Skip to content

Add gha

Add gha #62

Workflow file for this run

name: image-update
#on:
# schedule:
# - cron: '0 0 * * *'
on:
push:
branches:
- master
- feature/gha
jobs:
base-image-digest:
strategy:
matrix:
image:
- command: helm
base: alpine
repo: "https://github.com/helm/helm.git"
check: "https://get.helm.sh/helm-v${VERSION}-linux-amd64.tar.gz"
semverRange: ">=3.12.0"
- command: istioctl
base: alpine
repo: "https://github.com/istio/istio.git"
check: "https://github.com/istio/istio/releases/download/${VERSION}/istio-${VERSION}-linux-amd64.tar.gz"
semverRange: ">=1.21.0"
- command: kubectl
base: alpine
repo: "https://github.com/kubernetes/kubernetes.git"
check: "https://storage.googleapis.com/kubernetes-release/release/v${VERSION}/bin/linux/amd64/kubectl"
semverRange: ">=1.28.0"
- command: lego
base: alpine
repo: "https://github.com/go-acme/lego.git"
check: "https://github.com/go-acme/lego/releases/download/v${VERSION}/lego_v${VERSION}_linux_amd64.tar.gz"
semverRange: ">=4.15.0"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set Node.js 20.x
uses: actions/setup-node@v3
with:
node-version: 20.x
- name: Install semver
uses: borales/actions-yarn@v4
with:
cmd: global add semver
- name: Install regctl
uses: iarekylew00t/regctl-installer@v3
- name: Inspect latest alpine image
id: baseImage
run: |
# calculate digest
digest=$(regctl manifest digest ${{ matrix.image.base }}:latest)
echo "digest=${{ matrix.image.base }}@${digest}" >> $GITHUB_OUTPUT
# calculate checksum
checksum=$(envsubst '${repo_digest}' < ./cicd/checksum/Dockerfile | sha256sum | cut -d' ' -f1)
echo "checksum=${checksum}" >> $GITHUB_OUTPUT
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-flags: --debug
- name: Build and push
uses: docker/build-push-action@v6
env:
DOCKER_BUILD_RECORD_UPLOAD: false
with:
context: ./cicd/checksum
platforms: linux/amd64,linux/arm64
push: true
build-args: |
CHECKSUM=${{ steps.baseImage.outputs.checksum }}
REPO_DIGEST=${{ steps.baseImage.outputs.digest }}
cache-from: type=gha
cache-to: type=gha,mode=max
tags: |
ghcr.io/boxboat/${{ matrix.image.command }}:checksum
- name: Inspect checksum image
id: checksumImage
run: |
# calculate digest
digest="ghcr.io/boxboat/${{matrix.image.command }}@$(regctl manifest digest ghcr.io/boxboat/${{matrix.image.command }}:checksum)"
echo "digest=$digest" >> $GITHUB_OUTPUT
# calculate versions
versions=($(git ls-remote --tags "${{matrix.image.repo}}" \
| sed -r -n 's|.*refs/tags/v?(.*)$|\1|p' \
| xargs semver -r "${{ matrix.image.semverRange}}"))
IFS=$'\n'
size=${#versions[@]}
echo $size
jsonVersions="["
for i in "${!versions[@]}"; do
# check to see if version is available for download and skip if not
download_test_version=$(echo '${{matrix.image.check}}' | VERSION="${versions[$i]}" envsubst '${VERSION}')
download_test_response=$(curl -SsLI "$download_test_version" -w "%{http_code}" -o /dev/null)
if [ "$download_test_response" = "404" ]; then
echo "$download_test_version - failed; skipping" >&2
continue
fi
jsonVersions="${jsonVersions}{\
'command':'${{matrix.image.command}}',\
'version':'${versions[$i]}',\
'latest':'${versions[$((size-1))]}',\
'digest':'$digest',\
'checksum':'${{ steps.baseImage.outputs.checksum }}'}"
if (( $i < ($size-1) )); then
jsonVersions="${jsonVersions},"
fi
done
jsonVersions="${jsonVersions}]"
echo ${jsonVersions}
echo "versions=${jsonVersions}" >> $GITHUB_OUTPUT
echo "latest=${versions[$((size-1))]}" >> $GITHUB_OUTPUT
# use GoCodeAlone fork - until cloudposse fixes
# https://github.com/cloudposse/github-action-matrix-outputs-read/issues/29
- uses: GoCodeAlone/github-action-matrix-outputs-write@v1
id: out
with:
matrix-step-name: ${{ github.job }}
matrix-key: ${{ matrix.image.command }}
outputs: |-
digest: ${{ steps.checksumImage.outputs.digest }}
checksum: ${{ steps.baseImage.outputs.checksum }}
versions: ${{ steps.checksumImage.outputs.versions }}
latest: ${{ steps.checksumImage.outputs.latest }}
read:
runs-on: ubuntu-latest
needs: [base-image-digest]
steps:
# use GoCodeAlone fork - until cloudposse fixes
# https://github.com/cloudposse/github-action-matrix-outputs-read/issues/29
- uses: GoCodeAlone/github-action-matrix-outputs-read@v1
