Skip to content

Commit 9b30b5f

Browse files
fiddlermikeyfiddlermikey
authored
Merge pull request #103 from Keyfactor/release-3.0
Release 3.0.11 to main
2 parents 87086ed + dc2c278 commit 9b30b5f

25 files changed

+1906
-2
lines changed

.github/workflows/assign-env-from-json.yml

+126
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,126 @@
1+
name: Set Environment Variables from JSON
2+
on:
3+
workflow_call: # Add additional dispatched output properties
4+
outputs:
5+
release_dir:
6+
description: The release_dir property from integration-manifest.json
7+
value: ${{ jobs.assign-from-json.outputs.release_dir }}
8+
name:
9+
description: The release_dir property from integration-manifest.json
10+
value: ${{ jobs.assign-from-json.outputs.name }}
11+
integration_type:
12+
description: The release_dir property from integration-manifest.json
13+
value: ${{ jobs.assign-from-json.outputs.integration_type }}
14+
update_catalog:
15+
description: The release_dir property from integration-manifest.json
16+
value: ${{ jobs.assign-from-json.outputs.update_catalog }}
17+
UOFramework:
18+
description: The UOFramework property from integration-manifest.json
19+
value: ${{ jobs.assign-from-json.outputs.UOFramework }}
20+
21+
jobs:
22+
assign-from-json:
23+
runs-on: ubuntu-latest
24+
outputs: # Add properties to be sent to dispatched workflow(s)
25+
release_dir: ${{ steps.read-release_dir.outputs.output-value }}
26+
name: ${{ steps.read-name.outputs.output-value }}
27+
integration_type: ${{ steps.read-type.outputs.output-value }}
28+
update_catalog: ${{ steps.read-update_catalog.outputs.output-value }}
29+
UOFramework: ${{ steps.read-UOFramework.outputs.output-value }}
30+
description: ${{ steps.read-description.outputs.output-value }}
31+
name: Set workflow variables from integration-manifest.json
32+
steps:
33+
- name: checkout-json-file
34+
uses: keyfactor/checkout@v4
35+
with:
36+
token: ${{ secrets.GITHUB_TOKEN }}
37+
path: src
38+
39+
- name: checkout-action
40+
uses: keyfactor/checkout@v4
41+
with:
42+
repository: fiddlermikey/assign-from-json
43+
path: tools
44+
45+
- name: Adding initial markdown for Summary
46+
id: adding-initial-markdown
47+
run: echo '### Reading integration-manifest.json' > $GITHUB_STEP_SUMMARY
48+
49+
- name: Read name property
50+
uses: ./tools
51+
id: read-name
52+
with:
53+
input-file: 'src/integration-manifest.json'
54+
input-property: 'name'
55+
56+
- name: Read integration_type property
57+
uses: ./tools
58+
id: read-type
59+
with:
60+
input-file: 'src/integration-manifest.json'
61+
input-property: 'integration_type'
62+
63+
- name: Read update_catalog property
64+
uses: ./tools
65+
id: read-update_catalog
66+
with:
67+
input-file: 'src/integration-manifest.json'
68+
input-property: 'update_catalog'
69+
70+
- name: Read pam_support property
71+
if: steps.read-type.outputs.output-value == 'orchestrator'
72+
uses: ./tools
73+
id: read-pam_support
74+
with:
75+
input-file: 'src/integration-manifest.json'
76+
input-property: 'about.orchestrator.pam_support'
77+
required-value: 'false'
78+
79+
- name: Read UOFramework property
80+
if: steps.read-type.outputs.output-value == 'orchestrator'
81+
uses: ./tools
82+
id: read-UOFramework
83+
with:
84+
input-file: 'src/integration-manifest.json'
85+
input-property: 'about.orchestrator.UOFramework'
86+
87+
- name: Read keyfactor_platform_version property
88+
if: steps.read-type.outputs.output-value == 'orchestrator' && steps.read-pam_support.outputs.output-value == 'true'
89+
uses: ./tools
90+
id: read-keyfactor_platform_version
91+
with:
92+
input-file: 'src/integration-manifest.json'
93+
input-property: 'about.orchestrator.keyfactor_platform_version'
94+
95+
- name: Read release_dir property
96+
if: steps.read-type.outputs.output-value == 'orchestrator' || steps.read-type.outputs.output-value == 'ca-gateway' || steps.read-type.outputs.output-value == 'pam' || steps.read-type.outputs.output-value == 'anyca-plugin'
97+
uses: ./tools
98+
id: read-release_dir
99+
with:
100+
input-file: 'src/integration-manifest.json'
101+
input-property: 'release_dir'
102+
103+
- name: Read description property
104+
uses: ./tools
105+
id: read-description
106+
with:
107+
input-file: 'src/integration-manifest.json'
108+
input-property: 'description'
109+
110+
- name: Write variables to Summary
111+
id: adding-final-markdown
112+
run: |
113+
echo "### Integration Manifest Properties:" >> $GITHUB_STEP_SUMMARY
114+
echo "* ${{ steps.read-name.outputs.output-property }} : ${{ steps.read-name.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
115+
echo "* ${{ steps.read-type.outputs.output-property }} : ${{ steps.read-type.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
116+
echo "* ${{ steps.read-update_catalog.outputs.output-property }} : ${{ steps.read-update_catalog.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
117+
if [[ "${{ steps.read-type.outputs.output-value }}" == 'orchestrator' ]]; then
118+
echo "* ${{ steps.read-UOFramework.outputs.output-property }} : ${{ steps.read-UOFramework.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
119+
echo "* ${{ steps.read-pam_support.outputs.output-property }} : ${{ steps.read-pam_support.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
120+
if [[ "${{ steps.read-pam_support.outputs.output-value }}" == 'true' ]]; then
121+
echo "* ${{ steps.read-keyfactor_platform_version.outputs.output-property }} : ${{ steps.read-keyfactor_platform_version.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
122+
fi
123+
fi
124+
echo "* ${{ steps.read-release_dir.outputs.output-property }} : ${{ steps.read-release_dir.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
125+
126+

