Build Base Images #89
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Base Images | |
on: | |
workflow_dispatch: | |
workflow_call: | |
schedule: | |
- cron: "30 4 * * 1-5" # run Mon-Fri at 04:30 UTC | |
defaults: | |
run: | |
shell: bash | |
concurrency: | |
group: ${{ github.ref_name }}-base-image | |
cancel-in-progress: false | |
permissions: | |
contents: read | |
id-token: write | |
jobs: | |
checks: | |
name: Checks and variables | |
runs-on: ubuntu-22.04 | |
outputs: | |
docker_md5: ${{ steps.vars.outputs.docker_md5 }} | |
ic_version: ${{ steps.vars.outputs.ic_version }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
- name: Output Variables | |
id: vars | |
run: | | |
./.github/scripts/variables.sh docker_md5 >> $GITHUB_OUTPUT | |
source .github/data/version.txt | |
echo "ic_version=${IC_VERSION}" >> $GITHUB_OUTPUT | |
cat $GITHUB_OUTPUT | |
build-oss: | |
name: Build OSS base images | |
runs-on: ubuntu-22.04 | |
needs: checks | |
strategy: | |
fail-fast: false | |
matrix: | |
image: [debian, alpine] | |
platforms: | |
["linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"] | |
include: | |
- image: ubi | |
platforms: "linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
- name: Docker Buildx | |
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | |
- name: Setup QEMU | |
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | |
with: | |
platforms: arm,arm64,ppc64le,s390x | |
- name: Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 | |
with: | |
token_format: access_token | |
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} | |
service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} | |
- name: Login to GCR | |
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 | |
with: | |
registry: gcr.io | |
username: oauth2accesstoken | |
password: ${{ steps.auth.outputs.access_token }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
images: | | |
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/oss | |
flavor: | | |
suffix=-${{ matrix.image }},onlatest=false | |
tags: | | |
type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }} | |
- name: Build Base Container | |
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 | |
with: | |
file: build/Dockerfile | |
context: "." | |
cache-from: type=gha,scope=${{ matrix.image }} | |
cache-to: type=gha,scope=${{ matrix.image }},mode=max | |
target: common | |
tags: ${{ steps.meta.outputs.tags }} | |
platforms: ${{ matrix.platforms }} | |
pull: true | |
push: true | |
build-args: | | |
BUILD_OS=${{ matrix.image }} | |
IC_VERSION=${{ needs.checks.outputs.ic_version }} | |
build-plus: | |
name: Build Plus base images | |
runs-on: ubuntu-22.04 | |
needs: checks | |
strategy: | |
fail-fast: false | |
matrix: | |
image: [debian-plus, alpine-plus, alpine-plus-fips] | |
platforms: ["linux/arm64, linux/amd64"] | |
include: | |
- image: ubi-plus | |
platforms: "linux/arm64, linux/amd64, linux/s390x" | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
- name: Docker Buildx | |
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | |
- name: Setup QEMU | |
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | |
with: | |
platforms: arm64,s390x | |
- name: Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 | |
with: | |
token_format: access_token | |
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} | |
service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} | |
- name: Login to GCR | |
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 | |
with: | |
registry: gcr.io | |
username: oauth2accesstoken | |
password: ${{ steps.auth.outputs.access_token }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
images: | | |
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus | |
flavor: | | |
suffix=-${{ matrix.image }},onlatest=false | |
tags: | | |
type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }} | |
- name: Build Base Container | |
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 | |
with: | |
file: build/Dockerfile | |
context: "." | |
cache-from: type=gha,scope=${{ matrix.image }} | |
cache-to: type=gha,scope=${{ matrix.image }},mode=max | |
target: common | |
tags: ${{ steps.meta.outputs.tags }} | |
platforms: ${{ matrix.platforms }} | |
pull: true | |
push: true | |
build-args: | | |
BUILD_OS=${{ matrix.image }} | |
IC_VERSION=${{ needs.checks.outputs.ic_version }} | |
secrets: | | |
"nginx-repo.crt=${{ secrets.NGINX_CRT }}" | |
"nginx-repo.key=${{ secrets.NGINX_KEY }}" | |
build-plus-nap: | |
name: Build Plus NAP base images | |
runs-on: ubuntu-22.04 | |
needs: checks | |
strategy: | |
fail-fast: false | |
matrix: | |
image: [debian-plus-nap] | |
platforms: ["linux/amd64"] | |
nap_modules: [dos, waf, "waf,dos"] | |
include: | |
- image: ubi-9-plus-nap | |
platforms: "linux/amd64" | |
nap_modules: waf | |
- image: ubi-8-plus-nap | |
platforms: "linux/amd64" | |
nap_modules: dos | |
- image: ubi-8-plus-nap | |
platforms: "linux/amd64" | |
nap_modules: "waf,dos" | |
- image: alpine-plus-nap-fips | |
platforms: "linux/amd64" | |
nap_modules: waf | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
- name: Docker Buildx | |
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | |
- name: Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 | |
with: | |
token_format: access_token | |
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} | |
service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} | |
- name: Login to GCR | |
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 | |
with: | |
registry: gcr.io | |
username: oauth2accesstoken | |
password: ${{ steps.auth.outputs.access_token }} | |
- name: NAP modules | |
id: nap_modules | |
run: | | |
[[ "${{ matrix.nap_modules }}" == "waf,dos" ]] && modules="waf-dos" || modules="${{ matrix.nap_modules }}" | |
echo "modules=${modules}" >> $GITHUB_OUTPUT | |
if: ${{ matrix.nap_modules != '' }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
images: | | |
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus | |
flavor: | | |
suffix=-${{ matrix.image }}-${{ steps.nap_modules.outputs.modules }},onlatest=false | |
tags: | | |
type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }} | |
- name: Build Base Container | |
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 | |
with: | |
file: build/Dockerfile | |
context: "." | |
cache-from: type=gha,scope=${{ matrix.image }}-${{ steps.nap_modules.outputs.modules }} | |
cache-to: type=gha,scope=${{ matrix.image }}-${{ steps.nap_modules.outputs.modules }},mode=max | |
target: common | |
tags: ${{ steps.meta.outputs.tags }} | |
platforms: ${{ matrix.platforms }} | |
pull: true | |
push: true | |
build-args: | | |
BUILD_OS=${{ matrix.image }} | |
IC_VERSION=${{ needs.checks.outputs.ic_version }} | |
NAP_MODULES=${{ matrix.nap_modules }} | |
secrets: | | |
"nginx-repo.crt=${{ secrets.NGINX_AP_CRT }}" | |
"nginx-repo.key=${{ secrets.NGINX_AP_KEY }}" | |
${{ contains(matrix.image, 'ubi') && format('"rhel_license={0}"', secrets.RHEL_LICENSE) || '' }} |