From 86eb21e71ffd4c632511f065c4a12125429e66ba Mon Sep 17 00:00:00 2001 From: robert-schardt Date: Fri, 27 Sep 2024 07:35:42 +0200 Subject: [PATCH] Refactor container.yml (#838) * Refactor container.yml Refactor 'set IS_VERSION_TAG' into determine-tags-action composite action * Fix: determine-tags-action by adding shell attribute to steps * Refactor/Fix: Move docker setup to seperate composite action * Fix: setup-docker-action by adding secrets as inputs * Update: Merge container.yml and push.yml * Remove deprecated Actions and Workflows * Update: Remove stable, oldstable branches from CI trigger * Trigger CI * Change: Add base-image-label for oldstable and testing --------- Co-authored-by: Robert Schardt --- .github/workflows/container.yml | 184 -------------------------------- .github/workflows/push.yml | 78 +++++++++++++- 2 files changed, 75 insertions(+), 187 deletions(-) delete mode 100644 .github/workflows/container.yml diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml deleted file mode 100644 index bba5d6a9..00000000 --- a/.github/workflows/container.yml +++ /dev/null @@ -1,184 +0,0 @@ -name: Container Image Builds - -on: - push: - branches: [main, stable, oldstable] - tags: ["v*"] - pull_request: - branches: [main, stable, oldstable] - workflow_dispatch: - -jobs: - production: - name: Production Images - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: "set IS_VERSION_TAG" - run: | - echo "IS_VERSION_TAG=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }}" >> $GITHUB_ENV - # set defaults - echo "IS_LATEST_TAG=false" >> $GITHUB_ENV - - name: "set IS_LATEST_TAG" - if: ( env.IS_VERSION_TAG ) - run: | - # find the latest version that is not ourself - export LATEST_VERSION=$(git tag -l | grep -v '${{ github.ref_name }}' | sort -r --version-sort) - # get major minor patch versions - IFS='.' read -r latest_major latest_minor latest_patch << EOF - $LATEST_VERSION - EOF - IFS='.' read -r tag_major tag_minor tag_patch << EOF - ${{ github.ref_name }} - EOF - # remove leading v - latest_major=$(echo $latest_major | cut -c2-) - tag_major=$(echo $tag_major | cut -c2-) - echo "$tag_major >= $latest_major" - if [[ $tag_major -ge $latest_major && ($tag_minor -ne 0 || $tag_patch -ne 0) ]]; then - # set this tag to latest and stable - echo "IS_LATEST_TAG=true" >> $GITHUB_ENV - fi - - name: "Setup meta information debian:stable" - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ github.repository }} - labels: | - org.opencontainers.image.vendor=Greenbone - org.opencontainers.image.base.name=debian:stable-slim - flavor: latest=false # no auto latest container tag for git tags - tags: | - # when IS_LATEST_TAG is set create a stable and a latest tag - type=raw,value=latest,enable=${{ env.IS_LATEST_TAG }} - type=raw,value=stable,enable=${{ env.IS_LATEST_TAG }} - # if tag version is set than create a version tags - type=semver,pattern={{version}},enable=${{ env.IS_VERSION_TAG }} - type=semver,pattern={{major}}.{{minor}},enable=${{ env.IS_VERSION_TAG }} - type=semver,pattern={{major}},enable=${{ env.IS_VERSION_TAG }} - # if we are on the main branch set edge - type=edge,branch=main - # use branch-sha otherwise for pushes to branches other then main (will not be uploaded) - type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} - # use pr-$PR_ID for pull requests (will not be uploaded) - type=ref,event=pr - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Login to Docker Registry - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Build and push Container image - uses: docker/build-push-action@v6 - with: - context: . - push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} - file: .docker/prod.Dockerfile - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - name: "Setup meta information debian:oldstable" - id: old_stable_meta - uses: docker/metadata-action@v5 - with: - images: ${{ github.repository }} - labels: | - org.opencontainers.image.vendor=Greenbone - org.opencontainers.image.base.name=debian:stable-slim - flavor: latest=false # no auto latest container tag for git tags - tags: | - # for the images provided for debian:oldstable we just provide - # oldstable on an new version or oldstable-edge when it is on main. - # oldstable-branch-sha on a branch - type=raw,value=oldstable,enable=${{ env.IS_LATEST_TAG }} - type=raw,value=oldstable-edge,enable=${{ github.ref_name == 'main' }} - type=raw,value=oldstable-{{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} - type=ref,event=pr - - name: Build and push Container image - uses: docker/build-push-action@v6 - with: - context: . - push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} - file: .docker/prod-oldstable.Dockerfile - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.old_stable_meta.outputs.tags }} - labels: ${{ steps.old_stable_meta.outputs.labels }} - - - name: "Setup meta information debian:testing" - id: testing_meta - uses: docker/metadata-action@v5 - with: - images: ${{ github.repository }} - labels: | - org.opencontainers.image.vendor=Greenbone - org.opencontainers.image.base.name=debian:testing-slim - flavor: latest=false # no auto latest container tag for git tags - tags: | - # for the images provided for debian:testing we just provide - # testing on an new version or testing-edge when it is on