-IO-Socket-SSL/certs/server_enc.p12,usr/share/doc/perl-IO-Socket-SSL/certs/server.p12,usr/local/lib/python3.9/dist-packages/azure/core/settings.py,usr/local/lib/python3.8/site-packages/azure/core/settings.py,usr/share/postgresql-common/pgdg/apt.postgresql.org.asc,usr/local/lib/python3.7/dist-packages/azure/core/settings.py,etc/ssl/private/ssl-cert-snakeoil.key
|
|
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v2.10.0
|
|
with:
|
|
context: ${{ matrix.dir }}
|
|
file: ${{ matrix.file }}
|
|
platforms: ${{ matrix.platforms }}
|
|
push: true
|
|
tags: ${{ steps.docker-meta.outputs.tags }}
|