ditkrg/build-image-workflow
4
0
Fork 0
mirror of https://github.com/ditkrg/build-image-workflow.git synced 2026-01-23 08:16:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ditkrg:main
Branches Tags
ditkrg:main
ditkrg:v1.3.0
ditkrg:v1.2.8
ditkrg:v1.2.7
ditkrg:v1.2.6
ditkrg:v1.2.5
ditkrg:v1.2.4
ditkrg:v1.2.3
ditkrg:v1
ditkrg:v1.2.2
ditkrg:v1.2.1
ditkrg:v1.2.0
ditkrg:v1.1.0
ditkrg:v1.0.1
ditkrg:v1.0.0
..
compare: ditkrg:v1.1.0
Branches Tags
ditkrg:main
ditkrg:v1.3.0
ditkrg:v1.2.8
ditkrg:v1.2.7
ditkrg:v1.2.6
ditkrg:v1.2.5
ditkrg:v1.2.4
ditkrg:v1.2.3
ditkrg:v1
ditkrg:v1.2.2
ditkrg:v1.2.1
ditkrg:v1.2.0
ditkrg:v1.1.0
ditkrg:v1.0.1
ditkrg:v1.0.0

No commits in common. "main" and "v1.1.0" have entirely different histories.
main ... v1.1.0

4 changed files with 5 additions and 376 deletions
Show Stats Expand all files Collapse all files

32
.github/workflows/update-main-version.yaml vendored
View File

@ -1,32 +0,0 @@
name: Release
on:
push:
tags:
- v[0-9]+.[0-9]+.[0-9]+
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: version
id: version
run: |
tag=${GITHUB_REF/refs\/tags\//}
version=${tag#v}
major=${version%%.*}
echo "tag=${tag}" >> $GITHUB_OUTPUT
echo "version=${version}" >> $GITHUB_OUTPUT
echo "major=${major}" >> $GITHUB_OUTPUT
- name: force update major tag
run: |
git config user.name github-actions
git config user.email github-actions@github.com
git tag v${{ steps.version.outputs.major }} ${{ steps.version.outputs.tag }} -f
git push origin refs/tags/v${{ steps.version.outputs.major }} -f

8
.github/workflows/workflow.yaml vendored
View File

@ -53,11 +53,11 @@ jobs:
tags: ${{ steps.meta.outputs.tags }}
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
- id: meta
name: Extract Metadata
uses: docker/metadata-action@v5
uses: docker/metadata-action@v4
with:
images: ${{ inputs.registry }}/${{ inputs.image }}
flavor: latest=false
@ -75,14 +75,14 @@ jobs:
type=semver,pattern={{version}},priority=9999 #1
- name: Login to Registry
uses: docker/login-action@v3
uses: docker/login-action@v2
with:
registry: ${{ inputs.registry }}
username: ${{ secrets.username }}
password: ${{ secrets.password }}
- name: Build Docker images
uses: docker/build-push-action@v6
uses: docker/build-push-action@v4
with:
push: true
file: ${{ inputs.file }}

160
README.md
View File

@ -1,159 +1 @@
# Build Image Workflow
This GitHub Action automates the process of building and pushing a Docker image to a self-hosted registry. The workflow includes setting up Docker Buildx, extracting metadata, logging in to the registry, and building and pushing the Docker image.
## Inputs
### `image` (required)
- Description: Image Name
- Required: true
### `build-args` (optional)
- Description: Build Arguments
- Required: false
### `file` (optional)
- Description: Dockerfile Path
- Required: false
### `registry` (required)
- Description: Registry URL
- Required: true
- Default: reg.dev.krd
### `username` (required)
- Description: Username for the registry
- Required: true
### `password` (required)
- Description: Password for the registry
- Required: true
### `build-secrets` (optional)
- Description: Build Secrets
- Required: false
## Outputs
### `tag`
- Description: Image Tag
- Value: ${{ steps.meta.outputs.tags[0] }}
### `tags`
- Description: Image Tags
- Value: ${{ steps.meta.outputs.tags }}
## Workflow Steps
1. **Set up Docker Buildx:**
- Uses: docker/setup-buildx-action@v3
2. **Extract Metadata:**
- Uses: docker/metadata-action@v5
- Inputs:
- `images`: ${{ inputs.registry }}/${{ inputs.image }}
- `flavor`: latest=false
- `tags`:
- Cache: `type=raw,value=${{ github.ref_name }}-cache`
- Branches: `type=ref,event=branch`, `type=ref,event=branch,suffix=-{{sha}},priority=8888`
- Releases: `type=semver,pattern={{major}}`, `type=semver,pattern={{major}}.{{minor}}`, `type=semver,pattern={{version}},priority=9999`
3. **Login to Registry:**
- Uses: docker/login-action@v3
- Inputs:
- `registry`: ${{ inputs.registry }}
- `username`: ${{ inputs.username }}
- `password`: ${{ inputs.password }}
4. **Build Docker images:**
- Uses: docker/build-push-action@v5
- Inputs:
- `push`: true
- `file`: ${{ inputs.file }}
- `tags`: ${{ steps.meta.outputs.tags }}
- `cache-to`: `type=inline`
- `cache-from`: `type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:${{ github.ref_name }}-cache`
- `build-args`: ${{ inputs.build-args }}
- `secrets`: ${{ inputs.build-secrets }}
## Example Usage
```yaml
name: Build Image Workflow
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Build and Push Image
uses: ditkrg/build-image-workflow@v1
with:
image: "my-docker-image"
registry: "my-registry.example.com"
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
build-args: "EXAMPLE=123"
build-secrets: "EXAMPLE=****"
file: "path/to/Dockerfile"
```
If you want to use it with our GitOps Action:
```yaml
name: Deploy
on:
push:
branches:
- dev
- main
tags:
- v[0-9]+.[0-9]+.[0-9]+
paths-ignore:
- "**.md"
- ".vscode/**"
- ".github/**"
- "!.github/workflows/tests-base.yaml"
- "!.github/workflows/deploy.yaml"
jobs:
build:
runs-on: ubuntu-latest
concurrency: build-${{ github.ref_name }}
outputs:
tag: ${{ steps.build-image.outputs.tag }}
tags: ${{ steps.build-image.outputs.tags }}
steps:
- id: build-image
name: Build and Push Image
uses: ditkrg/build-image-workflow@v1
with:
image: "my-docker-image"
registry: "my-registry.example.com"
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
build-args: "EXAMPLE=123"
build-secrets: "EXAMPLE=****"
file: "path/to/Dockerfile"
update-gitops:
runs-on: ubuntu-latest
concurrency: pr-${{ github.ref_name }}
needs: build
steps:
- name: Update gitops
uses: ditkrg/update-gitops-image@v1
with:
owner: ditkrg
repo: GITOPS_REPO
app-id: ${{ secrets.APP_ID }}
image-tag: ${{ needs.build.outputs.tag }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
component-name: REPO_NAME
```
# build-image-action

