mirror of
https://github.com/zabbix/zabbix-docker.git
synced 2024-11-23 16:23:56 +01:00
497 lines
21 KiB
YAML
497 lines
21 KiB
YAML
name: Build images (DockerHub, Windows)
|
|
|
|
on:
|
|
release:
|
|
types:
|
|
- published
|
|
push:
|
|
branches:
|
|
- '5.0'
|
|
- '6.0'
|
|
- '6.4'
|
|
- 'trunk'
|
|
paths:
|
|
- 'Dockerfiles/*/windows/*'
|
|
- '!**/README.md'
|
|
- '.github/workflows/images_build_windows.yml'
|
|
|
|
defaults:
|
|
run:
|
|
shell: pwsh
|
|
|
|
env:
|
|
AUTO_PUSH_IMAGES: ${{ secrets.AUTO_PUSH_IMAGES }}
|
|
|
|
DOCKER_REPOSITORY: "zabbix"
|
|
LATEST_BRANCH: ${{ github.event.repository.default_branch }}
|
|
IMAGE_PREFIX: "zabbix-"
|
|
|
|
BASE_BUILD_NAME: "build-base"
|
|
COMPONENT_BASE_BUILD_NAME: "build-mysql"
|
|
|
|
MATRIX_FILE: "build.json"
|
|
DOCKERFILES_DIRECTORY: "./Dockerfiles"
|
|
|
|
OIDC_ISSUER: "https://token.actions.githubusercontent.com"
|
|
IDENITY_REGEX: "https://github.com/zabbix/zabbix-docker/.github/"
|
|
|
|
jobs:
|
|
init_build:
|
|
name: Initialize build
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
outputs:
|
|
os: ${{ steps.os.outputs.list }}
|
|
components: ${{ steps.components.outputs.list }}
|
|
is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }}
|
|
current_branch: ${{ steps.branch_info.outputs.current_branch }}
|
|
sha_short: ${{ steps.branch_info.outputs.sha_short }}
|
|
steps:
|
|
- name: Block egress traffic
|
|
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
|
with:
|
|
disable-sudo: true
|
|
egress-policy: block
|
|
allowed-endpoints: >
|
|
github.com:443
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 1
|
|
sparse-checkout: ${{ env.MATRIX_FILE }}
|
|
|
|
- name: Check ${{ env.MATRIX_FILE }} file
|
|
id: build_exists
|
|
shell: bash
|
|
env:
|
|
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
|
run: |
|
|
if [[ ! -f "$MATRIX_FILE" ]]; then
|
|
echo "::error::File $MATRIX_FILE is missing"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Prepare Operating System list
|
|
id: os
|
|
shell: bash
|
|
env:
|
|
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
|
run: |
|
|
os_list=$(jq -r '.["os-windows"] | keys | [ .[] | tostring ] | @json' "$MATRIX_FILE")
|
|
|
|
echo "list=$os_list" >> $GITHUB_OUTPUT
|
|
|
|
- name: Prepare Zabbix component list
|
|
id: components
|
|
shell: bash
|
|
run: |
|
|
component_list='["agent","agent2"]'
|
|
|
|
echo "list=$component_list" >> $GITHUB_OUTPUT
|
|
|
|
- name: Get branch info
|
|
id: branch_info
|
|
shell: bash
|
|
env:
|
|
LATEST_BRANCH: ${{ env.LATEST_BRANCH }}
|
|
github_ref: ${{ github.ref }}
|
|
run: |
|
|
result=false
|
|
|
|
if [[ "$github_ref" == "refs/tags/"* ]]; then
|
|
github_ref=${github_ref%.*}
|
|
fi
|
|
|
|
github_ref=${github_ref##*/}
|
|
|
|
if [[ "$github_ref" == "$LATEST_BRANCH" ]]; then
|
|
result=true
|
|
fi
|
|
echo "is_default_branch=$result" >> $GITHUB_OUTPUT
|
|
echo "current_branch=$github_ref" >> $GITHUB_OUTPUT
|
|
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
|
|
|
build_base:
|
|
timeout-minutes: 70
|
|
name: Build ${{ matrix.component }} base on ${{ matrix.os }}
|
|
needs: init_build
|
|
env:
|
|
BASE_BUILD_ARTIFACT_FILE_SUFFIX: "_${{ matrix.os }}_${{ matrix.component }}"
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os: ${{ fromJson(needs.init_build.outputs.os) }}
|
|
component: ${{ fromJson(needs.init_build.outputs.components) }}
|
|
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- name: Block egress traffic
|
|
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Install cosign
