mirror of
https://github.com/zabbix/zabbix-docker.git
synced 2024-12-31 18:59:27 +01:00
Updated
This commit is contained in:
parent
f5dc322eef
commit
54d7550917
69
.github/workflows/images_build_test.yml
vendored
69
.github/workflows/images_build_test.yml
vendored
@ -10,9 +10,9 @@ on:
|
||||
- 'trunk'
|
||||
- 'trunk_rhel'
|
||||
paths:
|
||||
- 'Dockerfiles/*/rhel/*'
|
||||
- 'build.json'
|
||||
- '!**/README.md'
|
||||
- 'Dockerfiles/*/rhel/*'
|
||||
- '.github/workflows/images_build_test.yml'
|
||||
schedule:
|
||||
- cron: '50 02 * * *'
|
||||
@ -48,6 +48,12 @@ env:
|
||||
DOCKER_REGISTRY_TEST: "ghcr.io"
|
||||
DOCKER_REPOSITORY_TEST: "zabbix"
|
||||
|
||||
REGISTRY: "quay.io"
|
||||
REGISTRY_NAMESPACE: "redhat-isv-containers"
|
||||
PREFLIGHT_IMAGE: "quay.io/opdev/preflight:stable"
|
||||
PFLT_LOGLEVEL: "warn"
|
||||
PFLT_ARTIFACTS: "/tmp/artifacts"
|
||||
|
||||
jobs:
|
||||
init_build:
|
||||
name: Initialize build
|
||||
@ -61,6 +67,7 @@ jobs:
|
||||
is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }}
|
||||
current_branch: ${{ steps.branch_info.outputs.current_branch }}
|
||||
sha_short: ${{ steps.branch_info.outputs.sha_short }}
|
||||
secret_prefix: ${{ steps.branch_info.outputs.secret_prefix }}
|
||||
steps:
|
||||
- name: Block egress traffic
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
@ -155,6 +162,7 @@ jobs:
|
||||
|
||||
echo "is_default_branch=$result" >> $GITHUB_OUTPUT
|
||||
echo "current_branch=$github_ref" >> $GITHUB_OUTPUT
|
||||
echo "secret_prefix=RHEL_64" >> $GITHUB_OUTPUT
|
||||
echo "sha_short=$sha_short" >> $GITHUB_OUTPUT
|
||||
|
||||
build_base:
|
||||
@ -847,6 +855,19 @@ jobs:
|
||||
with:
|
||||
driver-opts: image=moby/buildkit:master
|
||||
|
||||
- name: Variables formating
|
||||
id: var_format
|
||||
env:
|
||||
MATRIX_BUILD: ${{ matrix.build }}
|
||||
run: |
|
||||
MATRIX_BUILD=${MATRIX_BUILD^^}
|
||||
MATRIX_BUILD=${MATRIX_BUILD//-/_}
|
||||
|
||||
echo "::group::Result"
|
||||
echo "matrix_build=${MATRIX_BUILD}"
|
||||
echo "::endgroup::"
|
||||
echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Prepare Platform list
|
||||
id: platform
|
||||
env:
|
||||
@ -899,8 +920,9 @@ jobs:
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: |
|
||||
${{ format('{0}/{1}/{2}{3}', env.DOCKER_REGISTRY_TEST, env.DOCKER_REPOSITORY_TEST, env.IMAGES_PREFIX, matrix.build ) }},enable=${{ env.AUTO_PUSH_IMAGES != 'true' }}
|
||||
${{ format('{0}/{1}/{2}{3}', env.DOCKER_REGISTRY_TEST, env.DOCKER_REPOSITORY_TEST, env.IMAGES_PREFIX, matrix.build ) }},enable=${{ env.AUTO_PUSH_IMAGES == 'true' }}
|
||||
${{ format('{0}/{1}{2}', env.DOCKER_REPOSITORY, env.IMAGES_PREFIX, matrix.build ) }},enable=${{ env.AUTO_PUSH_IMAGES == 'true' }}
|
||||
${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ secrets[format('{0}_{1}_PROJECT', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] || matrix.build }}
|
||||
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
|
||||
tags: |
|
||||
type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},prefix=${{ matrix.os }}-
