2021-09-14 17:37:31 +02:00
|
|
|
name: Build images (DockerHub)
|
2021-09-13 19:36:12 +02:00
|
|
|
|
|
|
|
|
on:
|
|
|
|
|
release:
|
|
|
|
|
types:
|
|
|
|
|
- published
|
|
|
|
|
push:
|
|
|
|
|
branches:
|
2021-10-14 23:27:40 +02:00
|
|
|
- '5.0'
|
2022-02-15 11:03:28 +01:00
|
|
|
- '6.0'
|
2023-03-07 09:03:00 +01:00
|
|
|
- '6.4'
|
2021-09-13 19:36:12 +02:00
|
|
|
- 'trunk'
|
2021-10-08 00:13:22 +02:00
|
|
|
paths:
|
|
|
|
|
- 'Dockerfiles/**'
|
2021-10-28 02:05:53 +02:00
|
|
|
- 'build.json'
|
2021-10-16 00:11:57 +02:00
|
|
|
- '!**/README.md'
|
2021-10-08 00:13:22 +02:00
|
|
|
- '!Dockerfiles/*/rhel/*'
|
|
|
|
|
- '!Dockerfiles/*/windows/*'
|
|
|
|
|
- '.github/workflows/images_build.yml'
|
2021-09-13 19:36:12 +02:00
|
|
|
|
|
|
|
|
defaults:
|
|
|
|
|
run:
|
|
|
|
|
shell: bash
|
|
|
|
|
|
2021-09-14 11:41:09 +02:00
|
|
|
env:
|
|
|
|
|
DOCKER_REPOSITORY: "zabbix"
|
|
|
|
|
LATEST_BRANCH: ${{ github.event.repository.default_branch }}
|
2021-09-14 12:32:06 +02:00
|
|
|
BASE_BUILD_NAME: "build-base"
|
2024-02-07 18:51:30 +01:00
|
|
|
MATRIX_FILE: "build.json"
|
2024-02-08 05:16:27 +01:00
|
|
|
DOCKERFILES_DIRECTORY: "./Dockerfiles"
|
2021-09-14 11:41:09 +02:00
|
|
|
|
2021-09-13 19:36:12 +02:00
|
|
|
jobs:
|
2021-09-14 02:17:14 +02:00
|
|
|
init_build:
|
|
|
|
|
name: Initialize build
|
|
|
|
|
runs-on: ubuntu-latest
|
2024-02-08 05:35:09 +01:00
|
|
|
permissions:
|
|
|
|
|
contents: read
|
2021-09-14 02:17:14 +02:00
|
|
|
outputs:
|
2021-09-14 03:10:41 +02:00
|
|
|
os: ${{ steps.os.outputs.list }}
|
|
|
|
|
database: ${{ steps.database.outputs.list }}
|
|
|
|
|
components: ${{ steps.components.outputs.list }}
|
2021-10-18 18:12:43 +02:00
|
|
|
is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }}
|
2024-02-07 18:51:30 +01:00
|
|
|
current_branch: ${{ steps.branch_info.outputs.current_branch }}
|
|
|
|
|
branch: ${{ steps.branch_info.outputs.branch }}
|
2021-09-14 02:17:14 +02:00
|
|
|
steps:
|
2024-02-08 05:16:27 +01:00
|
|
|
- name: Block egress traffic
|
|
|
|
|
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
2024-02-07 15:45:06 +01:00
|
|
|
with:
|
2024-02-08 05:16:27 +01:00
|
|
|
disable-sudo: true
|
|
|
|
|
egress-policy: block
|
|
|
|
|
allowed-endpoints: >
|
|
|
|
|
github.com:443
|
2024-02-07 15:45:06 +01:00
|
|
|
|
2021-09-14 12:32:06 +02:00
|
|
|
- name: Checkout repository
|
2024-02-05 05:16:42 +01:00
|
|
|
uses: actions/checkout@v4
|
2021-09-14 11:41:09 +02:00
|
|
|
with:
|
|
|
|
|
fetch-depth: 1
|
2024-02-07 18:53:43 +01:00
|
|
|
sparse-checkout: ${{ env.MATRIX_FILE }}
|
2021-09-14 11:41:09 +02:00
|
|
|
|
2021-09-17 01:47:46 +02:00
|
|
|
- name: Check build.json file
|
2021-09-14 12:32:06 +02:00
|
|
|
id: build_exists
|
2021-09-14 03:10:41 +02:00
|
|
|
run: |
|
2024-02-07 18:51:30 +01:00
|
|
|
if [[ ! -f "${{ env.MATRIX_FILE }}" ]]; then
|
|
|
|
|
