Grant action permission #1451
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- main | |
- dev | |
pull_request: | |
name: Content Images - Build, Test, Scan, and Push | |
jobs: | |
matrix: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: set-matrix | |
run: | | |
MATRIX=$(jq -Mcr < content/matrix.json) | |
echo "matrix=$MATRIX" >> $GITHUB_OUTPUT | |
build: | |
runs-on: ubuntu-latest | |
needs: matrix | |
name: content-base-${{ matrix.config.os }}-r${{ matrix.config.r }}-py${{ matrix.config.py }}--${{ github.ref }} | |
concurrency: | |
group: content-base-${{ matrix.config.os }}-r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ github.ref }} | |
cancel-in-progress: true | |
strategy: | |
fail-fast: false | |
matrix: | |
config: ${{ fromJson(needs.matrix.outputs.matrix) }} | |
steps: | |
- name: Check Out Repo | |
uses: actions/checkout@v3 | |
- name: Set up Just | |
uses: extractions/setup-just@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get build args | |
id: get-build-args | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
BUILD_ARGS=$( \ | |
just -f ci.Justfile \ | |
get-content-args \ | |
${{ matrix.config.r }} \ | |
${{ matrix.config.py }} \ | |
) | |
echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT | |
echo "$BUILD_ARGS" >> $GITHUB_OUTPUT | |
echo "$EOF" >> $GITHUB_OUTPUT | |
- name: Get tags | |
id: get-tags | |
run: | | |
IMAGE_TAGS=$( \ | |
just -f ci.Justfile \ | |
get-content-tags \ | |
content-base \ | |
${{ matrix.config.r }} \ | |
${{ matrix.config.py }} \ | |
${{ matrix.config.os }} \ | |
) | |
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT | |
- name: Build/Test/Scan/Push content base image | |
id: build1 | |
uses: ./.github/actions/build-test-scan-push | |
continue-on-error: true | |
with: | |
context: ./content/base | |
os: ${{ matrix.config.os }} | |
product: content-base | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
test-image: false | |
push-image: ${{ github.ref == 'refs/heads/main' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.GITHUB_TOKEN }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
# Begin retry logic | |
- name: Wait 60s on failure before retrying | |
if: steps.build1.outcome == 'failure' | |
run: sleep 60 | |
- name: Retry - Build/Test/Scan/Push base pro image | |
id: build2 | |
if: steps.build1.outcome == 'failure' | |
uses: ./.github/actions/build-test-scan-push | |
with: | |
context: ./content/base | |
os: ${{ matrix.config.os }} | |
product: content-base | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
test-image: false | |
push-image: ${{ github.ref == 'refs/heads/main' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.GITHUB_TOKEN }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
# End retry logic | |
build-pro: | |
runs-on: ubuntu-latest | |
needs: [ matrix, build ] | |
name: content-pro-${{ matrix.config.os }}-r${{ matrix.config.r }}-py${{ matrix.config.py }}--${{ github.ref }} | |
concurrency: | |
group: content-pro-${{ matrix.config.os }}-r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ github.ref }} | |
cancel-in-progress: true | |
strategy: | |
fail-fast: false | |
matrix: | |
config: ${{ fromJson(needs.matrix.outputs.matrix) }} | |
steps: | |
- name: Check Out Repo | |
uses: actions/checkout@v3 | |
- name: Set up Just | |
uses: extractions/setup-just@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get build args | |
id: get-build-args | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
BUILD_ARGS=$( \ | |
just -f ci.Justfile \ | |
get-content-args \ | |
${{ matrix.config.r }} \ | |
${{ matrix.config.py }} \ | |
${{ matrix.config.drivers }} \ | |
) | |
echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT | |
echo "$BUILD_ARGS" >> $GITHUB_OUTPUT | |
echo "$EOF" >> $GITHUB_OUTPUT | |
- name: Get tags | |
id: get-tags | |
run: | | |
IMAGE_TAGS=$( \ | |
just -f ci.Justfile \ | |
get-content-tags \ | |
content-pro \ | |
${{ matrix.config.r }} \ | |
${{ matrix.config.py }} \ | |
${{ matrix.config.os }} \ | |
) | |
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT | |
- name: Build/Test/Scan/Push content pro image | |
id: build1 | |
uses: ./.github/actions/build-test-scan-push | |
continue-on-error: true | |
with: | |
context: ./content/pro | |
os: ${{ matrix.config.os }} | |
product: content-pro | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
test-image: false | |
push-image: ${{ github.ref == 'refs/heads/main' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.GITHUB_TOKEN }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
# Begin retry logic | |
- name: Wait 60s on failure before retrying | |
if: steps.build1.outcome == 'failure' | |
run: sleep 60 | |
- name: Retry - Build/Test/Scan/Push base pro image | |
id: build2 | |
if: steps.build1.outcome == 'failure' | |
uses: ./.github/actions/build-test-scan-push | |
with: | |
context: ./content/pro | |
os: ${{ matrix.config.os }} | |
product: content-pro | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
test-image: false | |
push-image: ${{ github.ref == 'refs/heads/main' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.GITHUB_TOKEN }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
# End retry logic |