From c3718b24f6ad39229a4560ef92faca88057e4d1a Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Tue, 20 Feb 2024 15:23:32 +0000 Subject: [PATCH 1/2] treat forked_workflow as a string in ci.yml --- .github/workflows/ci.yml | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bf3601880e..e1662e509a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -247,7 +247,7 @@ jobs: - name: Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - if: ${{ ! needs.checks.outputs.forked_workflow }} + if: ${{ needs.checks.outputs.forked_workflow == 'false' }} - name: Authenticate to Google Cloud id: auth @@ -256,7 +256,7 @@ jobs: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - if: ${{ ! needs.checks.outputs.forked_workflow }} + if: ${{ needs.checks.outputs.forked_workflow == 'false' }} - name: Login to GCR uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 @@ -264,18 +264,18 @@ jobs: registry: gcr.io username: oauth2accesstoken password: ${{ steps.auth.outputs.access_token }} - if: ${{ ! needs.checks.outputs.forked_workflow }} + if: ${{ needs.checks.outputs.forked_workflow == 'false' }} - name: Check if base images exist id: base_exists run: | docker manifest inspect gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/oss:${{ needs.checks.outputs.docker_md5 }}-debian echo "exists=$?" >> $GITHUB_OUTPUT - if: ${{ ! needs.checks.outputs.forked_workflow }} + if: ${{ needs.checks.outputs.forked_workflow == 'false' }} - name: Rebuild base images uses: ./.github/workflows/build-base-images.yml - if: ${{ ! needs.checks.outputs.forked_workflow && steps.base_exists.outputs.exists != 0 }} + if: ${{ needs.checks.outputs.forked_workflow == 'false' && steps.base_exists.outputs.exists != 0 }} helm-tests: name: Helm Tests @@ -311,7 +311,7 @@ jobs: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - if: ${{ ! needs.checks.outputs.forked_workflow }} + if: ${{ needs.checks.outputs.forked_workflow == 'false' }} - name: Login to GCR uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 @@ -319,7 +319,7 @@ jobs: registry: gcr.io username: oauth2accesstoken password: ${{ steps.auth.outputs.access_token }} - if: ${{ ! needs.checks.outputs.forked_workflow }} + if: ${{ needs.checks.outputs.forked_workflow == 'false' }} - name: Build Docker Image ${{ matrix.image }} uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 @@ -327,7 +327,7 @@ jobs: file: build/Dockerfile context: "." cache-from: type=gha,scope=${{ matrix.image }} - target: goreleaser${{ ! needs.checks.outputs.forked_workflow && '-prebuilt' || '' }} + target: goreleaser${{ needs.checks.outputs.forked_workflow == 'false' && '-prebuilt' || '' }} tags: ${{ matrix.type }}:${{ github.sha }} pull: true load: true @@ -414,7 +414,7 @@ jobs: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - if: ${{ ! needs.checks.outputs.forked_workflow }} + if: ${{ needs.checks.outputs.forked_workflow == 'false' }} - name: Login to GCR uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 @@ -422,7 +422,7 @@ jobs: registry: gcr.io username: oauth2accesstoken password: ${{ steps.auth.outputs.access_token }} - if: ${{ ! needs.checks.outputs.forked_workflow }} + if: ${{ needs.checks.outputs.forked_workflow == 'false' }} - name: Check if image exists id: check-image @@ -430,7 +430,7 @@ jobs: docker manifest inspect "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/test-runner:${{ hashFiles('./tests/requirements.txt') || 'latest' }}" shell: bash continue-on-error: true - if: ${{ ! needs.checks.outputs.forked_workflow }} + if: ${{ needs.checks.outputs.forked_workflow == 'false' }} - name: Build Test-Runner Container uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 @@ -440,9 +440,9 @@ jobs: cache-from: type=gha,scope=test-runner tags: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/test-runner:${{ hashFiles('./tests/requirements.txt') || 'latest' }}" pull: true - push: ${{ ! needs.checks.outputs.forked_workflow }} - load: ${{ needs.checks.outputs.forked_workflow }} - if: ${{ steps.check-image.outcome == 'failure' || needs.checks.outputs.forked_workflow }} + push: ${{ needs.checks.outputs.forked_workflow == 'false' }} + load: ${{ needs.checks.outputs.forked_workflow == 'true' }} + if: ${{ steps.check-image.outcome == 'failure' || needs.checks.outputs.forked_workflow == 'true' }} smoke-tests: name: ${{ matrix.images.label }} ${{ matrix.images.image }} smoke tests @@ -474,7 +474,7 @@ jobs: go-md5: ${{ needs.checks.outputs.go_code_md5 }} base-image-md5: ${{ needs.checks.outputs.docker_md5 }} test-image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/test-runner:${{ hashFiles('./tests/requirements.txt') || 'latest' }}" - forked-workflow: ${{ needs.checks.outputs.forked_workflow }} + forked-workflow: ${{ needs.checks.outputs.forked_workflow == 'true' }} - name: Upload Test Results uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 @@ -516,7 +516,7 @@ jobs: go-md5: ${{ needs.checks.outputs.go_code_md5 }} publish-image: ${{ needs.checks.outputs.publish_images == 'true' }} base-image-md5: ${{ needs.checks.outputs.docker_md5 }} - forked-workflow: ${{ needs.checks.outputs.forked_workflow }} + forked-workflow: ${{ needs.checks.outputs.forked_workflow == 'true' }} permissions: contents: read actions: read @@ -550,7 +550,7 @@ jobs: publish-aws-market-place: ${{ needs.checks.outputs.publish_images == 'true' && contains(matrix.target, 'aws') }} publish-gcp-market-place: ${{ needs.checks.outputs.publish_images == 'true' && ! contains(matrix.target, 'aws') }} publish-nginx-reqistry: ${{ needs.checks.outputs.publish_images == 'true' && ! contains(matrix.target, 'aws') }} - forked-workflow: ${{ needs.checks.outputs.forked_workflow }} + forked-workflow: ${{ needs.checks.outputs.forked_workflow == 'true' }} permissions: contents: read security-events: write @@ -609,7 +609,7 @@ jobs: publish-aws-market-place: ${{ github.ref_type == 'tag' && contains(matrix.target, 'aws') }} publish-gcp-market-place: ${{ github.ref_type == 'tag' && ! contains(matrix.target, 'aws') }} publish-nginx-reqistry: ${{ github.ref_type != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') && ! contains(matrix.target, 'aws') }} - forked-workflow: ${{ needs.checks.outputs.forked_workflow }} + forked-workflow: ${{ needs.checks.outputs.forked_workflow == 'true' }} permissions: contents: read security-events: write From 504aac7ff8870c3dc5ed3949b1e6722b621cca2c Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Tue, 20 Feb 2024 17:47:47 +0000 Subject: [PATCH 2/2] adjust logic for publishing to registries --- .github/workflows/ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e1662e509a..4a04cd7228 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -88,7 +88,7 @@ jobs: publish=false if ${{ github.event_name == 'workflow_dispatch' && inputs.publish-image }}; then publish=true - elif ${{ github.ref_type == 'tag' }}; then + elif ${{ github.ref_type == 'tag' && startsWith(github.ref, 'refs/heads/release-') }}; then publish=true elif ${{ github.event_name != 'workflow_dispatch' && github.event_name != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') }}; then publish=true @@ -547,8 +547,8 @@ jobs: base-image-md5: ${{ needs.checks.outputs.docker_md5 }} release-url: ${{ needs.release-notes.outputs.release-url }} publish-image: ${{ needs.checks.outputs.publish_images == 'true' }} - publish-aws-market-place: ${{ needs.checks.outputs.publish_images == 'true' && contains(matrix.target, 'aws') }} - publish-gcp-market-place: ${{ needs.checks.outputs.publish_images == 'true' && ! contains(matrix.target, 'aws') }} + publish-aws-market-place: ${{ github.ref_type == 'tag' && startsWith(github.ref, 'refs/heads/release-') && contains(matrix.target, 'aws') }} + publish-gcp-market-place: ${{ github.ref_type == 'tag' && startsWith(github.ref, 'refs/heads/release-') && ! contains(matrix.target, 'aws') }} publish-nginx-reqistry: ${{ needs.checks.outputs.publish_images == 'true' && ! contains(matrix.target, 'aws') }} forked-workflow: ${{ needs.checks.outputs.forked_workflow == 'true' }} permissions: @@ -606,9 +606,9 @@ jobs: nap_modules: ${{ matrix.nap_modules }} release-url: ${{ needs.release-notes.outputs.release-url }} publish-image: ${{ needs.checks.outputs.publish_images == 'true' }} - publish-aws-market-place: ${{ github.ref_type == 'tag' && contains(matrix.target, 'aws') }} - publish-gcp-market-place: ${{ github.ref_type == 'tag' && ! contains(matrix.target, 'aws') }} - publish-nginx-reqistry: ${{ github.ref_type != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') && ! contains(matrix.target, 'aws') }} + publish-aws-market-place: ${{ github.ref_type == 'tag' && startsWith(github.ref, 'refs/heads/release-') && contains(matrix.target, 'aws') }} + publish-gcp-market-place: ${{ github.ref_type == 'tag' && startsWith(github.ref, 'refs/heads/release-') && ! contains(matrix.target, 'aws') }} + publish-nginx-reqistry: ${{ needs.checks.outputs.publish_images == 'true' && ! contains(matrix.target, 'aws') }} forked-workflow: ${{ needs.checks.outputs.forked_workflow == 'true' }} permissions: contents: read