manual-SNAPSHOT #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: manual-SNAPSHOT | |
| env: | |
| GPG_KEY_ID_GITHUB_TECHUSER: '${{ secrets.GPG_KEY_ID_GITHUB_TECHUSER }}' | |
| TECH_USER_USERNAME: ${{ vars.TECH_USER_USERNAME }} | |
| TECH_USER_EMAIL: ${{ vars.TECH_USER_EMAIL }} | |
| PROJECT_NAME: ${GITHUB_REPOSITORY#*/} | |
| DOCKER_BAKE_PLATFORM: linux/amd64,linux/arm64 | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| comment: | |
| # Friendly description to be shown in the UI instead of 'name' | |
| description: 'Comment for snapshot' | |
| # Default value if no value is explicitly provided | |
| default: 'Start SNAPSHOT from WEB UI' | |
| # Input has to be provided for the workflow to run | |
| required: true | |
| # A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
| jobs: | |
| manual-SNAPSHOT: | |
| name: Manual snapshot release | |
| runs-on: ubuntu-latest | |
| steps: | |
| ############### | |
| # pre release | |
| ############### | |
| - name: Import GPG key | |
| # GPG private key, which is exported with armor (beginning: '-----BEGIN PGP PRIVATE KEY BLOCK-----') this entire content is encoded in base64, and it is loaded into the secrets content | |
| # we decode the base64 encoded private key and load it | |
| run: | | |
| mkdir -p ~/.gnupg/ | |
| echo "${{ secrets.GPG_SIGNING_KEY_GITHUB_TECHUSER }}" | base64 --decode > ~/.gnupg/private.key | |
| gpg --import ~/.gnupg/private.key | |
| - name: Install SSH key | |
| uses: shimataro/ssh-key-action@v2 | |
| with: | |
| # The content is an SSH key in PEM format (beginning: '-----BEGIN RSA PRIVATE KEY-----') | |
| key: ${{ secrets.SSH_PRIVATE_KEY_GITHUB_TECHUSER }} | |
| name: id_rsa # optional | |
| known_hosts: ${{ secrets.KNOWN_HOSTS }} # currently, its content is empty | |
| # config: ${{ secrets.CONFIG }} # ssh_config; optional | |
| - name: Configure GIT for signed commit | |
| run: | | |
| git config --global user.name "${{ env.TECH_USER_USERNAME }}" | |
| git config --global user.email "${{ env.TECH_USER_EMAIL }}" | |
| git config --global user.signingkey "${{ secrets.GPG_KEY_ID_GITHUB_TECHUSER }}" | |
| git config --global commit.gpgsign true | |
| git config --global tag.gpgSign true | |
| # https://github.com/docker/setup-qemu-action | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| # Reset QEMU emulation for multi-architecture support and enable required platforms | |
| - name: Reset QEMU for Multi-Arch | |
| run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes | |
| # https://github.com/docker/setup-buildx-action | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Checkout main | |
| uses: actions/checkout@v4 | |
| ############### | |
| ## release | |
| ############### | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: docker buildx bake "#1 - liquibase" | |
| uses: docker/bake-action@v5 | |
| with: | |
| set: | | |
| *.platform=${{ env.DOCKER_BAKE_PLATFORM }} | |
| push: true | |
| files: | | |
| docker-compose.yml | |
| targets: liquibase-release | |
| - name: docker buildx bake "#2 - postgres" | |
| uses: docker/bake-action@v5 | |
| with: | |
| set: | | |
| *.platform=${{ env.DOCKER_BAKE_PLATFORM }} | |
| push: true | |
| files: | | |
| docker-compose.yml | |
| targets: postgres-release_148, postgres-release_163 | |
| - name: docker buildx bake "#3 - pg_tools" | |
| uses: docker/bake-action@v5 | |
| with: | |
| set: | | |
| *.platform=${{ env.DOCKER_BAKE_PLATFORM }} | |
| push: true | |
| files: | | |
| docker-compose.yml | |
| targets: pg_tools-release |