|
|
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4
|
|
with:
|
|
cosign-release: 'v2.2.3'
|
|
|
|
- name: Check cosign version
|
|
run: cosign version
|
|
|
|
- name: Login to DockerHub
|
|
run: |
|
|
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
|
|
if (-not $?) {throw "Failed"}
|
|
|
|
- name: Base OS tag
|
|
id: base_os_tag
|
|
env:
|
|
MATRIX_OS: ${{ matrix.os }}
|
|
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
|
run: |
|
|
$os_tag=$(Get-Content -Path $Env:MATRIX_FILE | ConvertFrom-Json).'os-windows'.'$Env:MATRIX_OS'
|
|
echo "os_tag=$os_tag" >> $Env:GITHUB_OUTPUT
|
|
|
|
- name: Generate tags
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGE_PREFIX }}${{ env.BASE_BUILD_NAME }}
|
|
tags: |
|
|
type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},prefix=${{ matrix.component }}-${{ steps.base_os_tag.outputs.os_tag }}-
|
|
type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},suffix=-${{ steps.base_os_tag.outputs.os_tag }},prefix=${{ matrix.component }}-
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,prefix=${{ matrix.component }}-${{ steps.base_os_tag.outputs.os_tag }}-,suffix=-latest
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,suffix=-${{ steps.base_os_tag.outputs.os_tag }}-latest,prefix=${{ matrix.component }}-
|
|
type=raw,enable=${{ (needs.init_build.outputs.current_branch != 'trunk') && (needs.init_build.outputs.is_default_branch == 'true') }},value=${{ matrix.component }}-${{ steps.base_os_tag.outputs.os_tag }}-latest
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ matrix.component }}-${{ steps.base_os_tag.outputs.os_tag }}-
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ steps.base_os_tag.outputs.os_tag }},prefix=${{ matrix.component }}-
|
|
flavor: |
|
|
latest=false
|
|
|
|
- name: Build image
|
|
id: docker_build
|
|
env:
|
|
DOCKERFILES_DIRECTORY: ${{ env.DOCKERFILES_DIRECTORY }}
|
|
BASE_BUILD_NAME: ${{ env.BASE_BUILD_NAME }}
|
|
MATRIX_COMPONENT: ${{ matrix.component }}
|
|
TAGS: ${{ steps.meta.outputs.tags }}
|
|
BASE_OS_TAG: ${{ steps.base_os_tag.outputs.os_tag }}
|
|
LABEL_REVISION: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
|
|
LABEL_CREATED: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
|
|
run: |
|
|
$context="$Env:DOCKERFILES_DIRECTORY\$Env:BASE_BUILD_NAME\windows\"
|
|
$dockerfile= $context + 'Dockerfile.' + $Env:MATRIX_COMPONENT
|
|
# Can not build on GitHub due existing symlink. Must be removed before build process
|
|
Remove-Item -ErrorAction Ignore -Force -Path $context\README.md
|
|
|
|
$tags_array=$( "$Env:TAGS".Split("`r`n") )
|
|
$tags=$( $tags_array | Foreach-Object { "--tag=$_" } )
|
|
|
|
echo "docker build --file=$dockerfile $tags $context"
|
|
docker build --label org.opencontainers.image.revision=$Env:LABEL_REVISION `
|
|
--label org.opencontainers.image.created=$Env:LABEL_CREATED `
|
|
--build-arg=BUILD_BASE_IMAGE=mcr.microsoft.com/windows/servercore:$Env:BASE_OS_TAG `
|
|
--file=$dockerfile `
|
|
$tags `
|
|
$context
|
|
if (-not $?) {throw "Failed"}
|
|
|
|
- name: Push image
|
|
if: ${{ env.AUTO_PUSH_IMAGES }}
|
|
run: |
|
|
$tags_array=$( "${{ steps.meta.outputs.tags }}".Split("`r`n") )
|
|
|
|
Foreach ($tag in $tags_array) {
|
|
echo "docker image push $tag"
|
|
docker image push $tag
|
|
if (-not $?) {throw "Failed"}
|
|
}
|
|
|
|
- name: Image digest
|
|
if: ${{ env.AUTO_PUSH_IMAGES }}
|
|
env:
|
|
TAGS: ${{ steps.meta.outputs.tags }}
|
|
BASE_BUILD_ARTIFACT_FILE_SUFFIX: ${{ env.BASE_BUILD_ARTIFACT_FILE_SUFFIX }}
|
|
BASE_BUILD_NAME: ${{ env.BASE_BUILD_NAME }}
|
|
run: |
|
|
$tags_array=$( "$Env:TAGS".Split("`r`n") )
|
|
|
|
$digest=$(docker inspect $tags_array[0] --format "{{ index .RepoDigests 0}}").Split('@')[-1]
|
|
if (-not $?) {throw "Failed"}
|
|
|
|
echo $digest
|
|
$digest | Set-Content -Path $Env:BASE_BUILD_NAME$Env:BASE_BUILD_ARTIFACT_FILE_SUFFIX
|
|
|
|
- name: Upload SHA256 tag
|
|
if: ${{ env.AUTO_PUSH_IMAGES }}
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ${{ env.BASE_BUILD_NAME }}${{ env.BASE_BUILD_ARTIFACT_FILE_SUFFIX }}
|
|
path: ${{ env.BASE_BUILD_NAME }}${{ env.BASE_BUILD_ARTIFACT_FILE_SUFFIX }}
|
|
if-no-files-found: error
|
|
|
|
- name: Logout from DockerHub
|
|
run: |
|
|
docker logout
|
|
if (-not $?) {throw "Failed"}
|
|
|
|
build_components:
|
|
timeout-minutes: 70
|
|
needs: [ "build_base", "init_build"]
|
|
name: Build ${{ matrix.component }} sources on ${{ matrix.os }}
|
|
env:
|
|
BASE_BUILD_ARTIFACT_FILE_SUFFIX: "_${{ matrix.os }}_${{ matrix.component }}"
|
|
COMPONENT_BASE_BUILD_ARTIFACT_FILE_SUFFIX: "_${{ matrix.os }}_${{ matrix.component }}"
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os: ${{ fromJson(needs.init_build.outputs.os) }}
|
|
component: ${{ fromJson(needs.init_build.outputs.components) }}
|
|
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- name: Block egress traffic
|
|
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Install cosign
|
|
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4
|
|
with:
|
|
cosign-release: 'v2.2.3'
|
|
|
|
- name: Check cosign version
|
|
run: cosign version
|
|
|
|
- name: Login to DockerHub
|
|
run: |
|
|
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
|
|
if (-not $?) {throw "Failed"}
|
|
|
|
- name: Base OS tag
|
|
id: base_os_tag
|
|
run: |
|
|
$os_tag=$(Get-Content -Path .\build.json | ConvertFrom-Json).'os-windows'.'${{ matrix.os }}'
|
|
echo "os_tag=$os_tag" >> $Env:GITHUB_OUTPUT
|
|
|
|
- name: Generate tags
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGE_PREFIX }}${{ env.COMPONENT_BASE_BUILD_NAME }}
|
|
tags: |
|
|
type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},prefix=${{ matrix.component }}-${{ steps.base_os_tag.outputs.os_tag }}-
|
|
type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},suffix=-${{ steps.base_os_tag.outputs.os_tag }},prefix=${{ matrix.component }}-
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,prefix=${{ matrix.component }}-${{ steps.base_os_tag.outputs.os_tag }}-,suffix=-latest
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,suffix=-${{ steps.base_os_tag.outputs.os_tag }}-latest,prefix=${{ matrix.component }}-
|
|
type=raw,enable=${{ (needs.init_build.outputs.current_branch != 'trunk') && (needs.init_build.outputs.is_default_branch == 'true') }},value=${{ matrix.component }}-${{ steps.base_os_tag.outputs.os_tag }}-latest
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ matrix.component }}-${{ steps.base_os_tag.outputs.os_tag }}-
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ steps.base_os_tag.outputs.os_tag }},prefix=${{ matrix.component }}-
|
|
flavor: |
|
|
latest=false
|
|
|
|
- name: Download SHA256 tag build-base:${{ matrix.os }}
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: ${{ env.BASE_BUILD_NAME }}${{ env.BASE_BUILD_ARTIFACT_FILE_SUFFIX }}
|
|
|
|
- name: Retrieve ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} SHA256 tag
|
|
id: base_build
|
|
run: |
|
|
$base_tag = Get-Content ${{ env.BASE_BUILD_NAME }}${{ env.BASE_BUILD_ARTIFACT_FILE_SUFFIX }} -Raw
|
|
$build_base_image="${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGE_PREFIX }}${{ env.BASE_BUILD_NAME }}@" + $base_tag
|
|
|
|
echo "base_tag=$base_tag" >> $Env:GITHUB_OUTPUT
|
|
echo "base_build_image=$build_base_image" >> $Env:GITHUB_OUTPUT
|
|
|
|
- name: Build image
|
|
id: docker_build
|
|
run: |
|
|
$context='.\Dockerfiles\${{ env.COMPONENT_BASE_BUILD_NAME }}\windows\'
|
|
$dockerfile= $context + 'Dockerfile.${{ matrix.component }}'
|
|
# Can not build on GitHub due existing symlink. Must be removed before build process
|
|
Remove-Item -ErrorAction Ignore -Force -Path $context\README.md
|
|
|
|
$tags_array=$( "${{ steps.meta.outputs.tags }}".Split("`r`n") )
|
|
$tags=$($tags_array | Foreach-Object { "--tag=$_" })
|
|
|
|
echo "docker build --file=$dockerfile $tags $context"
|
|
docker build --label org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} `
|
|
--label org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} `
|
|
--file=$dockerfile `
|
|
--build-arg=BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} `
|
|
$tags `
|
|
$context
|
|
if (-not $?) {throw "Failed"}
|
|
|
|
- name: Push image
|
|
if: ${{ env.AUTO_PUSH_IMAGES }}
|
|
run: |
|
|
$tags_array=$( "${{ steps.meta.outputs.tags }}".Split("`r`n") )
|
|
|
|
Foreach ($tag in $tags_array) {
|
|
echo "docker image push $tag"
|
|
docker image push $tag
|
|
if (-not $?) {throw "Failed"}
|
|
}
|
|
|
|
- name: Image digest
|
|
if: ${{ env.AUTO_PUSH_IMAGES }}
|
|
run: |
|
|
$tags_array=$( "${{ steps.meta.outputs.tags }}".Split("`r`n") )
|
|
|
|
$digest=$(docker inspect $tags_array[0] --format "{{ index .RepoDigests 0}}").Split('@')[-1]
|
|
if (-not $?) {throw "Failed"}
|
|
|
|
echo $digest
|
|
$digest | Set-Content -Path ${{ env.COMPONENT_BASE_BUILD_NAME }}${{ env.COMPONENT_BASE_BUILD_ARTIFACT_FILE_SUFFIX }}
|
|
|
|
- name: Upload SHA256 tag
|
|
if: ${{ env.AUTO_PUSH_IMAGES }}
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ${{ env.COMPONENT_BASE_BUILD_NAME }}${{ env.COMPONENT_BASE_BUILD_ARTIFACT_FILE_SUFFIX }}
|
|
path: ${{ env.COMPONENT_BASE_BUILD_NAME }}${{ env.COMPONENT_BASE_BUILD_ARTIFACT_FILE_SUFFIX }}
|
|
if-no-files-found: error
|
|
|
|
- name: Logout from DockerHub
|
|
run: |
|
|
docker logout
|
|
if (-not $?) {throw "Failed"}
|
|
|
|
build_images:
|
|
timeout-minutes: 70
|
|
needs: [ "build_components", "init_build"]
|
|
name: Build ${{ matrix.component }} on ${{ matrix.os }}
|
|
env:
|
|
COMPONENT_BASE_BUILD_ARTIFACT_FILE_SUFFIX: "_${{ matrix.os }}_${{ matrix.component }}"
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os: ${{ fromJson(needs.init_build.outputs.os) }}
|
|
component: ${{ fromJson(needs.init_build.outputs.components) }}
|
|
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- name: Block egress traffic
|
|
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Install cosign
|
|
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4
|
|
with:
|
|
cosign-release: 'v2.2.3'
|
|
|
|
- name: Check cosign version
|
|
run: cosign version
|
|
|
|
- name: Login to DockerHub
|
|
run: |
|
|
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
|
|
if (-not $?) {throw "Failed"}
|
|
|
|
- name: Base OS tag
|
|
id: base_os_tag
|
|
run: |
|
|
$os_tag=$(Get-Content -Path .\build.json | ConvertFrom-Json).'os-windows'.'${{ matrix.os }}'
|
|
echo "os_tag=$os_tag" >> $Env:GITHUB_OUTPUT
|
|
|
|
- name: Generate tags