echo "::error::File ${{ env.MATRIX_FILE }} is missing"
|
2021-09-14 12:32:06 +02:00
|
|
|
exit 1
|
2021-09-14 11:41:09 +02:00
|
|
|
fi
|
|
|
|
|
|
2021-09-14 12:32:06 +02:00
|
|
|
- name: Prepare Operating System list
|
|
|
|
|
id: os
|
|
|
|
|
run: |
|
2024-02-07 18:51:30 +01:00
|
|
|
os_list=$(jq -r '.["os-linux"] | keys | [ .[] | tostring ] | @json' "${{ env.MATRIX_FILE }}")
|
2021-09-14 12:32:06 +02:00
|
|
|
|
2023-02-08 09:41:04 +01:00
|
|
|
echo "list=$os_list" >> $GITHUB_OUTPUT
|
2021-09-14 03:10:41 +02:00
|
|
|
|
2021-09-14 12:32:06 +02:00
|
|
|
- name: Prepare Platform list
|
|
|
|
|
id: platform_list
|
|
|
|
|
run: |
|
2024-02-07 18:51:30 +01:00
|
|
|
platform_list=$(jq -r '.["os-linux"] | tostring | @json' "${{ env.MATRIX_FILE }}")
|
2021-09-14 12:32:06 +02:00
|
|
|
|
2023-02-08 09:41:04 +01:00
|
|
|
echo "list=$platform_list" >> $GITHUB_OUTPUT
|
2021-09-14 12:32:06 +02:00
|
|
|
|
|
|
|
|
- name: Prepare Database engine list
|
2021-09-14 03:10:41 +02:00
|
|
|
id: database
|
|
|
|
|
run: |
|
2024-02-07 18:51:30 +01:00
|
|
|
database_list=$(jq -r '[.components | values[] ] | sort | unique | del(.. | select ( . == "" ) ) | [ .[] | tostring ] | @json' "${{ env.MATRIX_FILE }}")
|
2021-09-14 12:32:06 +02:00
|
|
|
|
2023-02-08 09:41:04 +01:00
|
|
|
echo "list=$database_list" >> $GITHUB_OUTPUT
|
2021-09-14 03:10:41 +02:00
|
|
|
|
2021-09-14 12:32:06 +02:00
|
|
|
- name: Prepare Zabbix component list
|
2021-09-14 03:10:41 +02:00
|
|
|
id: components
|
|
|
|
|
run: |
|
2024-02-08 05:16:27 +01:00
|
|
|
component_list=$(jq -r '.components | keys | [ .[] | tostring ] | @json' "${{ env.MATRIX_FILE }}")
|
2021-09-14 12:32:06 +02:00
|
|
|
|
2023-02-08 09:41:04 +01:00
|
|
|
echo "list=$component_list" >> $GITHUB_OUTPUT
|
2021-09-14 03:10:41 +02:00
|
|
|
|
2021-10-08 00:13:22 +02:00
|
|
|
- name: Get branch info
|
|
|
|
|
id: branch_info
|
2021-10-18 18:12:43 +02:00
|
|
|
run: |
|
2021-10-18 18:14:55 +02:00
|
|
|
github_ref="${{ github.ref }}"
|
2021-10-18 18:12:43 +02:00
|
|
|
result=false
|
|
|
|
|
|
|
|
|
|
if [[ "$github_ref" == "refs/tags/"* ]]; then
|
|
|
|
|
github_ref=${github_ref%.*}
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
github_ref=${github_ref##*/}
|
|
|
|
|
|
2021-10-19 01:29:17 +02:00
|
|
|
if [[ "$github_ref" == "${{ env.LATEST_BRANCH }}" ]]; then
|
2021-10-18 18:12:43 +02:00
|
|
|
result=true
|
|
|
|
|
fi
|
2024-02-08 07:56:34 +01:00
|
|
|
echo "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}"
|
|
|
|
|
|
2024-02-07 18:51:30 +01:00
|
|
|
echo "is_default_branch=$result" >> $GITHUB_OUTPUT
|
|
|
|
|
echo "current_branch=$github_ref" >> $GITHUB_OUTPUT
|
|
|
|
|
echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
|
2021-10-08 00:13:22 +02:00
|
|
|
|
2021-09-13 19:36:12 +02:00
|
|
|
build_base:
|
2021-10-29 03:16:24 +02:00
|
|
|
timeout-minutes: 30
|
2021-09-14 12:32:06 +02:00
