-
Notifications
You must be signed in to change notification settings - Fork 179
117 lines (108 loc) · 4.16 KB
/
image-builder.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# See documentation at https://github.com/kyma-project/test-infra/blob/main/cmd/image-builder/github-workflow-integration.md
name: image-builder
on:
workflow_call:
inputs:
name:
description: Name of the build image
required: false
type: string
default: ${{ github.event.repository.name }}
dockerfile:
description: Path to the dockerfile used to build docker image
required: false
type: string
default: "./Dockerfile"
context:
description: Build context to build container from
required: false
type: string
default: .
build-args:
description: "Additional arguments to build dockerfile, one per line. It can be used in the name=value format."
required: false
type: string
default: ""
tags:
description: "Additional tags, one per line, that the image will be tagged with. Optionally you can pass the name in the format name=value which will be used by export-tags"
required: false
type: string
default: ""
export-tags:
description: Export parsed tags as build-args into dockerfile. Each tag will have format TAG_x, where x is the tag name passed along with the tag
required: false
type: boolean
default: false
env-file:
description: Path to file with environment variables to be loaded in build
required: false
type: string
default: ""
use-go-internal-sap-modules:
description: Setup access to Go internal SAP modules in build environment
required: false
type: boolean
default: false
outputs:
images:
description: JSON list of images built by image-builder
value: ${{ jobs.build-image.outputs.images }}
adoResult:
description: The result of the ADO pipeline execution
value: ${{ jobs.build-image.outputs.result }}
jobs:
build-image:
permissions:
id-token: write # This is required for requesting the JWT token
contents: read # This is required for actions/checkout
runs-on: ubuntu-latest
name: Build image
outputs:
images: ${{ steps.build.outputs.images }}
result: ${{ steps.build.outputs.adoResult }}
steps:
- name: Verify repository owner
id: verify_repo_owner
if: ${{ github.repository_owner != 'kyma-project' }}
run: |
echo "Using image-builder workflow outside of kyma-project organisation is not supported."
exit 1
- name: Checkout test-infra repository
uses: actions/checkout@v4
with:
repository: kyma-project/test-infra
ref: main
- name: Install Node.js and needed dependencies
uses: ./.github/actions/expose-jwt-action/install
- name: Get OIDC token
id: get_oidc
uses: ./.github/actions/expose-jwt-action
with:
audience: "image-builder"
- name: Authenticate in GCP
id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
project_id: ${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}
workload_identity_provider: ${{ vars.GH_COM_KYMA_PROJECT_GCP_WORKLOAD_IDENTITY_FEDERATION_PROVIDER }}
- name: Get ADO PAT from Secret Manager
id: 'secrets'
uses: 'google-github-actions/get-secretmanager-secrets@v2'
with:
secrets: |-
ado-pat:${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}/${{ vars.IMAGE_BUILDER_ADO_PAT_GCP_SECRET_NAME }}
- name: Build image
id: build
uses: ./.github/actions/image-builder
with:
oidc-token: ${{ steps.get_oidc.outputs.jwt }}
ado-token: ${{ steps.secrets.outputs.ado-pat }}
context: ${{ inputs.context }}
build-args: ${{ inputs.build-args }}
tags: ${{ inputs.tags }}
export-tags: ${{ inputs.export-tags }}
image-name: ${{ inputs.name }}
dockerfile: ${{ inputs.dockerfile }}
env-file: ${{ inputs.env-file }}
config: "./configs/image-builder-client-config.yaml"
use-go-internal-sap-modules: ${{ inputs.use-go-internal-sap-modules }}