build-and-tag-ranger-image #8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Licensed to the Apache Software Foundation (ASF) under one or more | |
| # contributor license agreements. See the NOTICE file distributed with | |
| # this work for additional information regarding copyright ownership. | |
| # The ASF licenses this file to You under the Apache License, Version 2.0 | |
| # (the "License"); you may not use this file except in compliance with | |
| # the License. You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| name: build-and-tag-ranger-image | |
| # This workflow builds the following images: ranger, ranger-db, ranger-solr. | |
| # It also pushes the image to the GitHub Container Registry, tagging it based on the ranger version present in the release branch. | |
| # It pushes the images to DockerHub if an OAuth token is provided as input. | |
| # Use this command to generate a unique 11 character token: | |
| # code=$(uuidgen | tr A-Z a-z | cut -c 1-11) | |
| # then pass the code to state param here: https://oauth.apache.org/auth?redirect_uri=https://ranger.apache.org&state=code | |
| # On successful authentication, it generates an OAuth token on redirect_uri that can be used to trigger the workflow and push the images to DockerHub. | |
| # For more info, read ASF OAuth doc here: https://idm.apache.org/api.html | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| token: | |
| description: 'OAuth Access Token' | |
| required: true | |
| type: string | |
| release-version: | |
| description: 'Ranger Release Version' | |
| required: true | |
| type: string | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 | |
| - name: Login to GitHub Container Registry | |
| id: login | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push images | |
| id: build | |
| run: | | |
| cd release | |
| export RANGER_VERSION=${{ github.event.inputs.release-version }} | |
| docker buildx build \ | |
| --build-arg RANGER_VERSION=${RANGER_VERSION} \ | |
| --file Dockerfile.ranger \ | |
| --platform linux/amd64,linux/arm64 \ | |
| --tag ghcr.io/${{ github.repository_owner }}/ranger:${RANGER_VERSION} \ | |
| --push . | |
| docker buildx build \ | |
| --file Dockerfile.ranger-postgres \ | |
| --platform linux/amd64,linux/arm64 \ | |
| --tag ghcr.io/${{ github.repository_owner }}/ranger-db:${RANGER_VERSION} \ | |
| --push . | |
| docker buildx build \ | |
| --file Dockerfile.ranger-solr \ | |
| --platform linux/amd64,linux/arm64 \ | |
| --tag ghcr.io/${{ github.repository_owner }}/ranger-solr:${RANGER_VERSION} \ | |
| --push . | |
| tag: | |
| needs: build | |
| if: ${{ github.event.inputs.token != '' }} | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }} | |
| RANGER_VERSION: ${{ github.event.inputs.release-version }} | |
| REGISTRIES: ghcr.io # docker.io is appended dynamically | |
| steps: | |
| - name: Verify OAuth Token | |
| run: | | |
| response=$(curl -LSs https://oauth.apache.org/token\?code\=${{ github.event.inputs.token }}) | |
| echo "$response" | jq -e . >/dev/null 2>&1 | |
| if [[ $? -eq 0 ]]; then | |
| check=$(echo $response | jq -e --arg str "ranger" '.pmcs | index($str) != null') | |
| if [[ $check == true ]]; then | |
| echo "Authorized to push to Docker Hub" | |
| else | |
| echo "Not authorized to push to Docker Hub" | |
| exit 1 | |
| fi | |
| else | |
| echo $response | |
| fi | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 | |
| - name: Add Docker Hub to targets | |
| if: ${{ env.DOCKERHUB_USER }} | |
| run: | | |
| echo "REGISTRIES=${{ env.REGISTRIES }} docker.io" >> $GITHUB_ENV | |
| - name: Pull image | |
| run: | | |
| docker pull ghcr.io/${{ github.repository_owner }}/ranger:${RANGER_VERSION} | |
| docker pull ghcr.io/${{ github.repository_owner }}/ranger-db:${RANGER_VERSION} | |
| docker pull ghcr.io/${{ github.repository_owner }}/ranger-solr:${RANGER_VERSION} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Login to Docker Hub | |
| if: ${{ env.DOCKERHUB_USER }} | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| username: ${{ env.DOCKERHUB_USER }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Apply tags to existing image | |
| run: | | |
| set -x | |
| for registry in $REGISTRIES; do | |
| for service in ranger ranger-db ranger-solr; do | |
| opts="$(echo "$RANGER_VERSION" | sed "s@^@--tag $registry/${{ github.repository_owner }}/$service:@g" | xargs echo)" | |
| if [[ -n "$opts" ]]; then | |
| docker buildx imagetools create $opts ghcr.io/${{ github.repository_owner }}/$service:${RANGER_VERSION} | |
| fi | |
| done | |
| done |