Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: 231a6ea674
Branches Tags
helm-externa...
/
.github
/
workflows
/
rebuild-image.yml

rebuild-image.yml 2.2 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. name: Rebuild
    2. 

  2. 

  3. on:
    4. 

  4.   workflow_dispatch:
    5. 

  5.     inputs:
    6. 

  6.       ref:
    7. 

  7.         description: 'ref to rebuild, can be a tag, branch or commit sha.'
    8. 

  8.         required: true
    9. 

  9.         default: 'v0.6.1'
    10. 

  10. 

  11. permissions:
    12. 

  12.   contents: read
    13. 

  13. 

  14. jobs:
    15. 

  15.   checkout:
    16. 

  16.     name: Checkout repo
    17. 

  17.     runs-on: ubuntu-latest
    18. 

  18.     outputs:
    19. 

  19.       timestamp: ${{ steps.timestamp.outputs.timestamp }}
    20. 

  20. 

  21.     steps:
    22. 

  22.       - name: Checkout
    23. 

  23.         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
    24. 

  24.         with:
    25. 

  25.           fetch-depth: 0
    26. 

  26.           ref: ${{ github.event.inputs.ref }}
    27. 

  27.       - name: set timestamp output
    28. 

  28.         id: timestamp
    29. 

  29.         run: |
    30. 

  30.           echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT
    31. 

  31. 

  32.   # this rebuilds the image and creates a new tag with a timestamp suffix
    33. 

  33.   # e.g. v0.6.1-1669145271 and v0.6.1-ubi-1669145271
    34. 

  34.   publish-artifacts:
    35. 

  35.     uses: ./.github/workflows/publish.yml
    36. 

  36.     needs: checkout
    37. 

  37.     permissions:
    38. 

  38.       id-token: write
    39. 

  39.       contents: read
    40. 

  40.     strategy:
    41. 

  41.       matrix:
    42. 

  42.         include:
    43. 

  43.         - dockerfile: "Dockerfile"
    44. 

  44.           build-args: "CGO_ENABLED=0"
    45. 

  45.           build-arch: "amd64 arm64 ppc64le"
    46. 

  46.           build-platform: "linux/amd64,linux/arm64,linux/ppc64le"
    47. 

  47.           tag-suffix: "-${{ needs.checkout.outputs.timestamp }}" # distroless
    48. 

  48.         - dockerfile: "Dockerfile.ubi"
    49. 

  49.           build-args: "CGO_ENABLED=0"
    50. 

  50.           build-arch: "amd64 arm64 ppc64le"
    51. 

  51.           build-platform: "linux/amd64,linux/arm64,linux/ppc64le"
    52. 

  52.           tag-suffix: "-ubi-${{ needs.checkout.outputs.timestamp }}" # ubi
    53. 

  53.         - dockerfile: "Dockerfile.ubi"
    54. 

  54.           build-args: "CGO_ENABLED=0 GOEXPERIMENT=boringcrypto" # fips
    55. 

  55.           build-arch: "amd64 ppc64le"
    56. 

  56.           build-platform: "linux/amd64,linux/ppc64le"
    57. 

  57.           tag-suffix: "-ubi-boringssl-${{ needs.checkout.outputs.timestamp }}"
    58. 

  58.     with:
    59. 

  59.       dockerfile: ${{ matrix.dockerfile }}
    60. 

  60.       tag-suffix: ${{ matrix.tag-suffix }}
    61. 

  61.       image-name: ghcr.io/${{ github.repository }}
    62. 

  62.       build-platform: ${{ matrix.build-platform }}
    63. 

  63.       build-args: ${{ matrix.build-args }}
    64. 

  64.       build-arch: ${{ matrix.build-arch }}
    65. 

  65.       ref: ${{ github.event.inputs.ref }}
    66. 

  66.       image-tag: ${{ github.event.inputs.ref }}
    67. 

  67.     secrets:
    68. 

  68.       GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
    69. 

  69.       GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
    70. 

  70.