From b42a20404ec72b4042246b04e2ab10bc35df1444 Mon Sep 17 00:00:00 2001 From: Mathias Beaulieu-Duncan <52874619+singatias@users.noreply.github.com> Date: Sun, 13 Oct 2024 20:21:00 -0400 Subject: [PATCH] Update GitHub Action Workflow to Build Multi-Architecture Docker Images (#136) --- .github/workflows/apps-event-worker.yaml | 19 ++++++++++++++++- .../workflows/apps-job-policy-checker.yaml | 19 ++++++++++++++++- .github/workflows/apps-webservice.yaml | 19 ++++++++++++++++- .../integrations-google-compute-scanner.yaml | 21 +++++++++++++++++-- .../integrations-kubernetes-job-agent.yaml | 19 ++++++++++++++++- .../integrations-terraform-cloud-scanner.yaml | 13 +++++++++++- .github/workflows/packages-migrations.yaml | 13 +++++++++++- 7 files changed, 115 insertions(+), 8 deletions(-) diff --git a/.github/workflows/apps-event-worker.yaml b/.github/workflows/apps-event-worker.yaml index 9d6df9b2a..be32ce417 100644 --- a/.github/workflows/apps-event-worker.yaml +++ b/.github/workflows/apps-event-worker.yaml @@ -23,9 +23,15 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -35,8 +41,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -55,12 +70,14 @@ jobs: with: push: false file: apps/event-worker/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: apps/event-worker/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/apps-job-policy-checker.yaml b/.github/workflows/apps-job-policy-checker.yaml index 8895c8c8e..79841af95 100644 --- a/.github/workflows/apps-job-policy-checker.yaml +++ b/.github/workflows/apps-job-policy-checker.yaml @@ -21,9 +21,15 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -33,8 +39,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -53,12 +68,14 @@ jobs: with: push: false file: apps/job-policy-checker/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: apps/job-policy-checker/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/apps-webservice.yaml b/.github/workflows/apps-webservice.yaml index a86cab196..6f30ee36e 100644 --- a/.github/workflows/apps-webservice.yaml +++ b/.github/workflows/apps-webservice.yaml @@ -19,9 +19,15 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -31,8 +37,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -51,12 +66,14 @@ jobs: with: push: false file: apps/webservice/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: apps/webservice/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/integrations-google-compute-scanner.yaml b/.github/workflows/integrations-google-compute-scanner.yaml index 0206a1a40..07f88c2ae 100644 --- a/.github/workflows/integrations-google-compute-scanner.yaml +++ b/.github/workflows/integrations-google-compute-scanner.yaml @@ -19,9 +19,15 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -31,8 +37,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -51,12 +66,14 @@ jobs: with: push: false file: integrations/google-compute-scanner/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true - file: integrations/google-compute-scanner/Dockerfile + file: integrations/google-compute-scanner/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/integrations-kubernetes-job-agent.yaml b/.github/workflows/integrations-kubernetes-job-agent.yaml index e173e890e..d7dd33e31 100644 --- a/.github/workflows/integrations-kubernetes-job-agent.yaml +++ b/.github/workflows/integrations-kubernetes-job-agent.yaml @@ -19,9 +19,15 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -31,8 +37,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -51,12 +66,14 @@ jobs: with: push: false file: integrations/kubernetes-job-agent/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: integrations/kubernetes-job-agent/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/integrations-terraform-cloud-scanner.yaml b/.github/workflows/integrations-terraform-cloud-scanner.yaml index 42a32937e..96b76b1d2 100644 --- a/.github/workflows/integrations-terraform-cloud-scanner.yaml +++ b/.github/workflows/integrations-terraform-cloud-scanner.yaml @@ -31,8 +31,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -51,12 +60,14 @@ jobs: with: push: false file: integrations/terraform-cloud-scanner/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: integrations/terraform-cloud-scanner/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/packages-migrations.yaml b/.github/workflows/packages-migrations.yaml index 21480b705..21b6ab8c4 100644 --- a/.github/workflows/packages-migrations.yaml +++ b/.github/workflows/packages-migrations.yaml @@ -27,8 +27,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -47,12 +56,14 @@ jobs: with: push: false file: packages/db/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: packages/db/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }}