diff --git a/.github/workflows/centreon-publish-docker-images.yml b/.github/workflows/centreon-publish-docker-images.yml new file mode 100644 index 00000000000..0dafa6180ba --- /dev/null +++ b/.github/workflows/centreon-publish-docker-images.yml @@ -0,0 +1,161 @@ +name: Centreon - Publish Docker Images to Harbor + +# This workflow is Centreon-specific and separate from the upstream publish_docker_images.yml. +# It publishes multi-arch images (amd64 + arm64) to Centreon's internal Harbor registry. +# +# Tagging strategy: +# - push on main → :qual +# - git tag centreon-v* → : (e.g. centreon-v1.2.3) +# - pull_request → : + +on: + push: + branches: + - main + paths: + - "quickwit/**" + - ".github/workflows/centreon-publish-docker-images.yml" + tags: + - "centreon-v*" + pull_request: + paths: + - "quickwit/**" + - ".github/workflows/centreon-publish-docker-images.yml" + +permissions: + contents: read + +env: + REGISTRY_IMAGE: ${{ vars.DOCKER_REGISTRY_BASE_URL }}/pulse/quickwit + +jobs: + docker: + strategy: + matrix: + include: + - os: ubuntu-latest + platform: linux/amd64 + platform_suffix: amd64 + - os: centreon-ubuntu-24.04-arm + platform: linux/arm64 + platform_suffix: arm64 + runs-on: ${{ matrix.os }} + permissions: + contents: read + actions: write + steps: + - name: Cleanup Disk Space + run: | + df -h + sudo rm -rf /opt/hostedtoolcache/CodeQL + sudo rm -rf /usr/local/.ghcup + sudo rm -rf /usr/local/lib/android + sudo rm -rf /usr/share/dotnet + sudo rm -rf /usr/share/swift + df -h + + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + + - name: Login to Harbor + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + with: + registry: ${{ vars.DOCKER_REGISTRY_BASE_URL }} + username: ${{ secrets.HARBOR_CENTREON_PUSH_USERNAME }} + password: ${{ secrets.HARBOR_CENTREON_PUSH_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + + - name: Retrieve commit metadata + run: | + echo "QW_COMMIT_DATE=$(TZ=UTC0 git log -1 --format=%cd --date=format-local:%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_ENV + echo "QW_COMMIT_HASH=$(git rev-parse HEAD)" >> $GITHUB_ENV + echo "QW_COMMIT_TAGS=$(git tag --points-at HEAD | tr '\n' ',')" >> $GITHUB_ENV + echo "CARGO_FEATURES=release-feature-set" >> $GITHUB_ENV + + - name: Build and push image + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + id: build + with: + context: . + platforms: ${{ matrix.platform }} + build-args: | + QW_COMMIT_DATE=${{ env.QW_COMMIT_DATE }} + QW_COMMIT_HASH=${{ env.QW_COMMIT_HASH }} + QW_COMMIT_TAGS=${{ env.QW_COMMIT_TAGS }} + CARGO_FEATURES=${{ env.CARGO_FEATURES }} + outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="$DIGEST" + touch "/tmp/digests/${digest#sha256:}" + env: + DIGEST: ${{ steps.build.outputs.digest }} + + - name: Upload digest + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + with: + name: digest-${{ matrix.platform_suffix }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + runs-on: ubuntu-latest + needs: [docker] + permissions: + contents: read + actions: read + steps: + - name: Download digests + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + pattern: digest-* + path: /tmp/digests + merge-multiple: true + + - name: Sanitize branch name for PR tagging + if: github.event_name == 'pull_request' + run: | + echo "BRANCH_TAG=${GITHUB_HEAD_REF//\//-}" >> $GITHUB_ENV + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + + - name: Docker meta + id: meta + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 + with: + images: ${{ env.REGISTRY_IMAGE }} + flavor: | + latest=false + tags: | + type=raw,value=qual,enable=${{ github.ref == 'refs/heads/main' }} + type=ref,event=tag,enable=${{ startsWith(github.ref, 'refs/tags/centreon-v') }} + type=raw,value=${{ env.BRANCH_TAG }},enable=${{ github.event_name == 'pull_request' }} + labels: | + org.opencontainers.image.title=Quickwit + org.opencontainers.image.vendor=Centreon + maintainer=Centreon + + - name: Login to Harbor + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + with: + registry: ${{ vars.DOCKER_REGISTRY_BASE_URL }} + username: ${{ secrets.HARBOR_CENTREON_PUSH_USERNAME }} + password: ${{ secrets.HARBOR_CENTREON_PUSH_TOKEN }} + + - name: Create manifest list and push tags + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf "$REGISTRY_IMAGE@sha256:%s " *) + + - name: Inspect image + run: | + docker buildx imagetools inspect "$REGISTRY_IMAGE:$META_VERSION" + env: + META_VERSION: ${{ steps.meta.outputs.version }} diff --git a/.github/workflows/publish_cross_images.yml b/.github/workflows/publish_cross_images.yml index 371e12a3569..8e83c10ce95 100644 --- a/.github/workflows/publish_cross_images.yml +++ b/.github/workflows/publish_cross_images.yml @@ -13,6 +13,8 @@ permissions: jobs: build-cross-images: + # Centreon: skip if DOCKERHUB_USERNAME is not configured in this fork + if: ${{ secrets.DOCKERHUB_USERNAME != '' }} name: Publish cross images runs-on: ubuntu-latest environment: diff --git a/.github/workflows/publish_docker_images.yml b/.github/workflows/publish_docker_images.yml index eb177989c3d..35bdc75014f 100644 --- a/.github/workflows/publish_docker_images.yml +++ b/.github/workflows/publish_docker_images.yml @@ -22,6 +22,8 @@ env: jobs: docker: + # Centreon: skip if DOCKERHUB_USERNAME is not configured in this fork + if: ${{ secrets.DOCKERHUB_USERNAME != '' }} strategy: matrix: include: @@ -115,6 +117,8 @@ jobs: retention-days: 1 merge: + # Centreon: skip if DOCKERHUB_USERNAME is not configured in this fork + if: ${{ secrets.DOCKERHUB_USERNAME != '' }} runs-on: ubuntu-latest needs: [docker] permissions: