Bump the everything group in /go/polly with 1 update #14
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Experimental go release workflow with ghcr.io packages | |
| # | |
| # How build and push multiple docker image with same repo and same version, but different name? #561 | |
| # https://github.com/docker/build-push-action/issues/561 | |
| # Matrix build with multiple vars per matrix: https://stackoverflow.com/a/76547617/4292075 | |
| # | |
| # GH Packages About inheritance of access permissions | |
| # https://docs.github.com/en/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#about-inheritance-of-access-permissions | |
| name: go-release | |
| on: | |
| pull_request: | |
| paths: [ 'go/**', '.github/workflows/go-release.yml' ] | |
| push: | |
| # If at least one path matches a pattern in the paths filter, the workflow runs | |
| paths: [ 'go/**', '.github/workflows/go-release.yml' ] | |
| branches: [ main ] | |
| env: | |
| REGISTRY: ghcr.io # default is docker.io | |
| IMAGE_NAME: ${{ github.repository }}-tools # # e.g. user/fancy-project[-suffix] | |
| jobs: | |
| go-release-ghcr: | |
| name: go release to ghcr.io | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write # required to write to container registry | |
| # contents: write # for releases (e.g. go-releaser) | |
| strategy: | |
| matrix: | |
| include: | |
| - goos: linux | |
| goarch: arm64 | |
| #- goos: linux | |
| # arch: amd64 | |
| steps: | |
| # checkout is essential if you use a different context than "." | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # todo use different approach, get rid of ssm dependency | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) # run only on main | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-central-1 | |
| # todo use different approach, get rid of ssm dependency | |
| - name: Pull Environment Config from AWS SSM ParamStore | |
| if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) # run only on main | |
| run: | | |
| echo "LATEST_REPO_TAG=$(git ls-remote --tags --sort='v:refname' | tail -n1 | sed 's/.*\///; s/\^{}//')" >> $GITHUB_ENV | |
| echo "RELEASE_NAME=$(aws ssm get-parameter --name /angkor/prod/RELEASE_NAME --with-decryption --query 'Parameter.Value' --output text)" >> $GITHUB_ENV | |
| echo "RELEASE_VERSION=$(aws ssm get-parameter --name /angkor/prod/RELEASE_VERSION --with-decryption --query 'Parameter.Value' --output text)" >> $GITHUB_ENV | |
| - name: Build with Go and run Sonar Scanner | |
| working-directory: ./go | |
| run: | | |
| make build | |
| env: | |
| GOOS: ${{ matrix.goos }} | |
| # todo refactor Makefile to use GOARCH | |
| ARCH: ${{ matrix.goarch }} | |
| CI: true | |
| RELEASE_NAME: ${{ env.RELEASE_NAME }} | |
| RELEASE_VERSION: ${{ env.RELEASE_VERSION }} | |
| # required for tags and labels as input for docker-build-push | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| # or you get Error: buildx failed with: ERROR: unauthorized: unauthenticated: User cannot be authenticated with the token provided. | |
| - name: Login to GitHub container registry (ghcr.io) | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Multi-platform image with GitHub Actions | |
| # https://docs.docker.com/build/ci/github-actions/multi-platform/ | |
| # QEMU is a generic and open source machine & userspace emulator and virtualizer. | |
| # to emulating a complete machine in software without any need for hardware virtualization support | |
| # it's required at least if you RUN things in your docker build and the target platform | |
| # is *NOT* the platform of the runner (or you get messages like "exec /bin/sh: exec format error") | |
| - name: Set up QEMU static binaries | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| # since we run platform specific builds in parallel, we only need the current platform | |
| platforms: ${{ matrix.goos }}/${{ matrix.goarch }} | |
| # explicit setup-buildx action required? No, at least standard worker comes with cli plugin | |
| # - name: Set up Docker Buildx | |
| # uses: docker/setup-buildx-action@v3 | |
| # https://github.com/docker/build-push-action?tab=readme-ov-file#usage | |
| - name: Build docker image | |
| id: build # so we can reference this step as ${{ steps.build.outputs.digest }} in export step | |
| uses: docker/build-push-action@v5 | |
| with: | |
| #${{ matrix.platform }} | |
| platforms: ${{ matrix.goos }}/${{ matrix.goarch }} | |
| context: ./go | |
| # for none-multistage use true and merge manifest in 2nd job, otherwise false | |
| push: true | |
| # for multistage O NOT specify 'tags' here (error "get can't push tagged ref by digest") | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # why provenance: false? See "GitHub Action produces unknown architecture and OS": https://github.com/docker/build-push-action/issues/820 | |
| provenance: false | |
| build-args: | | |
| RELEASE_NAME: ${{ env.RELEASE_NAME }} | |
| RELEASE_VERSION: ${{ env.RELEASE_VERSION }} |