/
envoy.istio
/
cilium
GigaCode
beta
ОбзорЦентр заботыВойти

cilium

Форк
0
Ветки: 597Коммиты: 27637Теги: 607
cilium
/.github
/workflows
/
build-images-docs-builder.yaml 
180 строк · 6.7 Кб
1
name: Docs-builder Image Build
2


3
# Any change in triggers needs to be reflected in the concurrency group.
4
on:
5
  pull_request_target:
6
    types:
7
      - opened
8
      - synchronize
9
      - reopened
10
    paths:
11
      - Documentation/Dockerfile
12
      - Documentation/requirements.txt
13


14
permissions:
15
  # To be able to access the repository with `actions/checkout`
16
  contents: read
17


18
concurrency:
19
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
20
  cancel-in-progress: true
21


22
jobs:
23
  build-and-push:
24
    name: Build and Push Image
25
    runs-on: ubuntu-22.04
26
    timeout-minutes: 30
27
    environment: docs-builder
28
    outputs:
29
      tag: ${{ steps.docs-builder-tag.outputs.tag }}
30
      digest: ${{ steps.docker-build-docs-builder.outputs.digest }}
31
    steps:
32
      - name: Checkout default branch (trusted)
33
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
34
        with:
35
          ref: ${{ github.event.repository.default_branch }}
36
          persist-credentials: false
37


38
      - name: Set environment variables
39
        uses: ./.github/actions/set-env-variables
40


41
      - name: Set up Docker Buildx
42
        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
43


44
      # Warning: since this is a privileged workflow, subsequent workflow job
45
      # steps must take care not to execute untrusted code.
46
      - name: Checkout pull request branch (NOT TRUSTED)
47
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
48
        with:
49
          persist-credentials: false
50
          ref: ${{ github.event.pull_request.head.sha }}
51


52
      - name: Generate image tag for docs-builder
53
        id: docs-builder-tag
54
        run: |
55
          echo tag="$(git ls-tree --full-tree HEAD -- ./Documentation | awk '{ print $3 }')" >> $GITHUB_OUTPUT
56


57
      - name: Check if tag for docs-builder already exists
58
        id: docs-builder-tag-in-repositories
59
        shell: bash
60
        run: |
61
          if docker buildx imagetools inspect quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/docs-builder:${{ steps.docs-builder-tag.outputs.tag }} &>/dev/null; then
62
            echo exists="true" >> $GITHUB_OUTPUT
63
          else
64
            echo exists="false" >> $GITHUB_OUTPUT
65
          fi
66


67
      - name: Login to quay.io
68
        if: ${{ steps.docs-builder-tag-in-repositories.outputs.exists == 'false' }}
69
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
70
        with:
71
          registry: quay.io
72
          username: ${{ secrets.QUAY_DOCS_BUILDER_USERNAME }}
73
          password: ${{ secrets.QUAY_DOCS_BUILDER_PASSWORD }}
74
          logout: true
75


76
      - name: Build docs-builder image
77
        if: ${{ steps.docs-builder-tag-in-repositories.outputs.exists == 'false' }}
78
        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
79
        id: docker-build-docs-builder
80
        with:
81
          provenance: false
82
          context: ./Documentation
83
          file: ./Documentation/Dockerfile
84
          push: true
85
          tags: |
86
            quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/docs-builder:${{ steps.docs-builder-tag.outputs.tag }}
87


88
  # Use a separate job for the steps below, to ensure we're no longer logged
89
  # into Quay.io.
90
  update-pr:
91
    name: Update Pull Request with new image reference
92
    needs: build-and-push
93
    if: needs.build-and-push.outputs.digest
94
    runs-on: ubuntu-22.04
95
    timeout-minutes: 10
96
    environment: docs-builder
97
    steps:
98
      - name: Checkout default branch (trusted)
99
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
100
        with:
101
          ref: ${{ github.event.repository.default_branch }}
102
          persist-credentials: false
103


104
      - name: Set environment variables
105
        uses: ./.github/actions/set-env-variables
106


107
      # Warning: since this is a privileged workflow, subsequent workflow job
108
      # steps must take care not to execute untrusted code.
109
      - name: Checkout pull request branch (NOT TRUSTED)
110
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
111
        with:
112
          persist-credentials: false
113
          ref: ${{ github.event.pull_request.head.sha }}
114


115
      - name: Set up git
116
        run: |
117
          git config user.name "Cilium Imagebot"
118
          git config user.email "noreply@cilium.io"
119


120
      - name: Update docs-builder image reference in CI workflow
121
        run: |
122
          NEW_IMAGE="quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/docs-builder:${{ needs.build-and-push.outputs.tag }}@${{ needs.build-and-push.outputs.digest }}"
123
          # Run in Docker to prevent the script from accessing the environment.
124
          docker run --rm -v $PWD:/cilium -w /cilium "${NEW_IMAGE}" \
125
              bash -c "git config --global --add safe.directory /cilium && \
126
                       /cilium/Documentation/update-docs-builder-image.sh ${NEW_IMAGE}"
127
          git commit -sam "ci: update docs-builder"
128


129
      - name: Get token
130
        id: get_token
131
        uses: cilium/actions-app-token@61a6271ce92ba02f49bf81c755685d59fb25a59a # v0.21.1
132
        with:
133
          APP_PEM: ${{ secrets.AUTO_COMMITTER_PEM }}
134
          APP_ID: ${{ secrets.AUTO_COMMITTER_APP_ID }}
135


136
      - name: Push changes into PR
137
        env:
138
          REF: ${{ github.event.pull_request.head.ref }}
139
        run: |
140
          git diff HEAD^
141
          git push https://x-access-token:${{ steps.get_token.outputs.app_token }}@github.com/${{ env.QUAY_ORGANIZATION }}/cilium.git HEAD:"$REF"
142


143
  image-digest:
144
    name: Retrieve and display image digest
145
    needs: build-and-push
146
    if: needs.build-and-push.outputs.digest
147
    runs-on: ubuntu-22.04
148
    timeout-minutes: 10
149
    steps:
150
      - name: Checkout default branch (trusted)
151
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
152
        with:
153
          ref: ${{ github.event.repository.default_branch }}
154
          persist-credentials: false
155


156
      - name: Set environment variables
157
        uses: ./.github/actions/set-env-variables
158


159
      - name: Retrieve image digest
160
        shell: bash
161
        run: |
162
          NEW_IMAGE="quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/docs-builder:${{ needs.build-and-push.outputs.tag }}@${{ needs.build-and-push.outputs.digest }}"
163
          mkdir -p image-digest/
164
          echo "## docs-builder" > image-digest/docs-builder.txt
165
          echo "" >> image-digest/docs-builder.txt
166
          echo "\`${NEW_IMAGE}\`" >> image-digest/docs-builder.txt
167
          echo "" >> image-digest/docs-builder.txt
168


169
      - name: Upload artifact digests
170
        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
171
        with:
172
          name: image-digest docs-builder
173
          path: image-digest
174
          retention-days: 1
175


176
      - name: Output image digest
177
        shell: bash
178
        run: |
179
          cd image-digest/
180
          find -type f | sort | xargs -d '\n' cat
181

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.