v2.1.9 #447
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Deploy | |
| # yamllint disable-line rule:truthy | |
| on: | |
| release: | |
| types: | |
| - published | |
| workflow_run: | |
| workflows: [CI] | |
| branches: [main] | |
| types: | |
| - completed | |
| concurrency: | |
| group: deploy | |
| jobs: | |
| information: | |
| if: | | |
| github.event_name == 'release' | |
| || ( | |
| github.event_name == 'workflow_run' | |
| && github.event.workflow_run.conclusion == 'success' | |
| ) | |
| name: ℹ️ Gather add-on information | |
| runs-on: ubuntu-latest | |
| outputs: | |
| architectures: ${{ steps.information.outputs.architectures }} | |
| base_image_signer: ${{ steps.information.outputs.codenotary_base_image }} | |
| build: ${{ steps.information.outputs.build }} | |
| description: ${{ steps.information.outputs.description }} | |
| environment: ${{ steps.release.outputs.environment }} | |
| name: ${{ steps.information.outputs.name }} | |
| signer: ${{ steps.information.outputs.codenotary_signer }} | |
| slug: ${{ steps.override.outputs.slug }} | |
| target: ${{ steps.information.outputs.target }} | |
| version: ${{ steps.release.outputs.version }} | |
| steps: | |
| - name: ⤵️ Check out code from GitHub | |
| uses: actions/checkout@v4 | |
| - name: 🚀 Run add-on information action | |
| id: information | |
| uses: frenck/[email protected] | |
| - name: 🚀 Process possible slug override | |
| id: override | |
| run: | | |
| slug="${{ steps.information.outputs.slug }}" | |
| if [[ ! -z "${{ inputs.slug }}" ]]; then | |
| slug="${{ inputs.slug }}" | |
| fi | |
| echo "slug=$slug" >> $GITHUB_OUTPUT | |
| - name: ℹ️ Gather version and environment | |
| id: release | |
| run: | | |
| sha="${{ github.sha }}" | |
| environment="edge" | |
| version="${sha:0:7}" | |
| if [[ "${{ github.event_name }}" = "release" ]]; then | |
| version="${{ github.event.release.tag_name }}" | |
| version="${version,,}" | |
| version="${version#v}" | |
| environment="stable" | |
| if [[ "${{ github.event.release.prerelease }}" = "true" ]]; then | |
| environment="beta" | |
| fi | |
| fi | |
| echo "environment=$environment" >> $GITHUB_OUTPUT | |
| echo "version=$version" >> $GITHUB_OUTPUT | |
| deploy: | |
| name: 👷 Build & Deploy ${{ matrix.architecture }} | |
| needs: information | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| architecture: ${{ fromJson(needs.information.outputs.architectures) }} | |
| steps: | |
| - name: ⤵️ Check out code from GitHub | |
| uses: actions/checkout@v4 | |
| - name: 🏗 Set up QEMU | |
| uses: docker/[email protected] | |
| - name: 🏗 Set up Docker Buildx | |
| uses: docker/[email protected] | |
| - name: ℹ️ Compose build flags | |
| id: flags | |
| run: | | |
| echo "date=$(date +"%Y-%m-%dT%H:%M:%SZ")" >> $GITHUB_OUTPUT | |
| from=$(yq --no-colors eval ".build_from.${{ matrix.architecture }}" "${{ needs.information.outputs.build }}") | |
| echo "from=$from" >> $GITHUB_OUTPUT | |
| if [[ "${{ matrix.architecture}}" = "amd64" ]]; then | |
| echo "platform=linux/amd64" >> $GITHUB_OUTPUT | |
| elif [[ "${{ matrix.architecture }}" = "i386" ]]; then | |
| echo "platform=linux/386" >> $GITHUB_OUTPUT | |
| elif [[ "${{ matrix.architecture }}" = "armhf" ]]; then | |
| echo "platform=linux/arm/v6" >> $GITHUB_OUTPUT | |
| elif [[ "${{ matrix.architecture }}" = "armv7" ]]; then | |
| echo "platform=linux/arm/v7" >> $GITHUB_OUTPUT | |
| elif [[ "${{ matrix.architecture }}" = "aarch64" ]]; then | |
| echo "platform=linux/arm64/v8" >> $GITHUB_OUTPUT | |
| else | |
| echo "::error ::Could not determine platform for architecture ${{ matrix.architecture }}" | |
| exit 1 | |
| fi | |
| - name: 🏗 Login to GitHub Container Registry | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: ⤵️ Download base image | |
