Skip to content

Add: Push workflow for greenbone registry #519

Add: Push workflow for greenbone registry

Add: Push workflow for greenbone registry #519

Workflow file for this run

name: Container Image Builds
on:
push:
branches: [main, stable, oldstable]
tags: ["v*"]
pull_request:
branches: [main, stable, oldstable]
workflow_dispatch:
jobs:
production:
name: Production Images
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: "set IS_VERSION_TAG"
run: |
echo "IS_VERSION_TAG=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }}" >> $GITHUB_ENV
# set defaults
echo "IS_LATEST_TAG=false" >> $GITHUB_ENV
- name: "set IS_LATEST_TAG"
if: ( env.IS_VERSION_TAG )
run: |
# find the latest version that is not ourself
export LATEST_VERSION=$(git tag -l | grep -v '${{ github.ref_name }}' | sort -r --version-sort)
# get major minor patch versions
IFS='.' read -r latest_major latest_minor latest_patch << EOF
$LATEST_VERSION
EOF
IFS='.' read -r tag_major tag_minor tag_patch << EOF
${{ github.ref_name }}
EOF
# remove leading v
latest_major=$(echo $latest_major | cut -c2-)
tag_major=$(echo $tag_major | cut -c2-)
echo "$tag_major >= $latest_major"
if [[ $tag_major -ge $latest_major && ($tag_minor -ne 0 || $tag_patch -ne 0) ]]; then
# set this tag to latest and stable
echo "IS_LATEST_TAG=true" >> $GITHUB_ENV
fi
- name: "Setup meta information debian:stable"
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ github.repository }}
labels: |
org.opencontainers.image.vendor=Greenbone
org.opencontainers.image.base.name=debian:stable-slim
flavor: latest=false # no auto latest container tag for git tags
tags: |
# when IS_LATEST_TAG is set create a stable and a latest tag
type=raw,value=latest,enable=${{ env.IS_LATEST_TAG }}
type=raw,value=stable,enable=${{ env.IS_LATEST_TAG }}
# if tag version is set than create a version tags
type=semver,pattern={{version}},enable=${{ env.IS_VERSION_TAG }}
type=semver,pattern={{major}}.{{minor}},enable=${{ env.IS_VERSION_TAG }}
type=semver,pattern={{major}},enable=${{ env.IS_VERSION_TAG }}
# if we are on the main branch set edge
type=edge,branch=main
# use branch-sha otherwise for pushes to branches other then main (will not be uploaded)
type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
# use pr-$PR_ID for pull requests (will not be uploaded)
type=ref,event=pr
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push Container image
uses: docker/build-push-action@v6
with:
context: .
push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }}
file: .docker/prod.Dockerfile
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: "Setup meta information debian:oldstable"
id: old_stable_meta
uses: docker/metadata-action@v5
with:
images: ${{ github.repository }}
labels: |
org.opencontainers.image.vendor=Greenbone
org.opencontainers.image.base.name=debian:stable-slim
flavor: latest=false # no auto latest container tag for git tags
tags: |
# for the images provided for debian:oldstable we just provide
# oldstable on an new version or oldstable-edge when it is on main.
# oldstable-branch-sha on a branch
type=raw,value=oldstable,enable=${{ env.IS_LATEST_TAG }}
type=raw,value=oldstable-edge,enable=${{ github.ref_name == 'main' }}
type=raw,value=oldstable-{{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
type=ref,event=pr
- name: Build and push Container image
uses: docker/build-push-action@v6
with:
context: .
push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }}
file: .docker/prod-oldstable.Dockerfile
platforms: linux/amd64,linux/arm64
tags: ${{ steps.old_stable_meta.outputs.tags }}
labels: ${{ steps.old_stable_meta.outputs.labels }}
- name: "Setup meta information debian:testing"
id: testing_meta
uses: docker/metadata-action@v5
with:
images: ${{ github.repository }}
labels: |
org.opencontainers.image.vendor=Greenbone
org.opencontainers.image.base.name=debian:testing-slim
flavor: latest=false # no auto latest container tag for git tags
tags: |
# for the images provided for debian:testing we just provide
# testing on an new version or testing-edge when it is on main.
# testing-branch-sha on a branch
type=raw,value=testing,enable=${{ env.IS_LATEST_TAG }}
type=raw,value=testing-edge,enable=${{ github.ref_name == 'main' }}
type=raw,value=testing-{{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
type=ref,event=pr
- name: Build and push Container image
uses: docker/build-push-action@v6
with:
context: .
push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }}
file: .docker/prod-testing.Dockerfile
platforms: linux/amd64,linux/arm64
tags: ${{ steps.testing_meta.outputs.tags }}
labels: ${{ steps.testing_meta.outputs.labels }}
# triggers projects that work with stable branches on a new stable tag
trigger-stable-projects:
needs: production
if: github.ref_type == 'tag' && startsWith(github.ref_name, 'v')
name: Trigger update container images in related projects for new tags
strategy:
fail-fast: false
matrix:
repository: ["greenbone/gvmd", "greenbone/gsad"]
runs-on: ubuntu-latest
steps:
- name: Trigger ${{ matrix.repository }} build container image build
uses: greenbone/actions/trigger-workflow@v3
with:
token: ${{ secrets.GREENBONE_BOT_TOKEN }}
repository: ${{ matrix.repository }}
workflow: build-container.yml
ref: main
- name: Trigger ${{ matrix.repository }} container image build
uses: greenbone/actions/trigger-workflow@v3
with:
token: ${{ secrets.GREENBONE_BOT_TOKEN }}
repository: ${{ matrix.repository }}
workflow: container.yml
ref: main
trigger-related-projects:
needs: production
if: github.event_name != 'pull_request'
name: Trigger update container images in related projects
strategy:
fail-fast: false
matrix:
repository:
- "greenbone/openvas-scanner"
- "greenbone/boreas"
runs-on: ubuntu-latest
steps:
- name: Trigger main ${{ matrix.repository }} container image build
uses: greenbone/actions/trigger-workflow@v3
with:
token: ${{ secrets.GREENBONE_BOT_TOKEN }}
repository: ${{ matrix.repository }}
workflow: container.yml
ref: main