|
|
|
name: Build base on ${{ matrix.os }}
|
2021-09-14 02:18:47 +02:00
|
|
|
needs: init_build
|
2021-09-13 19:36:12 +02:00
|
|
|
strategy:
|
2021-09-14 03:10:41 +02:00
|
|
|
fail-fast: false
|
2021-09-13 19:36:12 +02:00
|
|
|
matrix:
|
2021-09-14 02:17:14 +02:00
|
|
|
os: ${{ fromJson(needs.init_build.outputs.os) }}
|
2021-09-13 19:36:12 +02:00
|
|
|
|
2021-09-14 03:10:41 +02:00
|
|
|
runs-on: ubuntu-latest
|
2024-02-08 05:16:27 +01:00
|
|
|
permissions:
|
|
|
|
|
contents: read
|
2024-02-08 08:43:43 +01:00
|
|
|
id-token: write
|
2021-09-13 19:36:12 +02:00
|
|
|
steps:
|
2024-02-07 19:32:12 +01:00
|
|
|
- name: Block egress traffic
|
|
|
|
|
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
2024-02-07 15:45:06 +01:00
|
|
|
with:
|
2024-02-08 05:35:09 +01:00
|
|
|
disable-sudo: true
|
|
|
|
|
egress-policy: block
|
|
|
|
|
allowed-endpoints: >
|
|
|
|
|
api.github.com:443
|
|
|
|
|
auth.docker.io:443
|
|
|
|
|
dl-cdn.alpinelinux.org:443
|
|
|
|
|
github.com:443
|
|
|
|
|
index.docker.io:443
|
2024-02-08 08:46:59 +01:00
|
|
|
objects.githubusercontent.com:443
|
2024-02-08 08:51:16 +01:00
|
|
|
fulcio.sigstore.dev:443
|
2024-02-08 08:53:28 +01:00
|
|
|
tuf-repo-cdn.sigstore.dev:443
|
2024-02-08 08:55:35 +01:00
|
|
|
rekor.sigstore.dev:443
|
2024-02-08 05:35:09 +01:00
|
|
|
production.cloudflare.docker.com:443
|
|
|
|
|
registry-1.docker.io:443
|
|
|
|
|
yum.oracle.com:443
|
|
|
|
|
archive.ubuntu.com:80
|
|
|
|
|
ports.ubuntu.com:80
|
|
|
|
|
security.ubuntu.com:80
|
|
|
|
|
quay.io:443
|
2024-02-08 05:37:02 +01:00
|
|
|
cdn03.quay.io:443
|
2024-02-08 07:56:34 +01:00
|
|
|
centos-stream-distro.1gservers.com:443
|
|
|
|
|
centos-stream-distro.1gservers.com:80
|
|
|
|
|
ftp-nyc.osuosl.org:80
|
|
|
|
|
ftp-osl.osuosl.org:80
|
|
|
|
|
ftpmirror.your.org:80
|
|
|
|
|
mirror.dogado.de:443
|
|
|
|
|
mirror.dogado.de:80
|
|
|
|
|
mirror.netzwerge.de:443
|
|
|
|
|
mirror.pilotfiber.com:443
|
|
|
|
|
mirror.pilotfiber.com:80
|
2024-02-08 05:35:09 +01:00
|
|
|
mirror.rackspace.com:443
|
2024-02-08 07:56:34 +01:00
|
|
|
mirror.rackspace.com:80
|
|
|
|
|
mirror.servaxnet.com:80
|
|
|
|
|
mirror.siena.edu:80
|
|
|
|
|
mirror.team-cymru.com:80
|
|
|
|
|
mirror1.hs-esslingen.de:443
|
|
|
|
|
mirrors.centos.org:443
|
|
|
|
|
mirrors.iu13.net:80
|
|
|
|
|
mirrors.ocf.berkeley.edu:443
|
|
|
|
|
mirrors.xtom.de:80
|
2024-02-07 15:45:06 +01:00
|
|
|
|
2021-09-14 12:32:06 +02:00
|
|
|
- name: Checkout repository
|
2024-02-05 05:16:42 +01:00
|
|
|
uses: actions/checkout@v4
|
2021-09-14 02:17:14 +02:00
|
|
|
with:
|
|
|
|
|
fetch-depth: 1
|
2021-09-13 19:36:12 +02:00
|
|
|
|
2024-02-08 08:34:58 +01:00
|
|
|
- name: Install cosign
|
2024-02-08 08:43:43 +01:00
|
|
|
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4
|
2024-02-08 08:34:58 +01:00
|
|
|
with:
|
2024-02-08 08:43:43 +01:00
|
|
|
cosign-release: 'v2.2.3'
