logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
							name: Rebuild

on:
  workflow_dispatch:
    inputs:
      ref:
        description: 'ref to rebuild, can be a tag, branch or commit sha.'
        required: true
        default: 'v0.6.1'

jobs:
  checkout:
    name: Checkout repo
    runs-on: ubuntu-latest
    outputs:
      timestamp: ${{ steps.timestamp.outputs.timestamp }}

    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
          ref: ${{ github.event.inputs.ref }}
      - name: set timestamp output
        id: timestamp
        run: |
          echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT

  # this rebuilds the image and creates a new tag with a timestamp suffix
  # e.g. v0.6.1-1669145271 and v0.6.1-ubi-1669145271
  publish-artifacts:
    uses: ./.github/workflows/publish.yml
    needs: checkout
    permissions:
      id-token: write
      contents: read
    strategy:
      matrix:
        include:
        - dockerfile: "Dockerfile"
          build-args: "CGO_ENABLED=0"
          build-arch: "amd64 arm64"
          build-platform: "linux/amd64,linux/arm64"
          tag-suffix: "-${{ needs.checkout.outputs.timestamp }}" # distroless
        - dockerfile: "Dockerfile.ubi"
          build-args: "CGO_ENABLED=0"
          build-arch: "amd64 arm64"
          build-platform: "linux/amd64,linux/arm64"
          tag-suffix: "-ubi-${{ needs.checkout.outputs.timestamp }}" # ubi
        - dockerfile: "Dockerfile.ubi"
          build-args: "CGO_ENABLED=0 GOEXPERIMENT=boringcrypto" # fips
          build-arch: "amd64"
          build-platform: "linux/amd64"
          tag-suffix: "-ubi-boringssl-${{ needs.checkout.outputs.timestamp }}"
    with:
      dockerfile: ${{ matrix.dockerfile }}
      tag-suffix: ${{ matrix.tag-suffix }}
      image-name: ghcr.io/${{ github.repository }}
      build-platform: ${{ matrix.build-platform }}
      build-args: ${{ matrix.build-args }}
      build-arch: ${{ matrix.build-arch }}
      ref: ${{ github.event.inputs.ref }}
      image-tag: ${{ github.event.inputs.ref }}
    secrets:
      GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
      GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}