Changes needed for upgrading base image #35
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Alerta Workable CI | |
| on: | |
| push: | |
| tags: | |
| - workable-* | |
| pull_request: | |
| branches: | |
| - workable-* | |
| permissions: | |
| contents: read | |
| jobs: | |
| detect-noop: | |
| permissions: | |
| actions: write # for fkirc/skip-duplicate-actions to skip or stop workflow runs | |
| contents: read # for fkirc/skip-duplicate-actions to read and compare commits | |
| runs-on: ubuntu-latest | |
| outputs: | |
| noop: ${{ steps.noop.outputs.should_skip }} | |
| steps: | |
| - name: Detect No-op Changes | |
| id: noop | |
| uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| paths_ignore: '["**.md", "**.png", "**.jpg"]' | |
| do_not_skip: '["workflow_dispatch", "schedule", "push"]' | |
| concurrent_skipping: false | |
| publish-artifacts: | |
| if: ${{ needs.detect-noop.outputs.noop != 'true' && startsWith(github.ref, 'refs/tags/workable-') }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| environment: Workable | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Check secrets availability | |
| id: secrets_check | |
| shell: bash | |
| run: | | |
| echo "has_sre=${{ secrets.SRE_GCR_SA != '' }}" >> $GITHUB_OUTPUT | |
| echo "has_staging=${{ secrets.STAGING_GCR_SA != '' }}" >> $GITHUB_OUTPUT | |
| echo "has_production=${{ secrets.PRODUCTION_GCR_SA != '' }}" >> $GITHUB_OUTPUT | |
| - name: Get image tag | |
| id: container-info | |
| run: | | |
| echo "image-tag=${GITHUB_REF#refs/tags/workable-}" >> $GITHUB_OUTPUT | |
| - name: Build image | |
| uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.1 | |
| with: | |
| context: . | |
| file: workable-Dockerfile | |
| push: false | |
| tags: Workable/alerta-base:${{ steps.container-info.outputs.image-tag }} | |
| provenance: false | |
| build-args: | | |
| BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") | |
| RELEASE=9.0.4 | |
| VERSION=${{ steps.container-info.outputs.image-tag }} | |
| # DISTRIBUTION OF SRE IMAGE | |
| - name: Skip SRE registry push | |
| if: ${{ steps.secrets_check.outputs.has_sre == 'false' }} | |
| run: | | |
| echo "::warning title=SRE Registry Push Skipped::The SRE_GCR_SA secret is missing. Skipping image push to SRE registry." | |
| - name: Login to sre registry | |
| if: ${{ steps.secrets_check.outputs.has_sre == 'true' }} | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: us-docker.pkg.dev | |
| username: _json_key | |
| password: ${{ secrets.SRE_GCR_SA }} | |
| - name: Push image to sre registry | |
| if: ${{ steps.secrets_check.outputs.has_sre == 'true' }} | |
| env: | |
| REGISTRY: us-docker.pkg.dev/sre-artifacts-20e4/gcr.io | |
| run: | | |
| docker tag Workable/alerta-base:${{ steps.container-info.outputs.image-tag }} \ | |
| ${{ env.REGISTRY }}/alerta-base:${{ steps.container-info.outputs.image-tag }} | |
| docker push ${{ env.REGISTRY }}/alerta-base:${{ steps.container-info.outputs.image-tag }} | |
| # DISTRIBUTION OF STAGING IMAGE | |
| - name: Skip Staging registry push | |
| if: ${{ steps.secrets_check.outputs.has_staging == 'false' }} | |
| run: | | |
| echo "::warning title=Staging Registry Push Skipped::The STAGING_GCR_SA secret is missing. Skipping image push to Staging registry." | |
| - name: Login to staging registry | |
| if: ${{ steps.secrets_check.outputs.has_staging == 'true' }} | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: us-docker.pkg.dev | |
| username: _json_key | |
| password: ${{ secrets.STAGING_GCR_SA }} | |
| - name: Push image to staging registry | |
| if: ${{ steps.secrets_check.outputs.has_staging == 'true' }} | |
| env: | |
| REGISTRY: us-docker.pkg.dev/staging-artifacts-786a/gcr.io | |
| run: | | |
| docker tag Workable/alerta-base:${{ steps.container-info.outputs.image-tag }} \ | |
| ${{ env.REGISTRY }}/alerta-base:${{ steps.container-info.outputs.image-tag }} | |
| docker push ${{ env.REGISTRY }}/alerta-base:${{ steps.container-info.outputs.image-tag }} | |
| # DISTRIBUTION OF PRODUCTION IMAGE | |
| - name: Skip Production registry push | |
| if: ${{ steps.secrets_check.outputs.has_production == 'false' }} | |
| run: | | |
| echo "::warning title=Production Registry Push Skipped::The PRODUCTION_GCR_SA secret is missing. Skipping image push to Production registry." | |
| - name: Login to production registry | |
| if: ${{ steps.secrets_check.outputs.has_production == 'true' }} | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: us-docker.pkg.dev | |
| username: _json_key | |
| password: ${{ secrets.PRODUCTION_GCR_SA }} | |
| - name: Push image to production registry | |
| if: ${{ steps.secrets_check.outputs.has_production == 'true' }} | |
| env: | |
| REGISTRY: us-docker.pkg.dev/production-artifacts-0b0d/gcr.io | |
| run: | | |
| docker tag Workable/alerta-base:${{ steps.container-info.outputs.image-tag }} \ | |
| ${{ env.REGISTRY }}/alerta-base:${{ steps.container-info.outputs.image-tag }} | |
| docker push ${{ env.REGISTRY }}/alerta-base:${{ steps.container-info.outputs.image-tag }} |