|
|
|
|
|
|
|
|
|
|
- name: Check cosign version
|
|
|
|
|
run: cosign version
|
2024-02-08 08:34:58 +01:00
|
|
|
|
2021-09-13 19:36:12 +02:00
|
|
|
- name: Set up QEMU
|
2024-02-05 05:16:42 +01:00
|
|
|
uses: docker/setup-qemu-action@v3
|
2021-10-28 00:45:54 +02:00
|
|
|
with:
|
|
|
|
|
image: tonistiigi/binfmt:latest
|
|
|
|
|
platforms: all
|
2021-09-13 19:36:12 +02:00
|
|
|
|
|
|
|
|
- name: Set up Docker Buildx
|
2024-02-05 05:16:42 +01:00
|
|
|
uses: docker/setup-buildx-action@v3
|
2021-10-28 00:45:54 +02:00
|
|
|
with:
|
|
|
|
|
driver-opts: image=moby/buildkit:master
|
2021-09-13 19:36:12 +02:00
|
|
|
|
|
|
|
|
- name: Login to DockerHub
|
2024-02-05 05:16:42 +01:00
|
|
|
uses: docker/login-action@v3
|
2021-09-13 19:36:12 +02:00
|
|
|
with:
|
|
|
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
|
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
|
|
|
|
2021-09-14 12:32:06 +02:00
|
|
|
- name: Prepare Platform list
|
2021-09-15 13:31:56 +02:00
|
|
|
id: platform
|
2021-09-13 19:36:12 +02:00
|
|
|
run: |
|
2024-02-07 18:51:30 +01:00
|
|
|
platform_list=$(jq -r '.["os-linux"].${{ matrix.os }} | join(",")' "${{ env.MATRIX_FILE }}")
|
2021-10-27 21:28:33 +02:00
|
|
|
platform_list="${platform_list%,}"
|
2021-09-13 19:36:12 +02:00
|
|
|
|
2023-02-08 09:41:04 +01:00
|
|
|
echo "list=$platform_list" >> $GITHUB_OUTPUT
|
2021-09-13 19:36:12 +02:00
|
|
|
|
2024-02-07 19:27:02 +01:00
|
|
|
- name: Generate tags
|
|
|
|
|
id: meta
|
2024-02-05 05:16:42 +01:00
|
|
|
uses: docker/metadata-action@v5
|
2021-09-14 14:36:19 +02:00
|
|
|
with:
|
|
|
|
|
images: ${{ env.DOCKER_REPOSITORY }}/zabbix-${{ env.BASE_BUILD_NAME }}
|
|
|
|
|
tags: |
|
2024-02-07 19:27:02 +01:00
|
|
|
type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},prefix=${{ matrix.os }}-
|
|
|
|
|
type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},suffix=-${{ matrix.os }}
|
|
|
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest
|
|
|
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,suffix=-${{ matrix.os }}-latest
|
|
|
|
|
type=raw,enable=${{ (needs.init_build.outputs.current_branch != 'trunk') && (needs.init_build.outputs.is_default_branch == 'true') }},value=${{matrix.os}}-latest
|
|
|
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ matrix.os }}-
|
|
|
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ matrix.os }}
|
2021-09-14 15:22:13 +02:00
|
|
|
flavor: |
|
2024-02-07 19:27:02 +01:00
|
|
|
latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }}
|
2021-09-13 21:04:05 +02:00
|
|
|
|
2024-02-07 19:15:07 +01:00
|
|
|
- name: Build ${{ env.BASE_BUILD_NAME }}/${{ matrix.os }} and push
|
|
|
|
|
id: docker_build
|
|
|
|
|
uses: docker/build-push-action@v5
|
|
|
|
|
with:
|
2024-02-08 05:16:27 +01:00
|
|
|
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ env.BASE_BUILD_NAME }}/${{ matrix.os }}
