Skip to content

Grant action permission #1451

Grant action permission

Grant action permission #1451

Workflow file for this run

on:
push:
branches:
- main
- dev
pull_request:
name: Content Images - Build, Test, Scan, and Push
jobs:
matrix:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: |
MATRIX=$(jq -Mcr < content/matrix.json)
echo "matrix=$MATRIX" >> $GITHUB_OUTPUT
build:
runs-on: ubuntu-latest
needs: matrix
name: content-base-${{ matrix.config.os }}-r${{ matrix.config.r }}-py${{ matrix.config.py }}--${{ github.ref }}
concurrency:
group: content-base-${{ matrix.config.os }}-r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ github.ref }}
cancel-in-progress: true
strategy:
fail-fast: false
matrix:
config: ${{ fromJson(needs.matrix.outputs.matrix) }}
steps:
- name: Check Out Repo
uses: actions/checkout@v3
- name: Set up Just
uses: extractions/setup-just@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Get build args
id: get-build-args
run: |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
BUILD_ARGS=$( \
just -f ci.Justfile \
get-content-args \
${{ matrix.config.r }} \
${{ matrix.config.py }} \
)
echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT
echo "$BUILD_ARGS" >> $GITHUB_OUTPUT
echo "$EOF" >> $GITHUB_OUTPUT
- name: Get tags
id: get-tags
run: |
IMAGE_TAGS=$( \
just -f ci.Justfile \
get-content-tags \
content-base \
${{ matrix.config.r }} \
${{ matrix.config.py }} \
${{ matrix.config.os }} \
)
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT
- name: Build/Test/Scan/Push content base image
id: build1
uses: ./.github/actions/build-test-scan-push
continue-on-error: true
with:
context: ./content/base
os: ${{ matrix.config.os }}
product: content-base
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }}
test-image: false
push-image: ${{ github.ref == 'refs/heads/main' }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
snyk-org-id: ${{ secrets.SNYK_ORG_ID }}
ghcr-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
# Begin retry logic
- name: Wait 60s on failure before retrying
if: steps.build1.outcome == 'failure'
run: sleep 60
- name: Retry - Build/Test/Scan/Push base pro image
id: build2
if: steps.build1.outcome == 'failure'
uses: ./.github/actions/build-test-scan-push
with:
context: ./content/base
os: ${{ matrix.config.os }}
product: content-base
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }}
test-image: false
push-image: ${{ github.ref == 'refs/heads/main' }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
snyk-org-id: ${{ secrets.SNYK_ORG_ID }}
ghcr-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
# End retry logic
build-pro:
runs-on: ubuntu-latest
needs: [ matrix, build ]
name: content-pro-${{ matrix.config.os }}-r${{ matrix.config.r }}-py${{ matrix.config.py }}--${{ github.ref }}
concurrency:
group: content-pro-${{ matrix.config.os }}-r${{ matrix.config.r }}-py${{ matrix.config.py }}-${{ github.ref }}
cancel-in-progress: true
strategy:
fail-fast: false
matrix:
config: ${{ fromJson(needs.matrix.outputs.matrix) }}
steps:
- name: Check Out Repo
uses: actions/checkout@v3
- name: Set up Just
uses: extractions/setup-just@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Get build args
id: get-build-args
run: |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
BUILD_ARGS=$( \
just -f ci.Justfile \
get-content-args \
${{ matrix.config.r }} \
${{ matrix.config.py }} \
${{ matrix.config.drivers }} \
)
echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT
echo "$BUILD_ARGS" >> $GITHUB_OUTPUT
echo "$EOF" >> $GITHUB_OUTPUT
- name: Get tags
id: get-tags
run: |
IMAGE_TAGS=$( \
just -f ci.Justfile \
get-content-tags \
content-pro \
${{ matrix.config.r }} \
${{ matrix.config.py }} \
${{ matrix.config.os }} \
)
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT
- name: Build/Test/Scan/Push content pro image
id: build1
uses: ./.github/actions/build-test-scan-push
continue-on-error: true
with:
context: ./content/pro
os: ${{ matrix.config.os }}
product: content-pro
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }}
test-image: false
push-image: ${{ github.ref == 'refs/heads/main' }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
snyk-org-id: ${{ secrets.SNYK_ORG_ID }}
ghcr-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
# Begin retry logic
- name: Wait 60s on failure before retrying
if: steps.build1.outcome == 'failure'
run: sleep 60
- name: Retry - Build/Test/Scan/Push base pro image
id: build2
if: steps.build1.outcome == 'failure'
uses: ./.github/actions/build-test-scan-push
with:
context: ./content/pro
os: ${{ matrix.config.os }}
product: content-pro
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }}
test-image: false
push-image: ${{ github.ref == 'refs/heads/main' }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
snyk-org-id: ${{ secrets.SNYK_ORG_ID }}
ghcr-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
# End retry logic