|
||||
@ -982,7 +1004,6 @@ jobs:
|
||||
CONTEXT: ${{ format('{0}/{1}/{2}', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }}
|
||||
run: |
|
||||
cp -R "/tmp/secrets/" "$CONTEXT/"
|
||||
ls -lah "$CONTEXT/"
|
||||
|
||||
- name: Remove smartmontools
|
||||
if: ${{ matrix.build == 'agent2' && matrix.os == 'rhel' }}
|
||||
@ -999,13 +1020,21 @@ jobs:
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
|
||||
- name: Login to ${{ env.DOCKER_REGISTRY_TEST }}
|
||||
if: ${{ env.AUTO_PUSH_IMAGES != 'true' }}
|
||||
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
registry: ${{ env.DOCKER_REGISTRY_TEST }}
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Log in to ${{ env.REGISTRY }}
|
||||
uses: redhat-actions/podman-login@9184318aae1ee5034fbfbacc0388acf12669171f # v1.6
|
||||
if: ${{ env.AUTO_PUSH_IMAGES != 'true' }}
|
||||
with:
|
||||
username: ${{ format('redhat-isv-containers+{0}-robot', secrets[format('{0}_{1}_PROJECT', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)]) }}
|
||||
password: ${{ secrets[format('{0}_{1}_SECRET', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }}
|
||||
registry: ${{ env.REGISTRY }}
|
||||
|
||||
- name: Build and push image
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
@ -1022,6 +1051,38 @@ jobs:
|
||||
org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
|
||||
org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
|
||||
|
||||
- name: Preflight certification
|
||||
if: ${{ env.AUTO_PUSH_IMAGES != 'true' }}
|
||||
env:
|
||||
PFLT_CERTIFICATION_PROJECT_ID: ${{ secrets[format('{0}_{1}_PROJECT', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }}
|
||||
PFLT_PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }}
|
||||
PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }}
|
||||
PFLT_LOGLEVEL: ${{ env.PFLT_LOGLEVEL }}
|
||||
IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
|
||||
PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }}
|
||||
run: |
|
||||
mkdir -p $PFLT_ARTIFACTS
|
||||
echo "::group::Pull preflight \"$PREFLIGHT_IMAGE\" image"
|
||||
docker pull "$PREFLIGHT_IMAGE"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "::group::Perform certification tests"
|
||||
docker run \
|
||||
-it \
|
||||
--rm \
|
||||
--security-opt=label=disable \
|
||||
--env PFLT_LOGLEVEL=$PFLT_LOGLEVEL \
|
||||
--env PFLT_ARTIFACTS=/artifacts \
|
||||
--env PFLT_LOGFILE=/artifacts/preflight.log \
|
||||
--env PFLT_CERTIFICATION_PROJECT_ID=$PFLT_CERTIFICATION_PROJECT_ID \
|
||||
--env PFLT_PYXIS_API_TOKEN=$PFLT_PYXIS_API_TOKEN \
|
||||
--env PFLT_DOCKERCONFIG=/temp-authfile.json \
|
||||
-v $PFLT_ARTIFACTS:/artifacts \
|
||||
-v $HOME/.docker/config.json:/temp-authfile.json:ro \
|
||||
"$PREFLIGHT_IMAGE" check container $IMAGE_TAG --submit
|
||||
docker rmi -i -f "$PREFLIGHT_IMAGE"
|
||||
echo "::endgroup::"
|
||||
|
||||
- name: Sign the images with GitHub OIDC Token
|
||||
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
|
||||
env:
|
||||
|
Loading…
Reference in New Issue
Block a user