|
|
|
|
|
file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ env.BASE_BUILD_NAME }}/${{ matrix.os }}/Dockerfile
|
2024-02-07 19:15:07 +01:00
|
|
|
platforms: ${{ steps.platform.outputs.list }}
|
|
|
|
|
push: ${{ secrets.AUTO_PUSH_IMAGES }}
|
2024-02-07 19:32:12 +01:00
|
|
|
tags: ${{ steps.meta.outputs.tags }}
|
2024-02-07 19:15:07 +01:00
|
|
|
labels: |
|
2024-02-07 19:27:02 +01:00
|
|
|
org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
|
|
|
|
|
org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
|
2024-02-08 07:56:34 +01:00
|
|
|
cache-from: type=gha
|
|
|
|
|
cache-to: type=gha,mode=max
|
2024-02-08 05:16:27 +01:00
|
|
|
|
2024-02-08 08:34:58 +01:00
|
|
|
- name: Sign the images with GitHub OIDC Token
|
|
|
|
|
env:
|
|
|
|
|
DIGEST: ${{ steps.docker_build.outputs.digest }}
|
|
|
|
|
TAGS: ${{ steps.meta.outputs.tags }}
|
|
|
|
|
run: |
|
|
|
|
|
images=""
|
|
|
|
|
for tag in ${TAGS}; do
|
|
|
|
|
images+="${tag}@${DIGEST} "
|
|
|
|
|
done
|
|
|
|
|
cosign sign --yes ${images}
|
|
|
|
|
|
2024-02-08 05:16:27 +01:00
|
|
|
- name: Image digest
|
|
|
|
|
run: |
|
|
|
|
|
echo ${{ steps.docker_build.outputs.digest }}
|
|
|
|
|
echo "${{ steps.docker_build.outputs.digest }}" > ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }}
|
|
|
|
|
|
|
|
|
|
- name: Upload SHA256 tag
|
|
|
|
|
uses: actions/upload-artifact@v4
|
|
|
|
|
with:
|
|
|
|
|
name: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }}
|
|
|
|
|
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }}
|
|
|
|
|
if-no-files-found: error
|
|
|
|
|
|
|
|
|
|
build_base_database:
|
|
|
|
|
timeout-minutes: 180
|
|
|
|
|
needs: [ "build_base", "init_build"]
|
|
|
|
|
name: Build ${{ matrix.build }} base on ${{ matrix.os }}
|
|
|
|
|
strategy:
|
|
|
|
|
fail-fast: false
|
|
|
|
|
matrix:
|
|
|
|
|
build: ${{ fromJson(needs.init_build.outputs.database) }}
|
|
|
|
|
os: ${{ fromJson(needs.init_build.outputs.os) }}
|
|
|
|
|
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
permissions:
|
|
|
|
|
contents: read
|
|
|
|
|
steps:
|
|
|
|
|
- name: Block egress traffic
|
|
|
|
|
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
|
|
|
|
with:
|
|
|
|
|
egress-policy: audit
|
|
|
|
|
|
|
|
|
|
- name: Checkout repository
|
|
|
|
|
uses: actions/checkout@v4
|
2024-02-08 05:35:09 +01:00
|
|
|
with:
|
|
|
|
|
fetch-depth: 1
|
2024-02-08 05:16:27 +01:00
|
|
|
|
|
|
|
|
- name: Set up QEMU
|
|
|
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
|
with:
|
|
|
|
|
image: tonistiigi/binfmt:latest
|
|
|
|
|
platforms: all
|
|
|
|
|
|
|
|
|
|
- name: Set up Docker Buildx
|
|
|
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
|
with:
|
|
|
|
|
driver-opts: image=moby/buildkit:master
|
|
|
|
|
|
|
|
|
|
- name: Login to DockerHub
|
|
|
|
|
uses: docker/login-action@v3
|
|
|
|
|
with:
|
|
|
