From 20646495ef1a42aa625bf613c75f1dd662e44424 Mon Sep 17 00:00:00 2001 From: "Sam Wang (holyspectral)" Date: Fri, 1 Nov 2024 15:04:58 -0400 Subject: [PATCH] feat: NVSHAS-9501 GHA build --- .github/workflows/dev.yml | 38 +++++++++++++++++++++++++++ .github/workflows/release.yml | 48 +++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 .github/workflows/dev.yml create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml new file mode 100644 index 00000000..f8ff53d0 --- /dev/null +++ b/.github/workflows/dev.yml @@ -0,0 +1,38 @@ +name: dev build + +on: + push: + branches: + - main + - master + +jobs: + build-push: + runs-on: ubuntu-latest + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DEV_DOCKER_USERNAME }} + password: ${{ secrets.DEV_DOCKER_PASSWORD }} + - name: Checkout code + uses: actions/checkout@v4 + - name: Create builder + run: make buildx-machine + - name: Build and push + uses: docker/build-push-action@v6 + with: + push: true + file: package/Dockerfile + tags: ${{ secrets.DEV_BUILD_REPOSITORY }}/registry-adapter:latest + build-args: | + COMMIT=${{ github.sha }} + VERSION=${{ github.ref_name }} + platforms: linux/arm64,linux/amd64 + - name: Retag + run: | + docker buildx imagetools create -t ${{ secrets.DEV_BUILD_REPOSITORY }}/registry-adapter:latest ${{ secrets.DEV_BUILD_REPOSITORY }}/registry-adapter:${{github.run_number}} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..1f4958e0 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,48 @@ +name: Release + +on: + push: + tags: + - 'v*' + +jobs: + + publish: + runs-on: ubuntu-latest + permissions: + contents: read + # write is needed for: + # - OIDC for cosign's use in ecm-distro-tools/publish-image. + # - Read vault secrets in rancher-eio/read-vault-secrets. + id-token: write + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Load Secrets from Vault + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/neuvector/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/neuvector/credentials password | DOCKER_PASSWORD ; + secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ; + secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ; + secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD + + - name: Publish manifest + uses: rancher/ecm-distro-tools/actions/publish-image@master + with: + image: registry-adapter + tag: ${{ github.ref_name }} + platforms: linux/amd64,linux/arm64 + + public-registry: docker.io + public-repo: registry-adapter + public-username: ${{ env.DOCKER_USERNAME }} + public-password: ${{ env.DOCKER_PASSWORD }} + + prime-registry: ${{ env.PRIME_REGISTRY }} + prime-repo: registry-adapter + prime-username: ${{ env.PRIME_REGISTRY_USERNAME }} + prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}