Skip to content

v2.2.3

v2.2.3 #87

name: Push Buildpackage
on:
release:
types:
- published
env:
REGISTRIES_FILENAME: "registries.json"
jobs:
push:
name: Push
runs-on: ubuntu-24.04
env:
GCR_REGISTRY: "gcr.io"
GCR_PASSWORD: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }}
GCR_USERNAME: "_json_key"
DOCKERHUB_REGISTRY: docker.io
DOCKERHUB_USERNAME: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }}
DOCKERHUB_PASSWORD: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Parse Event
id: event
run: |
FULL_VERSION="$(jq -r '.release.tag_name' "${GITHUB_EVENT_PATH}" | sed s/^v//)"
MINOR_VERSION="$(echo "${FULL_VERSION}" | awk -F '.' '{print $1 "." $2 }')"
MAJOR_VERSION="$(echo "${FULL_VERSION}" | awk -F '.' '{print $1 }')"
echo "tag_full=${FULL_VERSION}" >> "$GITHUB_OUTPUT"
echo "tag_minor=${MINOR_VERSION}" >> "$GITHUB_OUTPUT"
echo "tag_major=${MAJOR_VERSION}" >> "$GITHUB_OUTPUT"
echo "download_tgz_file_url=$(jq -r '.release.assets[] | select(.name | endswith(".tgz")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT"
echo "download_cnb_file_url=$(jq -r --arg tag_full "$FULL_VERSION" '.release.assets[] | select(.name | endswith($tag_full + ".cnb")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT"
echo "download_sha256_file_url=$(jq -r '.release.assets[] | select(.name | endswith("index-digest.sha256")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT"
- name: Download .cnb buildpack
uses: paketo-buildpacks/github-config/actions/release/download-asset@main
with:
url: ${{ steps.event.outputs.download_cnb_file_url }}
output: "/github/workspace/buildpackage.cnb"
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
- name: Download .tgz buildpack
uses: paketo-buildpacks/github-config/actions/release/download-asset@main
with:
url: ${{ steps.event.outputs.download_tgz_file_url }}
output: "/github/workspace/buildpack.tgz"
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
- name: Download .sha digest
uses: paketo-buildpacks/github-config/actions/release/download-asset@main
with:
url: ${{ steps.event.outputs.download_sha256_file_url }}
output: "/github/workspace/index-digest.sha256"
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
- name: Parse Configs
id: parse_configs
run: |
registries_filename="${{ env.REGISTRIES_FILENAME }}"
push_to_dockerhub=true
push_to_gcr=false
if [[ -f $registries_filename ]]; then
if jq 'has("dockerhub")' $registries_filename > /dev/null; then
push_to_dockerhub=$(jq '.dockerhub' $registries_filename)
fi
if jq 'has("GCR")' $registries_filename > /dev/null; then
push_to_gcr=$(jq '.GCR' $registries_filename)
fi
fi
echo "push_to_dockerhub=${push_to_dockerhub}" >> "$GITHUB_OUTPUT"
echo "push_to_gcr=${push_to_gcr}" >> "$GITHUB_OUTPUT"
- name: Validate version
run: |
buidpackTomlVersion=$(sudo skopeo inspect "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" | jq -r '.Labels."io.buildpacks.buildpackage.metadata" | fromjson | .version')
githubReleaseVersion="${{ steps.event.outputs.tag_full }}"
if [[ "$buidpackTomlVersion" != "$githubReleaseVersion" ]]; then
echo "Version in buildpack.toml ($buidpackTomlVersion) and github release ($githubReleaseVersion) are not identical"
exit 1
fi
- name: Get buildpack type
id: get_buildpack_type
run: |
if [ -f "extension.toml" ]; then
echo "buildpack_type=extension" >> "$GITHUB_OUTPUT"
else
echo "buildpack_type=buildpack" >> "$GITHUB_OUTPUT"
fi
- name: Docker login docker.io
uses: docker/login-action@v3
with:
username: ${{ env.DOCKERHUB_USERNAME }}
password: ${{ env.DOCKERHUB_PASSWORD }}
registry: ${{ env.DOCKERHUB_REGISTRY }}
- name: Docker login gcr.io
uses: docker/login-action@v3
if: ${{ steps.parse_configs.outputs.push_to_gcr == 'true' }}
with:
username: ${{ env.GCR_USERNAME }}
password: ${{ env.GCR_PASSWORD }}
registry: ${{ env.GCR_REGISTRY }}
- uses: buildpacks/github-actions/[email protected]
- name: Push to DockerHub
if: ${{ steps.parse_configs.outputs.push_to_dockerhub == 'true' }}
id: push
env:
GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
run: |
IMAGE="${GITHUB_REPOSITORY_OWNER/-/}/${GITHUB_REPOSITORY#${GITHUB_REPOSITORY_OWNER}/}" # translates 'paketo-buildpacks/bundle-install' to 'paketobuildpacks/bundle-install'
echo "${DOCKERHUB_PASSWORD}" | sudo skopeo login --username "${DOCKERHUB_USERNAME}" --password-stdin ${DOCKERHUB_REGISTRY}
./scripts/publish.sh \
--archive-path ./buildpack.tgz \
--buildpack-type ${{ steps.get_buildpack_type.outputs.buildpack_type }} \
--image-ref "${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}"
## Validate that the image index digest pushed to registry matches with the one on the release notes
pushed_image_index_digest=$(crane digest "${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" | xargs)
echo "Index digest from release notes: $(cat ./index-digest.sha256)"
echo "Index digest pushed to registry: $pushed_image_index_digest"
if [ "$(cat ./index-digest.sha256)" != "$pushed_image_index_digest" ]; then
echo "The image index digest pushed to registry does not match the expected digest from release notes"
exit 1;
fi
sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_minor }}" --multi-arch all
sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_major }}" --multi-arch all
sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:latest" --multi-arch all
echo "image=${IMAGE}" >> "$GITHUB_OUTPUT"
echo "digest=$pushed_image_index_digest" >> "$GITHUB_OUTPUT"
- name: Push to GCR
if: ${{ steps.parse_configs.outputs.push_to_gcr == 'true' }}
run: |
echo "${GCR_PASSWORD}" | sudo skopeo login --username "${GCR_USERNAME}" --password-stdin "${GCR_REGISTRY}"
sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_full }}" --multi-arch all
sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_minor }}" --multi-arch all
sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_major }}" --multi-arch all
sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:latest" --multi-arch all
- name: Register with CNB Registry
uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:main
with:
id: ${{ github.repository }}
version: ${{ steps.event.outputs.tag_full }}
address: index.docker.io/${{ steps.push.outputs.image }}@${{ steps.push.outputs.digest }}
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
failure:
name: Alert on Failure
runs-on: ubuntu-24.04
needs: [push]
if: ${{ always() && needs.push.result == 'failure' }}
steps:
- name: File Failure Alert Issue
uses: paketo-buildpacks/github-config/actions/issue/file@main
with:
token: ${{ secrets.GITHUB_TOKEN }}
repo: ${{ github.repository }}
label: "failure:push"
comment_if_exists: true
issue_title: "Failure: Push Buildpackage workflow"
issue_body: |
Push Buildpackage workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
comment_body: |
Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}