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGE_PREFIX }}${{ matrix.component }}
|
|
tags: |
|
|
type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},prefix=${{ steps.base_os_tag.outputs.os_tag }}-
|
|
type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},suffix=-${{ steps.base_os_tag.outputs.os_tag }}
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,prefix=${{ steps.base_os_tag.outputs.os_tag }}-,suffix=-latest
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,suffix=-${{ steps.base_os_tag.outputs.os_tag }}-latest
|
|
type=raw,enable=${{ (needs.init_build.outputs.current_branch != 'trunk') && (needs.init_build.outputs.is_default_branch == 'true') }},value=${{ steps.base_os_tag.outputs.os_tag }}-latest
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ steps.base_os_tag.outputs.os_tag }}-
|
|
type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ steps.base_os_tag.outputs.os_tag }}
|
|
flavor: |
|
|
latest=false
|
|
|
|
- name: Download SHA256 tag for ${{ env.COMPONENT_BASE_BUILD_NAME }}:${{ matrix.os }}
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: ${{ env.COMPONENT_BASE_BUILD_NAME }}${{ env.COMPONENT_BASE_BUILD_ARTIFACT_FILE_SUFFIX }}
|
|
|
|
- name: ${{ env.COMPONENT_BASE_BUILD_NAME }}:${{ matrix.os }} SHA256 tag
|
|
id: base_build
|
|
run: |
|
|
$base_tag = Get-Content ${{ env.COMPONENT_BASE_BUILD_NAME }}${{ env.COMPONENT_BASE_BUILD_ARTIFACT_FILE_SUFFIX }} -Raw
|
|
$build_base_image="${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGE_PREFIX }}${{ env.COMPONENT_BASE_BUILD_NAME }}@" + $base_tag
|
|
|
|
echo "base_tag=$base_tag" >> $Env:GITHUB_OUTPUT
|
|
echo "base_build_image=$build_base_image" >> $Env:GITHUB_OUTPUT
|
|
|
|
- name: Build image
|
|
id: docker_build
|
|
run: |
|
|
$context='.\Dockerfiles\${{ matrix.component }}\windows\'
|
|
$dockerfile= $context + 'Dockerfile'
|
|
# Can not build on GitHub due existing symlink. Must be removed before build process
|
|
Remove-Item -ErrorAction Ignore -Force -Path $context\README.md
|
|
|
|
$tags_array=$( "${{ steps.meta.outputs.tags }}".Split("`r`n") )
|
|
$tags=$($tags_array | Foreach-Object { "--tag=$_" })
|
|
|
|
# PowerShell images based on LTSC 2019 and LTSC 2016 do not have "ltsc" prefix
|
|
$os_tag_suffix='${{ steps.base_os_tag.outputs.os_tag }}'
|
|
$os_tag_suffix=$os_tag_suffix -replace "ltsc2019",'1809'
|
|
|
|
echo "docker build --file=$dockerfile $tags $context"
|
|
docker build --label org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} `
|
|
--label org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} `
|
|
--file=$dockerfile `
|
|
--build-arg=BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} `
|
|
--build-arg=BASE_IMAGE=mcr.microsoft.com/powershell:lts-nanoserver-$os_tag_suffix `
|
|
$tags `
|
|
$context
|
|
if (-not $?) {throw "Failed"}
|
|
|
|
- name: Push image
|
|
if: ${{ env.AUTO_PUSH_IMAGES }}
|
|
run: |
|
|
$tags_array=$( "${{ steps.meta.outputs.tags }}".Split("`r`n") )
|
|
|
|
Foreach ($tag in $tags_array) {
|
|
echo "docker image push $tag"
|
|
docker image push $tag
|
|
if (-not $?) {throw "Failed"}
|
|
}
|
|
|
|
- name: Image digest
|
|
if: ${{ env.AUTO_PUSH_IMAGES }}
|
|
run: |
|
|
$tags_array=$( "${{ steps.meta.outputs.tags }}".Split("`r`n") )
|
|
|
|
$digest=$(docker inspect $tags_array[0] --format "{{ index .RepoDigests 0}}").Split('@')[-1]
|
|
if (-not $?) {throw "Failed"}
|
|
|
|
echo $digest
|
|
|
|
- name: Logout from DockerHub
|
|
run: |
|
|
docker logout
|
|
if (-not $?) {throw "Failed"}
|