-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yml
156 lines (156 loc) · 4.93 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
name: 'docker-build'
description: 'Build docker images'
author: 'Conventional Actions'
inputs:
name:
required: false
description: 'name of container'
dockerfile:
required: false
description: 'dockerfile path'
artifact:
required: false
description: 'name of the artifact if different from the container name'
platforms:
required: false
description: 'comma-separated list of platforms to build'
default: 'linux/amd64,linux/arm64'
buildkitd-flags:
required: false
description: 'buildkitd flags to use'
default: '--allow-insecure-entitlement network.host'
build-args:
description: "list of build-time variables"
required: false
target:
description: "sets the target stage to build"
required: false
snyk-token:
required: false
description: 'SNYK auth token'
default: ''
scan:
required: false
description: 'set to false to disable scan (default is true)'
default: 'true'
download-artifacts:
required: false
description: 'set to false to disable downloading artifacts'
default: 'true'
version-major:
required: false
description: 'major version number'
version-minor:
required: false
description: 'minor version number'
version-patch:
required: false
description: 'full path version number'
release-branch:
required: false
description: 'release branch name'
default: main
secret-files:
required: false
description: 'List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)'
runs:
using: composite
steps:
- id: setup
shell: bash
run: |
if [[ -z "${{ inputs.dockerfile }}" ]]; then
echo "dockerfile=docker/${{ inputs.name }}/Dockerfile" >> "$GITHUB_OUTPUT"
else
echo "dockerfile=${{ inputs.dockerfile }}" >> "$GITHUB_OUTPUT"
fi
if [[ -z "${{ inputs.artifact }}" ]]; then
echo "artifact=${{ inputs.name }}" >> "$GITHUB_OUTPUT"
else
echo "artifact=${{ inputs.artifact }}" >> "$GITHUB_OUTPUT"
fi
- name: Download docker artifact
uses: actions/download-artifact@v4
with:
name: docker
path: docker
- name: Download ${{ steps.setup.outputs.artifact }} amd64 binary
uses: actions/download-artifact@v4
if: ${{ success() && inputs.download-artifacts == 'true' && contains(inputs.platforms, 'amd64') }}
with:
name: ${{ steps.setup.outputs.artifact }}_linux_amd64
path: .build/linux-amd64
- name: Download ${{ steps.setup.outputs.artifact }} arm64 docker
uses: actions/download-artifact@v4
if: ${{ success() && inputs.download-artifacts == 'true' && contains(inputs.platforms, 'arm64') }}
with:
name: ${{ steps.setup.outputs.artifact }}_linux_arm64
path: .build/linux-arm64
- name: Set up QEMU
id: qemu
uses: docker/setup-qemu-action@v3
with:
platforms: ${{ inputs.platforms }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-flags: ${{ inputs.buildkitd-flags }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ env.GITHUB_TOKEN }}
- name: Build ${{ inputs.name }} container
id: build
if: ${{ success() && inputs.scan == 'true' }}
uses: docker/build-push-action@v6
with:
context: .
file: ${{ steps.setup.outputs.dockerfile }}
push: false
load: true
allow: network.host
target: ${{ inputs.target }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: ${{ inputs.build-args }}
secret-files: ${{inputs.secret-files}}
- name: Scan ${{ inputs.name }} container
uses: conventional-actions/docker-scan@v1
if: ${{ success() && inputs.scan == 'true' }}
with:
file: ${{ steps.setup.outputs.dockerfile }}
image: ${{ steps.build.outputs.imageid }}
env:
SNYK_TOKEN: ${{ inputs.snyk-token }}
- name: Metadata for ${{ inputs.name }}
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository_owner }}/${{ inputs.name }}
tags: |
type=raw,value=latest
type=raw,value=${{ inputs.version-major }}
type=raw,value=${{ inputs.version-minor }}
type=raw,value=${{ inputs.version-patch }}
- name: Push ${{ inputs.name }} container
if: github.ref == format('refs/heads/{0}', inputs.release-branch)
uses: docker/build-push-action@v6
with:
context: .
file: ${{ steps.setup.outputs.dockerfile }}
push: true
load: false
allow: network.host
target: ${{ inputs.target }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: ${{ inputs.build-args }}
platforms: ${{ inputs.platforms }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
secret-files: ${{inputs.secret-files}}
branding:
icon: anchor
color: purple