Skip to content

Publish Docker image #25

Publish Docker image

Publish Docker image #25

Workflow file for this run

name: Publish Docker image
on:
release:
types: [published]
workflow_dispatch:
inputs:
version:
description: "Docker image version"
type: string
required: true
env:
DOCKER_IMAGE_NAME: "grimoirelab/grimoirelab"
jobs:
package-ready:
runs-on: ubuntu-latest
steps:
- name: Set up Python 3.8
uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # v4.3.0
with:
python-version: 3.8
- name: Wait for GrimoireLab package ready in PyPI
run: |
package="grimoirelab"
ref_name="${{github.ref_name}}"
input_version="${{inputs.version}}"
version="${input_version:-$ref_name}"
# Format version 1.2.3-rc.1 to 1.2.3rc1
versionNum=${version%-*}
versionRC=${version#$versionNum}
versionRC=${versionRC//[-.]/}
currentVersion="${versionNum}${versionRC}"
pip install --upgrade pip
for i in $(seq 20)
do
pip index versions --pre $package > pip_versions.txt
pipVersion=$(cat pip_versions.txt | head -n 1 | cut -f2 -d '(' | cut -f1 -d ')')
echo "$currentVersion $pipVersion"
if [ "$pipVersion" = "$currentVersion" ]
then
echo "Same version"
exit 0
fi
echo "Wait for PyPI..."
sleep 10
done
echo "Latest version doesn't match after several retries"
exit 1
build-image:
runs-on: ubuntu-latest
needs: [package-ready]
environment: docker-release
steps:
- name: Install Cosign
uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
- name: Docker metadata
id: meta
uses: docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea # v4.1.1
with:
images: |
${{ env.DOCKER_IMAGE_NAME }}
tags: |
type=semver,pattern={{version}},value=${{ inputs.version }}
- name: Set up QEMU
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
with:
platforms: linux/arm64
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@95cb08cb2672c73d4ffd2f422e6d11953d2a9c70 # v2.1.0
- name: Login to DockerHub
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
id: build-and-push
uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
with:
platforms: linux/amd64,linux/arm64
context: "{{defaultContext}}:docker"
push: true
tags: ${{ steps.meta.outputs.tags }}
- name: Sign image with a key
run: |
echo "${TAGS}" | xargs -I {} cosign sign -y -r --key env://COSIGN_PRIVATE_KEY "{}@${DIGEST}"
env:
TAGS: ${{ steps.meta.outputs.tags }}
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
DIGEST: ${{ steps.build-and-push.outputs.digest }}