.github/workflows/container-build-and-release.yml

+191
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,191 @@
1+
name: Container Build
2+
3+
on:
4+
workflow_call:
5+
inputs:
6+
release_version:
7+
description: Condition based on release branch build
8+
required: false
9+
type: string
10+
platform_list:
11+
required: true
12+
description: platform name from input
13+
type: string # like linux/amd64,linux/arm64
14+
15+
secrets:
16+
docker-user:
17+
description: 'Secret token from caller workflow to access private packages'
18+
required: true
19+
docker-token:
20+
description: 'Secret token from caller workflow to access private packages'
21+
required: true
22+
23+
env:
24+
REGISTRY: keyfactor
25+
26+
jobs:
27+
setup:
28+
runs-on: ubuntu-latest
29+
outputs:
30+
platform_matrix: ${{ steps.vars.outputs.platform_matrix }}
31+
steps:
32+
- name: Create an array from platform_list input
33+
id: vars
34+
run: echo "platform_matrix=$(jq 'split(",")' -Rc <(echo '${{ inputs.platform_list }}'))" | tee -a $GITHUB_OUTPUT | tee -a $GITHUB_STEP_SUMMARY
35+
get-release-values:
36+
name: Get Release Properties
37+
runs-on: ubuntu-latest
38+
outputs:
39+
PUSH_IMAGE: ${{ steps.set-vars.outputs.PUSH_IMAGE }}
40+
steps:
41+
- name: Determine IMAGE_PUSH and VERSION
42+
id: set-vars
43+
run: |
44+
if [[ ("${{ github.event_name }}" == "pull_request") && "${{ inputs.release_version }}" != "" ]]; then
45+
echo "PUSH_IMAGE=true" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY"
46+
echo "VERSION=${{ inputs.release_version }}" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY"
47+
else
48+
echo "PUSH_IMAGE=false" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY"
49+
echo "VERSION=0.0.0" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_STEP_SUMMARY"
50+
fi
51+
run-container-build:
52+
name: Build Containers
53+
runs-on: ubuntu-latest
54+
needs: [setup,get-release-values]
55+
strategy:
56+
fail-fast: false
57+
matrix:
58+
platform: ${{ fromJson(needs.setup.outputs.platform_matrix) }}
59+
60+
permissions:
61+
contents: read
62+
packages: write
63+
64+
steps:
65+
- name: Prepare
66+
run: |
67+
platform=${{ matrix.platform }}
68+
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
69+
70+
- name: Set IMAGE_NAME
71+
run: |
72+
echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" | tee -a ${GITHUB_ENV}
73+
74+
# Checkout code
75+
# https://github.com/keyfactor/checkout
76+
- name: Checkout code
77+
uses: keyfactor/checkout@v4
78+
79+
# Extract metadata (tags, labels) for Docker
80+
# https://github.com/docker/metadata-action
81+
- name: Extract Docker metadata
82+
id: meta
83+
uses: keyfactor/metadata-action@v5.5.1
84+
with:
85+
images: ${{ env.IMAGE_NAME }}
86+
tags: |
87+
type=semver,pattern={{raw}},value=${{ inputs.release_version }}
88+
89+
# Set up QEMU
90+
# https://github.com/docker/setup-qemu-action
91+
- name: Set up QEMU
92+
uses: keyfactor/setup-qemu-action@v3.0.0
93+
94+
# Set up BuildKit Docker container builder to be able to build
95+
# multi-platform images and export cache
96+
# https://github.com/docker/setup-buildx-action
97+
- name: Set up Docker Buildx
98+
uses: keyfactor/setup-buildx-action@v3.3.0
99+
100+
# Login to Docker registry
101+
