Skip to content

Commit

Permalink
Improve actions
Browse files Browse the repository at this point in the history
  • Loading branch information
@javfg
javfg committed Jan 10, 2025
1 parent 23f87b1 commit 0b5ffb0
Show file tree
Hide file tree
Showing 3 changed files with 102 additions and 19 deletions.
77 changes: 77 additions & 0 deletions .github/workflows/build-dev.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
name: build-dev

on:
push:
tags:
# Matches tags that contain a dash after YY.major.minor
# Example: 25.0.0-beta.1
# Keep in mind github does not support all regex features:
# https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
- 'v[0-9]+.[0-9]+.[0-9]+-*'

jobs:
push-to-ghcr:
name: Build docker image and push to GHCR
runs-on: ubuntu-22.04

permissions:
packages: write
contents: read
attestations: write
id-token: write

env:
TAG: ${{ github.ref_name }}
REPO: ${{ github.event.repository.name }}

steps:
- id: prepare
name: Prepare the action and log details
shell: bash
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: |
TAG=$(echo $TAG | sed 's/^v//')
echo "TAG=$TAG" >> $GITHUB_ENV
echo "The tag for this build is $TAG"
echo "The repo name is: $REPO"
echo "Github context:\n$GITHUB_CONTEXT"
- id: checkout
name: Check out repo
uses: actions/checkout@v4

- id: auth-google
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
token_format: access_token
project_id: 'open-targets-eu-dev'
workload_identity_provider: projects/426265110888/locations/global/workloadIdentityPools/github-actions/providers/opentargets
service_account: [email protected]
access_token_lifetime: 300s

- id: auth-gar
name: Login to Google Artifact Registry
uses: docker/login-action@v3
with:
registry: europe-west1-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth-google.outputs.access_token }}

- id: push
name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: |
europe-west1-docker.pkg.dev/open-targets-eu-dev/${{ env.REPO }}/${{ env.REPO }}:${{ env.TAG }}
- id: generate-attestations
name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: europe-west1-docker.pkg.dev/open-targets-eu-dev/${{ env.REPO }}/${{ env.REPO }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
42 changes: 24 additions & 18 deletions .github/workflows/build.yaml → .github/workflows/build-release.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
name: Build docker image and publish to GHCR and GAR
name: build-release

on:
release:
types:
- published
branches:
- main
- master

jobs:
push-to-ghcr-and-gar:
name: Build docker image and publish to GHCR and GAR
name: Build docker image and push to GHCR and GAR
runs-on: ubuntu-22.04

permissions:
Expand All @@ -22,58 +22,64 @@ jobs:
TAG: ${{ github.ref_name }}

steps:
- id: prepare_tag
name: Prepare tag
run: echo "TAG=$(echo $TAG | sed 's/^v//')" >> $GITHUB_ENV
- id: prepare
name: Prepare the action and log details
shell: bash
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: |
TAG=$(echo $TAG | sed 's/^v//')
echo "TAG=$TAG" >> $GITHUB_ENV
echo "The tag for this build is $TAG"
echo "The repo name is: $REPO"
echo "Github context:\n$GITHUB_CONTEXT"
- id: checkout
name: Check out repo
uses: actions/checkout@v4

- id: auth_ghcr
- id: auth-ghcr
name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- id: auth_google
- id: auth-google
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
token_format: access_token
project_id: 'open-targets-eu-dev'
workload_identity_provider: projects/426265110888/locations/global/workloadIdentityPools/github/providers/opentargets-github
service_account: ontoform-image-upload@open-targets-eu-dev.iam.gserviceaccount.com
workload_identity_provider: projects/426265110888/locations/global/workloadIdentityPools/github-actions/providers/opentargets
service_account: github-actions@open-targets-eu-dev.iam.gserviceaccount.com
access_token_lifetime: 300s

- id: auth_gar
- id: auth-gar
name: Login to Google Artifact Registry
uses: docker/login-action@v3
with:
registry: europe-west1-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth_google.outputs.access_token }}
password: ${{ steps.auth-google.outputs.access_token }}

- id: push
name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
labels: |
org.opencontainers.image.description=${{ github.event.repository.description }}
tags: |
ghcr.io/${{ github.repository }}:latest
ghcr.io/${{ github.repository }}:${{ env.TAG }}
europe-west1-docker.pkg.dev/open-targets-eu-dev/ontoform/ontoform:latest
europe-west1-docker.pkg.dev/open-targets-eu-dev/ontoform/ontoform:${{ env.TAG }}
europe-west1-docker.pkg.dev/open-targets-eu-dev/${{ env.REPO }}/${{ env.REPO }}:latest
europe-west1-docker.pkg.dev/open-targets-eu-dev/${{ env.REPO }}/${{ env.REPO }}:${{ env.TAG }}
- id: generate_attestations
- id: generate-attestations
name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: ghcr.io/${{ github.repository }}
subject-name: europe-west1-docker.pkg.dev/open-targets-eu-dev/${{ env.REPO }}/${{ env.REPO }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
2 changes: 1 addition & 1 deletion .github/workflows/ci.yaml → .github/workflows/ci-pr.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: ci
name: ci-pr

on:
push:
Expand Down

0 comments on commit 0b5ffb0

Please sign in to comment.