diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker-main.yaml similarity index 69% rename from .github/workflows/docker.yaml rename to .github/workflows/docker-main.yaml index ebdfc0f42..66ab4ad97 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker-main.yaml @@ -1,4 +1,4 @@ -name: Docker +name: Docker Main permissions: contents: read on: @@ -8,31 +8,25 @@ on: jobs: publish: - strategy: - matrix: - platform: [ubuntu-latest] - dockerfile: [Dockerfile, Dockerfile.debug] - - runs-on: ${{ matrix.platform }} - + runs-on: ubuntu-latest outputs: sha-tag: ${{ steps.metadata.outputs.sha-tag }} image: ${{ steps.metadata.outputs.image }} steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # pin@v3 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 + uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 # pin@v1 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6 + uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6 # pin@v1 - name: Login to DockerHub - uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b + uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # pin@v1 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -42,52 +36,54 @@ jobs: run: | IMAGE=pomerium/pomerium SHA_TAG=git-${GITHUB_SHA::8} - if [ $DOCKERFILE == 'Dockerfile.debug' ]; then - TAGS=${IMAGE}:debug - else - TAGS=${IMAGE}:main - TAGS=${TAGS},${IMAGE}:master - TAGS=${TAGS},${IMAGE}:${SHA_TAG} - fi + TAGS=${IMAGE}:main + TAGS=${TAGS},${IMAGE}:master + TAGS=${TAGS},${IMAGE}:${SHA_TAG} TS=$(date +%Y%m%d%H%M%S) - BUILDCACHE_TAG=buildcache-$(echo -n "$DOCKERFILE" | sha1sum | awk '{print $1}') echo ::set-output name=tags::${TAGS} echo ::set-output name=timestamp::${TS} echo ::set-output name=name::pomerium echo ::set-output name=image::${IMAGE} echo ::set-output name=sha-tag::${SHA_TAG} - echo ::set-output name=buildcache-tag::${BUILDCACHE_TAG} - env: - DOCKERFILE: ${{ matrix.dockerfile }} - - name: Docker Publish - uses: docker/build-push-action@e551b19e49efd4e98792db7592c17c09b89db8d8 + - name: Docker Publish - Main + uses: docker/build-push-action@e551b19e49efd4e98792db7592c17c09b89db8d8 # pin@v2 with: context: . - file: ${{ matrix.dockerfile }} - push: ${{ github.ref == 'refs/heads/main' }} + file: ./Dockerfile + push: true platforms: linux/amd64,linux/arm64 tags: ${{ steps.metadata.outputs.tags }} labels: | org.opencontainers.image.created=${{ steps.metadata.outputs.timestamp }} org.opencontainers.image.name=${{ steps.metadata.outputs.name }} org.opencontainers.image.revision=${{ github.sha }} - cache-from: type=registry,ref=pomerium/pomerium:${{ steps.metadata.outputs.buildcache-tag }} - cache-to: type=registry,ref=pomerium/pomerium:${{ steps.metadata.outputs.buildcache-tag }},mode=max,compression=zstd + + - name: Docker Publish - Debug + uses: docker/build-push-action@e551b19e49efd4e98792db7592c17c09b89db8d8 # pin@v2 + with: + context: . + file: ./Dockerfile.debug + push: true + platforms: linux/amd64,linux/arm64 + tags: pomerium/pomerium:debug + labels: | + org.opencontainers.image.created=${{ steps.metadata.outputs.timestamp }} + org.opencontainers.image.name=${{ steps.metadata.outputs.name }} + org.opencontainers.image.revision=${{ github.sha }} deploy: runs-on: ubuntu-latest needs: publish - if: github.ref == 'refs/heads/main' steps: - name: Checkout Gitops Repo - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # pin@v3 with: repository: pomerium/gitops-argocd token: ${{ secrets.APPARITOR_GITHUB_TOKEN }} - name: Bump psql environment - uses: mikefarah/yq@70403375d7b96075bd68b40c434807cff1593568 + uses: mikefarah/yq@70403375d7b96075bd68b40c434807cff1593568 # pin@v4.23.1 with: cmd: yq eval '.pomerium.image.tag = "${{ needs.publish.outputs.sha-tag }}"' -i