docker-alerta/.github/workflows/ci.yml at workable-master · Workable/docker-alerta · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: Alerta Workable CI

on:
  push:
    tags:
      - workable-*
  pull_request:
    branches:
      - workable-*

permissions:
  contents: read

jobs:
  detect-noop:
    permissions:
      actions: write  # for fkirc/skip-duplicate-actions to skip or stop workflow runs
      contents: read  # for fkirc/skip-duplicate-actions to read and compare commits
    runs-on: ubuntu-latest
    outputs:
      noop: ${{ steps.noop.outputs.should_skip }}
    steps:
      - name: Detect No-op Changes
        id: noop
        uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          paths_ignore: '["**.md", "**.png", "**.jpg"]'
          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
          concurrent_skipping: false

  publish-artifacts:
    if: ${{ needs.detect-noop.outputs.noop != 'true' && startsWith(github.ref, 'refs/tags/workable-') }}
    permissions:
      id-token: write
      contents: read
    runs-on: ubuntu-latest
    environment: Workable
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Check secrets availability
        id: secrets_check
        shell: bash
        run: |
          echo "has_sre=${{ secrets.SRE_GCR_SA != '' }}" >> $GITHUB_OUTPUT
          echo "has_staging=${{ secrets.STAGING_GCR_SA != '' }}" >> $GITHUB_OUTPUT
          echo "has_production=${{ secrets.PRODUCTION_GCR_SA != '' }}" >> $GITHUB_OUTPUT

      - name: Get image tag
        id: container-info
        run: |
          echo "image-tag=${GITHUB_REF#refs/tags/workable-}" >> $GITHUB_OUTPUT

      - name: Build image
        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.1
        with:
          context: .
          file: workable-Dockerfile
          push: false
          tags: Workable/alerta-base:${{ steps.container-info.outputs.image-tag }}
          provenance: false
          build-args: |
            BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
            RELEASE=9.0.4
            VERSION=${{ steps.container-info.outputs.image-tag }}

      # DISTRIBUTION OF SRE IMAGE
      - name: Skip SRE registry push
        if: ${{ steps.secrets_check.outputs.has_sre == 'false' }}
        run: |
          echo "::warning title=SRE Registry Push Skipped::The SRE_GCR_SA secret is missing. Skipping image push to SRE registry."

      - name: Login to sre registry
        if: ${{ steps.secrets_check.outputs.has_sre == 'true' }}
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          registry: us-docker.pkg.dev
          username: _json_key
          password: ${{ secrets.SRE_GCR_SA }}

      - name: Push image to sre registry
        if: ${{ steps.secrets_check.outputs.has_sre == 'true' }}
        env:
          REGISTRY: us-docker.pkg.dev/sre-artifacts-20e4/gcr.io
        run: |
          docker tag Workable/alerta-base:${{ steps.container-info.outputs.image-tag }} \
            ${{ env.REGISTRY }}/alerta-base:${{ steps.container-info.outputs.image-tag }}
          docker push ${{ env.REGISTRY }}/alerta-base:${{ steps.container-info.outputs.image-tag }}

      # DISTRIBUTION OF STAGING IMAGE
      - name: Skip Staging registry push
        if: ${{ steps.secrets_check.outputs.has_staging == 'false' }}
        run: |
          echo "::warning title=Staging Registry Push Skipped::The STAGING_GCR_SA secret is missing. Skipping image push to Staging registry."

      - name: Login to staging registry
        if: ${{ steps.secrets_check.outputs.has_staging == 'true' }}
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          registry: us-docker.pkg.dev
          username: _json_key
          password: ${{ secrets.STAGING_GCR_SA }}

      - name: Push image to staging registry
        if: ${{ steps.secrets_check.outputs.has_staging == 'true' }}
        env:
          REGISTRY: us-docker.pkg.dev/staging-artifacts-786a/gcr.io
        run: |
          docker tag Workable/alerta-base:${{ steps.container-info.outputs.image-tag }} \
            ${{ env.REGISTRY }}/alerta-base:${{ steps.container-info.outputs.image-tag }}
          docker push ${{ env.REGISTRY }}/alerta-base:${{ steps.container-info.outputs.image-tag }}

      # DISTRIBUTION OF PRODUCTION IMAGE
      - name: Skip Production registry push
        if: ${{ steps.secrets_check.outputs.has_production == 'false' }}
        run: |
          echo "::warning title=Production Registry Push Skipped::The PRODUCTION_GCR_SA secret is missing. Skipping image push to Production registry."

      - name: Login to production registry
        if: ${{ steps.secrets_check.outputs.has_production == 'true' }}
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          registry: us-docker.pkg.dev
          username: _json_key
          password: ${{ secrets.PRODUCTION_GCR_SA }}

      - name: Push image to production registry
        if: ${{ steps.secrets_check.outputs.has_production == 'true' }}
        env:
          REGISTRY: us-docker.pkg.dev/production-artifacts-0b0d/gcr.io
        run: |
          docker tag Workable/alerta-base:${{ steps.container-info.outputs.image-tag }} \
            ${{ env.REGISTRY }}/alerta-base:${{ steps.container-info.outputs.image-tag }}
          docker push ${{ env.REGISTRY }}/alerta-base:${{ steps.container-info.outputs.image-tag }}