Docker: Update images and Chromium to 143.0.7499.169 #170
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - "v*" | |
| pull_request: | |
| permissions: {} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| go-build: | |
| strategy: | |
| matrix: | |
| include: | |
| - GOOS: linux | |
| GOARCH: amd64 | |
| - GOOS: linux | |
| GOARCH: arm64 | |
| - GOOS: windows | |
| GOARCH: amd64 | |
| SUFFIX: .exe | |
| - GOOS: windows | |
| GOARCH: arm64 | |
| SUFFIX: .exe | |
| fail-fast: false | |
| name: Go build (for ${{ matrix.GOOS }}/${{ matrix.GOARCH }}) | |
| runs-on: ubuntu-latest | |
| env: | |
| GOOS: ${{ matrix.GOOS }} | |
| GOARCH: ${{ matrix.GOARCH }} | |
| SUFFIX: ${{ matrix.SUFFIX || '' }} | |
| CGO_ENABLED: 0 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache: false | |
| - name: go build | |
| run: go build -o grafana-image-renderer-"$GOOS"-"$GOARCH""$SUFFIX" -buildvcs -ldflags '-s -w -extldflags "-static"' . | |
| - uses: actions/upload-artifact@v5 | |
| with: | |
| name: grafana-image-renderer-${{ matrix.GOOS }}-${{ matrix.GOARCH }}${{ matrix.SUFFIX || '' }} | |
| path: grafana-image-renderer-${{ matrix.GOOS }}-${{ matrix.GOARCH }}${{ matrix.SUFFIX || '' }} | |
| tag: | |
| name: Create image tag | |
| runs-on: ubuntu-latest | |
| outputs: | |
| subject: ${{ steps.image_tag.outputs.subject }} | |
| tag: ${{ steps.image_tag.outputs.tag }} | |
| registry: ${{ steps.image_tag.outputs.registry }} | |
| ref_name: ${{ steps.image_tag.outputs.ref_name }} | |
| steps: | |
| - name: Use ghcr.io | |
| if: github.event_name != 'push' || github.ref_type != 'tag' | |
| env: | |
| REPOSITORY: ${{ github.repository }} | |
| run: | | |
| set -euo pipefail | |
| echo "REGISTRY=ghcr.io" >> "$GITHUB_ENV" | |
| echo "REPOSITORY=$REPOSITORY" >> "$GITHUB_ENV" | |
| - name: Use docker.io | |
| if: github.event_name == 'push' && github.ref_type == 'tag' | |
| run: | | |
| echo "REGISTRY=docker.io" >> "$GITHUB_ENV" | |
| echo "REPOSITORY=grafana/grafana-image-renderer" >> "$GITHUB_ENV" | |
| - name: Use Git tag for image tag | |
| if: github.event_name == 'push' && github.ref_type == 'tag' | |
| env: | |
| GITHUB_REF_NAME: ${{ github.ref_name }} | |
| run: echo "REF_NAME=$GITHUB_REF_NAME" >> "$GITHUB_ENV" | |
| - name: Use PR number for image tag | |
| if: github.event_name == 'pull_request' | |
| run: echo "REF_NAME=dev-pull-${{ github.event.pull_request.number }}-${{ github.sha }}" >> "$GITHUB_ENV" | |
| - name: Use branch and commit for image tag | |
| if: github.event_name == 'push' && github.ref_type == 'branch' | |
| env: | |
| GITHUB_REF_NAME: ${{ github.ref_name }} | |
| run: echo "REF_NAME=dev-$(echo "$GITHUB_REF_NAME" | tr '[:upper:]' '[:lower:]' | tr -d '[:blank:]' | tr -c '[:alnum:]' '-')-${{ github.sha }}" >> "$GITHUB_ENV" | |
| - name: Create image tag | |
| id: image_tag | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| echo "registry=$REGISTRY" >> "$GITHUB_OUTPUT" | |
| echo "subject=$REGISTRY/$REPOSITORY" >> "$GITHUB_OUTPUT" | |
| echo "tag=$REGISTRY/$REPOSITORY:$REF_NAME" >> "$GITHUB_OUTPUT" | |
| echo "ref_name=$REF_NAME" >> "$GITHUB_OUTPUT" | |
| build: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - runs-on: ubuntu-x64 | |
| arch: amd64 | |
| - runs-on: ubuntu-arm64 | |
| arch: arm64 | |
| needs: tag | |
| name: Build image for ${{ matrix.arch }} | |
| runs-on: ${{ matrix.runs-on }} | |
| permissions: | |
| contents: read # required to read the repository contents | |
| packages: write # required to push the built image to the package registry | |
| attestations: write # required to create attestations for the built image | |
| id-token: write # required to create attestations for the built image, and to read secrets | |
| pull-requests: write # required to comment on the pull request | |
| steps: | |
| - name: Log into GHCR | |
| if: needs.tag.outputs.registry == 'ghcr.io' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ACTOR: ${{ github.actor }} | |
| run: echo "$GITHUB_TOKEN" | docker login ghcr.io -u "$ACTOR" --password-stdin | |
| - name: Log into DockerHub | |
| if: needs.tag.outputs.registry == 'docker.io' | |
| uses: grafana/shared-workflows/actions/dockerhub-login@dockerhub-login/v1 | |
| - uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| - name: docker build | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| BUILDKIT_STEP_LOG_MAX_SIZE: -1 | |
| BUILDKIT_STEP_LOG_MAX_SPEED: -1 | |
| TAG: ${{ needs.tag.outputs.tag }}-${{ matrix.arch }} | |
| run: docker build . -t "$TAG" | |
| - name: docker push | |
| env: | |
| TAG: ${{ needs.tag.outputs.tag }}-${{ matrix.arch }} | |
| run: docker push "$TAG" | |