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
|
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
|
|
|
|
|
|
|
|
- name: Prepare Platform list
|
|
|
|
|
id: platform
|
|
|
|
|
run: |
|
|
|
|
|
platform_list=$(jq -r '.["os-linux"].${{ matrix.os }} | join(",")' "${{ env.MATRIX_FILE }}")
|
|
|
|
|
platform_list="${platform_list%,}"
|
|
|
|
|
|
|
|
|
|
echo "list=$platform_list" >> $GITHUB_OUTPUT
|
|
|
|
|
|
|
|
|
|
- name: Generate tags
|
|
|
|
|
id: meta
|
|
|
|
|
uses: docker/metadata-action@v5
|
|
|
|
|
with:
|
|
|
|
|
images: ${{ env.DOCKER_REPOSITORY }}/zabbix-${{ matrix.build }}
|
|
|
|
|
tags: |
|
|
|
|
|
type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},prefix=${{ matrix.os }}-
|
|
|
|
|
type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},suffix=-${{ matrix.os }}
|
|
|
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest
|
|
|
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,suffix=-${{ matrix.os }}-latest
|
|
|
|
|
type=raw,enable=${{ (needs.init_build.outputs.current_branch != 'trunk') && (needs.init_build.outputs.is_default_branch == 'true') }},value=${{matrix.os}}-latest
|
|
|
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ matrix.os }}-
|
|
|
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ matrix.os }}
|
|
|
|
|
flavor: |
|
|
|
|
|
latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }}
|
|
|
|
|
|
|
|
|
|
- name: Download SHA256 tag build-base:${{ matrix.os }}
|
|
|
|
|
uses: actions/download-artifact@v4
|
|
|
|
|
with:
|
|
|
|
|
name: build-base_${{ matrix.os }}
|
|
|
|
|
|
|
|
|
|
- name: Retrieve build-base:${{ matrix.os }} SHA256 tag
|
|
|
|
|
id: base_build
|
|
|
|
|
run: |
|
|
|
|
|
BASE_TAG=$(cat build-base_${{ matrix.os }})
|
|
|
|
|
BUILD_BASE_IMAGE=${{ env.DOCKER_REPOSITORY }}/zabbix-build-base@${BASE_TAG}
|
|
|
|
|
|
|
|
|
|
echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT
|
|
|
|
|
echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT
|
|
|
|
|
|
|
|
|
|
- name: Build ${{ matrix.build }}/${{ matrix.os }} and push
|
|
|
|
|
id: docker_build
|
|
|
|
|
uses: docker/build-push-action@v5
|
|
|
|
|
with:
|
|
|
|
|
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}
|
|
|
|
|
file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}/Dockerfile
|
|
|
|
|
platforms: ${{ steps.platform.outputs.list }}
|
|
|
|
|
push: ${{ secrets.AUTO_PUSH_IMAGES }}
|
|
|
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
|
|
|
build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }}
|
|
|
|
|
labels: |
|
|
|
|
|
org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
|
|
|
|
|
org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
|
2024-02-08 07:56:34 +01:00
|
|
|
cache-from: type=gha
|
|
|
|
|
cache-to: type=gha,mode=max
|
2024-02-08 05:16:27 +01:00
|
|
|
|
|
|
|
|
- name: Image digest
|
|
|
|
|
run: |
|
|
|
|
|
