Build, push and release #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, push and release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release_tag: | |
| description: 'New release git/docker tag to publish' | |
| required: true | |
| type: string | |
| ingress_gce_version: | |
| description: 'kubernetes/ingress-gce version to checkout on build' | |
| required: true | |
| type: string | |
| env: | |
| IMAGE_REGISTRY: europe-docker.pkg.dev | |
| IMAGE_REPO: gardener-project/releases/gardener/ingress-gce | |
| IMAGE_TAG: ${{ inputs.release_tag }} | |
| GCP_PROJECT_ID: gardener-project | |
| GCP_SERVICE_ACCOUNT: [email protected] | |
| WORKLOAD_IDENTITY_PROVIDER: projects/694386720375/locations/global/workloadIdentityPools/github-actions/providers/github-actions-provider | |
| PLATFORMS: linux/amd64,linux/arm64 | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| build-push-release: | |
| permissions: | |
| # give GITHUB_TOKEN write permissions | |
| packages: write | |
| contents: write | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the gardener/ingress-gce repository | |
| uses: actions/checkout@v4 | |
| - name: Checkout the kubernetes/ingress-gce repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: 'kubernetes/ingress-gce' | |
| path: './ingress-gce' | |
| persist-credentials: false | |
| ref: '${{ inputs.ingress_gce_version }}' | |
| - name: Authenticate against Google-Artifact-Registry | |
| id: auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| project_id: ${{ env.GCP_PROJECT_ID }} | |
| service_account: ${{ env.GCP_SERVICE_ACCOUNT }} | |
| workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }} | |
| - name: Login to registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.IMAGE_REGISTRY }} | |
| username: oauth2accesstoken | |
| password: ${{ steps.auth.outputs.access_token }} | |
| - name: Docker setup buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| platforms: ${{ env.PLATFORMS }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| tags: | | |
| ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_REPO }}:${{ env.IMAGE_TAG }} | |
| push: true | |
| platforms: ${{ env.PLATFORMS }} | |
| - name: Create new release | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| tag: ${{ inputs.release_tag }} | |
| makeLatest: true | |
| body: | | |
| ## Docker Images | |
| * ingress-gce: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_REPO }}:${{ env.IMAGE_TAG }} |