Skip to content

Commit

Permalink
TMP: use reusable workflow to build
Browse files Browse the repository at this point in the history
  • Loading branch information
@KevinMind
KevinMind committed Jun 26, 2024
1 parent ff5d2a6 commit 77b0cda
Show file tree
Hide file tree
Showing 3 changed files with 257 additions and 0 deletions.
118 changes: 118 additions & 0 deletions .github/actions/context/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
name: 'Dump Context'
description: 'Display context for action run'

outputs:
# All github action outputs are strings, even if set to "true"
# so when using these values always assert against strings or convert from json
# \$\{{ needs.context.outputs.is_fork == 'true' }} // true
# \$\{{ fromJson(needs.context.outputs.is_fork) == false }} // true
# \$\{{ needs.context.outputs.is_fork == true }} // false
# \$\{{ needs.context.outputs.is_fork }} // false
is_fork:
description: ""
value: ${{ steps.context.outputs.is_fork }}
is_default_branch:
description: ""
value: ${{ steps.context.outputs.is_default_branch }}
is_release_master:
description: ""
value: ${{ steps.context.outputs.is_release_master }}
is_release_tag:
description: ""
value: ${{ steps.context.outputs.is_release_tag }}
# Hardcode image name
image_name:
description: ""
value: mozilla/addons-server

runs:
using: 'composite'
steps:
- name: Dump GitHub context
shell: bash
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: echo "$GITHUB_CONTEXT"
- name: Dump job context
shell: bash
env:
JOB_CONTEXT: ${{ toJson(job) }}
run: echo "$JOB_CONTEXT"
- name: Dump steps context
shell: bash
env:
STEPS_CONTEXT: ${{ toJson(steps) }}
run: echo "$STEPS_CONTEXT"
- name: Dump runner context
shell: bash
env:
RUNNER_CONTEXT: ${{ toJson(runner) }}
run: echo "$RUNNER_CONTEXT"
- name: Dump env context
shell: bash
env:
ENV_CONTEXT: ${{ toJson(env) }}
run: |
echo "$ENV_CONTEXT"
- name: Dump inputs context
shell: bash
env:
INPUTS_CONTEXT: ${{ toJson(inputs) }}
run: |
echo "$INPUTS_CONTEXT"
- name: Set context
id: context
env:
# The default branch of the repository, in this case "master"
default_branch: ${{ github.event.repository.default_branch }}
shell: bash
run: |
event_name="${{ github.event_name }}"
event_action="${{ github.event.action }}"
# Stable check for if the workflow is running on the default branch
# https://stackoverflow.com/questions/64781462/github-actions-default-branch-variable
is_default_branch="${{ format('refs/heads/{0}', env.default_branch) == github.ref }}"
# In most events, the epository refers to the head which would be the fork
is_fork="${{ github.event.repository.fork }}"
# This is different in a pull_request where we need to check the head explicitly
if [[ "${{ github.event_name }}" == 'pull_request' ]]; then
# repository on a pull request refers to the base which is always mozilla/addons-server
is_head_fork="${{ github.event.pull_request.head.repo.fork }}"
# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
is_dependabot="${{ github.actor == 'dependabot[bot]' }}"
# If the head repository is a fork or if the PR is opened by dependabot
# we consider the run to be a fork. Dependabot and proper forks are treated
# the same in terms of limited read only github token scope
if [[ "$is_head_fork" == 'true' || "$is_dependabot" == 'true' ]]; then
is_fork="true"
fi
fi
is_release_master="false"
is_release_tag="false"
# Releases can only happen if we are NOT on a fork
if [[ "$is_fork" == 'false' ]]; then
# A master release occurs on a push to the default branch of the origin repository
if [[ "$event_name" == 'push' && "$is_default_branch" == 'true' ]]; then
is_release_master="true"
fi
# A tag release occurs when a release is published
if [[ "$event_name" == 'release' && "$event_action" == 'publish' ]]; then
is_release_tag="true"
fi
fi
echo "is_default_branch=$is_default_branch" >> $GITHUB_OUTPUT
echo "is_fork=$is_fork" >> $GITHUB_OUTPUT
echo "is_release_master=$is_release_master" >> $GITHUB_OUTPUT
echo "is_release_tag=$is_release_tag" >> $GITHUB_OUTPUT
echo "event_name: $event_name"
cat $GITHUB_OUTPUT
133 changes: 133 additions & 0 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
name: Build Docker Image

on:
workflow_call:
outputs:
image:
description: "The Docker image"
value: ''
version:
description: "The version for the image"
value: ''
digest:
description: "The build digest for the image"
value: ''
tag:
description: "Combines image and version to a valid image tag"
value: ''
# # , DOCKER_PASS, GAR_PUSHER_SERVICE_ACCOUNT_EMAIL, GCP_WORKLOAD_IDENTITY_PROVIDER
secrets:
DOCKER_USER:
description: "The docker hub username"
required: false
DOCKER_PASS:
description: "The docker hub password"
required: false


concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
cancel-in-progress: true

jobs:
context:
runs-on: ubuntu-latest

outputs:
is_fork: ${{ steps.context.outputs.is_fork }}
is_release_master: ${{ steps.context.outputs.is_release_master }}
is_release_tag: ${{ steps.context.outputs.is_release_tag }}

steps:
- uses: actions/checkout@v4
- id: context
uses: ./.github/actions/context

login:
runs-on: ubuntu-latest
needs: [context]

outputs:
ghcr: ${{ steps.ghcr.outcome == 'success' }}
dockerhub: ${{ steps.dockerhub.outcome == 'success' }}
gar: ${{ steps.gar.outcome == 'success' }}

steps:
- name: Login to GHCR
id: ghcr
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
logout: false

- name: Login to Dockerhub
id: dockerhub
if: ${{ needs.context.outputs.is_fork == 'false' }}
uses: docker/login-action@v3
with:
registry: docker.io
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASS }}
logout: false

- name: get the GCP auth token
if: |
needs.context.outputs.is_release_master == 'true' ||
needs.context.outputs.is_release_tag == 'true'
id: gcp-auth
uses: google-github-actions/auth@v2
with:
token_format: access_token
service_account: ${{ secrets.GAR_PUSHER_SERVICE_ACCOUNT_EMAIL }}
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}

- name: login to GAR
id: gar
if: ${{ steps.gcp-auth.outcome == 'success' }}
uses: docker/login-action@v3
with:
registry: us-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.gcp-auth.outputs.access_token }}

build:
runs-on: ubuntu-latest
needs: [context, login]
steps:
- uses: actions/checkout@v4

- shell: bash
run: |
docker system info
cat ~/.docker/config.json
- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
with:
version: latest
buildkitd-flags: --debug

- name: Docker Image
id: image
shell: bash
run: |
echo "image=${{ github.repository }}" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
flavor: |
suffix=-next,onlatest=true
latest=${{ needs.context.outputs.is_release_master }}
tags: |
type=ref,event=pr
type=ref,event=branch
type=ref,event=tag
6 changes: 6 additions & 0 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,12 @@ env:
docs_artifact: docs

jobs:
build_call:
uses: ./.github/workflows/build.yml
secrets:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_PASS: ${{ secrets.DOCKER_PASS }}

context:
runs-on: ubuntu-latest

Expand Down

0 comments on commit 77b0cda

Please sign in to comment.