-
Notifications
You must be signed in to change notification settings - Fork 1.1k
160 lines (147 loc) · 6.6 KB
/
atlantis-image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
name: atlantis-image
on:
push:
branches:
- 'main'
- 'release-**'
tags:
- v*.*.* # stable release like, v0.19.2
- v*.*.*-pre.* # pre release like, v0.19.0-pre.calendardate
pull_request:
branches:
- 'main'
- 'release-**'
types:
- opened
- reopened
- synchronize
- ready_for_review
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
changes:
outputs:
should-run-build: ${{ steps.changes.outputs.src == 'true' || startsWith(github.ref, 'refs/tags/') }}
if: github.event.pull_request.draft == false
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
id: changes
with:
filters: |
src:
- 'Dockerfile'
- 'docker-entrypoint.sh'
- '.github/workflows/atlantis-image.yml'
- '**.go'
- 'go.*'
build:
needs: [changes]
if: needs.changes.outputs.should-run-build == 'true'
name: Build Image
strategy:
matrix:
image_type: [alpine, debian]
runs-on: ubuntu-22.04
env:
# Set docker repo to either the fork or the main repo where the branch exists
DOCKER_REPO: ghcr.io/${{ github.repository }}
# Push if not a pull request and references the main branch
PUSH: ${{ github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) }}
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
# Lint the Dockerfile first before setting anything up
- name: Lint Dockerfile
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: "Dockerfile"
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
with:
image: tonistiigi/binfmt:latest
platforms: arm64,arm
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3
# https://github.com/docker/build-push-action/issues/761#issuecomment-1575006515
with:
driver-opts: |
image=moby/buildkit:v0.12.5
# release version is the name of the tag i.e. v0.10.0
# release version also has the image type appended i.e. v0.10.0-alpine
# release tag is either pre-release or latest i.e. latest
# release tag also has the image type appended i.e. latest-alpine
# if it's v0.10.0 and alpine, it will do v0.10.0, v0.10.0-alpine, latest, latest-alpine
# if it's v0.10.0 and debian, it will do v0.10.0-debian, latest-debian
- name: Docker meta
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5
env:
SUFFIX: ${{ format('-{0}', matrix.image_type) }}
with:
images: |
${{ env.DOCKER_REPO }}
labels: |
org.opencontainers.image.authors="@runatlantis Github Org"
org.opencontainers.image.licenses=Apache-2.0
tags: |
# semver
type=semver,pattern={{version}},prefix=v,suffix=${{ env.SUFFIX }}
type=semver,pattern={{version}},prefix=v,enable=${{ matrix.image_type == 'alpine' }}
type=semver,pattern={{major}}.{{minor}},prefix=v,suffix=${{ env.SUFFIX }}
# dev
type=raw,event=push,value=dev,enable={{is_default_branch}},suffix=${{ env.SUFFIX }}
type=raw,event=push,value=dev,enable={{is_default_branch}},suffix=${{ env.SUFFIX }}-{{ sha }}
type=raw,event=push,value=dev,enable=${{ github.ref == format('refs/heads/{0}', 'main') && matrix.image_type == 'alpine' }},suffix=
# prerelease
type=raw,event=tag,value=prerelease-latest,enable=${{ startsWith(github.ref, 'refs/tags/') && contains(github.ref, 'pre') && matrix.image_type == 'alpine' }},suffix=
type=raw,event=tag,value=prerelease-latest,enable=${{ startsWith(github.ref, 'refs/tags/') && contains(github.ref, 'pre') }},suffix=${{ env.SUFFIX }}
# latest
type=raw,event=tag,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/') && !contains(github.ref, 'pre') && matrix.image_type == 'alpine' }},suffix=
type=raw,event=tag,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/') && !contains(github.ref, 'pre') }},suffix=${{ env.SUFFIX }}
# pr
type=ref,event=pr,suffix=${{ env.SUFFIX }}
flavor: |
# This is disabled here so we can use the raw form above
latest=false
# Suffix is not used here since there's no way to disable it above
- name: Login to Packages Container registry
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Publish release to container registry
- name: Populate release version
if: contains(fromJson('["push", "pull_request"]'), github.event_name)
run: echo "RELEASE_VERSION=${{ startsWith(github.ref, 'refs/tags/') && '${GITHUB_REF#refs/*/}' || 'dev' }}" >> $GITHUB_ENV
- name: "Build ${{ env.PUSH == 'true' && 'and push' || '' }} ${{ env.DOCKER_REPO }} image"
if: contains(fromJson('["push", "pull_request"]'), github.event_name)
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5
with:
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
build-args: |
ATLANTIS_BASE_TAG_TYPE=${{ matrix.image_type }}
ATLANTIS_VERSION=${{ env.RELEASE_VERSION }}
ATLANTIS_COMMIT=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
ATLANTIS_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
platforms: linux/arm64/v8,linux/amd64,linux/arm/v7
push: ${{ env.PUSH }}
tags: ${{ steps.meta.outputs.tags }}
target: ${{ matrix.image_type }}
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }}
skip-build:
needs: [changes]
if: needs.changes.outputs.should-run-build == 'false'
name: Build Image
strategy:
matrix:
image_type: [alpine, debian]
runs-on: ubuntu-22.04
steps:
- run: 'echo "No build required"'