Skip to content
This repository has been archived by the owner on Nov 5, 2024. It is now read-only.

Build Authentik Image #9

Build Authentik Image

Build Authentik Image #9

name: Build and Push Authentik Image
permissions:
id-token: write
contents: read
on:
release:
types:
- created
tags:
- 'v**'
workflow_dispatch:
jobs:
Stage-Setup-Release:
if: github.event_name == 'release' && startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-latest
outputs:
tag_name: ${{ steps.extract-tag.outputs.tag_name }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
token: ${{ secrets.PAT_TOKEN }}
- name: Extract Tag Name
id: extract-tag
run: echo "tag_name=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT
Build-Authentik:
if: github.event_name == 'workflow_dispatch'
name: Build Authentik Image
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.SCRIBE2_GITHUB_ROLE_DEV }}
role-session-name: Github
aws-region: ${{ secrets.AWS_REGION_DEV }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
mask-password: 'true'
- name: Build, Tag and Push Authentik Image to Amazon ECR
id: build-image
run: |
DOCKER_BUILDKIT=1 docker build -t ${{ steps.login-ecr.outputs.registry }}/authentik:${{ github.sha }} .
docker push ${{ steps.login-ecr.outputs.registry }}/authentik:${{ github.sha }}
Build-Authentik-Image-Release:
if: github.event_name == 'release' && startsWith(github.ref, 'refs/tags/v')
name: Build and Push Authentik Image
needs: [Stage-Setup-Release]
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Configure AWS credentials for Dev
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.SCRIBE2_GITHUB_ROLE_DEV }}
role-session-name: Github
aws-region: ${{ secrets.AWS_REGION_DEV }}
- name: Login to Amazon ECR (Dev)
id: login-ecr-dev
uses: aws-actions/amazon-ecr-login@v2
with:
mask-password: 'true'
- name: Build, Tag, and Push Authentik Image to Dev ECR
id: build-image-dev
run: |
DOCKER_BUILDKIT=1 docker build -t authentik:${{ needs.Stage-Setup-Release.outputs.tag_name }} .
docker tag authentik:${{ needs.Stage-Setup-Release.outputs.tag_name }} ${{ steps.login-ecr-dev.outputs.registry }}/authentik:${{ needs.Stage-Setup-Release.outputs.tag_name }}
docker push ${{ steps.login-ecr-dev.outputs.registry }}/authentik:${{ needs.Stage-Setup-Release.outputs.tag_name }}
- name: Configure AWS credentials for Prod
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.SCRIBE2_GITHUB_ROLE_PROD }}
role-session-name: Github
aws-region: ${{ secrets.AWS_REGION_PROD }}
- name: Login to Amazon ECR (Prod)
id: login-ecr-prod
uses: aws-actions/amazon-ecr-login@v2
with:
mask-password: 'true'
- name: Tag and Push Authentik Image to Prod ECR
id: push-image-prod
run: |
# Tag and Push to Prod ECR
docker tag authentik:${{ needs.Stage-Setup-Release.outputs.tag_name }} ${{ steps.login-ecr-prod.outputs.registry }}/authentik:${{ needs.Stage-Setup-Release.outputs.tag_name }}
docker push ${{ steps.login-ecr-prod.outputs.registry }}/authentik:${{ needs.Stage-Setup-Release.outputs.tag_name }}
Update-Environment-Variable:
if: ${{ always() && github.event_name == 'workflow_dispatch' && needs.Build-Authentik-Image.result == 'success' }}
name: Update Environment Variable with Docker Image Tag
runs-on: ubuntu-latest
needs: [Build-Authentik]
steps:
- name: Update Environment Variable
run: |
curl -X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.K8S_GH_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/scribe-security/scribe2/actions/variables/AUTHENTIK_TAG_LATEST" \
-d '{"name":"AUTHENTIK_TAG_LATEST","value":"${{ github.sha }}"}'
Update-Environment-Variables-Release:
if: ${{ always() && github.event_name == 'release' && startsWith(github.ref, 'refs/tags/v') && needs.Build-Authentik-Image-Release.result == 'success' }}
name: Update Environment Variables with Docker Image Tag
runs-on: ubuntu-latest
needs: Build-Authentik-Image-Release
steps:
- name: Update Environment Variables in GitHub
run: |
curl -X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.PAT_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/scribe-security/scribe2/actions/variables/AUTHENTIK_TAG_LATEST" \
-d '{"name":"AUTHENTIK_TAG_LATEST","value":"${{ needs.Stage-Setup-Release.outputs.tag_name }}"}'
curl -X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.PAT_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/scribe-security/scribe2/actions/variables/AUTHENTIK_VERSION_STAGING" \
-d '{"name":"AUTHENTIK_VERSION_STAGING","value":"${{ needs.Stage-Setup-Release.outputs.tag_name }}"}'