# https://github.com/docker/login-action
102+
- name: Log into registry ${{ env.REGISTRY }}
103+
uses: keyfactor/login-action@v3.2.0
104+
with:
105+
# registry: ${{ env.REGISTRY }} # Remove for dockerhub
106+
username: ${{ secrets.docker-user }}
107+
password: ${{ secrets.docker-token }}
108+
109+
# Build and push Docker image with Buildx
110+
# https://github.com/docker/build-push-action
111+
- name: Build and push Docker image
112+
id: build
113+
uses: keyfactor/build-push-action@v6.0.1
114+
with:
115+
context: .
116+
platforms: ${{ matrix.platform }}
117+
labels: ${{ steps.meta.outputs.labels }}
118+
push: ${{ needs.get-release-values.outputs.PUSH_IMAGE == 'true' }}
119+
outputs: type=image,name=${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true
120+
121+
# Export digest
122+
- name: Export digest
123+
run: |
124+
mkdir -p /tmp/digests
125+
digest="${{ steps.build.outputs.digest }}"
126+
touch "/tmp/digests/${digest#sha256:}"
127+
128+
# Upload digest
129+
- name: Upload digest
130+
uses: keyfactor/upload-artifact@v4
131+
with:
132+
name: digests-${{ env.PLATFORM_PAIR }}
133+
path: /tmp/digests/*
134+
if-no-files-found: error
135+
retention-days: 1
136+
137+
merge:
138+
runs-on: ubuntu-latest
139+
needs: [get-release-values, run-container-build]
140+
steps:
141+
- name: Set IMAGE_NAME
142+
run: |
143+
echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" | tee -a ${GITHUB_ENV}
144+
echo "PUSH_IMAGE = ${{ needs.get-release-values.outputs.PUSH_IMAGE }}"
145+
146+
# Download digests
147+
# https://github.com/actions/download-artifact
148+
- name: Download digests
149+
uses: keyfactor/download-artifact@v4.1.7
150+
with:
151+
path: /tmp/digests
152+
pattern: digests-*
153+
merge-multiple: true
154+
155+
# Set up BuildKit Docker container builder to be able to build
156+
# multi-platform images and export cache
157+
# https://github.com/docker/setup-buildx-action
158+
- name: Set up Docker Buildx
159+
uses: keyfactor/setup-buildx-action@v3.3.0
160+
161+
# Extract metadata (tags, labels) for Docker
162+
# https://github.com/docker/metadata-action
163+
- name: Extract Docker metadata
164+
id: meta
165+
uses: keyfactor/metadata-action@v5.5.1
166+
with:
167+
images: ${{ env.IMAGE_NAME }}
168+
tags: |
169+
type=semver,pattern={{raw}},value=${{ inputs.release_version }}
170+
171+
# Login to Docker registry
172+
# https://github.com/docker/login-action
173+
- name: Log into registry ${{ env.REGISTRY }}
174+
uses: keyfactor/login-action@v3.2.0
175+
with:
176+
# registry: ${{ env.REGISTRY }} # Remove for dockerhub
177+
username: ${{ secrets.docker-user }}
178+
password: ${{ secrets.docker-token }}
179+
180+
# Create manifest list and push if: needs.get-release-values.outputs.PUSH_IMAGE == true
181+
- name: Create manifest list and push
182+
if: needs.get-release-values.outputs.PUSH_IMAGE == 'true'
183+
working-directory: /tmp/digests
184+
run: |
185+
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
186+
$(printf '${{ env.IMAGE_NAME }}@sha256:%s ' *)
187+
188+
- name: Inspect image
189+
if: needs.get-release-values.outputs.PUSH_IMAGE == 'true'
190+
run: |
191+
docker buildx imagetools inspect ${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}

0 commit comments

Comments
 (0)