-
Notifications
You must be signed in to change notification settings - Fork 287
157 lines (138 loc) · 5.79 KB
/
buildDBImage.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: Build and Publish DB Image
# Controls when the action will run.
on:
workflow_dispatch:
inputs:
version:
description: |
Version number for the OCI image for this release - usually the same as the
postgres version
required: true
default: 14.17.0
postgres_version:
description: "Postgres Version to package (eg 14.2.0)"
required: true
default: 14.17.0
env:
PROJECT_ID: steampipe
IMAGE_NAME: db
CORE_REPO: ghcr.io/turbot/steampipe
ORG: turbot
CONFIG_SCHEMA_VERSION: "2020-11-18"
VERSION: ${{ github.event.inputs.version }}
PG_VERSION: ${{ github.event.inputs.postgres_version }}
PATH_BASE: https://repo1.maven.org/maven2/io/zonky/test/postgres
NAME_PREFIX: embedded-postgres-binaries
STEAMPIPE_UPDATE_CHECK: false
ORAS_VERSION: 1.1.0
jobs:
# This workflow contains a single job called "build"
build:
name: Build and Publish DB Image
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Trim asset version prefix and Validate
run: |-
echo $VERSION
trim=${VERSION#"v"}
echo $trim
if [[ $trim =~ ^[0-9]+\.[0-9]+\.[0-9]+(-.+)?$ ]]; then
echo "Version OK: $trim"
else
echo "Invalid version: $trim"
exit 1
fi
echo "VERSION=${trim}" >> $GITHUB_ENV
- name: Ensure Version Does Not Exist
run: |-
URL=https://$(echo $CORE_REPO | sed 's/\//\/v2\//')/$IMAGE_NAME/tags/list
IDX=$(curl -L $URL | jq ".tags | index(\"$VERSION\")")
if [ $IDX == "null" ]; then
echo "OK - Version does not exist: $VERSION"
else
echo "Version already exists: $VERSION"
exit 1
fi
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.branch }}
# Login to GHCR
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GH_PUBLISH_ACCESS_TOKEN }}
- name: Pull & Extract - darwin amd64
run: |-
EXTRACT_DIR=extracted-darwin-amd64
curl -L -o darwin-amd64.txz "https://drive.google.com/uc?export=download&id=1A89VJrE2ts5bPGNu5qaRl_SXOUbOWPbz"
mkdir $EXTRACT_DIR
tar -xf darwin-amd64.txz --directory $EXTRACT_DIR
- name: Pull & Extract - darwin arm64
run: |-
EXTRACT_DIR=extracted-darwin-arm64
# new link (darwin-arm64-4.txz) - https://drive.google.com/file/d/1ZVGKr7AeI0kVKys4-55eAeP3-0lx9kUm/view?usp=drive_link
curl -L -o darwin-arm64.txz "https://drive.google.com/uc?export=download&id=1ZVGKr7AeI0kVKys4-55eAeP3-0lx9kUm"
mkdir $EXTRACT_DIR
tar -xf darwin-arm64.txz --directory $EXTRACT_DIR
- name: Pull & Extract - linux amd64
run: |-
EXTRACT_DIR=extracted-linux-amd64
curl -L -o linux-amd64.txz "https://drive.google.com/uc?export=download&id=1I9YaJf0H3kezTNAdeH7bfSNE4dRkuYlZ"
mkdir $EXTRACT_DIR
tar -xf linux-amd64.txz --directory $EXTRACT_DIR
- name: Pull & Extract - linux arm64
run: |-
EXTRACT_DIR=extracted-linux-arm64
curl -L -o linux-arm64.txz "https://drive.google.com/uc?export=download&id=1XaLR76TipSFsidwgskoG0dJT-dzhiDd-"
mkdir $EXTRACT_DIR
tar -xf linux-arm64.txz --directory $EXTRACT_DIR
- name: Build Config JSON
run: |-
JSON_STRING=$( jq -n \
--arg name "$IMAGE_NAME" \
--arg organization "$ORG" \
--arg version "$VERSION" \
--arg schemaVersion "$CONFIG_SCHEMA_VERSION" \
--arg dbVersion "$PG_VERSION" \
'{schemaVersion: $schemaVersion, db: { name: $name, organization: $organization, version: $version, dbVersion: $dbVersion} }' )
echo $JSON_STRING > config.json
- name: Build Annotations JSON
run: |-
JSON_STRING=$( jq -n \
--arg title "$IMAGE_NAME" \
--arg desc "$ORG" \
--arg version "$VERSION" \
--arg timestamp "$(date +%FT%TZ)" \
--arg vendor "Turbot HQ, Inc." \
'{
"$manifest": {
"org.opencontainers.image.title": $title,
"org.opencontainers.image.description": $desc,
"org.opencontainers.image.version": $version,
"org.opencontainers.image.created": $timestamp,
"org.opencontainers.image.vendor": $vendor
}
}' )
echo $JSON_STRING > annotations.json
# Setup ORAS
- name: Install specific version of ORAS
run: |
curl -LO https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz
sudo tar xzf oras_${ORAS_VERSION}_linux_amd64.tar.gz -C /usr/local/bin oras
oras version
# Publish to GHCR
- name: Push to Registry
run: |-
REF="$CORE_REPO/$IMAGE_NAME:$VERSION"
oras push $REF \
--config config.json:application/vnd.turbot.steampipe.config.v1+json \
--annotation-file annotations.json \
extracted-darwin-amd64:application/vnd.turbot.steampipe.db.darwin-amd64.layer.v1+tar \
extracted-darwin-arm64:application/vnd.turbot.steampipe.db.darwin-arm64.layer.v1+tar \
extracted-linux-amd64:application/vnd.turbot.steampipe.db.linux-amd64.layer.v1+tar \
extracted-linux-arm64:application/vnd.turbot.steampipe.db.linux-arm64.layer.v1+tar