echo ${{ steps.docker_build.outputs.digest }}
|
|
|
|
|
echo "${{ steps.docker_build.outputs.digest }}" > ${{ matrix.build }}_${{ matrix.os }}
|
|
|
|
|
|
|
|
|
|
- name: Upload SHA256 tag
|
|
|
|
|
uses: actions/upload-artifact@v4
|
|
|
|
|
with:
|
|
|
|
|
name: ${{ matrix.build }}_${{ matrix.os }}
|
|
|
|
|
path: ${{ matrix.build }}_${{ matrix.os }}
|
|
|
|
|
if-no-files-found: error
|
|
|
|
|
|
|
|
|
|
build_images:
|
|
|
|
|
timeout-minutes: 90
|
|
|
|
|
needs: [ "build_base_database", "init_build"]
|
|
|
|
|
name: Build ${{ matrix.build }} on ${{ matrix.os }}
|
|
|
|
|
strategy:
|
|
|
|
|
fail-fast: false
|
|
|
|
|
matrix:
|
|
|
|
|
build: ${{ fromJson(needs.init_build.outputs.components) }}
|
|
|
|
|
os: ${{ fromJson(needs.init_build.outputs.os) }}
|
|
|
|
|
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
permissions:
|
|
|
|
|
contents: read
|
|
|
|
|
steps:
|
|
|
|
|
- name: Block egress traffic
|
|
|
|
|
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
|
|
|
|
with:
|
|
|
|
|
egress-policy: audit
|
|
|
|
|
|
|
|
|
|
- name: Checkout repository
|
|
|
|
|
uses: actions/checkout@v4
|
2024-02-08 05:35:09 +01:00
|
|
|
with:
|
|
|
|
|
fetch-depth: 1
|
2024-02-08 05:16:27 +01:00
|
|
|
|
|
|
|
|
- name: Set up QEMU
|
|
|
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
|
with:
|
|
|
|
|
image: tonistiigi/binfmt:latest
|
|
|
|
|
platforms: all
|
|
|
|
|
|
|
|
|
|
- name: Set up Docker Buildx
|
|
|
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
|
with:
|
|
|
|
|
driver-opts: image=moby/buildkit:master
|
|
|
|
|
|
|
|
|
|
- name: Login to DockerHub
|
|
|
|
|
uses: docker/login-action@v3
|
|
|
|
|
with:
|
|
|
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
|
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
|
|
|
|
|
|
|
|
- name: Prepare Platform list
|
|
|
|
|
id: platform
|
|
|
|
|
run: |
|
|
|
|
|
# Chromium on Alpine is available only on linux/amd64, linux/arm64 platforms
|
|
|
|
|
if ([ "${{ matrix.os }}" == "alpine" ] || [ "${{ matrix.os }}" == "centos" ]) && [ "${{ matrix.build }}" == "web-service" ]; then
|
|
|
|
|
platform_list="linux/amd64,linux/arm64"
|
|
|
|
|
# Chromium on Ubuntu is not available on s390x platform
|
|
|
|
|
elif [ "${{ matrix.os }}" == "ubuntu" ] && [ "${{ matrix.build }}" == "web-service" ]; then
|
|
|
|
|
platform_list="linux/amd64,linux/arm/v7,linux/arm64"
|
|
|
|
|
else
|
|
|
|
|
platform_list=$(jq -r '.["os-linux"].${{ matrix.os }} | join(",")' "${{ env.MATRIX_FILE }}")
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Build only Agent and Agent2 on 386
|
|
|
|
|
if [ "${{ matrix.build }}" != "agent"* ]; then
|
|
|
|
|
platform_list="${platform_list#linux/386,}"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
platform_list="${platform_list%,}"
|
|
|
|
|
|
|
|
|
|
echo "list=$platform_list" >> $GITHUB_OUTPUT
|
|
|
|
|
|
|
|
|
|
