Skip to content

Build and Push Container #65

Build and Push Container

Build and Push Container #65

Workflow file for this run

name: Build and Push Container
on:
workflow_dispatch:
inputs:
postgres-major-version:
description: "Postgres major version to use for release."
type: string
required: true
services:
description: "Json list with postgres services to upgrade."
type: string
required: true
version:
description: "Opensight-postgres version to release."
type: string
required: true
workflow_call:
inputs:
postgres-major-version:
description: "Postgres major version to release."
type: string
required: true
services:
description: "Json list with postgres services to upgrade."
type: string
required: true
version:
description: "Opensight-postgres version to release."
type: string
required: true
secrets:
COSIGN_KEY_OPENSIGHT:
required: true
COSIGN_KEY_PASSWORD_OPENSIGHT:
required: true
GREENBONE_BOT_TOKEN:
required: true
jobs:
push-postgres:
runs-on: self-hosted-generic
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build and Push Greenbone Registry
id: build
uses: greenbone/actions/container-build-push-generic@v3
with:
build-args: "POSTGRES_VERSION=${{ inputs.postgres-major-version }}"
cosign-key: ${{ secrets.COSIGN_KEY_OPENSIGHT }}
cosign-key-password: ${{ secrets.COSIGN_KEY_PASSWORD_OPENSIGHT }}
cosign-tlog-upload: "false"
image-url: opensight/opensight-postgres
image-labels: |
org.opencontainers.image.vendor=Greenbone
org.opencontainers.image.base.name=postgres:${{ inputs.postgres-major-version }}
org.opencontainers.image.version=${{ inputs.version }}
image-tags: |
type=raw,value=${{ inputs.postgres-major-version }}
type=raw,value=${{ inputs.version }}
type=raw,value=v${{ inputs.version }}
registry: ${{ vars.GREENBONE_REGISTRY }}
registry-username: ${{ secrets.GREENBONE_REGISTRY_USER }}
registry-password: ${{ secrets.GREENBONE_REGISTRY_TOKEN }}
# For whatever reason, the native buildx doesn't build annotations!
buildx-container: 'true'
- name: Service upgrade matrix
id: upgrade
run: |
echo "matrix=$(echo '${{ inputs.services }}' | jq -r '{include:[.[] | {service: ., "image-url": "opensight/opensight-postgres", digest: "${{ steps.build.outputs.digest }}", version: "${{ inputs.version }}" }]} | @json')" >> $GITHUB_OUTPUT
outputs:
matrix: ${{ steps.upgrade.outputs.matrix }}
push-service:
needs: push-postgres
if: ${{ needs.push-postgres.outputs.matrix }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
# We have to run one workflow after the other here
# because our product compose Construction Process cannot handle multiple processes.
max-parallel: 1
matrix: ${{ fromJSON(needs.push-postgres.outputs.matrix) }}
steps:
- name: Trigger product compose upgrade
uses: greenbone/actions/trigger-workflow@v3
with:
token: ${{ secrets.GREENBONE_BOT_TOKEN }}
repository: "greenbone/automatix"
workflow: "push.yml"
inputs: '{"service": "${{ matrix.service }}", "image-url": "${{ matrix.image-url }}", "digest": "${{ matrix.digest }}", "version": "${{ matrix.version }}"}'