| run: docker pull "${{ steps.flags.outputs.from }}" | |
| - name: 🚀 Build | |
| uses: docker/[email protected] | |
| with: | |
| load: true | |
| # yamllint disable rule:line-length | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.environment }} | |
| ghcr.io/${{ github.repository_owner }}/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }} | |
| # yamllint enable rule:line-length | |
| context: ${{ needs.information.outputs.target }} | |
| file: ${{ needs.information.outputs.target }}/Dockerfile | |
| cache-from: type=gha,scope=${{ needs.information.outputs.slug }}-${{ matrix.architecture }} | |
| cache-to: type=gha,mode=max,scope=${{ needs.information.outputs.slug }}-${{ matrix.architecture }} | |
| platforms: ${{ steps.flags.outputs.platform }} | |
| build-args: | | |
| BUILD_ARCH=${{ matrix.architecture }} | |
| BUILD_DATE=${{ steps.flags.outputs.date }} | |
| BUILD_DESCRIPTION=${{ needs.information.outputs.description }} | |
| BUILD_FROM=${{ steps.flags.outputs.from }} | |
| BUILD_NAME=${{ needs.information.outputs.name }} | |
| BUILD_REF=${{ github.sha }} | |
| BUILD_REPOSITORY=${{ github.repository }} | |
| BUILD_VERSION=${{ needs.information.outputs.version }} | |
| # yamllint disable rule:line-length | |
| - name: 🔐 Load 1Password CAS secret | |
| uses: 1password/[email protected] | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| CAS_API_KEY: "op://CI/CAS Codenotary/Anmeldedaten" | |
| - name: 🚀 Push | |
| run: | | |
| docker push \ | |
| "ghcr.io/${{ github.repository_owner }}/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.environment }}" | |
| docker push \ | |
| "ghcr.io/${{ github.repository_owner }}/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}" | |
| # yamllint enable rule:line-length | |
| publish-edge: | |
| name: 📢 Publish to edge repository | |
| if: needs.information.outputs.environment == 'edge' | |
| needs: | |
| - information | |
| - deploy | |
| environment: | |
| name: ${{ needs.information.outputs.environment }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 🔐 Load 1Password secrets | |
| uses: 1password/[email protected] | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| UPDATER_TOKEN: "op://CI/Github Token/Anmeldedaten" | |
| - name: 🚀 Dispatch repository updater update signal | |
| uses: peter-evans/repository-dispatch@v2 | |
| with: | |
| token: ${{ env.UPDATER_TOKEN }} | |
| repository: ${{ github.repository_owner }}/repository-edge | |
| event-type: update | |
| client-payload: > | |
| { | |
| "addon": "${{ needs.information.outputs.slug }}", | |
| "name": "${{ needs.information.outputs.name }}", | |
| "repository": "${{ github.repository }}", | |
| "version": "${{ needs.information.outputs.version }}" | |
| } | |
| publish-stable: | |
| name: 📢 Publish to stable repository | |
| if: needs.information.outputs.environment == 'stable' | |
| needs: | |
| - information | |
| - deploy | |
| environment: | |
| name: ${{ needs.information.outputs.environment }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 🔐 Load 1Password secrets | |
| uses: 1password/[email protected] | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| UPDATER_TOKEN: "op://CI/Github Token/Anmeldedaten" | |
| - name: 🚀 Dispatch repository updater update signal | |
| uses: peter-evans/repository-dispatch@v2 | |
| with: | |
| token: ${{ env.UPDATER_TOKEN }} | |
| repository: ${{ github.repository_owner }}/repository-stable | |
| event-type: update | |
| client-payload: > | |
| { | |
| "addon": "${{ needs.information.outputs.slug }}", | |
| "name": "${{ needs.information.outputs.name }}", | |
| "repository": "${{ github.repository }}", | |
| "version": "${{ github.event.release.tag_name }}" | |
| } |