Build Base Images #149
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Base Images | |
| on: | |
| workflow_dispatch: | |
| workflow_call: | |
| schedule: | |
| - cron: "30 4 * * 1-5" # run Mon-Fri at 04:30 UTC | |
| defaults: | |
| run: | |
| shell: bash | |
| concurrency: | |
| group: ${{ github.ref_name }}-base-image | |
| cancel-in-progress: false | |
| permissions: | |
| contents: read | |
| jobs: | |
| checks: | |
| name: Checks and variables | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| docker_md5: ${{ steps.vars.outputs.docker_md5 }} | |
| ic_version: ${{ steps.vars.outputs.ic_version }} | |
| image_matrix_oss: ${{ steps.vars.outputs.image_matrix_oss }} | |
| image_matrix_plus: ${{ steps.vars.outputs.image_matrix_plus }} | |
| image_matrix_nap: ${{ steps.vars.outputs.image_matrix_nap }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Output Variables | |
| id: vars | |
| run: | | |
| ./.github/scripts/variables.sh docker_md5 >> $GITHUB_OUTPUT | |
| source .github/data/version.txt | |
| echo "ic_version=${IC_VERSION}" >> $GITHUB_OUTPUT | |
| echo "image_matrix_oss=$(cat .github/data/matrix-images-oss.json | jq -c)" >> $GITHUB_OUTPUT | |
| echo "image_matrix_plus=$(cat .github/data/matrix-images-plus.json | jq -c)" >> $GITHUB_OUTPUT | |
| echo "image_matrix_nap=$(cat .github/data/matrix-images-nap.json | jq -c)" >> $GITHUB_OUTPUT | |
| cat $GITHUB_OUTPUT | |
| build-oss: | |
| name: Build OSS base images | |
| runs-on: ubuntu-24.04 | |
| needs: checks | |
| permissions: | |
| contents: read | |
| pull-requests: write # for scout report | |
| id-token: write | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON( needs.checks.outputs.image_matrix_oss ) }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Docker Buildx | |
| uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
| with: | |
| platforms: arm,arm64,ppc64le,s390x | |
| - name: Authenticate to Google Cloud | |
| id: auth | |
| uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 | |
| with: | |
| token_format: access_token | |
| workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} | |
| service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} | |
| - name: Login to GCR | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: gcr.io | |
| username: oauth2accesstoken | |
| password: ${{ steps.auth.outputs.access_token }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 | |
| with: | |
| images: | | |
| name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/oss | |
| flavor: | | |
| suffix=-${{ matrix.image }},onlatest=false | |
| tags: | | |
| type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }} | |
| - name: Build Base Container | |
| uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 | |
| with: | |
| file: build/Dockerfile | |
| context: "." | |
| cache-from: type=gha,scope=${{ matrix.image }} | |
| cache-to: type=gha,scope=${{ matrix.image }},mode=max | |
| target: common | |
| tags: ${{ steps.meta.outputs.tags }} | |
| platforms: ${{ matrix.platforms }} | |
| pull: true | |
| push: true | |
| build-args: | | |
| BUILD_OS=${{ matrix.image }} | |
| IC_VERSION=${{ needs.checks.outputs.ic_version }} | |
| build-plus: | |
| name: Build Plus base images | |
| runs-on: ubuntu-24.04 | |
| needs: checks | |
| permissions: | |
| contents: read | |
| id-token: write | |
| pull-requests: write # for scout report | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON( needs.checks.outputs.image_matrix_plus ) }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Docker Buildx | |
| uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
| with: | |
| platforms: arm64,s390x | |
| - name: Authenticate to Google Cloud | |
| id: auth | |
| uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 | |
| with: | |
| token_format: access_token | |
| workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} | |
| service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} | |
| - name: Login to GCR | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: gcr.io | |
| username: oauth2accesstoken | |
| password: ${{ steps.auth.outputs.access_token }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 | |
| with: | |
| images: | | |
| name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus | |
| flavor: | | |
| suffix=-${{ matrix.image }},onlatest=false | |
| tags: | | |
| type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }} | |
| - name: Build Base Container | |
| uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 | |
| with: | |
| file: build/Dockerfile | |
| context: "." | |
| cache-from: type=gha,scope=${{ matrix.image }} | |
| cache-to: type=gha,scope=${{ matrix.image }},mode=max | |
| target: common | |
| tags: ${{ steps.meta.outputs.tags }} | |
| platforms: ${{ matrix.platforms }} | |
| pull: true | |
| push: true | |
| build-args: | | |
| BUILD_OS=${{ matrix.image }} | |
| IC_VERSION=${{ needs.checks.outputs.ic_version }} | |
| secrets: | | |
| "nginx-repo.crt=${{ secrets.NGINX_CRT }}" | |
| "nginx-repo.key=${{ secrets.NGINX_KEY }}" | |
| build-plus-nap: | |
| name: Build Plus NAP base images | |
| runs-on: ubuntu-24.04 | |
| needs: checks | |
| permissions: | |
| contents: read | |
| id-token: write | |
| pull-requests: write # for scout report | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON( needs.checks.outputs.image_matrix_nap ) }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Docker Buildx | |
| uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
| - name: Authenticate to Google Cloud | |
| id: auth | |
| uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 | |
| with: | |
| token_format: access_token | |
| workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} | |
| service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} | |
| - name: Login to GCR | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: gcr.io | |
| username: oauth2accesstoken | |
| password: ${{ steps.auth.outputs.access_token }} | |
| - name: NAP modules | |
| id: nap_modules | |
| run: | | |
| [[ "${{ matrix.nap_modules }}" == "waf,dos" ]] && modules="waf-dos" || modules="${{ matrix.nap_modules }}" | |
| echo "modules=${modules}" >> $GITHUB_OUTPUT | |
| [[ "${{ matrix.nap_modules }}" =~ waf ]] && agent="true" || agent="false" | |
| echo "agent=${agent}" >> $GITHUB_OUTPUT | |
| if: ${{ matrix.nap_modules != '' }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 | |
| with: | |
| images: | | |
| name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus | |
| flavor: | | |
| suffix=-${{ matrix.image }}-${{ steps.nap_modules.outputs.modules }},onlatest=false | |
| tags: | | |
| type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }} | |
| - name: Build Base Container | |
| uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 | |
| with: | |
| file: build/Dockerfile | |
| context: "." | |
| cache-from: type=gha,scope=${{ matrix.image }}-${{ steps.nap_modules.outputs.modules }} | |
| cache-to: type=gha,scope=${{ matrix.image }}-${{ steps.nap_modules.outputs.modules }},mode=max | |
| target: common | |
| tags: ${{ steps.meta.outputs.tags }} | |
| platforms: ${{ matrix.platforms }} | |
| pull: true | |
| push: true | |
| build-args: | | |
| BUILD_OS=${{ matrix.image }} | |
| IC_VERSION=${{ needs.checks.outputs.ic_version }} | |
| NAP_MODULES=${{ matrix.nap_modules }} | |
| ${{ contains(matrix.nap_modules,'waf') && format('NGINX_AGENT={0}', steps.nap_modules.outputs.agent) || '' }} | |
| secrets: | | |
| "nginx-repo.crt=${{ secrets.NGINX_AP_CRT }}" | |
| "nginx-repo.key=${{ secrets.NGINX_AP_KEY }}" | |
| ${{ contains(matrix.image, 'ubi') && format('"rhel_license={0}"', secrets.RHEL_LICENSE) || '' }} |