v1.8.1 #91
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Push Buildpackage | |
on: | |
release: | |
types: | |
- published | |
env: | |
REGISTRIES_FILENAME: "registries.json" | |
jobs: | |
push: | |
name: Push | |
runs-on: ubuntu-24.04 | |
env: | |
GCR_REGISTRY: "gcr.io" | |
GCR_PASSWORD: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }} | |
GCR_USERNAME: "_json_key" | |
DOCKERHUB_REGISTRY: docker.io | |
DOCKERHUB_USERNAME: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }} | |
DOCKERHUB_PASSWORD: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Parse Event | |
id: event | |
run: | | |
FULL_VERSION="$(jq -r '.release.tag_name' "${GITHUB_EVENT_PATH}" | sed s/^v//)" | |
MINOR_VERSION="$(echo "${FULL_VERSION}" | awk -F '.' '{print $1 "." $2 }')" | |
MAJOR_VERSION="$(echo "${FULL_VERSION}" | awk -F '.' '{print $1 }')" | |
echo "tag_full=${FULL_VERSION}" >> "$GITHUB_OUTPUT" | |
echo "tag_minor=${MINOR_VERSION}" >> "$GITHUB_OUTPUT" | |
echo "tag_major=${MAJOR_VERSION}" >> "$GITHUB_OUTPUT" | |
echo "download_tgz_file_url=$(jq -r '.release.assets[] | select(.name | endswith(".tgz")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT" | |
echo "download_cnb_file_url=$(jq -r --arg tag_full "$FULL_VERSION" '.release.assets[] | select(.name | endswith($tag_full + ".cnb")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT" | |
echo "download_sha256_file_url=$(jq -r '.release.assets[] | select(.name | endswith("index-digest.sha256")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT" | |
- name: Download .cnb buildpack | |
uses: paketo-buildpacks/github-config/actions/release/download-asset@main | |
with: | |
url: ${{ steps.event.outputs.download_cnb_file_url }} | |
output: "/github/workspace/buildpackage.cnb" | |
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} | |
- name: Download .tgz buildpack | |
uses: paketo-buildpacks/github-config/actions/release/download-asset@main | |
with: | |
url: ${{ steps.event.outputs.download_tgz_file_url }} | |
output: "/github/workspace/buildpack.tgz" | |
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} | |
- name: Download .sha digest | |
uses: paketo-buildpacks/github-config/actions/release/download-asset@main | |
with: | |
url: ${{ steps.event.outputs.download_sha256_file_url }} | |
output: "/github/workspace/index-digest.sha256" | |
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} | |
- name: Parse Configs | |
id: parse_configs | |
run: | | |
push_to_dockerhub=true | |
push_to_gcr=true | |
if [[ -f $REGISTRIES_FILENAME ]]; then | |
if jq 'has("dockerhub")' $REGISTRIES_FILENAME > /dev/null; then | |
push_to_dockerhub=$(jq '.dockerhub' $REGISTRIES_FILENAME) | |
fi | |
if jq 'has("GCR")' $REGISTRIES_FILENAME > /dev/null; then | |
push_to_gcr=$(jq '.GCR' $REGISTRIES_FILENAME) | |
fi | |
fi | |
echo "push_to_dockerhub=${push_to_dockerhub}" >> "$GITHUB_OUTPUT" | |
echo "push_to_gcr=${push_to_gcr}" >> "$GITHUB_OUTPUT" | |
- name: Validate version | |
run: | | |
buidpackTomlVersion=$(sudo skopeo inspect "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" | jq -r '.Labels."io.buildpacks.buildpackage.metadata" | fromjson | .version') | |
githubReleaseVersion="${{ steps.event.outputs.tag_full }}" | |
if [[ "$buidpackTomlVersion" != "$githubReleaseVersion" ]]; then | |
echo "Version in buildpack.toml ($buidpackTomlVersion) and github release ($githubReleaseVersion) are not identical" | |
exit 1 | |
fi | |
- name: Docker login docker.io | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ env.DOCKERHUB_USERNAME }} | |
password: ${{ env.DOCKERHUB_PASSWORD }} | |
registry: ${{ env.DOCKERHUB_REGISTRY }} | |
- name: Docker login gcr.io | |
uses: docker/login-action@v3 | |
if: ${{ steps.parse_configs.outputs.push_to_gcr == 'true' }} | |
with: | |
username: ${{ env.GCR_USERNAME }} | |
password: ${{ env.GCR_PASSWORD }} | |
registry: ${{ env.GCR_REGISTRY }} | |
- name: Push to DockerHub | |
if: ${{ steps.parse_configs.outputs.push_to_dockerhub == 'true' }} | |
id: push | |
env: | |
GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} | |
run: | | |
IMAGE="${GITHUB_REPOSITORY_OWNER/-/}/${GITHUB_REPOSITORY#${GITHUB_REPOSITORY_OWNER}/}" # translates 'paketo-buildpacks/bundle-install' to 'paketobuildpacks/bundle-install' | |
echo "${DOCKERHUB_PASSWORD}" | sudo skopeo login --username "${DOCKERHUB_USERNAME}" --password-stdin ${DOCKERHUB_REGISTRY} | |
./scripts/publish.sh \ | |
--buildpack-archive ./buildpack.tgz \ | |
--image-ref "${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" | |
## Validate that the digest pushed to registry matches with the one mentioned on the readme file | |
pushed_image_index_digest=$(sudo skopeo inspect "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" | jq -r .Digest) | |
if [ "$(cat ./index-digest.sha256)" != "$pushed_image_index_digest" ]; then | |
echo "Image index digest pushed to registry does not match with the one mentioned on the readme file" | |
exit 1; | |
fi | |
sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_minor }}" --multi-arch all | |
sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_major }}" --multi-arch all | |
sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:latest" --multi-arch all | |
echo "image=${IMAGE}" >> "$GITHUB_OUTPUT" | |
echo "digest=$pushed_image_index_digest" >> "$GITHUB_OUTPUT" | |
- name: Push to GCR | |
if: ${{ steps.parse_configs.outputs.push_to_gcr == 'true' }} | |
run: | | |
echo "${GCR_PASSWORD}" | sudo skopeo login --username "${GCR_USERNAME}" --password-stdin "${GCR_REGISTRY}" | |
sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_full }}" --multi-arch all | |
sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_minor }}" --multi-arch all | |
sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_major }}" --multi-arch all | |
sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:latest" --multi-arch all | |
- name: Register with CNB Registry | |
uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:main | |
with: | |
id: ${{ github.repository }} | |
version: ${{ steps.event.outputs.tag_full }} | |
address: index.docker.io/${{ steps.push.outputs.image }}@${{ steps.push.outputs.digest }} | |
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} | |
failure: | |
name: Alert on Failure | |
runs-on: ubuntu-22.04 | |
needs: [push] | |
if: ${{ always() && needs.push.result == 'failure' }} | |
steps: | |
- name: File Failure Alert Issue | |
uses: paketo-buildpacks/github-config/actions/issue/file@main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
repo: ${{ github.repository }} | |
label: "failure:push" | |
comment_if_exists: true | |
issue_title: "Failure: Push Buildpackage workflow" | |
issue_body: | | |
Push Buildpackage workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}). | |
comment_body: | | |
Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} |