-
Notifications
You must be signed in to change notification settings - Fork 0
131 lines (120 loc) · 4.39 KB
/
workflow-container-multiarch.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
---
name: cicd-tooling-github-workflow-container-multiarch
on:
push:
paths:
- ".github/workflows/workflow-container-multiarch.yml"
- ".github/workflows/job-*-container-*.yml"
- ".cicd-tools/container/Dockerfile"
- ".cicd-tools/container/Dockerfile.sha256"
- "scripts/container.sh"
schedule:
- cron: "0 6 * * 1"
workflow_dispatch:
# secrets:
# SLACK_WEBHOOK:
# description: "Optional, enables Slack notifications."
# required: false
jobs:
configuration:
uses: ./.github/workflows/job-00-cookiecutter-read_configuration.yml
start:
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: ./.github/workflows/job-00-generic-notification.yml
with:
NOTIFICATION_EMOJI: ":vertical_traffic_light:"
NOTIFICATION_MESSAGE: "Multi-arch container build has started!"
WORKFLOW_NAME: "container"
security:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: ./.github/workflows/job-10-generic-security_scan_credentials.yml
with:
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}
WORKFLOW_NAME: "container"
scan:
permissions:
security-events: write
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: ./.github/workflows/job-10-container-security_scan_container.yml
with:
BUILD_ARGS: |
BUILD_ARG_ARCH_FORMAT_1=amd64
BUILD_ARG_ARCH_FORMAT_2=x86_64
BUILD_ARG_ARCH_FORMAT_3=x86_64
BUILD_ARG_ARCH_FORMAT_4=64-bit
CONTEXT: .cicd-tools/container
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}
WORKFLOW_NAME: "container"
lint:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: ./.github/workflows/job-80-container-dockerfile_linter.yml
with:
DOCKERFILE: .cicd-tools/container/Dockerfile
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}
WORKFLOW_NAME: "container"
push:
needs: [configuration, lint, scan, security, start]
permissions:
packages: write
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
strategy:
fail-fast: true
matrix:
include:
- build-args: |
BUILD_ARG_ARCH_FORMAT_1=amd64
BUILD_ARG_ARCH_FORMAT_2=x86_64
BUILD_ARG_ARCH_FORMAT_3=x86_64
BUILD_ARG_ARCH_FORMAT_4=64-bit
build-platform: linux/amd64
build-tag: linux-amd64
- build-args: |
BUILD_ARG_ARCH_FORMAT_1=arm64
BUILD_ARG_ARCH_FORMAT_2=arm64
BUILD_ARG_ARCH_FORMAT_3=aarch64
BUILD_ARG_ARCH_FORMAT_4=arm64
build-platform: linux/arm64
build-tag: linux-arm64
max-parallel: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_CONCURRENCY }}
uses: ./.github/workflows/job-95-container-push.yml
with:
BUILD_ARGS: ${{ matrix.build-args }}
CONTEXT: .cicd-tools/container
IMAGE_TAG: ${{ matrix.build-tag }}
PLATFORM: ${{ matrix.build-platform }}
REQUIRES_QEMU: true
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}
WORKFLOW_NAME: "container"
multiarch:
needs: [configuration, push]
permissions:
packages: write
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: ./.github/workflows/job-95-container-multiarch.yml
with:
IMAGE_GIT: true
IMAGE_LATEST: true
MULTIARCH_TAG: "multiarch"
SOURCE_TAGS: |
linux-amd64
linux-arm64
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}
WORKFLOW_NAME: "container"
success:
needs: [multiarch]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: ./.github/workflows/job-00-generic-notification.yml
with:
NOTIFICATION_EMOJI: ":checkered_flag:"
NOTIFICATION_MESSAGE: "Multi-arch container build has completed successfully!"
WORKFLOW_NAME: "container"