Skip to content

Daily build

Daily build #587

# Github workflow that rebuilds already released images
name: Daily build
on:
schedule:
- cron: "0 1 * * 1-5"
workflow_dispatch:
inputs:
image_repo:
type: choice
description: "Target image repository for built images"
default: mongodb/mongodb-atlas-kubernetes-operator-prerelease
required: true
options:
- mongodb/mongodb-atlas-kubernetes-operator-prerelease
- mongodb/mongodb-atlas-kubernetes-operator
releases:
type: string
description: "Custom list of releases to rebuild"
default: ""
required: false
jobs:
read-versions:
name: Read config file
runs-on: ubuntu-latest
outputs:
date: ${{ steps.set-date.outputs.date }}
releases: ${{ steps.releases.outputs.releases }}
steps:
- name: Check out code
uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
- name: Set date
id: set-date
run: |
DATE=$(date +'%Y-%m-%d')
echo date=${DATE} >> $GITHUB_OUTPUT
- name: Releases
id: releases
run: |
if [ "${{ github.event.inputs.releases }}" == "" ]; then
echo "Computing supported releases..."
git fetch --tags
echo "releases=$(./scripts/supported-releases.sh)" | tee -a $GITHUB_OUTPUT
else
echo "Formatting ${{ github.event.inputs.releases }} as JSON array"
json_releases=$(echo "${{ github.event.inputs.releases }}" |tr "," "\n" |xargs -n1 |awk '{print "\""$1"\""}' |tr "\n" "," |sed 's/,$//' |awk '{print "["$1"]"}')
echo "releases=$json_releases" | tee -a $GITHUB_OUTPUT
fi
build-and-publish-image:
environment: release
runs-on: ubuntu-latest
needs:
- read-versions
env:
IMAGE_REPOSITORY: ${{ github.event.inputs.image_repo || 'mongodb/mongodb-atlas-kubernetes-operator' }}
QUAY_ROBOT_NAME: mongodb+mongodb_atlas_kubernetes
PLATFORMS: "linux/arm64,linux/amd64"
strategy:
matrix:
version: ${{ fromJSON(needs.read-versions.outputs.releases) }}
steps:
- name: Print daily tag
id: daily-tag
run: |
DAILY_TAG="${{ matrix.version }}-${{needs.read-versions.outputs.date}}"
echo "daily-tag=${DAILY_TAG}" >> $GITHUB_OUTPUT
- name: Rebuild ${{matrix.version}}
run: |
echo "Building ${{matrix.version}} version"
- name: Check out code
uses: actions/checkout@v4
with:
ref: "v${{ matrix.version }}"
submodules: true
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: "${{ github.workspace }}/go.mod"
cache: false
- name: Setup cache
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-build-${{ hashFiles('**/go.sum', '**/go.mod') }}
- name: Download go build dependencies
shell: bash
run: |
go mod download
- name: Choose Dockerfile
id: pick-dockerfile
run: |
if test -f "fast.Dockerfile"; then
echo "dockerfile=fast.Dockerfile" >> $GITHUB_OUTPUT
else
echo "dockerfile=Dockerfile" >> $GITHUB_OUTPUT
fi
- name: Check signing supported
id: check-signing-support
run: |
if test -f "./scripts/sign-multiarch.sh"; then
echo "sign=true" >> $GITHUB_OUTPUT
else
echo "sign=false" >> $GITHUB_OUTPUT
fi
- name: Build all platforms & check version
if: steps.pick-dockerfile.outputs.dockerfile == 'fast.Dockerfile'
run: |
make all-platforms VERSION=${{ matrix.version }}
# not all versiions Makefiles support the version check
if make |grep -q check-version; then
echo "Checking version..."
make check-version VERSION=${{ matrix.version }}
else
echo "Skipped version check"
fi
- name: "Set up Docker Buildx"
uses: docker/setup-buildx-action@v3
with:
platforms: ${{ env.PLATFORMS }}
- name: Login to docker registry
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to quay.io registry
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ env.QUAY_ROBOT_NAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Build and push operator to the DockerHub (daily-tag & release-tag)
uses: docker/build-push-action@v5
with:
context: .
file: ${{ steps.pick-dockerfile.outputs.dockerfile }}
build-args: VERSION=${{ matrix.version }}
platforms: ${{ env.PLATFORMS }}
cache-from: type=gha
cache-to: type=gha,mode=max
push: true
sbom: true
tags: |
${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }}
${{ env.IMAGE_REPOSITORY }}:${{ matrix.version }}
quay.io/${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }}
quay.io/${{ env.IMAGE_REPOSITORY }}:${{ matrix.version }}
- name: Login to artifactory.corp.mongodb.com
if: steps.check-signing-support.outputs.sign == 'true'
uses: docker/login-action@v3
with:
registry: artifactory.corp.mongodb.com
username: ${{ secrets.MDB_ARTIFACTORY_USERNAME }}
password: ${{ secrets.MDB_ARTIFACTORY_PASSWORD }}
- name: Sign images
if: steps.check-signing-support.outputs.sign == 'true'
env:
PKCS11_URI: ${{ secrets.PKCS11_URI }}
GRS_USERNAME: ${{ secrets.GRS_USERNAME }}
GRS_PASSWORD: ${{ secrets.GRS_PASSWORD }}
run: |
make sign IMG="${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }}" SIGNATURE_REPO=${{ env.IMAGE_REPOSITORY }}
make sign IMG="quay.io/${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }}" SIGNATURE_REPO=${{ env.IMAGE_REPOSITORY }}
make sign IMG="${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }}" SIGNATURE_REPO=mongodb/signatures
- name: Self-verify images
if: steps.check-signing-support.outputs.sign == 'true'
env:
PKCS11_URI: ${{ secrets.PKCS11_URI }}
GRS_USERNAME: ${{ secrets.GRS_USERNAME }}
GRS_PASSWORD: ${{ secrets.GRS_PASSWORD }}
run: |
make verify IMG="${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }}" SIGNATURE_REPO=${{ env.IMAGE_REPOSITORY }}
make verify IMG="quay.io/${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }}" SIGNATURE_REPO=${{ env.IMAGE_REPOSITORY }}
make verify IMG="${{ env.IMAGE_REPOSITORY }}:${{ steps.daily-tag.outputs.daily-tag }}" SIGNATURE_REPO=mongodb/signatures