Skip to content

Allow multiple private keys but use the latest one #1920

Allow multiple private keys but use the latest one

Allow multiple private keys but use the latest one #1920

name: Build and Push Prod Image
on:
pull_request:
push:
branches:
- main
tags:
# only run release on v7.0.0 and up
- v[7-9]\.[0-9]+\.[0-9]+
- v[7-9]\.[0-9]+\.[0-9]+-rc\.[0-9]+
- v[1-9][0-9]+\.[0-9]+\.[0-9]+
- v[1-9][0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+
repository_dispatch:
types:
- dispatch-build
workflow_dispatch:
permissions:
contents: write
jobs:
build-base-image:
runs-on: ubuntu-latest
steps:
- name: Checkout for push to main
uses: actions/checkout@v4
- name: Cache base image
uses: actions/cache@v4
with:
path: /tmp/.base-buildx-cache
key: base-buildx-${{ github.sha }}-${{ github.run_id }}
# allow cache hits from previous runs of the current branch,
# parent branch, then upstream branches, in that order
restore-keys: |
base-buildx-
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-flags: --debug
# Free disk space
- name: Free Disk space
shell: bash
run: |
sudo rm -rf /usr/local/lib/android # will release about 10 GB if you don't need Android
- name: Build and push Docker images
uses: docker/build-push-action@v5
with:
context: .
file: ./images/Dockerfile
target: final-stage
build-args: |
IS_PR_BUILD=${{ github.event_name == 'pull_request' }}
cache-from: type=local,src=/tmp/.base-buildx-cache
cache-to: type=local,dest=/tmp/.base-buildx-cache,mode=max
make-date-tag:
runs-on: ubuntu-latest
outputs:
dtag: ${{ steps.mkdatetag.outputs.dtag }}
steps:
- name: make date tag
id: mkdatetag
run: echo "dtag=$(date +%Y%m%d-%H%M)" >> $GITHUB_OUTPUT
build-server-images:
needs: [build-base-image, make-date-tag]
strategy:
fail-fast: False
matrix:
image:
- cache
- origin
- director
- registry
- osdf-cache
- osdf-origin
- osdf-director
- osdf-registry
runs-on: ubuntu-latest
steps:
- name: Checkout for push to main
uses: actions/checkout@v4
- name: Determine Latest Version Tag
id: latest_version
run: |
git fetch --tags
tags=$(git tag -l 'v*.*.*' | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | sort -V)
highest_tag=$(echo "${tags}" | tail -n1)
echo "Highest version tag is ${highest_tag}"
if [[ "${GITHUB_REF##*/}" == "${highest_tag}" ]]; then
echo "IS_LATEST=true" >> $GITHUB_OUTPUT
else
echo "IS_LATEST=false" >> $GITHUB_OUTPUT
fi
- name: Generate tag list
id: generate-tag-list
env:
TIMESTAMP: ${{ needs.make-date-tag.outputs.dtag }}
# Here, we either tag the container with the "latest" tag if
# the commit that triggered this action doesn't have a tag,
# or we tag it with the commit's tag if one exists
run: |
IS_LATEST=${{ steps.latest_version.outputs.IS_LATEST }}
# Check if we're working with a tagged version
if [ -z "${{ inputs.tag }}" ]
then
# Use regex to check for a semver tag match
if [[ ${GITHUB_REF##*/} =~ v[0-9]+\.[0-9]+\.[0-9]+ ]]
then
GITHUB_TAG=${GITHUB_REF##*/}
else
GITHUB_TAG="latest-dev"
fi
else
GITHUB_TAG=${{ inputs.tag }}
fi
echo "Master SHA:"
echo $(git rev-parse $GITHUB_REF_NAME)
echo "Current SHA:"
echo $(git rev-parse HEAD)
echo $GITHUB_TAG
docker_repo="pelican_platform"
image_name=${{ matrix.image }}
tag_list=()
for registry in hub.opensciencegrid.org; do
for image_tag in "$GITHUB_TAG"; do
tag_list+=("$registry/$docker_repo/$image_name":"$image_tag")
done
done
if [[ "$IS_LATEST" == "true" ]]; then
tag_list+=("$registry/$docker_repo/$image_name:latest")
fi
# This causes the tag_list array to be comma-separated below,
# which is required for build-push-action
IFS=,
echo "taglist=${tag_list[*]}" >> $GITHUB_OUTPUT
- name: Load cached base image
uses: actions/cache@v4
with:
path: /tmp/.base-buildx-cache
key: base-buildx-${{ github.sha }}-${{ github.run_id }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-flags: --debug
# We only login to OSG harbor and push the image
# if the workflow was for the release
- name: Log in to OSG Harbor
uses: docker/login-action@v3
if: github.repository == 'PelicanPlatform/pelican' && startsWith(github.ref, 'refs/tags/')
with:
registry: hub.opensciencegrid.org
username: ${{ secrets.PELICAN_HARBOR_ROBOT_USER }}
password: ${{ secrets.PELICAN_HARBOR_ROBOT_PASSWORD }}
- name: Build and push Docker images
uses: docker/build-push-action@v5
with:
context: .
file: ./images/Dockerfile
push: ${{ github.repository == 'PelicanPlatform/pelican' && startsWith(github.ref, 'refs/tags/') }}
tags: "${{ steps.generate-tag-list.outputs.taglist }}"
target: ${{ matrix.image }}
build-args: |
IS_PR_BUILD=${{ github.event_name == 'pull_request' }}
cache-from: type=local,src=/tmp/.base-buildx-cache