Skip to content
Build

Build #1582

Sign in to view logs

Build

Build #1582

Workflow file for this run

.github/workflows/_build.yml at cb02d74
---
name: "Build"
on:
push:
branches:
- '**'
pull_request:
release:
types:
- edited
- published
schedule:
- cron: '0 10 * * *' # everyday at 10am
workflow_dispatch:
permissions:
actions: read
contents: read
jobs:
diagnostics:
name: "Diagnostics"
uses: ./.github/workflows/diagnostics.yml
config:
name: "Config"
uses: ./.github/workflows/_config.yml
metadata:
name: "Metadata"
needs: [config]
uses: ./.github/workflows/docker-metadata.yml
with:
image_name: ${{ needs.config.outputs.image_name }}
lint:
name: "Lint"
uses: ./.github/workflows/common-lint.yml
build-image-for-testing:
name: "Build image for testing"
needs:
- config
- lint
- metadata
uses: ./.github/workflows/docker-build-image.yml
with:
artifact_name: ${{ needs.config.outputs.image_artifact_name_stem }}-${{ needs.config.outputs.test_platform }}
cache_from_scopes: ${{ needs.config.outputs.test_platform }}
cache_to_scope: ${{ needs.config.outputs.test_platform }}
image_archive_name_stem: ${{ needs.config.outputs.test_platform }}
image_labels: ${{ needs.metadata.outputs.image_labels }}
platforms: ${{ needs.config.outputs.test_platform }}
test-image:
name: "Test image"
needs:
- build-image-for-testing
- config
uses: ./.github/workflows/docker-pytest-image.yml
with:
data_artifact_name: ${{ needs.config.outputs.data_artifact_name }}
image_artifact_name: ${{ needs.build-image-for-testing.outputs.artifact_name }}
image_archive_name: ${{ needs.build-image-for-testing.outputs.image_archive_name }}
build-each-platform:
name: "Build platforms"
needs:
- config
- lint
- metadata
- test-image
if: github.event_name != 'pull_request'
strategy:
matrix:
platform: ${{ fromJson(needs.config.outputs.platforms_json) }}
exclude:
- platform: ${{ needs.config.outputs.test_platform }}
uses: ./.github/workflows/docker-build-image.yml
with:
artifact_name: ${{ needs.config.outputs.image_artifact_name_stem }}-${{ matrix.platform }}
cache_from_scopes: ${{ matrix.platform }}
cache_to_scope: ${{ matrix.platform }}
image_labels: ${{ needs.metadata.outputs.image_labels }}
image_archive_name_stem: ${{ matrix.platform }}
platforms: ${{ matrix.platform }}
generate-sboms:
name: "Bill of Materials"
needs:
- build-each-platform
- config
permissions:
contents: write
strategy:
matrix:
platform: ${{ fromJson(needs.config.outputs.platforms_json) }}
uses: ./.github/workflows/sbom-artifact.yml
with:
image_artifact_name: ${{ needs.config.outputs.image_artifact_name_stem }}-${{ matrix.platform }}
sbom_artifact_name: ${{ needs.config.outputs.sbom_artifact_name_stem }}-${{ matrix.platform }}
docker-secrets:
name: "Docker secrets"
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # tag=v2.7.1
with:
egress-policy: block
- name: Check docker.com credentials
run: |
return_code=0
if [ -z "${{ secrets.DOCKER_USERNAME }}" ]; then
echo "::warning::Set the DOCKER_USERNAME secret."
return_code=1
fi
if [ -z "${{ secrets.DOCKER_PASSWORD }}" ]; then
echo "::warning::Set the DOCKER_PASSWORD secret."
return_code=1
fi
exit $return_code
build-multi-arch-image:
name: "Publish image"
needs:
- build-each-platform
- config
- docker-secrets
- metadata
if: github.event_name != 'pull_request'
permissions:
packages: write
uses: ./.github/workflows/docker-multi-arch-push.yml
with:
artifact_name_pattern: ${{ needs.config.outputs.image_artifact_name_stem }}-*
image_tags: ${{ needs.metadata.outputs.image_tags }}
secrets:
docker_password: ${{ secrets.DOCKER_PASSWORD }}
docker_username: ${{ secrets.DOCKER_USERNAME }}
publish-readme:
name: "Publish docs"
needs:
- build-multi-arch-image
- config
- docker-secrets
- metadata
if: needs.metadata.outputs.latest == 'true'
uses: ./.github/workflows/docker-publish-description.yml
with:
image_name: ${{ needs.config.outputs.image_name }}
secrets:
docker_password: ${{ secrets.DOCKER_PASSWORD }}
docker_username: ${{ secrets.DOCKER_USERNAME }}