forked from kubernetes-sigs/kubebuilder
-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
🌱 Add process to build the images for kube-rbac-proxy and publish in …
…GitHub rehistry
- Loading branch information
1 parent
32e0fdc
commit 41547b5
Showing
2 changed files
with
67 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
# This workflow updates kube-rbac-proxy images in GHCR by retagging images from quay.io/brancz/kube-rbac-proxy. | ||
# Steps: | ||
# 1. Checks if specified version images already exist in GHCR to avoid redundancy. | ||
# 2. For new versions, pulls the base image from quay.io/brancz/kube-rbac-proxy without considering architecture. | ||
# 3. Pushes this image to GHCR, ensuring it's available for all required architectures (amd64, arm64, ppc64le, s390x). | ||
# 4. Creates and pushes a multi-architecture manifest for each version in GHCR, enabling architecture-agnostic pulls. | ||
name: Build and Push Kube RBAC Proxy Image | ||
on: | ||
# push: | ||
# branches: | ||
# - master | ||
pull_request: | ||
branches: | ||
- master | ||
paths: | ||
- 'release-rbac-images-versions.yaml' | ||
|
||
permissions: | ||
contents: read | ||
packages: write | ||
|
||
jobs: | ||
check-and-build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Set up QEMU and Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Login to GitHub Container Registry | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Install yq for YAML processing | ||
run: sudo snap install yq | ||
|
||
- name: Read versions from YAML and check for existing images | ||
run: | | ||
VERSIONS=$(yq e '.versions[]' release-rbac-images-versions.yaml) | ||
for VERSION in $VERSIONS; do | ||
EXISTS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" https://ghcr.io/v2/${{ github.repository_owner }}/kube-rbac-proxy/manifests/$VERSION) | ||
if [ "$EXISTS" -ne 200 ]; then | ||
echo "Version $VERSION does not exist. Proceeding with build and push." | ||
BASE_IMAGE_TAG="quay.io/brancz/kube-rbac-proxy:$VERSION" | ||
docker pull $BASE_IMAGE_TAG | ||
# Use docker buildx to rebuild for all architectures and push | ||
TARGET_IMAGE_TAG="ghcr.io/${{ github.repository_owner }}/kube-rbac-proxy:$VERSION" | ||
docker buildx build --push --tag $TARGET_IMAGE_TAG \ | ||
--platform linux/amd64,linux/arm64,linux/ppc64le,linux/s390x \ | ||
--build-arg BASE_IMAGE_TAG=$BASE_IMAGE_TAG . | ||
else | ||
echo "Version $VERSION already exists. Skipping." | ||
fi | ||
done | ||
env: | ||
DOCKER_CLI_EXPERIMENTAL: enabled |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
# Update this file to build new releases for the images | ||
# of the project https://github.com/brancz/kube-rbac-proxy | ||
versions: | ||
- v0.16.0 |