mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-10 23:12:36 +00:00
a41b0f2fe4
* Use openssl 3.3 in aca windows images [no ci] * Further attempt to compile the tpm simulator on Windows [no ci] * Sw tpm vs solution was updated to look for libcrypto in different place [no ci] * Similar steps for tss tools [no ci] * Change workflow ref [no ci] * REF not connecting [no ci] * Try accessing through Env [no ci] * Tried to print build args before selecting image [no ci] * Different arg access before shell change [no ci] * Fun with docker args [no ci] * Fun with docker build args 2 [no ci] * Adjust for change in package folder structure [no ci]
185 lines
6.6 KiB
YAML
185 lines
6.6 KiB
YAML
name: Create ACA Docker Image
|
|
on:
|
|
release:
|
|
types: [ published ]
|
|
workflow_dispatch:
|
|
inputs:
|
|
also_tag_latest:
|
|
description: 'Tag latest?'
|
|
required: false
|
|
type: boolean
|
|
env:
|
|
DOCKERFILE_ROCKY: aca-rocky
|
|
DOCKERFILE_WINDOWS: aca-windows
|
|
IMAGE_NAME_ROCKY: ghcr.io/nsacyber/hirs/aca-rocky
|
|
IMAGE_NAME_WINDOWS: ghcr.io/nsacyber/hirs/aca-windows
|
|
IMAGE_NAME_WINDOWS_COMPAT: ghcr.io/nsacyber/hirs/aca-windows-1809
|
|
PUBLIC_IMAGE_NAME: ghcr.io/nsacyber/hirs/aca
|
|
PUBLIC_IMAGE_TAG_LATEST: ghcr.io/nsacyber/hirs/aca:latest
|
|
TAG_LATEST: ${{ github.event_name == 'release' || inputs.also_tag_latest }} # The public docker image will be tagged 'latest' for releases, or if this option is manually selected.
|
|
jobs:
|
|
setup:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
IMAGE_TAG: ${{ steps.setenv.outputs.IMAGE_TAG }}
|
|
ROCKY_IMAGE_TAG: ${{ steps.setenv.outputs.ROCKY_IMAGE_TAG }}
|
|
WINDOWS_IMAGE_TAG: ${{ steps.setenv.outputs.WINDOWS_IMAGE_TAG }}
|
|
WINDOWS_COMPAT_IMAGE_TAG: ${{ steps.setenv.outputs.WINDOWS_COMPAT_IMAGE_TAG }}
|
|
PUBLIC_IMAGE_TAG: ${{ steps.setenv.outputs.PUBLIC_IMAGE_TAG }}
|
|
steps:
|
|
- name: Set env
|
|
id: setenv
|
|
shell: bash
|
|
run: |
|
|
# Parse docker image tag from GitHub tag if available
|
|
if [ "${{ github.ref_type }}" = "tag" ]; then
|
|
# tags start with refs/tags/. Also remove v if it exists.
|
|
export IMAGE_TAG_VAR=${GITHUB_REF:10}
|
|
export IMAGE_TAG_VAR=${IMAGE_TAG_VAR//v/}
|
|
else
|
|
# Not a tag, use the commit hash. Do not tag as latest.
|
|
export IMAGE_TAG_VAR=${GITHUB_SHA:0:7}
|
|
fi
|
|
# To lowercase
|
|
export IMAGE_TAG_VAR=${IMAGE_TAG_VAR,,}
|
|
|
|
# Save to output
|
|
echo "IMAGE_TAG=$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT"
|
|
echo "ROCKY_IMAGE_TAG=$IMAGE_NAME_ROCKY:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT"
|
|
echo "WINDOWS_IMAGE_TAG=$IMAGE_NAME_WINDOWS:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT"
|
|
echo "WINDOWS_COMPAT_IMAGE_TAG=$IMAGE_NAME_WINDOWS_COMPAT:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT"
|
|
echo "PUBLIC_IMAGE_TAG=$PUBLIC_IMAGE_NAME:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT"
|
|
- name: Print env
|
|
run: |
|
|
echo GITHUB_REF_NAME=${{ github.ref_name }}
|
|
echo DOCKERFILE_ROCKY=$DOCKERFILE_ROCKY
|
|
echo DOCKERFILE_WINDOWS=$DOCKERFILE_WINDOWS
|
|
echo IMAGE_NAME_ROCKY=$IMAGE_NAME_ROCKY
|
|
echo IMAGE_NAME_WINDOWS=$IMAGE_NAME_WINDOWS
|
|
echo IMAGE_NAME_WINDOWS_COMPAT=$IMAGE_NAME_WINDOWS_COMPAT
|
|
