-
Notifications
You must be signed in to change notification settings - Fork 205
78 lines (67 loc) · 3.07 KB
/
create-release-official.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
name: Create new official release
on:
# run when a release is published,
# which creates a new tag
push:
tags:
- v2*
jobs:
build-and-push:
runs-on: [self-hosted, 1ES.Pool=aso-1es-pool]
permissions:
contents: write # Required to write a release
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0 # required to access tags
submodules: "true"
- name: Force docker to SSD
run: sudo scripts/v2/linux-docker-use-ssd.sh --containerd true
- name: Build & run devcontainer image
# this always builds a new image from scratch rather than from the build-devcontainer-image workflow output
# so that we pick up the latest versions of everything
# NB: if you update this also update live-validation.yml, pre-release-tests.yaml and create-release-experimental.yml
id: devcontainer
run: |
docker build --tag devcontainer:latest .devcontainer
mkdir -p $HOME/.docker # in case it doesn't exist
container_id=$(docker create -w /workspace -v $GITHUB_WORKSPACE:/workspace -v /var/run/docker.sock:/var/run/docker.sock devcontainer:latest)
docker start "$container_id"
echo "container_id=$container_id" >> $GITHUB_ENV
- name: Build required release files
run: |
container_id=${{env.container_id}}
docker exec "$container_id" task make-release-artifacts
- name: Upload release assets
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # this is v2.7.0, but pinned
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ github.ref }}
file: "v2/out/release/*"
file_glob: true
- name: Docker login
run: |
container_id=${{env.container_id}}
docker exec -e AZURE_CLIENT_ID -e AZURE_CLIENT_SECRET -e DOCKER_REGISTRY "$container_id" task docker-login
env:
DOCKER_REGISTRY: ${{ secrets.REGISTRY_LOGIN }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
- name: Build, tag and push docker image
run: |
container_id=${{env.container_id}}
docker exec -e DOCKER_PUSH_TARGET "$container_id" task controller:docker-push-multiarch
env:
DOCKER_PUSH_TARGET: ${{ secrets.REGISTRY_PUBLIC }}
- name: Protect image
run: |
container_id=${{env.container_id}}
docker exec -e DOCKER_PUSH_TARGET -e DOCKER_REGISTRY -e AZURE_TENANT_ID -e AZURE_CLIENT_ID -e AZURE_CLIENT_SECRET -e AZURE_SUBSCRIPTION_ID "$container_id" task controller:acr-protect-image
env:
DOCKER_PUSH_TARGET: ${{ secrets.REGISTRY_PUBLIC }}
DOCKER_REGISTRY: ${{ secrets.REGISTRY_LOGIN }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}