181
action.yml
View File

@ -1,181 +0,0 @@
name: "Build, Scan and Push Image"
description: "Build, Scan and Push Image to Self Hosted Registry"
inputs:
push:
description: "Push to Registry"
required: false
default: "true"
image:
description: "Image Name"
required: true
build-args:
description: "Build Arguments"
required: false
file:
description: "Dockerfile Path"
required: false
registry:
description: "Registry URL"
required: true
default: reg.dev.krd
username:
required: true
description: "Username for registry"
password:
required: true
description: "Password for registry"
build-secrets:
required: false
description: "Build Secrets"
harbor-scan-report:
required: false
default: "true"
description: "Should try to get harbor scan report"
comment-harbor-scan-report:
required: false
default: "true"
description: "Should comment harbor scan report on PR"
harbor-scan-report-comment-marker:
required: false
default: '<!-- actions-comment-pull-request "build-and-push" -->'
description: "Comment marker for harbor scan report"
outputs:
digest:
description: "Digest"
value: ${{ steps.build-and-push.outputs.digest }}
tag:
description: "Image Tag"
value: ${{ steps.set_tag.outputs.tag }}
tags:
description: "Image Tags"
value: ${{ steps.meta.outputs.tags }}
runs:
using: "composite"
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- id: meta
name: Extract Metadata
uses: docker/metadata-action@v5
with:
images: ${{ inputs.registry }}/${{ inputs.image }}
flavor: latest=false
tags: |
# Pull Request
type=ref,event=pr
type=ref,event=pr,suffix=-{{sha}},priority=8887 # 2
# Branches
type=ref,event=branch
type=ref,event=branch,suffix=-{{sha}},priority=8888 # 2
# Releases
type=semver,pattern={{major}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{version}},priority=9999 #1
- name: Login to Registry
uses: docker/login-action@v3
with:
registry: ${{ inputs.registry }}
username: ${{ inputs.username }}
password: ${{ inputs.password }}
- name: Build Docker images
uses: docker/build-push-action@v6
id: build-and-push
with:
push: ${{ inputs.push }}
file: ${{ inputs.file }}
tags: ${{ steps.meta.outputs.tags }}
cache-to: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache,mode=max
cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache
build-args: ${{ inputs.build-args }}
secrets: ${{ inputs.build-secrets }}
- name: Set Tag
id: set_tag
shell: bash
run: |
extracted_tag=$(echo "$json" | jq -r '.tags | .[0]')
echo "tag=$extracted_tag" >> $GITHUB_OUTPUT
env:
tags: ${{ steps.meta.outputs.tags }}
json: ${{ steps.meta.outputs.json }}
- name: Harbor Scan Results
id: harbor-scan-results
if: ${{ inputs.harbor-scan-report }} == 'true'
uses: ditkrg/harbor-scan-results-action@main
with:
image: ${{ steps.set_tag.outputs.tag }}
username: ${{ inputs.username }}
password: ${{ inputs.password }}
digest: ${{ steps.build-and-push.outputs.digest }}
- name: Comment on active branch PR
uses: actions/github-script@v7
if: ${{ inputs.comment-harbor-scan-report }} == 'true'
env:
COMMENT_MARKER: ${{ inputs.harbor-scan-report-comment-marker }}
TRIVY_SCAN_RESULTS: ${{ steps.harbor-scan-results.outputs.report-markdown }}
with:
script: |
const prs = await github.rest.pulls.list({
owner: context.repo.owner,
repo: context.repo.repo,
head: `${context.repo.owner}:${context.ref.replace('refs/heads/', '')}`
});
if (prs.data.length <= 0) {
console.log('No open PR found for the current branch');
return;
}
const pr = prs.data[0];
// Check if there's already a comment from this workflow
const comments = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pr.number
});
const comment_marker = process.env.COMMENT_MARKER;
const buildComment = comments.data.find(comment =>
comment.body.includes(comment_marker)
);
const commentBody = `${comment_marker}
${process.env.TRIVY_SCAN_RESULTS}
`;
if (buildComment) {
// Update existing comment
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: buildComment.id,
body: commentBody
});
console.log(`Updated comment to PR #${pr.number}`);
} else {
// Create new comment
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pr.number,
body: commentBody
});
console.log(`Added comment to PR #${pr.number}`);
}