forked from DefectDojo/django-DefectDojo
-
Notifications
You must be signed in to change notification settings - Fork 0
103 lines (93 loc) · 3.9 KB
/
new-release-tag-docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
name: "Release: 2. tag, release, docker push"
env:
GIT_USERNAME: "DefectDojo release bot"
GIT_EMAIL: "dojo-release-bot@users.noreply.github.com"
workflow_name: 'release 2 tag release docker push' # needed in cache key, which doesn't support comma's
on:
workflow_dispatch:
inputs:
# the actual branch that can be chosen on the UI is made irrelevant by further steps
# because someone will forget one day to change it.
release_number:
description: 'Release version (x.y.z format)'
required: true
jobs:
tag-and-release:
runs-on: ubuntu-latest
steps:
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Checkout
uses: actions/checkout@v2
with:
ref: master
- name: Configure git
run: |
git config --global user.name "${{ env.GIT_USERNAME }}"
git config --global user.email "${{ env.GIT_EMAIL }}"
- name: Create new tag ${{ github.event.inputs.release_number }}
# at this point, the PR from the 1st workflow is merged into master.
run: |
git tag -a ${{ github.event.inputs.release_number }} -m "[bot] release ${{ github.event.inputs.release_number }}"
git push origin ${{ github.event.inputs.release_number }}
- name: Create release ${{ github.event.inputs.release_number }}
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.event.inputs.release_number }} # this does not create a tag
release_name: Release ${{ github.event.inputs.release_number }}
body: |
Fill in with release drafter information manually for now, then publish.
draft: true
prerelease: false
job-build-and-push:
needs: tag-and-release
runs-on: ubuntu-latest
strategy:
matrix:
docker-image: [django, nginx]
steps:
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Checkout tag
uses: actions/checkout@v2
with:
ref: ${{ github.event.inputs.release_number }}
- id: set-repo-org
run: echo ::set-output name=repoorg::${GITHUB_REPOSITORY%%/*} | tr '[:upper:]' '[:lower:]'
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Cache Docker layers
uses: actions/cache@v2
env:
docker-image: ${{ matrix.docker-image }}
with:
path: /tmp/.buildx-cache-${{ env.docker-image }}
key: ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ env.workflow_name }}-${{ github.sha }}-${{ github.run_id }}
restore-keys: |
${{ runner.os }}-buildx-${{ env.docker-image }}-${{ env.workflow_name}}-${{ github.sha }}
${{ runner.os }}-buildx-${{ env.docker-image }}-${{ env.workflow_name }}
${{ runner.os }}-buildx-${{ env.docker-image }}-
- name: Build and push images
uses: docker/build-push-action@v2
env:
REPO_ORG: ${{ steps.set-repo-org.outputs.repoorg }}
docker-image: ${{ matrix.docker-image }}
with:
push: true
tags: ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:${{ github.event.inputs.release_number }}, ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:latest
file: ./Dockerfile.${{ env.docker-image }}
context: .
cache-from: type=local,src=/tmp/.buildx-cache-${{ env.docker-image }}
cache-to: type=local,dest=/tmp/.buildx-cache-${{ env.docker-image }}
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}