Use separate signing keys for the cert and the token #1447
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker build and push | |
| on: [push] | |
| env: | |
| # TEST_TARGET: Name of the testing target in the Dockerfile | |
| TEST_TARGET: testing | |
| # DO_TEST - true to build and run unit tests, false to skip the tests | |
| DO_TEST: true | |
| jobs: | |
| production: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Build context" | |
| run: | | |
| echo "ref is ${{ github.ref }}" | |
| echo "ref_type is ${{ github.ref_type }}" | |
| - name: "Checkout repository" | |
| id: checkout_repo | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: "Lowercase repository name for docker build" | |
| id: lowercase-repository-name | |
| run: echo "REPO_NAME=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV | |
| - name: "Set tags for main/master" | |
| id: set_tags | |
| run: | | |
| echo "VERSION_TAG=$(./git-version-gen | grep -v UNKNOWN)" >> ${GITHUB_ENV} | |
| echo "TEST_TAG=$(git rev-parse HEAD)-test" >> ${GITHUB_ENV} | |
| echo "SHA_TAG=$(git rev-parse HEAD)" >> ${GITHUB_ENV} | |
| echo "${GITHUB_ENV}:" | |
| cat ${GITHUB_ENV} | |
| shell: bash | |
| - name: "Verify auto-generated files" | |
| run: | | |
| make manifests generate | |
| git status | |
| if [[ $(git status -s | wc -l) -gt 0 ]]; then \ | |
| exit 1; \ | |
| fi | |
| - name: "Docker metadata" | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.REPO_NAME }} | |
| tags: | | |
| # For merge to master branch, tag example: 'master' | |
| type=ref,event=branch | |
| # For PR event, tag example: 'pr-3' | |
| type=ref,event=pr | |
| # For PR event or merge event, tag example: 1.0.1.12-5667 | |
| type=raw,value=${{ env.VERSION_TAG }} | |
| # For PR event or merge, tag example: 566769e04d2436cf5f42ae4f46092c7dff6e668e | |
| type=raw,value=${{ env.SHA_TAG }} | |
| # For push to semver tag, tag example: 1.0.2 | |
| # This also sets 'latest'. | |
| type=semver,pattern={{version}} | |
| # For push to semver tag, tag example: 1.0 | |
| type=semver,pattern={{major}}.{{minor}} | |
| - name: "Docker login" | |
| id: docker_login | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Build the test Docker image" | |
| id: docker_build_test_target | |
| if: ${{ env.DO_TEST == 'true' }} | |
| uses: docker/build-push-action@v2 | |
| with: | |
| push: false | |
| target: ${{ env.TEST_TARGET }} | |
| tags: ${{ env.REPO_NAME }}:${{ env.TEST_TAG }} | |
| - name: "Run the Docker image unit tests" | |
| id: docker_test | |
| if: ${{ env.DO_TEST == 'true' }} | |
| run: docker run ${{ env.REPO_NAME }}:${{ env.TEST_TAG }} | |
| - name: "Build the final Docker image" | |
| id: docker_build | |
| uses: docker/build-push-action@v3 | |
| with: | |
| push: true | |
| target: production | |
| tags: ${{ steps.meta.outputs.tags }} | |
| debug: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Build context" | |
| run: | | |
| echo "ref is ${{ github.ref }}" | |
| echo "ref_type is ${{ github.ref_type }}" | |
| - name: "Checkout repository" | |
| id: checkout_repo | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: "Lowercase repository name for docker build" | |
| id: lowercase-repository-name | |
| run: echo "REPO_NAME=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV | |
| - name: "Set tags for main/master" | |
| id: set_tags | |
| run: | | |
| echo "VERSION_TAG=$(./git-version-gen | grep -v UNKNOWN)" >> ${GITHUB_ENV} | |
| echo "TEST_TAG=$(git rev-parse HEAD)-test" >> ${GITHUB_ENV} | |
| echo "SHA_TAG=$(git rev-parse HEAD)" >> ${GITHUB_ENV} | |
| echo "${GITHUB_ENV}:" | |
| cat ${GITHUB_ENV} | |
| shell: bash | |
| - name: "Verify auto-generated files" | |
| run: | | |
| make manifests generate | |
| if [[ $(git status -s | wc -l) -gt 0 ]]; then \ | |
| git status; exit 1; \ | |
| fi | |
| - name: "Docker metadata" | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.REPO_NAME }}-debug | |
| tags: | | |
| # For merge to master branch, tag example: 'master' | |
| type=ref,event=branch | |
| # For PR event, tag example: 'pr-3' | |
| type=ref,event=pr | |
| # For PR event or merge event, tag example: 1.0.1.12-5667 | |
| type=raw,value=${{ env.VERSION_TAG }} | |
| # For PR event or merge, tag example: 566769e04d2436cf5f42ae4f46092c7dff6e668e | |
| type=raw,value=${{ env.SHA_TAG }} | |
| # For push to semver tag, tag example: 1.0.2 | |
| # This also sets 'latest'. | |
| type=semver,pattern={{version}} | |
| # For push to semver tag, tag example: 1.0 | |
| type=semver,pattern={{major}}.{{minor}} | |
| - name: "Docker login" | |
| id: docker_login | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Build the test Docker image" | |
| id: docker_build_test_target | |
| if: ${{ env.DO_TEST == 'true' }} | |
| uses: docker/build-push-action@v2 | |
| with: | |
| push: false | |
| target: ${{ env.TEST_TARGET }} | |
| tags: ${{ env.REPO_NAME }}:${{ env.TEST_TAG }} | |
| - name: "Run the Docker image unit tests" | |
| id: docker_test | |
| if: ${{ env.DO_TEST == 'true' }} | |
| run: docker run ${{ env.REPO_NAME }}:${{ env.TEST_TAG }} | |
