Skip to content

Commit

Permalink
build,workflows: add a workflow to build and push builder image
Browse files Browse the repository at this point in the history
Release note: None
Epic: none
  • Loading branch information
healthy-pod committed Oct 4, 2023
1 parent 916f096 commit e0eb946
Show file tree
Hide file tree
Showing 4 changed files with 173 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
name: Build and Push acceptance gss compose images

on:
pull_request

jobs:
tags:
runs-on: ubuntu-latest
outputs:
time_tag: ${{ steps.vars.outputs.TIME_TAG }}
steps:
-
name: Set TAG value
id: vars
run: echo "TIME_TAG=$(date +%Y%m%d-%H%M%S)" >> $GITHUB_OUTPUT

acceptance-kdc-docker:
needs: tags
uses: ./.github/workflows/gar-workflows-reusable-build-push-multiplatform-images.yml
with:
tags: |
us-east1-docker.pkg.dev/crl-ci-images/cockroach/acceptance-gss-kdc:${{ needs.tags.outputs.time_tag }}
context: "{{defaultContext}}:pkg/acceptance/compose/gss/kdc"
secrets:
gcp_wif_provider: ${{ secrets.GCP_CRL_CI_IMAGES_WIF_PROVIDER }}
gcp_wif_service_account: ${{ secrets.GCP_CRL_CI_IMAGES_SERVICE_ACCOUNT }}

acceptance-psql-docker:
needs: tags
uses: ./.github/workflows/gar-workflows-reusable-build-push-multiplatform-images.yml
with:
tags: |
us-east1-docker.pkg.dev/crl-ci-images/cockroach/acceptance-gss-psql:${{ needs.tags.outputs.time_tag }}
context: "{{defaultContext}}:pkg/acceptance/compose/gss/psql"
secrets:
gcp_wif_provider: ${{ secrets.GCP_CRL_CI_IMAGES_WIF_PROVIDER }}
gcp_wif_service_account: ${{ secrets.GCP_CRL_CI_IMAGES_SERVICE_ACCOUNT }}

acceptance-python-docker:
needs: tags
uses: ./.github/workflows/gar-workflows-reusable-build-push-multiplatform-images.yml
with:
tags: |
us-east1-docker.pkg.dev/crl-ci-images/cockroach/acceptance-gss-python:${{ needs.tags.outputs.time_tag }}
context: "{{defaultContext}}:pkg/acceptance/compose/gss/python"
secrets:
gcp_wif_provider: ${{ secrets.GCP_CRL_CI_IMAGES_WIF_PROVIDER }}
gcp_wif_service_account: ${{ secrets.GCP_CRL_CI_IMAGES_SERVICE_ACCOUNT }}
25 changes: 25 additions & 0 deletions .github/workflows/gar-workflows-build-push-acceptance-image.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Build and Push acceptance image

on:
pull_request

jobs:
tags:
runs-on: ubuntu-latest
outputs:
time_tag: ${{ steps.vars.outputs.TIME_TAG }}
steps:
-
name: Set TAG value
id: vars
run: echo "TIME_TAG=$(date +%Y%m%d-%H%M%S)" >> $GITHUB_OUTPUT
docker:
needs: tags
uses: ./.github/workflows/gar-workflows-reusable-build-push-multiplatform-images.yml
with:
tags: |
us-east1-docker.pkg.dev/crl-ci-images/cockroach/acceptance:${{ needs.tags.outputs.time_tag }}
context: "{{defaultContext}}:pkg/acceptance/testdata"
secrets:
gcp_wif_provider: ${{ secrets.GCP_CRL_CI_IMAGES_WIF_PROVIDER }}
gcp_wif_service_account: ${{ secrets.GCP_CRL_CI_IMAGES_SERVICE_ACCOUNT }}
26 changes: 26 additions & 0 deletions .github/workflows/gar-workflows-build-push-bazel-builder-image.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Build and Push bazel-builder image

on:
pull_request

jobs:
tags:
runs-on: ubuntu-latest
outputs:
time_tag: ${{ steps.vars.outputs.TIME_TAG }}
steps:
-
name: Set TAG value
id: vars
run: echo "TIME_TAG=$(date +%Y%m%d-%H%M%S)" >> $GITHUB_OUTPUT
docker:
needs: tags
uses: ./.github/workflows/gar-workflows-reusable-build-push-multiplatform-images.yml
with:
tags: |
us-east1-docker.pkg.dev/crl-ci-images/cockroach/bazel-builder:latest-do-not-use
us-east1-docker.pkg.dev/crl-ci-images/cockroach/bazel-builder:${{ needs.tags.outputs.time_tag }}
context: "{{defaultContext}}:build/bazelbuilder"
secrets:
gcp_wif_provider: ${{ secrets.GCP_CRL_CI_IMAGES_WIF_PROVIDER }}
gcp_wif_service_account: ${{ secrets.GCP_CRL_CI_IMAGES_SERVICE_ACCOUNT }}
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
name: Build and Push Multi-Platform Docker Images
# Note: This workflow is adapted to work with GAR only and specifically `us-east1-docker.pkg.dev` registry.
# If supporting more registries (within GAR) is needed in the future, we can pass the registry as an input from the
# calling workflow.
# To support pushing outside GAR, we will need to support authenticating to other non-google registries.

on:
workflow_call:
inputs:
tags:
# Example:
# tags: |
# us-east1-docker.pkg.dev/crl-ci-images/cockroach/bazel-builder:latest-do-not-use
# us-east1-docker.pkg.dev/crl-ci-images/cockroach/bazel-builder:${{ needs.tags.outputs.time_tag }}
required: true
type: string
context:
type: string
required: true
secrets:
gcp_wif_provider:
required: true
gcp_wif_service_account:
required: true

jobs:
reusable-workflow:
runs-on: ubuntu-latest
permissions:
contents: 'read'
id-token: 'write'
steps:
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

# Below we will build without pushing, then authenticate, then build and push. We do this
# dance because the token will only be valid for one hour and building + pushing might
# take more than one hour. The second build will use the cache so it's not bad.
-
name: Build (but do not push)
uses: docker/build-push-action@v5
with:
push: false
tags: ${{ inputs.tags }}
platforms: linux/amd64,linux/arm64
context: ${{ inputs.context }}
-
name: GCP Auth
id: auth
uses: 'google-github-actions/auth@v1'
with:
token_format: access_token
workload_identity_provider: '${{ secrets.gcp_wif_provider }}'
service_account: '${{ secrets.gcp_wif_service_account }}'
access_token_lifetime: 600s # 10 minutes
-
name: Login to Artifact Registry
uses: docker/login-action@v1
with:
registry: us-east1-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
-
name: Build (will use cache) and push (using recently generated token above)
uses: docker/build-push-action@v5
with:
push: true
tags: ${{ inputs.tags }}
platforms: linux/amd64,linux/arm64
context: ${{ inputs.context }}

0 comments on commit e0eb946

Please sign in to comment.