main. - # testing-branch-sha on a branch - type=raw,value=testing,enable=${{ env.IS_LATEST_TAG }} - type=raw,value=testing-edge,enable=${{ github.ref_name == 'main' }} - type=raw,value=testing-{{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} - type=ref,event=pr - - name: Build and push Container image - uses: docker/build-push-action@v6 - with: - context: . - push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} - file: .docker/prod-testing.Dockerfile - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.testing_meta.outputs.tags }} - labels: ${{ steps.testing_meta.outputs.labels }} - - # triggers projects that work with stable branches on a new stable tag - trigger-stable-projects: - needs: production - if: github.ref_type == 'tag' && startsWith(github.ref_name, 'v') - name: Trigger update container images in related projects for new tags - strategy: - fail-fast: false - matrix: - repository: ["greenbone/gvmd", "greenbone/gsad"] - runs-on: ubuntu-latest - steps: - - name: Trigger ${{ matrix.repository }} build container image build - uses: greenbone/actions/trigger-workflow@v3 - with: - token: ${{ secrets.GREENBONE_BOT_TOKEN }} - repository: ${{ matrix.repository }} - workflow: build-container.yml - ref: main - - name: Trigger ${{ matrix.repository }} container image build - uses: greenbone/actions/trigger-workflow@v3 - with: - token: ${{ secrets.GREENBONE_BOT_TOKEN }} - repository: ${{ matrix.repository }} - workflow: container.yml - ref: main - - trigger-related-projects: - needs: production - if: github.event_name != 'pull_request' - name: Trigger update container images in related projects - strategy: - fail-fast: false - matrix: - repository: - - "greenbone/openvas-scanner" - - "greenbone/boreas" - runs-on: ubuntu-latest - steps: - - name: Trigger main ${{ matrix.repository }} container image build - uses: greenbone/actions/trigger-workflow@v3 - with: - token: ${{ secrets.GREENBONE_BOT_TOKEN }} - repository: ${{ matrix.repository }} - workflow: ${{ matrix.repository == 'greenbone/openvas-scanner' && 'control.yml' || 'container.yml' }} - ref: main diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index d9046280..6399e0bd 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -1,4 +1,4 @@ -name: Build and Push to Greenbone Registry +name: Build & Push to Greenbone Registry on: push: @@ -14,8 +14,8 @@ on: required: true jobs: - build: - name: Build and Push to Greenbone Registry + build-push-debian-stable-container: + name: Build and Push debian:stable to Greenbone Registry uses: greenbone/workflows/.github/workflows/container-build-push-2nd-gen.yml@main with: image-url: community/gvm-libs @@ -24,3 +24,75 @@ jobs: org.opencontainers.image.base.name=debian:stable-slim ref-name: ${{ inputs.ref-name }} secrets: inherit + + build-push-debian-oldstable-container: + name: Build and Push debian:oldstable to Greenbone Registry + uses: greenbone/workflows/.github/workflows/container-build-push-2nd-gen.yml@main + with: + build-docker-file: .docker/prod-oldstable.Dockerfile + image-url: community/gvm-libs + image-labels: | + org.opencontainers.image.vendor=Greenbone + org.opencontainers.image.base.name=debian:stable-slim + base-image-label: "oldstable" + ref-name: ${{ inputs.ref-name }} + secrets: inherit + + build-push-debian-testing-container: + name: Build and Push debian:testing to Greenbone Registry + uses: greenbone/workflows/.github/workflows/container-build-push-2nd-gen.yml@main + with: + build-docker-file: .docker/prod-testing.Dockerfile + image-url: community/gvm-li + image-labels: | + org.opencontainers.image.vendor=Greenbone + org.opencontainers.image.base.name=debian:stable-slim + base-image-label: "testing" + ref-name: ${{ inputs.ref-name }} + secrets: inherit + + # triggers projects that work with stable branches on a new stable tag + trigger-stable-projects: + needs: build-push-debian-stable-container + if: github.ref_type == 'tag' && startsWith(github.ref_name, 'v') + name: Trigger update container images in related projects for new tags + strategy: + fail-fast: false + matrix: + repository: ["greenbone/gvmd", "greenbone/gsad"] + runs-on: ubuntu-latest + steps: + - name: Trigger ${{ matrix.repository }} build container image build + uses: greenbone/actions/trigger-workflow@v3 + with: + token: ${{ secrets.GREENBONE_BOT_TOKEN }} + repository: ${{ matrix.repository }} + workflow: build-container.yml + ref: main + - name: Trigger ${{ matrix.repository }} container image build + uses: greenbone/actions/trigger-workflow@v3 + with: + token: ${{ secrets.GREENBONE_BOT_TOKEN }} + repository: ${{ matrix.repository }} + workflow: container.yml + ref: main + + trigger-related-projects: + needs: build-push-debian-stable-container + if: github.event_name != 'pull_request' + name: Trigger update container images in related projects + strategy: + fail-fast: false + matrix: + repository: + - "greenbone/openvas-scanner" + - "greenbone/boreas" + runs-on: ubuntu-latest + steps: + - name: Trigger main ${{ matrix.repository }} container image build + uses: greenbone/actions/trigger-workflow@v3 + with: + token: ${{ secrets.GREENBONE_BOT_TOKEN }} + repository: ${{ matrix.repository }} + workflow: ${{ matrix.repository == 'greenbone/openvas-scanner' && 'control.yml' || 'container.yml' }} + ref: main