mirror of
https://github.com/goauthentik/authentik
synced 2026-04-26 01:25:02 +02:00
105 lines
3.7 KiB
YAML
105 lines
3.7 KiB
YAML
---
|
|
# Re-usable workflow for a single-architecture build
|
|
name: Reusable - Single-arch Container build
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
image_name:
|
|
required: true
|
|
type: string
|
|
image_arch:
|
|
required: true
|
|
type: string
|
|
runs-on:
|
|
required: true
|
|
type: string
|
|
registry_dockerhub:
|
|
default: false
|
|
type: boolean
|
|
registry_ghcr:
|
|
default: false
|
|
type: boolean
|
|
release:
|
|
default: false
|
|
type: boolean
|
|
outputs:
|
|
image-digest:
|
|
value: ${{ jobs.build.outputs.image-digest }}
|
|
|
|
jobs:
|
|
build:
|
|
name: Build ${{ inputs.image_arch }}
|
|
runs-on: ${{ inputs.runs-on }}
|
|
outputs:
|
|
image-digest: ${{ steps.push.outputs.digest }}
|
|
permissions:
|
|
# Needed to upload container images to ghcr.io
|
|
packages: write
|
|
# Needed for attestation
|
|
id-token: write
|
|
attestations: write
|
|
# Needed for checkout
|
|
contents: read
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
|
|
- uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
|
|
- uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
|
|
- name: prepare variables
|
|
uses: ./.github/actions/docker-push-variables
|
|
id: ev
|
|
env:
|
|
DOCKER_USERNAME: ${{ secrets.DOCKER_CORP_USERNAME }}
|
|
with:
|
|
image-name: ${{ inputs.image_name }}
|
|
image-arch: ${{ inputs.image_arch }}
|
|
release: ${{ inputs.release }}
|
|
- name: Login to Docker Hub
|
|
if: ${{ inputs.registry_dockerhub }}
|
|
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_CORP_USERNAME }}
|
|
password: ${{ secrets.DOCKER_CORP_PASSWORD }}
|
|
- name: Login to GitHub Container Registry
|
|
if: ${{ inputs.registry_ghcr }}
|
|
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v5
|
|
with:
|
|
node-version-file: web/package.json
|
|
cache: "npm"
|
|
cache-dependency-path: web/package-lock.json
|
|
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
|
|
with:
|
|
go-version-file: "go.mod"
|
|
- name: Generate API Clients
|
|
run: |
|
|
make gen-client-ts
|
|
make gen-client-go
|
|
- name: Build Docker Image
|
|
uses: docker/build-push-action@601a80b39c9405e50806ae38af30926f9d957c47 # v6
|
|
id: push
|
|
with:
|
|
context: .
|
|
file: lifecycle/container/Dockerfile
|
|
push: ${{ steps.ev.outputs.shouldPush == 'true' }}
|
|
secrets: |
|
|
GEOIPUPDATE_ACCOUNT_ID=${{ secrets.GEOIPUPDATE_ACCOUNT_ID }}
|
|
GEOIPUPDATE_LICENSE_KEY=${{ secrets.GEOIPUPDATE_LICENSE_KEY }}
|
|
build-args: |
|
|
${{ steps.ev.outputs.imageBuildArgs }}
|
|
tags: ${{ steps.ev.outputs.imageTags }}
|
|
platforms: linux/${{ inputs.image_arch }}
|
|
cache-from: type=registry,ref=${{ steps.ev.outputs.attestImageNames }}:buildcache-${{ inputs.image_arch }}
|
|
cache-to: ${{ steps.ev.outputs.cacheTo }}
|
|
- uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3
|
|
id: attest
|
|
if: ${{ steps.ev.outputs.shouldPush == 'true' }}
|
|
with:
|
|
subject-name: ${{ steps.ev.outputs.attestImageNames }}
|
|
subject-digest: ${{ steps.push.outputs.digest }}
|
|
push-to-registry: true
|