Skip to content

chore(deps): update github/codeql-action action to v3.24.8 (main) #37

chore(deps): update github/codeql-action action to v3.24.8 (main)

chore(deps): update github/codeql-action action to v3.24.8 (main) #37

name: Image Release Build
# Any change in triggers needs to be reflected in the concurrency group.
on:
push:
branches:
- main
tags:
- v[0-9]+.[0-9]+.[0-9]+
- v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+
pull_request:
branches:
- main
- v*
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }}
cancel-in-progress: true
permissions: read-all
jobs:
determine-deployment:
if: ${{ github.repository == 'cilium/hubble' }}
name: Determine Deployment
runs-on: ubuntu-22.04
steps:
- name: Determine deployment environment
id: environment
# use 'release' deployment if the workflow was triggered on a pushed tag starting with "v"
run: |
echo "deployment=${{ (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) && 'release' || '' }}" >> $GITHUB_OUTPUT
outputs:
name: ${{ steps.environment.outputs.deployment }}
build-and-push:
if: ${{ github.repository == 'cilium/hubble' }}
environment: ${{ needs.determine-deployment.outputs.name }}
runs-on: ubuntu-22.04
needs: determine-deployment
strategy:
# matrix for easier code-sharing with workflows from cilium/cilium
matrix:
include:
- name: hubble
dockerfile: ./Dockerfile
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0
- name: Login to quay.io
if: ${{ needs.determine-deployment.outputs.name == 'release' }}
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME_RELEASE_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD_RELEASE_PASSWORD }}
- name: Getting image tag
id: tag
run: |
echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
- name: Checkout Source Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: Release Build ${{ matrix.name }}
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
id: docker_build_release
with:
context: .
file: ${{ matrix.dockerfile }}
push: ${{ needs.determine-deployment.outputs.name == 'release' }}
platforms: linux/amd64,linux/arm64
tags: |
quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}
- name: Image Release Digest
shell: bash
run: |
mkdir -p image-digest/
job_name=${{ matrix.name }}
job_name_capital=${job_name^^}
job_name_underscored=${job_name_capital//-/_}
echo "${job_name_underscored}_DIGEST := \"${{ steps.docker_build_release.outputs.digest }}\"" > image-digest/makefile-digest.txt
echo "### ${{ matrix.name }}" > image-digest/${{ matrix.name }}.txt
echo "" >> image-digest/${{ matrix.name }}.txt
echo "\`quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_release.outputs.digest }}\`" >> image-digest/${{ matrix.name }}.txt
echo "" >> image-digest/${{ matrix.name }}.txt
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: image-digest ${{ matrix.name }}
path: image-digest
retention-days: 1
image-digests:
if: ${{ github.repository == 'cilium/hubble' }}
name: Display Digests
runs-on: ubuntu-22.04
needs: build-and-push
steps:
- name: Getting image tag
id: tag
run: |
echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
- name: Downloading Image Digests
shell: bash
run: |
mkdir -p image-digest/
- name: Download digests of all images built
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
path: image-digest/
- name: Image Digests Output
shell: bash
run: |
cd image-digest/
echo "## Docker Manifests" > ../image-digest-output.txt
echo "" >> ../image-digest-output.txt
find -type f -not -name "makefile-digest.txt" | sort | xargs -d '\n' cat >> ../image-digest-output.txt
- name: Image Makefile Digests
shell: bash
run: |
cd image-digest/
echo "# File generated by .github/workflows/build-images-releases.yaml; DO NOT EDIT." > ../Makefile.digests
echo "# Copyright "$(date +'%Y')" Authors of Cilium" >> ../Makefile.digests
echo "# SPDX-License-Identifier: Apache-2.0" >> ../Makefile.digests
echo "" >> ../Makefile.digests
find -type f -name "makefile-digest.txt" | sort | xargs -d '\n' cat >> ../Makefile.digests
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: image-digest-output.txt-${{ steps.tag.outputs.tag }}
path: image-digest-output.txt
retention-days: 1
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: Makefile.digests-${{ steps.tag.outputs.tag }}
path: Makefile.digests
retention-days: 1