id: read
with:
matrix-step-name: base-image-digest
- name: join version arrays
id: join
run: |
helm='${{ toJson(fromJson(steps.read.outputs.result).versions.helm) }}'
kubectl='${{ toJson(fromJson(steps.read.outputs.result).versions.kubectl) }}'
istioctl='${{ toJson(fromJson(steps.read.outputs.result).versions.istioctl) }}'
lego='${{ toJson(fromJson(steps.read.outputs.result).versions.lego) }}'
echo $helm > ./versions.json
echo $kubectl >> ./versions.json
echo $istioctl >> ./versions.json
echo $lego >> ./versions.json
versions=$(jq -c -s 'add' ./versions.json)
echo "versions=${versions}" >> $GITHUB_OUTPUT
outputs:
result: "${{ steps.read.outputs.result }}"
versions: "${{steps.join.outputs.versions}}"
build:
strategy:
matrix:
image: ${{ fromJson(needs.read.outputs.versions) }}
runs-on: ubuntu-latest
needs: [read]
steps:
- run: |
echo ${{ matrix.image.command }}
echo ${{ matrix.image.version }}
echo ${{ matrix.image.digest }}
echo ${{ matrix.image.checksum }}
echo ${{ matrix.image.latest }}
# - uses: actions/checkout@v4
#
# - name: Login to DockerHub
# uses: docker/login-action@v3
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_PASSWORD }}
#
# - name: Login to GitHub Container Registry
# uses: docker/login-action@v3
# with:
# registry: ghcr.io
# username: ${{ github.repository_owner }}
# password: ${{ secrets.GITHUB_TOKEN }}
#
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
#
# - name: Set up Buildx
# uses: docker/setup-buildx-action@v3
# with:
# buildkitd-flags: --debug
#
# - name: Build and push
# uses: docker/build-push-action@v6
# env:
# DOCKER_BUILD_RECORD_UPLOAD: false
# with:
# context: ./helm
# platforms: linux/amd64,linux/arm64
# push: true
# build-args: |
# CHECKSUM=${{ fromJson(needs.read.outputs.result).checksum.helm }}
# REPO_DIGEST=${{ fromJson(needs.read.outputs.result).digest.helm }}
# VERSION=${{ matrix.version }}
# cache-from: type=gha
# cache-to: type=gha,mode=max
# tags: |
# ghcr.io/boxboat/helm:${{ matrix.version }}
#
# - name: Install regctl
# if: ${{ fromJson(needs.read.outputs.result).latest.helm == matrix.version }}
# uses: iarekylew00t/regctl-installer@v3
#
# - name: Tag latest
# if: ${{ fromJson(needs.read.outputs.result).latest.helm == matrix.version }}
# run: |
# regctl image copy ghcr.io/boxboat/helm:${{ matrix.version }} ghcr.io/boxboat/helm:latest
# helm:
# strategy:
# matrix:
# version: ${{ fromJson(needs.read.outputs.result).versions.helm }}
# runs-on: ubuntu-latest
# needs: [read]
# steps:
# - uses: actions/checkout@v4
#
# - name: Login to DockerHub
# uses: docker/login-action@v3
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_PASSWORD }}
#
# - name: Login to GitHub Container Registry
# uses: docker/login-action@v3
# with:
# registry: ghcr.io
# username: ${{ github.repository_owner }}
# password: ${{ secrets.GITHUB_TOKEN }}
#
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
#
# - name: Set up Buildx
# uses: docker/setup-buildx-action@v3
# with:
# buildkitd-flags: --debug
#
# - name: Build and push
# uses: docker/build-push-action@v6
# env:
# DOCKER_BUILD_RECORD_UPLOAD: false
# with:
# context: ./helm
# platforms: linux/amd64,linux/arm64
# push: true
# build-args: |
# CHECKSUM=${{ fromJson(needs.read.outputs.result).checksum.helm }}
# REPO_DIGEST=${{ fromJson(needs.read.outputs.result).digest.helm }}
# VERSION=${{ matrix.version }}
# cache-from: type=gha
# cache-to: type=gha,mode=max
# tags: |
# ghcr.io/boxboat/helm:${{ matrix.version }}
#
# - name: Install regctl
# if: ${{ fromJson(needs.read.outputs.result).latest.helm == matrix.version }}
# uses: iarekylew00t/regctl-installer@v3
#
# - name: Tag latest
# if: ${{ fromJson(needs.read.outputs.result).latest.helm == matrix.version }}
# run: |
# regctl image copy ghcr.io/boxboat/helm:${{ matrix.version }} ghcr.io/boxboat/helm:latest
#
# kubectl:
# strategy:
# matrix:
# version: ${{ fromJson(needs.read.outputs.result).versions.kubectl }}
# runs-on: ubuntu-latest
# needs: [read]
# steps:
# - uses: actions/checkout@v4
#
# - name: Login to DockerHub
# uses: docker/login-action@v3
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_PASSWORD }}
