mirror of
https://github.com/goauthentik/authentik
synced 2026-04-25 17:15:26 +02:00
106 lines
3.7 KiB
YAML
106 lines
3.7 KiB
YAML
---
|
|
# Re-usable workflow for a single-architecture build
|
|
name: Reusable - Single-arch Container build
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
image_name:
|
|
required: true
|
|
type: string
|
|
image_arch:
|
|
required: true
|
|
type: string
|
|
runs-on:
|
|
required: true
|
|
type: string
|
|
registry_dockerhub:
|
|
default: false
|
|
type: boolean
|
|
registry_ghcr:
|
|
default: false
|
|
type: boolean
|
|
release:
|
|
default: false
|
|
type: boolean
|
|
outputs:
|
|
image-digest:
|
|
value: ${{ jobs.build.outputs.image-digest }}
|
|
|
|
jobs:
|
|
build:
|
|
name: Build ${{ inputs.image_arch }}
|
|
runs-on: ${{ inputs.runs-on }}
|
|
outputs:
|
|
image-digest: ${{ steps.push.outputs.digest }}
|
|
permissions:
|
|
# Needed to upload container images to ghcr.io
|
|
packages: write
|
|
# Needed for attestation
|
|
id-token: write
|
|
attestations: write
|
|
# Needed for checkout
|
|
contents: read
|
|
steps:
|
|
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5
|
|
- uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
|
|
- uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
|
|
- name: prepare variables
|
|
uses: ./.github/actions/docker-push-variables
|
|
id: ev
|
|
env:
|
|
DOCKER_USERNAME: ${{ secrets.DOCKER_CORP_USERNAME }}
|
|
with:
|
|
image-name: ${{ inputs.image_name }}
|
|
image-arch: ${{ inputs.image_arch }}
|
|
release: ${{ inputs.release }}
|
|
- name: Login to Docker Hub
|
|
if: ${{ inputs.registry_dockerhub }}
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_CORP_USERNAME }}
|
|
password: ${{ secrets.DOCKER_CORP_PASSWORD }}
|
|
- name: Login to GitHub Container Registry
|
|
if: ${{ inputs.registry_ghcr }}
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: make empty clients
|
|
if: ${{ inputs.release }}
|
|
run: |
|
|
mkdir -p ./gen-ts-api
|
|
mkdir -p ./gen-go-api
|
|
- name: Setup node
|
|
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v5
|
|
with:
|
|
node-version-file: web/package.json
|
|
cache: "npm"
|
|
cache-dependency-path: web/package-lock.json
|
|
- name: generate ts client
|
|
run: make gen-client-ts
|
|
- name: Build Docker Image
|
|
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
|
|
id: push
|
|
with:
|
|
context: .
|
|
file: lifecycle/container/Dockerfile
|
|
push: ${{ steps.ev.outputs.shouldPush == 'true' }}
|
|
secrets: |
|
|
GEOIPUPDATE_ACCOUNT_ID=${{ secrets.GEOIPUPDATE_ACCOUNT_ID }}
|
|
GEOIPUPDATE_LICENSE_KEY=${{ secrets.GEOIPUPDATE_LICENSE_KEY }}
|
|
build-args: |
|
|
${{ steps.ev.outputs.imageBuildArgs }}
|
|
tags: ${{ steps.ev.outputs.imageTags }}
|
|
platforms: linux/${{ inputs.image_arch }}
|
|
cache-from: type=registry,ref=${{ steps.ev.outputs.attestImageNames }}:buildcache-${{ inputs.image_arch }}
|
|
cache-to: ${{ steps.ev.outputs.cacheTo }}
|
|
- uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3
|
|
id: attest
|
|
if: ${{ steps.ev.outputs.shouldPush == 'true' }}
|
|
with:
|
|
subject-name: ${{ steps.ev.outputs.attestImageNames }}
|
|
subject-digest: ${{ steps.push.outputs.digest }}
|
|
push-to-registry: true
|