echo PUBLIC_IMAGE_NAME=$PUBLIC_IMAGE_NAME
|
|
echo PUBLIC_IMAGE_TAG_LATEST=$PUBLIC_IMAGE_TAG_LATEST
|
|
echo TAG_LATEST=$TAG_LATEST
|
|
echo IMAGE_TAG=${{ steps.setenv.outputs.IMAGE_TAG }}
|
|
echo ROCKY_IMAGE_TAG=${{ steps.setenv.outputs.ROCKY_IMAGE_TAG }}
|
|
echo WINDOWS_IMAGE_TAG=${{ steps.setenv.outputs.WINDOWS_IMAGE_TAG }}
|
|
echo WINDOWS_COMPAT_IMAGE_TAG=${{ steps.setenv.outputs.WINDOWS_COMPAT_IMAGE_TAG }}
|
|
echo PUBLIC_IMAGE_TAG=${{ steps.setenv.outputs.PUBLIC_IMAGE_TAG }}
|
|
|
|
rocky-image:
|
|
needs: setup
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
TAG: ${{ needs.setup.outputs.ROCKY_IMAGE_TAG }}
|
|
steps:
|
|
- name: Checkout main
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build and push a release Docker image for ${{ github.repository }}
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: "{{defaultContext}}:.ci/docker"
|
|
file: Dockerfile.${{env.DOCKERFILE_ROCKY}}
|
|
build-args: REF=${{ github.ref_name }}
|
|
tags: ${{env.TAG}}
|
|
push: true
|
|
|
|
windows-11-image:
|
|
needs: setup
|
|
runs-on: windows-latest
|
|
env:
|
|
TAG: ${{ needs.setup.outputs.WINDOWS_IMAGE_TAG }}
|
|
steps:
|
|
- name: Checkout main
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build the docker image for ${{ github.repository }}
|
|
run: |
|
|
cd ./.ci/docker
|
|
docker build --build-arg REF=${{ github.ref_name }} -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} .
|
|
|
|
- name: Push the docker image
|
|
run: |
|
|
docker push ${{env.TAG}}
|
|
|
|
windows-compat-image: # This job uses a different runner and build arg than the other windows job.
|
|
needs: setup
|
|
runs-on: windows-2019
|
|
env:
|
|
TAG: ${{ needs.setup.outputs.WINDOWS_COMPAT_IMAGE_TAG }}
|
|
steps:
|
|
- name: Checkout main
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build the docker image for ${{ github.repository }}
|
|
run: |
|
|
cd ./.ci/docker
|
|
docker build --build-arg REF=${{ github.ref_name }} -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} --build-arg BASE_IMAGE_TAG=lts-windowsservercore-1809 .
|
|
|
|
- name: Push the docker image
|
|
run: |
|
|
docker push ${{env.TAG}}
|
|
|
|
|
|
manifest:
|
|
needs: [setup, rocky-image, windows-11-image, windows-compat-image]
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
IMAGE1: ${{ needs.setup.outputs.ROCKY_IMAGE_TAG }}
|
|
IMAGE2: ${{ needs.setup.outputs.WINDOWS_IMAGE_TAG }}
|
|
IMAGE3: ${{ needs.setup.outputs.WINDOWS_COMPAT_IMAGE_TAG }}
|
|
PUB: ${{ needs.setup.outputs.PUBLIC_IMAGE_TAG }}
|
|
steps:
|
|
- name: Print env
|
|
run: |
|
|
echo IMAGE1=${{env.IMAGE1}}
|
|
echo IMAGE2=${{env.IMAGE2}}
|
|
echo IMAGE3=${{env.IMAGE3}}
|
|
echo PUB=${{env.PUB}}
|
|
|
|
- name: Checkout main
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Create a new manifest
|
|
run: |
|
|
docker manifest create ${{env.PUB}} --amend ${{env.IMAGE1}} --amend ${{env.IMAGE2}} --amend ${{env.IMAGE3}}
|
|
|
|
- name: Push the new manifest
|
|
run: |
|
|
docker manifest push ${{env.PUB}}
|
|
|
|
- name: Create and push manifest latest if selected
|
|
if: env.TAG_LATEST != 'false'
|
|
run: |
|
|
docker manifest create $PUBLIC_IMAGE_TAG_LATEST --amend $IMAGE1 --amend $IMAGE2 --amend $IMAGE3
|
|
docker manifest push $PUBLIC_IMAGE_TAG_LATEST
|
|
|