#
# - name: Login to GitHub Container Registry
# uses: docker/login-action@v3
# with:
# registry: ghcr.io
# username: ${{ github.repository_owner }}
# password: ${{ secrets.GITHUB_TOKEN }}
#
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
#
# - name: Set up Buildx
# uses: docker/setup-buildx-action@v3
# with:
# buildkitd-flags: --debug
#
# - name: Build and push
# uses: docker/build-push-action@v6
# env:
# DOCKER_BUILD_RECORD_UPLOAD: false
# with:
# context: ./kubectl
# platforms: linux/amd64,linux/arm64
# push: true
# build-args: |
# CHECKSUM=${{ fromJson(needs.read.outputs.result).checksum.kubectl }}
# REPO_DIGEST=${{ fromJson(needs.read.outputs.result).digest.kubectl }}
# VERSION=${{ matrix.version }}
# cache-from: type=gha
# cache-to: type=gha,mode=max
# tags: |
# ghcr.io/boxboat/kubectl:${{ matrix.version }}
#
# - name: Install regctl
# if: ${{ fromJson(needs.read.outputs.result).latest.kubectl == matrix.version }}
# uses: iarekylew00t/regctl-installer@v3
#
# - name: Tag latest
# if: ${{ fromJson(needs.read.outputs.result).latest.kubectl == matrix.version }}
# run: |
# regctl image copy ghcr.io/boxboat/kubectl:${{ matrix.version }} ghcr.io/boxboat/kubectl:latest
#
# istioctl:
# strategy:
# matrix:
# version: ${{ fromJson(needs.read.outputs.result).versions.istioctl }}
# runs-on: ubuntu-latest
# needs: [read]
# steps:
#
# - uses: actions/checkout@v4
#
# - name: Login to DockerHub
# uses: docker/login-action@v3
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_PASSWORD }}
#
# - name: Login to GitHub Container Registry
# uses: docker/login-action@v3
# with:
# registry: ghcr.io
# username: ${{ github.repository_owner }}
# password: ${{ secrets.GITHUB_TOKEN }}
#
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
#
# - name: Set up Buildx
# uses: docker/setup-buildx-action@v3
# with:
# buildkitd-flags: --debug
#
# - name: Build and push
# uses: docker/build-push-action@v6
# env:
# DOCKER_BUILD_RECORD_UPLOAD: false
# with:
# context: ./istioctl
# platforms: linux/amd64,linux/arm64
# push: true
# build-args: |
# CHECKSUM=${{ fromJson(needs.read.outputs.result).checksum.istioctl }}
# REPO_DIGEST=${{ fromJson(needs.read.outputs.result).digest.istioctl }}
# VERSION=${{ matrix.version }}
# cache-from: type=gha
# cache-to: type=gha,mode=max
# tags: |
# ghcr.io/boxboat/istioctl:${{ matrix.version }}
#
# - name: Install regctl
# if: ${{ fromJson(needs.read.outputs.result).latest.istioctl == matrix.version }}
# uses: iarekylew00t/regctl-installer@v3
#
# - name: Tag latest
# if: ${{ fromJson(needs.read.outputs.result).latest.istioctl == matrix.version }}
# run: |
# regctl image copy ghcr.io/boxboat/istioctl:${{ matrix.version }} ghcr.io/boxboat/istioctl:latest
#
# lego:
# strategy:
# matrix:
# version: ${{ fromJson(needs.read.outputs.result).versions.lego }}
# runs-on: ubuntu-latest
# needs: [read]
# steps:
# - uses: actions/checkout@v4
#
# - name: Login to DockerHub
# uses: docker/login-action@v3
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_PASSWORD }}
#
# - name: Login to GitHub Container Registry
# uses: docker/login-action@v3
# with:
# registry: ghcr.io
# username: ${{ github.repository_owner }}
# password: ${{ secrets.GITHUB_TOKEN }}
#
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
#
# - name: Set up Buildx
# uses: docker/setup-buildx-action@v3
# with:
# buildkitd-flags: --debug
#
# - name: Build and push
# uses: docker/build-push-action@v6
# env:
# DOCKER_BUILD_RECORD_UPLOAD: false
# with:
# context: ./lego
# platforms: linux/amd64,linux/arm64
# push: true
# build-args: |
# CHECKSUM=${{ fromJson(needs.read.outputs.result).checksum.lego }}
# REPO_DIGEST=${{ fromJson(needs.read.outputs.result).digest.lego }}
# VERSION=${{ matrix.version }}
# cache-from: type=gha
# cache-to: type=gha,mode=max
# tags: |
# ghcr.io/boxboat/lego:${{ matrix.version }}
#
# - name: Install regctl
# if: ${{ fromJson(needs.read.outputs.result).latest.lego == matrix.version}}
# uses: iarekylew00t/regctl-installer@v3
#
# - name: Tag latest
# if: ${{ fromJson(needs.read.outputs.result).latest.lego == matrix.version}}
# run: |
# regctl image copy ghcr.io/boxboat/lego:${{ matrix.version }} ghcr.io/boxboat/lego:latest