forked from kasia-kittel/Spring4ShellExample
-
Notifications
You must be signed in to change notification settings - Fork 0
132 lines (112 loc) · 4.36 KB
/
build-image.yml
File metadata and controls
132 lines (112 loc) · 4.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Build Container Image with OCI Labels
on:
# Trigger on merge to main
push:
branches:
- main
# Manual trigger
workflow_dispatch:
inputs:
custom_tag:
description: 'Custom tag for the image (optional)'
required: false
default: 'manual-build'
env:
# Container Image Labeling
TEAM_ORGDATA_EMAIL: "api.eng.ept@vonage.com"
TEAM_ORGDATA_ID: "ept"
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history for version detection
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Extract base image info
id: base_image
run: |
# Extract base image from Dockerfile
cd test-app
BASE_IMAGE=$(grep -E '^FROM' Dockerfile | head -n 1 | awk '{print $2}')
# Handle ARG-based FROM (e.g., FROM ${BASE_IMAGE})
if [[ "$BASE_IMAGE" == \$* ]]; then
ARG_NAME=$(echo "$BASE_IMAGE" | tr -d '${}')
BASE_IMAGE=$(grep -E "^ARG\s+$ARG_NAME=" Dockerfile | cut -d'=' -f2)
fi
echo "Base image found: $BASE_IMAGE"
# Check for scratch image
if [[ "$BASE_IMAGE" == "scratch" ]]; then
echo "name=scratch" >> $GITHUB_OUTPUT
echo "digest=N/A (scratch image)" >> $GITHUB_OUTPUT
exit 0
fi
echo "name=$BASE_IMAGE" >> $GITHUB_OUTPUT
# Pull base image and get digest
docker pull "$BASE_IMAGE"
BASE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' "$BASE_IMAGE" 2>/dev/null | cut -d'@' -f2 || echo "N/A")
echo "digest=$BASE_DIGEST" >> $GITHUB_OUTPUT
echo "Base image digest: $BASE_DIGEST"
- name: Get SPDX license id
id: license
env:
GH_TOKEN: ${{ github.token }}
run: |
spdx=$(
curl -sS \
-H "Authorization: Bearer $GH_TOKEN" \
-H "Accept: application/vnd.github+json" \
"${{ github.api_url }}/repos/${{ github.repository }}/license" \
| jq -r '.license.spdx_id // empty'
)
if [ -z "$spdx" ] || [ "$spdx" = "NOASSERTION" ]; then
echo "Could not determine SPDX id (missing license or unrecognized)."
spdx=""
fi
echo "spdx=$spdx" >> "$GITHUB_OUTPUT"
echo "SPDX: $spdx"
- name: Generate Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: test-app
tags: |
type=ref,event=branch
type=sha,prefix=
type=raw,value=latest,enable={{is_default_branch}}
# Labels using OCI standard keys
labels: |
org.opencontainers.image.authors=${{ env.TEAM_ORGDATA_EMAIL }}
com.vonage.orgdata.id=${{ env.TEAM_ORGDATA_ID }}
org.opencontainers.image.title=${{ github.event.repository }}
org.opencontainers.image.base.name=${{ steps.base_image.outputs.name }}
org.opencontainers.image.base.digest=${{ steps.base_image.outputs.digest }}
org.opencontainers.image.description=${{ github.event.repository.description }}
org.opencontainers.image.url=${{ github.repositoryUrl }}/test-app/Dockerfile
org.opencontainers.image.documentation=${{ github.repositoryUrl }}/README.md
org.opencontainers.image.vendor=${{ github.repository_owner }}
org.opencontainers.image.licenses=${{ steps.license.outputs.spdx }}
- name: Build the app
run: |
cd test-app
make build
- name: Build image
uses: docker/build-push-action@v5
with:
context: test-app
push: false
load: true # Load image into local Docker daemon
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Display image labels
run: |
IMAGE=$(echo "${{ steps.meta.outputs.tags }}" | head -1)
echo "Image: $IMAGE"
echo ""
docker inspect "$IMAGE" --format='{{json .Config.Labels}}' | jq '.'