| - name: Get digest | |
| id: digest | |
| env: | |
| TAG: ${{ needs.tag.outputs.tag }}-${{ matrix.arch }} | |
| run: | | |
| set -euo pipefail | |
| DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' "$TAG" | cut -d@ -f2) | |
| echo "Digest: $DIGEST" | |
| echo "digest=$DIGEST" >> "$GITHUB_OUTPUT" | |
| - uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-name: ${{ needs.tag.outputs.subject }} | |
| subject-digest: ${{ steps.digest.outputs.digest }} | |
| push-to-registry: true | |
| manifest: | |
| needs: [tag, build] | |
| name: Create manifests | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write # required to create the manifest list in the package registry | |
| id-token: write # required to create the manifest list in the package registry | |
| pull-requests: write # required to comment on the pull request | |
| steps: | |
| - name: Log into GHCR | |
| if: needs.tag.outputs.registry == 'ghcr.io' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ACTOR: ${{ github.actor }} | |
| run: echo "$GITHUB_TOKEN" | docker login ghcr.io -u "$ACTOR" --password-stdin | |
| - name: Log into DockerHub | |
| if: needs.tag.outputs.registry == 'docker.io' | |
| uses: grafana/shared-workflows/actions/dockerhub-login@dockerhub-login/v1 | |
| - name: Create and push manifests | |
| env: | |
| TAG: ${{ needs.tag.outputs.tag }} | |
| run: | | |
| set -euo pipefail | |
| docker manifest create "$TAG" "$TAG"-amd64 "$TAG"-arm64 | |
| docker manifest push "$TAG" | |
| - name: Create and push :latest manifest | |
| if: github.event_name == 'push' && github.ref_type == 'tag' | |
| env: | |
| TAG: ${{ needs.tag.outputs.tag }} | |
| SUBJECT: ${{ needs.tag.outputs.subject }} | |
| run: | | |
| set -euo pipefail | |
| docker manifest create "$SUBJECT":latest "$TAG"-amd64 "$TAG"-arm64 | |
| docker manifest push "$SUBJECT":latest | |
| - name: Comment on PR | |
| if: github.event_name == 'pull_request' | |
| uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2 | |
| continue-on-error: true # just check the actions log if ratelimits or whatever | |
| with: | |
| message: | | |
| :whale: Docker image built and pushed to GitHub Container Registry. | |
| You can pull it using: | |
| ```bash | |
| docker pull ${{ needs.tag.outputs.tag }} | |
| ``` | |
| > [!WARNING] | |
| > This is a development image and should not be used in production. | |
| > It will be automatically removed after 2 weeks. | |
| release: | |
| name: Create GitHub Release | |
| if: github.event_name == 'push' && github.ref_type == 'tag' | |
| needs: [tag, build, manifest, go-build] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # to create the release | |
| packages: read # to read the package information | |
| steps: | |
| - uses: actions/download-artifact@v5 | |
| with: | |
| merge-multiple: true | |
| path: bins/ | |
| pattern: grafana-image-renderer-* | |
| - uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2 | |
| with: | |
| files: bins/* | |
| fail_on_unmatched_files: true | |
| make_latest: "true" | |
| generate_release_notes: true | |
| # Workflow: https://argo-workflows.grafana.net/workflow-templates/render-service-cd/auto-deploy-dev | |
| cd-auto-deploy-dev: | |
| name: Deploy to dev | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: [tag, manifest] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - id: "trigger-argowfs-deployment" | |
| name: "Trigger Argo Workflow" | |
| uses: grafana/shared-workflows/actions/trigger-argo-workflow@44c08c7c1acb9e13bb68ad6265eee886a5e60930 # trigger-argo-workflow/v1.1.2 | |
| with: | |
| instance: "ops" | |
| namespace: "render-service-cd" | |
| workflow_template: "auto-deploy-dev" | |
| parameters: | | |
| dockertag=${{ needs.tag.outputs.ref_name }} | |
| - name: Print URI | |
| run: | | |
| echo "URI: ${{ steps.trigger-argowfs-deployment.outputs.uri }}" | |
| # Workflow: https://argo-workflows.grafana.net/workflow-templates/render-service-cd/deploy-prod | |
| cd-deploy-prod: | |
| name: Deploy to prod | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: [tag, manifest] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - id: "trigger-argowfs-deployment" | |
| name: "Trigger Argo Workflow" | |
| uses: grafana/shared-workflows/actions/trigger-argo-workflow@44c08c7c1acb9e13bb68ad6265eee886a5e60930 # trigger-argo-workflow/v1.1.2 | |
| with: | |
| instance: "ops" | |
| namespace: "render-service-cd" | |
| workflow_template: "deploy-prod" | |
| parameters: | | |
| dockertag=${{ needs.tag.outputs.ref_name }} | |
| - name: Print URI | |
| run: | | |
| echo "URI: ${{ steps.trigger-argowfs-deployment.outputs.uri }}" |