Add GitHub Actions workflow for building and pushing kube-webhook-cer… #1

Workflow file for this run

.github/workflows/release-webhook-certgen.yaml at 7c18502

	name: Build and Push Webhook Certgen

	on:
	push:
	branches:
	- releases/k8s/release-*
	paths:
	- 'images/kube-webhook-certgen/**'

	workflow_dispatch:
	inputs:
	tag_override:
	description: 'Override the image tag (defaults to images/kube-webhook-certgen/TAG file)'
	required: false
	type: string

	permissions:
	contents: read
	packages: write
	id-token: write

	jobs:
	build-and-push:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Set versions
	run: \|
	echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
	if [ -n "${{ inputs.tag_override }}" ]; then
	echo "TAG=${{ inputs.tag_override }}" >> $GITHUB_ENV
	else
	echo "TAG=$(cat images/kube-webhook-certgen/TAG)" >> $GITHUB_ENV
	fi
	echo "REGISTRY=ghcr.io/$(echo '${{ github.repository_owner }}' \| tr '[:upper:]' '[:lower:]')/ingress-nginx" >> $GITHUB_ENV

	- name: Set up QEMU
	uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
	with:
	version: latest

	- name: Login to GHCR
	uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push multi-arch image
	run: \|
	docker buildx build \
	--push \
	--pull \
	--progress plain \
	--platform linux/amd64,linux/arm,linux/arm64 \
	--build-arg GOLANG_VERSION=${GOLANG_VERSION} \
	-t ${REGISTRY}/kube-webhook-certgen:${TAG} \
	images/kube-webhook-certgen/rootfs

	push-to-ecr:
	needs: build-and-push
	runs-on: ubuntu-latest
	environment: Development
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Set versions
	run: \|
	if [ -n "${{ inputs.tag_override }}" ]; then
	echo "TAG=${{ inputs.tag_override }}" >> $GITHUB_ENV
	else
	echo "TAG=$(cat images/kube-webhook-certgen/TAG)" >> $GITHUB_ENV
	fi
	echo "GHCR_REGISTRY=ghcr.io/$(echo '${{ github.repository_owner }}' \| tr '[:upper:]' '[:lower:]')/ingress-nginx" >> $GITHUB_ENV
	AWS_REGION=$(echo "${{ secrets.ECR_REPO }}" \| sed 's/.\.dkr\.ecr\.$[^.]$\.amazonaws\.com.*/\1/')
	echo "AWS_REGION=${AWS_REGION}" >> $GITHUB_ENV

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
	with:
	role-to-assume: ${{ secrets.ECR_ROLE_PUSH }}
	aws-region: ${{ env.AWS_REGION }}

	- name: Login to GHCR
	uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Login to ECR
	run: \|
	ECR_REGISTRY=$(echo "${{ secrets.ECR_REPO }}" \| cut -d'/' -f1)
	aws ecr get-login-password \| docker login --username AWS --password-stdin ${ECR_REGISTRY}

	- name: Re-tag and push image to ECR
	run: \|
	docker buildx imagetools create \
	--tag ${{ secrets.ECR_REPO }}/kube-webhook-certgen:${TAG} \
	${GHCR_REGISTRY}/kube-webhook-certgen:${TAG}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add GitHub Actions workflow for building and pushing kube-webhook-cer… #1

Workflow file

Add GitHub Actions workflow for building and pushing kube-webhook-cer… #1

Uh oh!

Workflow file for this run