Skip to content

Publish Docker Image #87

Publish Docker Image

Publish Docker Image #87

Workflow file for this run

name: Publish Docker Image
on:
schedule:
# Once weekly on Fridays at noon
- cron: "00 12 * * 5"
workflow_dispatch:
jobs:
build-codegate-image:
name: Build Docker image
runs-on: ubuntu-latest-m
permissions:
contents: read
packages: write
actions: read
id-token: write
attestations: write
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up QEMU for cross-platform builds
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3
- name: Compute version number
id: version-string
run: |
DATE="$(date +%Y%m%d)"
COMMIT="$(git rev-parse --short HEAD)"
echo "tag=0.$DATE.$GITHUB_RUN_NUMBER-ref.$COMMIT" >> "$GITHUB_OUTPUT"
- name: Login to GHCR
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set container metadata
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5
id: docker-metadata
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
labels: |
org.opencontainers.image.source=${{ github.repositoryUrl }}
org.opencontainers.image.description="Container image for the CodeGate local gateway"
org.opencontainers.image.title="CodeGate container image"
org.opencontainers.image.vendor="Stacklok Inc."
org.opencontainers.image.version=${{ github.sha }}
flavor: |
latest=true
tags: |
type=raw,value=${{ steps.version-string.outputs.tag }}
- name: Download artifact
id: download-artifact
uses: dawidd6/action-download-artifact@80620a5d27ce0ae443b965134db88467fc607b43 # v7
with:
github_token: ${{ github.token }}
workflow: ".github/workflows/import_packages.yml"
workflow_conclusion: success
name: backup_weaviate
name_is_regexp: true
skip_unpack: false
if_no_artifact_found: ignore
- name: Fetch latest FE commit SHA
id: fetch_commit_fe_sha
run: |
echo "LATEST_RELEASE=$(curl -s "https://api.github.com/repos/stacklok/codegate-ui/releases/latest" | grep '"tag_name":' | cut -d '"' -f 4)" >> $GITHUB_ENV
- name: Rename to accommodate to image
run: mv ./backup_weaviate ./weaviate_backup
- name: Download git lfs dependencies
run: |
git lfs install
git lfs pull
- name: Build and Push Image
id: image-build
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.docker-metadata.outputs.tags }}
labels: ${{ steps.docker-metadata.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
LATEST_RELEASE=${{ env.LATEST_RELEASE }}
- name: Capture Image Digest
id: image-digest
run: |
echo "digest=$(docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/${{ env.IMAGE_NAME }}:${{ steps.version-string.outputs.tag }})" >> "$GITHUB_OUTPUT"
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: Sign the images with GitHub OIDC Token
env:
DIGEST: ${{ steps.image-build.outputs.digest }}
TAGS: ${{ steps.docker-metadata.outputs.tags }}
run: |
images=""
for tag in ${TAGS}; do
images+="${tag}@${DIGEST} "
done
cosign sign --yes ${images}