- name: Detect Build Base Image
|
|
|
|
|
id: build_base_image
|
|
|
|
|
run: |
|
|
|
|
|
BUILD_BASE=$(jq -r '.components."${{ matrix.build }}"' "${{ env.MATRIX_FILE }}")
|
|
|
|
|
|
|
|
|
|
echo "build_base=${BUILD_BASE}" >> $GITHUB_OUTPUT
|
|
|
|
|
|
|
|
|
|
- name: Generate tags
|
|
|
|
|
id: meta
|
|
|
|
|
uses: docker/metadata-action@v5
|
|
|
|
|
with:
|
|
|
|
|
images: ${{ env.DOCKER_REPOSITORY }}/zabbix-${{ matrix.build }}
|
|
|
|
|
tags: |
|
|
|
|
|
type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},prefix=${{ matrix.os }}-
|
|
|
|
|
type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},suffix=-${{ matrix.os }}
|
|
|
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest
|
|
|
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,suffix=-${{ matrix.os }}-latest
|
|
|
|
|
type=raw,enable=${{ (needs.init_build.outputs.current_branch != 'trunk') && (needs.init_build.outputs.is_default_branch == 'true') }},value=${{matrix.os}}-latest
|
|
|
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ matrix.os }}-
|
|
|
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ matrix.os }}
|
|
|
|
|
flavor: |
|
|
|
|
|
latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }}
|
|
|
|
|
|
|
|
|
|
- name: Download SHA256 tag for ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }}
|
|
|
|
|
uses: actions/download-artifact@v4
|
|
|
|
|
if: ${{ matrix.build != 'snmptraps' }}
|
|
|
|
|
with:
|
|
|
|
|
name: ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.os }}
|
|
|
|
|
|
|
|
|
|
- name: Retrieve ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }} SHA256 tag
|
|
|
|
|
id: base_build
|
|
|
|
|
if: ${{ matrix.build != 'snmptraps' }}
|
|
|
|
|
run: |
|
|
|
|
|
BASE_TAG=$(cat ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.os }})
|
|
|
|
|
BUILD_BASE_IMAGE=${{ env.DOCKER_REPOSITORY }}/zabbix-${{ steps.build_base_image.outputs.build_base }}@${BASE_TAG}
|
|
|
|
|
|
|
|
|
|
echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT
|
|
|
|
|
echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT
|
|
|
|
|
|
|
|
|
|
- name: Build ${{ matrix.build }}/${{ matrix.os }} and push
|
|
|
|
|
id: docker_build
|
|
|
|
|
uses: docker/build-push-action@v5
|
|
|
|
|
with:
|
|
|
|
|
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}
|
|
|
|
|
file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}/Dockerfile
|
|
|
|
|
platforms: ${{ steps.platform.outputs.list }}
|
|
|
|
|
push: ${{ secrets.AUTO_PUSH_IMAGES }}
|
|
|
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
|
|
|
build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }}
|
|
|
|
|
labels: |
|
|
|
|
|
org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
|
|
|
|
|
org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
|
|
|
|
|
|
|
|
|
|
- name: Image digest
|
|
|
|
|
run: echo ${{ steps.docker_build.outputs.digest }}
|
