-
-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy pathcall-docker-build-promotion.yaml
84 lines (77 loc) · 2.92 KB
/
call-docker-build-promotion.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
---
# moved to https://github.com/BretFisher/docker-build-workflow/blob/main/templates/call-docker-build-promote.yaml
# THIS IS NOT A TEMPLATE.
# This is just for testing the repo itself.
# This calls the reusable workflow from its local file path.
name: Docker Build with Promotion
on:
push:
branches:
- main
paths-ignore:
- 'README.md'
- '.github/linters/**'
pull_request:
paths-ignore:
- 'README.md'
- '.github/linters/**'
# cancel any previously-started, yet still active runs of this workflow on the same branch
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
permissions: { }
jobs:
# run this job on every push to a PR
# it will push images to GHCR, but not Docker Hub
docker-build-pr:
name: Call Build on PR
if: github.event_name == 'pull_request'
uses: bretfisher/docker-build-workflow/.github/workflows/reusable-docker-build.yaml@main
with:
# DON'T login to or push to Docker Hub
dockerhub-enable: false
ghcr-enable: true
push: true
image-names: |
ghcr.io/${{ github.repository }}
# run this job on every push to the default branch (including merges and tags)
# it will push images to GHCR and DockerHub
# tags will also include ones like `stable-<date>-<sha>` and `latest`
docker-build-merge:
name: Call Build on Push
# this if is filtered to only the main branch push event (see events at top)
if: github.event_name == 'push'
uses: bretfisher/docker-build-workflow/.github/workflows/reusable-docker-build.yaml@main
secrets:
dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
with:
dockerhub-enable: true
ghcr-enable: true
push: true
image-names: |
docker.io/${{ github.repository }}
ghcr.io/${{ github.repository }}
# this job runs after a push/merge to the default branch
# it will create a PR on a *different* repo that has
# Kustomize YAML, and will update the image tags to the new one
# This is an example of a "promotion" workflow where once a new image
# is created from the default_branch of an app, that a Kubernetes
# environment YAML needs to be updated as well.
# This will save humans the steps of looking up the new image tag
# and creating a new PR to update the Kustomize YAML.
# You could also change this to update a Helm chart values file.
gitops-pr:
name: GitOps PR
if: github.event_name == 'push'
needs: docker-build-pr
uses: ./.github/workflows/reusable-gitops-pr.yaml
secrets:
github-token: ${{ secrets.GITOPS_TOKEN }}
slack-token: ${{ secrets.SLACK_BOT_TOKEN }}
with:
repo: mostlydevops/wordsmith-k8s
kustomize-path: environments/staging01
image: ghcr.io/${{ github.repository }}
tag: ${{ needs.docker-build-merge.outputs.image-tag }}
slack-channel-id: ${{ vars.SLACK_CHANNEL_ID }}