Skip to content

daemon: firewall pods #8

daemon: firewall pods

daemon: firewall pods #8

name: Image Release Build
on:
workflow_dispatch:
inputs:
tag:
description: container image tag
required: false
push:
tags:
- v[0-9]+.*
permissions:
# To be able to access the repository with `actions/checkout`
contents: read
# Push to ghcr.io
packages: write
jobs:
build-and-push:
timeout-minutes: 45
name: Build and Push Images
runs-on: ubuntu-22.04
strategy:
matrix:
include:
- name: cilium
dockerfile: ./images/cilium/Dockerfile
- name: operator
dockerfile: ./images/operator/Dockerfile
- name: operator-aws
dockerfile: ./images/operator/Dockerfile
- name: operator-azure
dockerfile: ./images/operator/Dockerfile
- name: operator-alibabacloud
dockerfile: ./images/operator/Dockerfile
- name: operator-generic
dockerfile: ./images/operator/Dockerfile
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
- name: Getting image tag
id: tag
run: |
if [ -z "${{ github.event.inputs.tag }}" ]
then
echo tag=${GITHUB_REF##*/} >> $GITHUB_OUTPUT
else
echo tag=${{ github.event.inputs.tag }}>> $GITHUB_OUTPUT
fi
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout Source Code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
persist-credentials: false
- name: Determine SOURCE_DATE_EPOCH
id: epoch
run: echo epoch=$(git log -1 --pretty=%ct) >> $GITHUB_OUTPUT
- name: Release Build ${{ matrix.name }}
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
id: docker_build_release
env:
SOURCE_DATE_EPOCH: ${{ steps.epoch.outputs.epoch }}
with:
provenance: false
context: .
file: ${{ matrix.dockerfile }}
push: true
platforms: linux/amd64,linux/arm64
tags: |
ghcr.io/${{ github.repository }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}
target: release
build-args: |
OPERATOR_VARIANT=${{ matrix.name }}
SOURCE_DATE_EPOCH=${{ steps.epoch.outputs.epoch }}
- name: Image Release Digest
shell: bash
run: |
mkdir -p image-digest/
job_name=${{ matrix.name }}
job_name_capital=${job_name^^}
job_name_underscored=${job_name_capital//-/_}
echo "${job_name_underscored}_DIGEST := \"${{ steps.docker_build_release.outputs.digest }}\"" > image-digest/makefile-digest.txt
printf "%s\n\n" "### ${{ matrix.name }}" >> $GITHUB_STEP_SUMMARY
echo "\`ghcr.io/${{ github.repository }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_release.outputs.digest }}\`" >> $GITHUB_STEP_SUMMARY
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: image-digest ${{ matrix.name }}
path: image-digest
retention-days: 10