Push PR image #757
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
permissions: | |
contents: read | |
packages: write | |
on: | |
push: | |
branches: | |
- main | |
release: | |
types: | |
- published | |
pull_request: | |
branches: | |
- main | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-20.04 | |
permissions: | |
contents: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.22.4 | |
- name: Cache Go modules | |
uses: actions/cache@v3 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-build-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-build- | |
- name: Get release tag | |
if: github.event_name == 'release' | |
run: echo "RELEASE_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
- name: Get merge request latest commit | |
if: ${{ github.event_name == 'pull_request' }} | |
id: parse-commit-sha | |
run: | | |
head=$(git rev-parse HEAD) | |
echo "head_commit_sha=${head}" >> $GITHUB_ENV | |
echo "Head commit sha ${head}" | |
- name: Secret Scanning | |
uses: trufflesecurity/trufflehog@main | |
with: | |
extra_args: --only-verified | |
- name: Build Go binary amd64 | |
run: go build -ldflags "-s -w -X main.GitCommit=$GITHUB_SHA -X main.GitRef=$GITHUB_REF -X main.Version=${RELEASE_TAG:-commit-$GITHUB_SHA}" -o bin/castai-agent-amd64 . | |
env: | |
GOOS: linux | |
GOARCH: amd64 | |
CGO_ENABLED: 0 | |
- name: Build Go binary arm64 | |
run: go build -ldflags "-s -w -X main.GitCommit=$GITHUB_SHA -X main.GitRef=$GITHUB_REF -X main.Version=${RELEASE_TAG:-commit-$GITHUB_SHA}" -o bin/castai-agent-arm64 . | |
env: | |
GOOS: linux | |
GOARCH: arm64 | |
CGO_ENABLED: 0 | |
- name: Test | |
run: go test -race ./... | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Google Artifact Registry | |
if: github.event_name == 'release' | |
uses: docker/login-action@v3 | |
with: | |
registry: us-docker.pkg.dev | |
username: _json_key | |
password: ${{ secrets.ARTIFACT_BUILDER_JSON_KEY }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push pr | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
push: true | |
platforms: linux/arm64,linux/amd64 | |
tags: ghcr.io/castai/k8s-agent:${{ env.head_commit_sha }} | |
- name: Build and push main | |
if: github.event_name != 'release' | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
push: false | |
platforms: linux/arm64,linux/amd64 | |
tags: us-docker.pkg.dev/castai-hub/library/agent:${{ github.sha }} | |
- name: Build and push main RedHat UBI | |
if: github.event_name != 'release' | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
file: ./redhat/Dockerfile | |
push: false | |
platforms: linux/arm64,linux/amd64 | |
tags: us-docker.pkg.dev/castai-hub/library/agent-rh-ubi:${{ github.sha }} | |
- name: Build and push release | |
if: github.event_name == 'release' | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
push: true | |
platforms: linux/arm64,linux/amd64 | |
tags: | | |
us-docker.pkg.dev/castai-hub/library/agent:${{ env.RELEASE_TAG }} | |
us-docker.pkg.dev/castai-hub/library/agent:latest | |
- name: Build and push release RedHat UBI | |
if: github.event_name == 'release' | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
file: ./redhat/Dockerfile | |
push: true | |
platforms: linux/arm64,linux/amd64 | |
tags: | | |
us-docker.pkg.dev/castai-hub/library/agent-rh-ubi:${{ env.RELEASE_TAG }} | |
us-docker.pkg.dev/castai-hub/library/agent-rh-ubi:latest | |
- name: Docker pull for fossa main | |
if: github.event_name == 'release' | |
run: docker pull us-docker.pkg.dev/castai-hub/library/agent:${{ env.RELEASE_TAG }} | |
- name: Docker pull for fossa main RedHat UBI | |
if: github.event_name == 'release' | |
run: docker pull us-docker.pkg.dev/castai-hub/library/agent-rh-ubi:${{ env.RELEASE_TAG }} | |
- name: FOSSA scan docker image | |
if: github.event_name == 'release' | |
continue-on-error: true | |
uses: fossas/fossa-action@v1 | |
with: | |
api-key: ${{ secrets.FOSSA_API_KEY }} | |
container: us-docker.pkg.dev/castai-hub/library/agent:${{ env.RELEASE_TAG }} | |
- name: FOSSA scan docker image RedHat UBI | |
if: github.event_name == 'release' | |
continue-on-error: true | |
uses: fossas/fossa-action@v1 | |
with: | |
api-key: ${{ secrets.FOSSA_API_KEY }} | |
container: us-docker.pkg.dev/castai-hub/library/agent-rh-ubi:${{ env.RELEASE_TAG }} | |
- name: Release | |
uses: softprops/action-gh-release@v2 | |
if: github.event_name == 'release' | |
with: | |
files: | | |
bin/castai-agent-amd64 | |
bin/castai-agent-arm64 | |
- name: Summary | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
echo "**Pushed docker images:**" >> $GITHUB_STEP_SUMMARY | |
echo "ghcr.io/castai/k8s-agent:${{ github.sha }}" >> $GITHUB_STEP_SUMMARY |