| - name: "Build the debug Docker image" | |
| id: docker_build | |
| uses: docker/build-push-action@v3 | |
| with: | |
| push: true | |
| target: debug | |
| tags: ${{ steps.meta.outputs.tags }} | |
| copy_offload_production: | |
| # Testing with nektos/act: | |
| # Comment the 'needs' line below so that nektos/act doesn't attempt to | |
| # execute the jobs in the 'needs' list. | |
| # $ make clean-bin | |
| # $ act --rm -j copy_offload_production --container-architecture linux/amd64 --pull=false --bind --action-offline-mode push | |
| # $ make clean-bin | |
| # Restore the 'needs' line below. | |
| # | |
| needs: [production] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Build context" | |
| run: | | |
| echo "env.ACT is ${{ env.ACT }}" | |
| echo "ref is ${{ github.ref }}" | |
| echo "ref_type is ${{ github.ref_type }}" | |
| echo "want go version: $(grep -E '^go ' go.mod)" | |
| - name: "Checkout repository" | |
| if: ${{ !env.ACT }} # skip during local actions testing | |
| id: checkout_repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: setup go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: "Lowercase repository name for docker build" | |
| id: lowercase-repository-name | |
| run: echo "REPO_NAME=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV | |
| - name: "Set tags for main/master" | |
| id: set_tags | |
| run: | | |
| echo "VERSION_TAG=$(./git-version-gen | grep -v UNKNOWN)" >> ${GITHUB_ENV} | |
| echo "TEST_TAG=$(git rev-parse HEAD)-test" >> ${GITHUB_ENV} | |
| echo "SHA_TAG=$(git rev-parse HEAD)" >> ${GITHUB_ENV} | |
| echo "${GITHUB_ENV}:" | |
| cat ${GITHUB_ENV} | |
| shell: bash | |
| - name: "Verify auto-generated files" | |
| if: ${{ !env.ACT }} # skip during local actions testing | |
| run: | | |
| make manifests generate | |
| git status | |
| if [[ $(git status -s | wc -l) -gt 0 ]]; then \ | |
| exit 1; \ | |
| fi | |
| - name: "Docker metadata" | |
| if: ${{ !env.ACT }} # skip during local actions testing | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.REPO_NAME }}-copy-offload | |
| tags: | | |
| # For merge to master branch, tag example: 'master' | |
| type=ref,event=branch | |
| # For PR event, tag example: 'pr-3' | |
| type=ref,event=pr | |
| # For PR event or merge event, tag example: 1.0.1.12-5667 | |
| type=raw,value=${{ env.VERSION_TAG }} | |
| # For PR event or merge, tag example: 566769e04d2436cf5f42ae4f46092c7dff6e668e | |
| type=raw,value=${{ env.SHA_TAG }} | |
| # For push to semver tag, tag example: 1.0.2 | |
| # This also sets 'latest'. | |
| type=semver,pattern={{version}} | |
| # For push to semver tag, tag example: 1.0 | |
| type=semver,pattern={{major}}.{{minor}} | |
| - name: "Docker login" | |
| if: ${{ !env.ACT }} # skip during local actions testing | |
| id: docker_login | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Build the test Docker image" | |
| id: docker_build_test_target | |
| if: ${{ env.DO_TEST == 'true' && !env.ACT }} | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: false | |
| target: ${{ env.TEST_TARGET }} | |
| tags: ${{ env.REPO_NAME }}:${{ env.TEST_TAG }} | |
| - name: "Run the Docker image unit tests" | |
| id: docker_test | |
| if: ${{ env.DO_TEST == 'true' && !env.ACT }} | |
| run: docker run ${{ env.REPO_NAME }}:${{ env.TEST_TAG }} | |
| - name: "Install libcurl" | |
| run: | | |
| sudo apt-get update -y | |
| sudo apt-get install -y libcurl4-openssl-dev | |
| - name: "Build lib-copy-offload" | |
| run: make -C ./daemons/lib-copy-offload libcopyoffload.a | |
| - name: "E2E mock test, without TLS or token" | |
| run: SKIP_TLS=1 SKIP_TOKEN=1 ./daemons/copy-offload-testing/e2e-mocked.sh | |
| - name: "E2E mock test, with TLS, without token" | |
| run: SKIP_MTLS=1 SKIP_TOKEN=1 ./daemons/copy-offload-testing/e2e-mocked.sh | |
| - name: "E2E mock test, with token, without TLS" | |
| run: SKIP_TLS=1 ./daemons/copy-offload-testing/e2e-mocked.sh | |
| - name: "E2E mock test, with token and TLS (no mTLS)" | |
| run: SKIP_MTLS=1 ./daemons/copy-offload-testing/e2e-mocked.sh | |
| - name: "E2E mock test, with token and mTLS" | |
| run: ./daemons/copy-offload-testing/e2e-mocked.sh | |
| - name: "Build the copy-offload Docker image" | |
| if: ${{ !env.ACT }} # skip during local actions testing | |
| id: docker_build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| target: copy_offload_production | |
| tags: ${{ steps.meta.outputs.tags }} | |
| create_release: | |
| needs: [production, debug, copy_offload_production] | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-tags: true | |
| fetch-depth: 0 | |
| - name: Repair tag | |
| run: git fetch -f origin ${{ github.ref }}:${{ github.ref }} | |
| - name: Verify that the tag is annotated | |
| run: if test x$(git for-each-ref ${{ github.ref }} | awk '{print $2}') = xtag; then /bin/true; else echo "\"${{ github.ref }}\" does not look like an annotated tag!"; /bin/false; fi | |
| - name: Release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| #prerelease: true | |
| generate_release_notes: true | |