diff --git a/.github/workflows/build-php.yml b/.github/workflows/build-php.yml index 9fe2d0c..28c4232 100644 --- a/.github/workflows/build-php.yml +++ b/.github/workflows/build-php.yml @@ -19,19 +19,30 @@ on: description: Dockerfile path type: string default: Dockerfile + secrets: + description: List of secrets to expose to the build + type: string + required: false + disable-apparmor: + description: Disable AppArmor for the build + type: boolean + default: false jobs: build: name: Build Image runs-on: ${{ inputs.runs-on }} steps: + - name: Checkout uses: actions/checkout@v6 + - name: Image name id: image_name uses: ASzc/change-string-case-action@v8 with: string: ${{ inputs.image-name }} + - name: Log in to the Container registry uses: docker/login-action@v4 if: ${{ github.actor != 'dependabot[bot]' }} @@ -39,27 +50,36 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + + - name: Disable AppArmor + if: ${{ inputs.disable-apparmor }} + uses: cisagov/action-disable-apparmor@v1 + - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@v4 + - name: Build and Push by digest (runtime) - uses: specsnl/github-actions/build-target@1.2.0 + uses: specsnl/github-actions/build-target@1.2.1 with: platform: ${{ inputs.platform }} image-name: ${{ steps.image_name.outputs.lowercase }} dockerfile: ${{ inputs.dockerfile }} target: runtime + - name: Build and Push by digest (builder) - uses: specsnl/github-actions/build-target@1.2.0 + uses: specsnl/github-actions/build-target@1.2.1 with: platform: ${{ inputs.platform }} image-name: ${{ steps.image_name.outputs.lowercase }} dockerfile: ${{ inputs.dockerfile }} target: builder + - name: Build and Push by digest (builder_nodejs) - uses: specsnl/github-actions/build-target@1.2.0 + uses: specsnl/github-actions/build-target@1.2.1 with: platform: ${{ inputs.platform }} image-name: ${{ steps.image_name.outputs.lowercase }} dockerfile: ${{ inputs.dockerfile }} target: builder_nodejs + secrets: ${{ inputs.secrets }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7acd4f5..987a38b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,14 +27,24 @@ on: description: Custom image description (overrides repository description) type: string required: false + secrets: + description: List of secrets to expose to the build + type: string + required: false + disable-apparmor: + description: Disable AppArmor for the build + type: boolean + default: false jobs: build: name: Build Image runs-on: ${{ inputs.runs-on }} steps: + - name: Checkout uses: actions/checkout@v6 + - name: Log in to the Container registry uses: docker/login-action@v4 if: ${{ github.actor != 'dependabot[bot]' }} @@ -42,18 +52,26 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + + - name: Disable AppArmor + if: ${{ inputs.disable-apparmor }} + uses: cisagov/action-disable-apparmor@v1 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 + - name: Image name id: image_name uses: ASzc/change-string-case-action@v8 with: string: ${{ inputs.image-name }} + - name: Build and Push by digest - uses: specsnl/github-actions/build-image@1.2.0 + uses: specsnl/github-actions/build-image@1.2.1 with: dockerfile: ${{ inputs.dockerfile }} platform: ${{ inputs.platform }} image-name: ${{ steps.image_name.outputs.lowercase }} title: ${{ inputs.title }} description: ${{ inputs.description }} + secrets: ${{ inputs.secrets }} diff --git a/.github/workflows/merge-php.yml b/.github/workflows/merge-php.yml index 66e5481..ff55cc9 100644 --- a/.github/workflows/merge-php.yml +++ b/.github/workflows/merge-php.yml @@ -36,44 +36,50 @@ on: type: string required: false - jobs: merge: name: Merge Images runs-on: ${{ inputs.runs-on }} if: ${{ github.actor != 'dependabot[bot]' }} steps: + - name: Checkout uses: actions/checkout@v6 + - name: Image name id: image_name uses: ASzc/change-string-case-action@v8 with: string: ${{ inputs.image-name }} + - name: Log in to the Container registry uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 + - name: Create Manifest (runtime) - uses: specsnl/github-actions/create-manifest-for-target@1.2.0 + uses: specsnl/github-actions/create-manifest-for-target@1.2.1 with: image-name: ${{ steps.image_name.outputs.lowercase }} target: runtime description: ${{ inputs.description-runtime }} title: ${{ inputs.title-runtime }} + - name: Create Manifest (builder) - uses: specsnl/github-actions/create-manifest-for-target@1.2.0 + uses: specsnl/github-actions/create-manifest-for-target@1.2.1 with: image-name: ${{ steps.image_name.outputs.lowercase }} target: builder description: ${{ inputs.description-builder }} title: ${{ inputs.title-builder }} + - name: Create Manifest (builder_nodejs) - uses: specsnl/github-actions/create-manifest-for-target@1.2.0 + uses: specsnl/github-actions/create-manifest-for-target@1.2.1 with: image-name: ${{ steps.image_name.outputs.lowercase }} target: builder_nodejs diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml index ec6428f..f5aa37f 100644 --- a/.github/workflows/merge.yml +++ b/.github/workflows/merge.yml @@ -26,23 +26,28 @@ jobs: runs-on: ${{ inputs.runs-on }} if: ${{ github.actor != 'dependabot[bot]' }} steps: + - name: Checkout uses: actions/checkout@v6 + - name: Image name id: image_name uses: ASzc/change-string-case-action@v8 with: string: ${{ inputs.image-name }} + - name: Log in to the Container registry uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 + - name: Create Manifest - uses: specsnl/github-actions/create-manifest@1.2.0 + uses: specsnl/github-actions/create-manifest@1.2.1 with: image-name: ${{ steps.image_name.outputs.lowercase }} title: ${{ inputs.title }} diff --git a/build-image/action.yml b/build-image/action.yml index 70a23df..27ac731 100644 --- a/build-image/action.yml +++ b/build-image/action.yml @@ -30,11 +30,13 @@ inputs: runs: using: composite steps: + - name: Prepare shell: bash run: | platform=${{ inputs.platform }} echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Docker meta id: meta uses: docker/metadata-action@v6 @@ -46,6 +48,7 @@ runs: annotations: | ${{ inputs.title != '' && format('org.opencontainers.image.title={0}', inputs.title) || '' }} ${{ inputs.description != '' && format('org.opencontainers.image.description={0}', inputs.description) || '' }} + - name: Build and push by digest id: build uses: docker/build-push-action@v7 @@ -61,12 +64,14 @@ runs: cache-from: type=gha,scope=${{ inputs.dockerfile }}-${{ env.PLATFORM_PAIR }} cache-to: type=gha,mode=max,scope=${{ inputs.dockerfile }}-${{ env.PLATFORM_PAIR }} secrets: ${{ inputs.secrets }} + - name: Export digest shell: bash run: | mkdir -p ${{ runner.temp }}/digests digest="${{ steps.build.outputs.digest }}" touch "${{ runner.temp }}/digests/${digest#sha256:}" + - name: Upload digest uses: actions/upload-artifact@v7 with: diff --git a/build-target/action.yml b/build-target/action.yml index a54eaea..8f39c54 100644 --- a/build-target/action.yml +++ b/build-target/action.yml @@ -34,6 +34,7 @@ inputs: runs: using: composite steps: + - name: Prepare shell: bash run: | @@ -42,6 +43,7 @@ runs: image_name=${{ inputs.image-name }} echo "SAFE_IMAGE_NAME=${image_name//\//-}" >> $GITHUB_ENV + - name: Docker meta (${{ inputs.target }}) id: meta uses: docker/metadata-action@v6 @@ -53,6 +55,7 @@ runs: annotations: | ${{ inputs.title != '' && format('org.opencontainers.image.title={0}', inputs.title) || '' }} ${{ inputs.description != '' && format('org.opencontainers.image.description={0}', inputs.description) || '' }} + - name: Build and push by digest (${{ inputs.target }}) id: build uses: docker/build-push-action@v7 @@ -69,12 +72,14 @@ runs: cache-from: type=gha,scope=${{ inputs.dockerfile }}-${{ env.PLATFORM_PAIR }}-${{ inputs.target }} cache-to: type=gha,mode=max,scope=${{ inputs.dockerfile }}-${{ env.PLATFORM_PAIR }}-${{ inputs.target }} secrets: ${{ inputs.secrets }} + - name: Export digest (${{ inputs.target }}) shell: bash run: | mkdir -p ${{ runner.temp }}/digests/${{ env.SAFE_IMAGE_NAME }}/${{ inputs.target }} digest="${{ steps.build.outputs.digest }}" touch "${{ runner.temp }}/digests/${{ env.SAFE_IMAGE_NAME }}/${{ inputs.target }}/${digest#sha256:}" + - name: Upload digest (${{ inputs.target }}) uses: actions/upload-artifact@v7 with: diff --git a/create-manifest-for-target/action.yml b/create-manifest-for-target/action.yml index caeb98f..9213647 100644 --- a/create-manifest-for-target/action.yml +++ b/create-manifest-for-target/action.yml @@ -26,22 +26,26 @@ inputs: runs: using: composite steps: + - name: Prepare shell: bash run: | image_name=${{ inputs.image-name }} echo "SAFE_IMAGE_NAME=${image_name//\//-}" >> $GITHUB_ENV + - name: Download digests (${{ inputs.target }}) uses: actions/download-artifact@v8 with: path: ${{ runner.temp }}/digests/${{ env.SAFE_IMAGE_NAME }}/${{ inputs.target }} pattern: digests-${{ env.SAFE_IMAGE_NAME }}-${{ inputs.target }}-* merge-multiple: true + - name: Raw tag id: raw_tag uses: ASzc/change-string-case-action@v8 with: string: ${{ inputs.raw-tag }} + - name: Docker meta (${{ inputs.target }}) id: meta uses: docker/metadata-action@v6 @@ -60,6 +64,7 @@ runs: annotations: | ${{ inputs.title != '' && format('org.opencontainers.image.title={0}', inputs.title) || '' }} ${{ inputs.description != '' && format('org.opencontainers.image.description={0}', inputs.description) || '' }} + - name: Create manifest list and push (${{ inputs.target }}) working-directory: ${{ runner.temp }}/digests/${{ env.SAFE_IMAGE_NAME }}/${{ inputs.target }} shell: bash @@ -72,6 +77,7 @@ runs: images=$(printf '${{ inputs.image-name }}@sha256:%s ' *) docker buildx imagetools create "${tags[@]}" "${annotations[@]}" $images + - name: Inspect image shell: bash run: | diff --git a/create-manifest/action.yml b/create-manifest/action.yml index ef27b3b..b967e02 100644 --- a/create-manifest/action.yml +++ b/create-manifest/action.yml @@ -28,11 +28,13 @@ runs: path: ${{ runner.temp }}/digests pattern: digests-* merge-multiple: true + - name: Raw tag id: raw_tag uses: ASzc/change-string-case-action@v8 with: string: ${{ inputs.raw-tag }} + - name: Docker meta id: meta uses: docker/metadata-action@v6 @@ -50,6 +52,7 @@ runs: annotations: | ${{ inputs.title != '' && format('org.opencontainers.image.title={0}', inputs.title) || '' }} ${{ inputs.description != '' && format('org.opencontainers.image.description={0}', inputs.description) || '' }} + - name: Create manifest list and push working-directory: ${{ runner.temp }}/digests shell: bash @@ -62,6 +65,7 @@ runs: images=$(printf '${{ inputs.image-name }}@sha256:%s ' *) docker buildx imagetools create "${tags[@]}" "${annotations[@]}" $images + - name: Inspect image shell: bash run: |