chore(deps): update all github action dependencies (v1.12) (major) #1464
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Image CI Build | |
| # Any change in triggers needs to be reflected in the concurrency group. | |
| on: | |
| pull_request_target: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| push: | |
| branches: | |
| - v1.12 | |
| - ft/v1.12/** | |
| permissions: read-all | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-and-push-prs: | |
| name: Build and Push Images | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| include: | |
| - name: cilium | |
| dockerfile: ./images/cilium/Dockerfile | |
| - name: operator-aws | |
| dockerfile: ./images/operator/Dockerfile | |
| - name: operator-azure | |
| dockerfile: ./images/operator/Dockerfile | |
| - name: operator-alibabacloud | |
| dockerfile: ./images/operator/Dockerfile | |
| - name: operator-generic | |
| dockerfile: ./images/operator/Dockerfile | |
| - name: hubble-relay | |
| dockerfile: ./images/hubble-relay/Dockerfile | |
| - name: clustermesh-apiserver | |
| dockerfile: ./images/clustermesh-apiserver/Dockerfile | |
| - name: docker-plugin | |
| dockerfile: ./images/cilium-docker-plugin/Dockerfile | |
| steps: | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | |
| - name: Login to quay.io for CI | |
| uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_USERNAME_CI }} | |
| password: ${{ secrets.QUAY_PASSWORD_CI }} | |
| - name: Getting image tag | |
| id: tag | |
| run: | | |
| if [ ${{ github.event.pull_request.head.sha }} != "" ]; then | |
| echo tag=${{ github.event.pull_request.head.sha }} >> $GITHUB_OUTPUT | |
| else | |
| echo tag=${{ github.sha }} >> $GITHUB_OUTPUT | |
| fi | |
| # Warning: since this is a privileged workflow, subsequent workflow job | |
| # steps must take care not to execute untrusted code. | |
| - name: Checkout pull request branch (NOT TRUSTED) | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ steps.tag.outputs.tag }} | |
| # v1.12 branch pushes | |
| - name: CI Build ${{ matrix.name }} | |
| if: ${{ github.event_name != 'pull_request_target' }} | |
| uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 | |
| id: docker_build_ci_v1_12 | |
| with: | |
| provenance: false | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| # Only push when the event name was a GitHub push, this is to avoid | |
| # re-pushing the image tags when we only want to re-create the Golang | |
| # docker cache after the workflow "Image CI Cache Cleaner" was terminated. | |
| push: ${{ github.event_name == 'push' }} | |
| platforms: linux/amd64,linux/arm64 | |
| tags: | | |
| quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:v1.12 | |
| quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }} | |
| build-args: | | |
| OPERATOR_VARIANT=${{ matrix.name }} | |
| - name: CI race detection Build ${{ matrix.name }} | |
| if: ${{ github.event_name != 'pull_request_target' }} | |
| uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 | |
| id: docker_build_ci_v1_12_detect_race_condition | |
| with: | |
| provenance: false | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| # Only push when the event name was a GitHub push, this is to avoid | |
| # re-pushing the image tags when we only want to re-create the Golang | |
| # docker cache after the workflow "Image CI Cache Cleaner" was terminated. | |
| push: ${{ github.event_name == 'push' }} | |
| platforms: linux/amd64 | |
| tags: | | |
| quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:v1.12-race | |
| quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race | |
| build-args: | | |
| BASE_IMAGE=quay.io/cilium/cilium-runtime:07d9b863089eea0adc70f97f16cbb6c72cf3f14f@sha256:93e56c8f7e7cf1e6103fe8e8b978a5ae057e501a7ac7b78b51abb3905ed6557d | |
| LOCKDEBUG=1 | |
| RACE=1 | |
| OPERATOR_VARIANT=${{ matrix.name }} | |
| - name: CI Unstripped Binaries Build ${{ matrix.name }} | |
| if: ${{ github.event_name != 'pull_request_target' }} | |
| uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 | |
| id: docker_build_ci_v1_12_unstripped | |
| with: | |
| provenance: false | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| # Only push when the event name was a GitHub push, this is to avoid | |
| # re-pushing the image tags when we only want to re-create the Golang | |
| # docker cache after the workflow "Image CI Cache Cleaner" was terminated. | |
| push: ${{ github.event_name == 'push' }} | |
| platforms: linux/amd64 | |
| tags: | | |
| quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:v1.12-unstripped | |
| quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped | |
| build-args: | | |
| NOSTRIP=1 | |
| OPERATOR_VARIANT=${{ matrix.name }} | |
| - name: CI Image Releases digests | |
| if: ${{ github.event_name != 'pull_request_target' }} | |
| shell: bash | |
| run: | | |
| mkdir -p image-digest/ | |
| echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:v1.12@${{ steps.docker_build_ci_v1_12.outputs.digest }}" > image-digest/${{ matrix.name }}.txt | |
| echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:v1.12-race@${{ steps.docker_build_ci_v1_12_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt | |
| echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:v1.12-unstripped@${{ steps.docker_build_ci_v1_12_unstripped.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt | |
| echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_v1_12.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt | |
| echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race@${{ steps.docker_build_ci_v1_12_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt | |
| echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped@${{ steps.docker_build_ci_v1_12_unstripped.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt | |
| # PR updates | |
| - name: CI Build ${{ matrix.name }} | |
| if: ${{ github.event_name == 'pull_request_target' }} | |
| uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 | |
| id: docker_build_ci_pr | |
| with: | |
| provenance: false | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: | | |
| quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }} | |
| build-args: | | |
| OPERATOR_VARIANT=${{ matrix.name }} | |
| - name: CI Image Releases digests | |
| if: ${{ github.event_name == 'pull_request_target' }} | |
| shell: bash | |
| run: | | |
| mkdir -p image-digest/ | |
| echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt | |
| - name: CI race detection Build ${{ matrix.name }} | |
| if: ${{ github.event_name == 'pull_request_target' }} | |
| uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 | |
| id: docker_build_ci_pr_detect_race_condition | |
| with: | |
| provenance: false | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| push: true | |
| platforms: linux/amd64 | |
| tags: | | |
| quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race | |
| build-args: | | |
| BASE_IMAGE=quay.io/cilium/cilium-runtime:07d9b863089eea0adc70f97f16cbb6c72cf3f14f@sha256:93e56c8f7e7cf1e6103fe8e8b978a5ae057e501a7ac7b78b51abb3905ed6557d | |
| LOCKDEBUG=1 | |
| RACE=1 | |
| OPERATOR_VARIANT=${{ matrix.name }} | |
| - name: CI Unstripped Binaries Build ${{ matrix.name }} | |
| if: ${{ github.event_name == 'pull_request_target' }} | |
| uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 | |
| id: docker_build_ci_pr_unstripped | |
| with: | |
| provenance: false | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| push: true | |
| platforms: linux/amd64 | |
| tags: | | |
| quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped | |
| build-args: | | |
| NOSTRIP=1 | |
| OPERATOR_VARIANT=${{ matrix.name }} | |
| - name: CI Image Releases digests | |
| if: ${{ github.event_name == 'pull_request_target' }} | |
| shell: bash | |
| run: | | |
| mkdir -p image-digest/ | |
| echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt | |
| echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race@${{ steps.docker_build_ci_pr_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt | |
| echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped@${{ steps.docker_build_ci_pr_unstripped.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt | |
| # Upload artifact digests | |
| - name: Upload artifact digests | |
| uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
| with: | |
| name: image-digest ${{ matrix.name }} | |
| path: image-digest | |
| retention-days: 1 | |
| # we need to build cilium-test separately | |
| # this is caused by running apt while building the image | |
| # which requires qemu setup in order to avoid x86/arm64 binaries mixups | |
| # note: we only build on pushes to v1.12 branch | |
| build-and-push-with-qemu: | |
| name: Build and Push with qemu | |
| if: ${{ github.event_name == 'push' }} | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| include: | |
| - name: cilium-test | |
| dockerfile: ./images/cilium-test/Dockerfile | |
| steps: | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | |
| - name: Login to quay.io for CI | |
| uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_USERNAME_CI }} | |
| password: ${{ secrets.QUAY_PASSWORD_CI }} | |
| - name: Checkout Source Code | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ github.sha }} | |
| # v1.12 branch pushes | |
| - name: CI Build ${{ matrix.name }} | |
| uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 | |
| id: docker_build_ci_v1_12 | |
| with: | |
| provenance: false | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: | | |
| quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:v1.12 | |
| quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ github.sha }} | |
| - name: CI Image Releases digests | |
| shell: bash | |
| run: | | |
| mkdir -p image-digest/ | |
| echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:v1.12@${{ steps.docker_build_ci_v1_12.outputs.digest }}" > image-digest/${{ matrix.name }}.txt | |
| echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ github.sha }}@${{ steps.docker_build_ci_v1_12.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt | |
| # Upload artifact digests | |
| - name: Upload artifact digests | |
| uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
| with: | |
| name: image-digest ${{ matrix.name }} | |
| path: image-digest | |
| retention-days: 1 | |
| image-digests: | |
| if: ${{ always() && | |
| (needs.build-and-push-with-qemu.result == 'success' || needs.build-and-push-with-qemu.result == 'skipped') }} | |
| name: Display Digests | |
| runs-on: ubuntu-22.04 | |
| needs: [build-and-push-prs, build-and-push-with-qemu] | |
| steps: | |
| - name: Downloading Image Digests | |
| shell: bash | |
| run: | | |
| mkdir -p image-digest/ | |
| - name: Download digests of all images built | |
| uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 | |
| with: | |
| path: image-digest/ | |
| - name: Image Digests Output | |
| shell: bash | |
| run: | | |
| cd image-digest/ | |
| find -type f | sort | xargs -d '\n' cat |