chore(deps): update docker.io/library/alpine:3.20.3 docker digest to … #314
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Image Release Build | |
# Any change in triggers needs to be reflected in the concurrency group. | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10 | |
pull_request: | |
branches: | |
- main | |
- v* | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }} | |
cancel-in-progress: true | |
permissions: read-all | |
jobs: | |
determine-deployment: | |
if: ${{ github.repository == 'cilium/hubble' }} | |
name: Determine Deployment | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Determine deployment environment | |
id: environment | |
# use 'release' deployment if the workflow was triggered on a pushed tag starting with "v" | |
run: | | |
echo "deployment=${{ (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) && 'release' || '' }}" >> $GITHUB_OUTPUT | |
outputs: | |
name: ${{ steps.environment.outputs.deployment }} | |
build-and-push: | |
if: ${{ github.repository == 'cilium/hubble' }} | |
environment: ${{ needs.determine-deployment.outputs.name }} | |
runs-on: ubuntu-24.04 | |
needs: determine-deployment | |
strategy: | |
# matrix for easier code-sharing with workflows from cilium/cilium | |
matrix: | |
include: | |
- name: hubble | |
dockerfile: ./Dockerfile | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
- name: Login to quay.io | |
if: ${{ needs.determine-deployment.outputs.name == 'release' }} | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME_RELEASE_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD_RELEASE_PASSWORD }} | |
- name: Getting image tag | |
id: tag | |
run: | | |
echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT | |
- name: Checkout Source Code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
persist-credentials: false | |
- name: Release Build ${{ matrix.name }} | |
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 | |
id: docker_build_release | |
with: | |
context: . | |
file: ${{ matrix.dockerfile }} | |
push: ${{ needs.determine-deployment.outputs.name == 'release' }} | |
platforms: linux/amd64,linux/arm64 | |
tags: | | |
quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }} | |
- name: Image Release Digest | |
shell: bash | |
run: | | |
mkdir -p image-digest/ | |
job_name=${{ matrix.name }} | |
job_name_capital=${job_name^^} | |
job_name_underscored=${job_name_capital//-/_} | |
echo "${job_name_underscored}_DIGEST := \"${{ steps.docker_build_release.outputs.digest }}\"" > image-digest/makefile-digest.txt | |
echo "### ${{ matrix.name }}" > image-digest/${{ matrix.name }}.txt | |
echo "" >> image-digest/${{ matrix.name }}.txt | |
echo "\`quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_release.outputs.digest }}\`" >> image-digest/${{ matrix.name }}.txt | |
echo "" >> image-digest/${{ matrix.name }}.txt | |
# Upload artifact digests | |
- name: Upload artifact digests | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: image-digest ${{ matrix.name }} | |
path: image-digest | |
retention-days: 1 | |
image-digests: | |
if: ${{ github.repository == 'cilium/hubble' }} | |
name: Display Digests | |
runs-on: ubuntu-24.04 | |
needs: build-and-push | |
steps: | |
- name: Getting image tag | |
id: tag | |
run: | | |
echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT | |
- name: Downloading Image Digests | |
shell: bash | |
run: | | |
mkdir -p image-digest/ | |
- name: Download digests of all images built | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
pattern: "*image-digest *" | |
path: image-digest/ | |
- name: Image Digests Output | |
shell: bash | |
run: | | |
cd image-digest/ | |
echo "## Docker Manifests" > ../image-digest-output.txt | |
echo "" >> ../image-digest-output.txt | |
find -type f -not -name "makefile-digest.txt" | sort | xargs -d '\n' cat >> ../image-digest-output.txt | |
- name: Image Makefile Digests | |
shell: bash | |
run: | | |
cd image-digest/ | |
echo "# File generated by .github/workflows/build-images-releases.yaml; DO NOT EDIT." > ../Makefile.digests | |
echo "# Copyright "$(date +'%Y')" Authors of Cilium" >> ../Makefile.digests | |
echo "# SPDX-License-Identifier: Apache-2.0" >> ../Makefile.digests | |
echo "" >> ../Makefile.digests | |
find -type f -name "makefile-digest.txt" | sort | xargs -d '\n' cat >> ../Makefile.digests | |
# Upload artifact digests | |
- name: Upload artifact digests | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: image-digest-output.txt-${{ steps.tag.outputs.tag }} | |
path: image-digest-output.txt | |
retention-days: 1 | |
# Upload artifact digests | |
- name: Upload artifact digests | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: Makefile.digests-${{ steps.tag.outputs.tag }} | |
path: Makefile.digests | |
retention-days: 1 |