Skip to content

chore(deps): update all github action dependencies #245

chore(deps): update all github action dependencies

chore(deps): update all github action dependencies #245

name: Image Release Build
# Any change in triggers needs to be reflected in the concurrency group.
on:
push:
branches:
- main
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
pull_request:
branches:
- main
- v*
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }}
cancel-in-progress: true
permissions: read-all
jobs:
determine-deployment:
if: ${{ github.repository == 'cilium/hubble' }}
name: Determine Deployment
runs-on: ubuntu-22.04
steps:
- name: Determine deployment environment
id: environment
# use 'release' deployment if the workflow was triggered on a pushed tag starting with "v"
run: |
echo "deployment=${{ (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) && 'release' || '' }}" >> $GITHUB_OUTPUT
outputs:
name: ${{ steps.environment.outputs.deployment }}
build-and-push:
if: ${{ github.repository == 'cilium/hubble' }}
environment: ${{ needs.determine-deployment.outputs.name }}
runs-on: ubuntu-22.04
needs: determine-deployment
strategy:
# matrix for easier code-sharing with workflows from cilium/cilium
matrix:
include:
- name: hubble
dockerfile: ./Dockerfile
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
- name: Login to quay.io
if: ${{ needs.determine-deployment.outputs.name == 'release' }}
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME_RELEASE_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD_RELEASE_PASSWORD }}
- name: Getting image tag
id: tag
run: |
echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
- name: Checkout Source Code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
persist-credentials: false
- name: Release Build ${{ matrix.name }}
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
id: docker_build_release
with:
context: .
file: ${{ matrix.dockerfile }}
push: ${{ needs.determine-deployment.outputs.name == 'release' }}
platforms: linux/amd64,linux/arm64
tags: |
quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}
- name: Image Release Digest
shell: bash
run: |
mkdir -p image-digest/
job_name=${{ matrix.name }}
job_name_capital=${job_name^^}
job_name_underscored=${job_name_capital//-/_}
echo "${job_name_underscored}_DIGEST := \"${{ steps.docker_build_release.outputs.digest }}\"" > image-digest/makefile-digest.txt
echo "### ${{ matrix.name }}" > image-digest/${{ matrix.name }}.txt
echo "" >> image-digest/${{ matrix.name }}.txt
echo "\`quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_release.outputs.digest }}\`" >> image-digest/${{ matrix.name }}.txt
echo "" >> image-digest/${{ matrix.name }}.txt
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: image-digest ${{ matrix.name }}
path: image-digest
retention-days: 1
image-digests:
if: ${{ github.repository == 'cilium/hubble' }}
name: Display Digests
runs-on: ubuntu-22.04
needs: build-and-push
steps:
- name: Getting image tag
id: tag
run: |
echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
- name: Downloading Image Digests
shell: bash
run: |
mkdir -p image-digest/
- name: Download digests of all images built
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
pattern: "*image-digest *"
path: image-digest/
- name: Image Digests Output
shell: bash
run: |
cd image-digest/
echo "## Docker Manifests" > ../image-digest-output.txt
echo "" >> ../image-digest-output.txt
find -type f -not -name "makefile-digest.txt" | sort | xargs -d '\n' cat >> ../image-digest-output.txt
- name: Image Makefile Digests
shell: bash
run: |
cd image-digest/
echo "# File generated by .github/workflows/build-images-releases.yaml; DO NOT EDIT." > ../Makefile.digests
echo "# Copyright "$(date +'%Y')" Authors of Cilium" >> ../Makefile.digests
echo "# SPDX-License-Identifier: Apache-2.0" >> ../Makefile.digests
echo "" >> ../Makefile.digests
find -type f -name "makefile-digest.txt" | sort | xargs -d '\n' cat >> ../Makefile.digests
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: image-digest-output.txt-${{ steps.tag.outputs.tag }}
path: image-digest-output.txt
retention-days: 1
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: Makefile.digests-${{ steps.tag.outputs.tag }}
path: Makefile.digests
retention-days: 1