Adrian A. Baumann
9e6e2b5a03
All checks were successful
Build containers when image tags change / build-if-image-changed (., web, containers, main container, git.baumann.gr/adebaumann/vui) (push) Successful in 4s
Build containers when image tags change / build-if-image-changed (data-loader, loader, initContainers, init-container, git.baumann.gr/adebaumann/vui-data-loader) (push) Successful in 4s
SonarQube Scan / SonarQube Trigger (push) Successful in 55s
288 lines
10 KiB
YAML
288 lines
10 KiB
YAML
name: Build containers when image tags change
|
|
|
|
on:
|
|
push:
|
|
# Uncomment/adjust once working:
|
|
# branches: [ main ]
|
|
paths:
|
|
- "argocd/deployment.yaml"
|
|
- "Dockerfile"
|
|
- "data-loader/**"
|
|
- ".gitea/workflows/build-containers-on-demand.yml"
|
|
|
|
jobs:
|
|
build-if-image-changed:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- container_name: web
|
|
expected_repo: git.baumann.gr/adebaumann/vui
|
|
build_context: .
|
|
container_type: containers
|
|
description: main container
|
|
- container_name: loader
|
|
expected_repo: git.baumann.gr/adebaumann/vui-data-loader
|
|
build_context: data-loader
|
|
container_type: initContainers
|
|
description: init-container
|
|
|
|
env:
|
|
DEPLOY_FILE: "argocd/deployment.yaml"
|
|
CONTAINER_NAME: ${{ matrix.container_name }}
|
|
EXPECTED_REPO: ${{ matrix.expected_repo }}
|
|
CONTAINER_TYPE: ${{ matrix.container_type }}
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 2
|
|
|
|
- name: Determine base commit
|
|
id: base
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
if git rev-parse --verify -q HEAD~1 >/dev/null; then
|
|
echo "base=$(git rev-parse HEAD~1)" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "base=$(git hash-object -t tree /dev/null)" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: Install yq
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
YQ_VER=v4.44.3
|
|
curl -sL "https://github.com/mikefarah/yq/releases/download/${YQ_VER}/yq_linux_amd64" -o /usr/local/bin/yq
|
|
chmod +x /usr/local/bin/yq
|
|
yq --version
|
|
|
|
- name: Read ${{ matrix.description }} image from deployment
|
|
id: img
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
file="${DEPLOY_FILE:-argocd/deployment.yaml}"
|
|
cname="${CONTAINER_NAME}"
|
|
expected_repo="${EXPECTED_REPO}"
|
|
ctype="${CONTAINER_TYPE}"
|
|
|
|
export cname
|
|
export expected_repo
|
|
export ctype
|
|
|
|
echo "========================================"
|
|
echo "Checking: $ctype / $cname"
|
|
echo "Expected repo: $expected_repo"
|
|
echo "========================================"
|
|
|
|
# --- functions ------------------------------------------------------
|
|
have_yq() { command -v yq >/dev/null 2>&1; }
|
|
|
|
# yq-based extractor (multi-doc aware; Deployment only; container name match)
|
|
yq_extract() {
|
|
if [[ "$ctype" == "initContainers" ]]; then
|
|
yq -r '
|
|
select(.kind == "Deployment") |
|
|
.spec.template.spec.initContainers // [] |
|
|
map(select(.name == env(cname))) |
|
|
.[]?.image
|
|
' "$1" 2>/dev/null | tail -n 1
|
|
else
|
|
yq -r '
|
|
select(.kind == "Deployment") |
|
|
.spec.template.spec.containers // [] |
|
|
map(select(.name == env(cname))) |
|
|
.[]?.image
|
|
' "$1" 2>/dev/null | tail -n 1
|
|
fi
|
|
}
|
|
|
|
# ultra-tolerant fallback: grep around the appropriate block
|
|
fallback_extract() {
|
|
local block_pattern
|
|
local end_pattern
|
|
|
|
if [[ "$ctype" == "initContainers" ]]; then
|
|
block_pattern="^[[:space:]]*initContainers:"
|
|
end_pattern="^[[:space:]]*containers:|^[[:alpha:]][[:alnum:]_:-]*:"
|
|
else
|
|
block_pattern="^[[:space:]]*containers:"
|
|
end_pattern="^[[:alpha:]][[:alnum:]_:-]*:|^[[:space:]]*initContainers:"
|
|
fi
|
|
|
|
awk -v cname="$cname" -v block="$block_pattern" -v endp="$end_pattern" '
|
|
BEGIN{ in_cont=0; name=""; image="" }
|
|
$0 ~ block {in_cont=1; next}
|
|
in_cont {
|
|
# end of block when we hit the end pattern
|
|
if ($0 ~ endp) { in_cont=0 }
|
|
# capture name and image lines
|
|
if ($0 ~ /^[[:space:]]*-?[[:space:]]*name:[[:space:]]*/) {
|
|
name=$0; sub(/^.*name:[[:space:]]*/,"",name); gsub(/^[ "\047]+|[ "\047]+$/,"",name)
|
|
}
|
|
if ($0 ~ /^[[:space:]]*image:[[:space:]]*/) {
|
|
image=$0; sub(/^.*image:[[:space:]]*/,"",image); gsub(/^[ "\047]+|[ "\047]+$/,"",image)
|
|
if (name==cname) { print image; exit }
|
|
}
|
|
}
|
|
' "$1"
|
|
}
|
|
|
|
list_workload_images() {
|
|
echo "== workload $ctype in $1 ==" >&2
|
|
if have_yq; then
|
|
if [[ "$ctype" == "initContainers" ]]; then
|
|
yq -r '
|
|
select(.kind == "Deployment") |
|
|
.spec.template.spec.initContainers // [] |
|
|
.[] | "\(.name): \(.image)"
|
|
' "$1" 2>/dev/null | nl -ba >&2 || true
|
|
else
|
|
yq -r '
|
|
select(.kind == "Deployment") |
|
|
.spec.template.spec.containers // [] |
|
|
.[] | "\(.name): \(.image)"
|
|
' "$1" 2>/dev/null | nl -ba >&2 || true
|
|
fi
|
|
else
|
|
# coarse list for visibility
|
|
if [[ "$ctype" == "initContainers" ]]; then
|
|
awk '
|
|
/^ *initContainers:/, /^ *containers:/ { if ($0 ~ /name:|image:/) print }
|
|
' "$1" | nl -ba >&2 || true
|
|
else
|
|
awk '
|
|
/^ *containers:/, /^[^ ]/ { if ($0 ~ /name:|image:/) print }
|
|
' "$1" | nl -ba >&2 || true
|
|
fi
|
|
fi
|
|
}
|
|
# --------------------------------------------------------------------
|
|
|
|
# Ensure yq is present; if install failed earlier, try once more
|
|
if ! have_yq; then
|
|
echo "yq missing; attempting quick install..." >&2
|
|
curl -fsSL https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -o /usr/local/bin/yq || true
|
|
chmod +x /usr/local/bin/yq || true
|
|
fi
|
|
|
|
# Prepare old file (previous commit) if exists
|
|
if git cat-file -e "${{ steps.base.outputs.base }}":"$file" 2>/dev/null; then
|
|
git show "${{ steps.base.outputs.base }}:$file" > /tmp/old.yaml
|
|
else
|
|
: > /tmp/old.yaml
|
|
fi
|
|
|
|
list_workload_images /tmp/old.yaml || true
|
|
list_workload_images "$file" || true
|
|
|
|
if have_yq; then
|
|
old_image="$(yq_extract /tmp/old.yaml || true)"
|
|
new_image="$(yq_extract "$file" || true)"
|
|
else
|
|
old_image="$(fallback_extract /tmp/old.yaml || true)"
|
|
new_image="$(fallback_extract "$file" || true)"
|
|
fi
|
|
|
|
# If yq path failed to find it, try fallback once more as safety
|
|
if [ -z "${new_image:-}" ]; then
|
|
new_image="$(fallback_extract "$file" || true)"
|
|
fi
|
|
if [ -z "${old_image:-}" ]; then
|
|
old_image="$(fallback_extract /tmp/old.yaml || true)"
|
|
fi
|
|
|
|
echo "Old $ctype image: ${old_image:-<none>}"
|
|
echo "New $ctype image: ${new_image:-<none>}"
|
|
|
|
if [ -z "${new_image:-}" ]; then
|
|
echo "ERROR: Could not find $ctype[].name == \"$cname\" image in $file"
|
|
exit 1
|
|
fi
|
|
|
|
# Split repo and tag
|
|
new_repo="${new_image%:*}"
|
|
new_tag="${new_image##*:}"
|
|
if [[ "$new_repo" != "$expected_repo" ]]; then
|
|
echo "ERROR: Found $ctype \"$cname\" image repo is \"$new_repo\" but expected \"$expected_repo\""
|
|
exit 1
|
|
fi
|
|
|
|
registry="$(echo "$new_repo" | awk -F/ '{print $1}')"
|
|
|
|
{
|
|
echo "new_image=$new_image"
|
|
echo "new_repo=$new_repo"
|
|
echo "new_tag=$new_tag"
|
|
echo "registry=$registry"
|
|
} >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Check if image exists on registry
|
|
id: check_image
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
new_repo="${{ steps.img.outputs.new_repo }}"
|
|
new_tag="${{ steps.img.outputs.new_tag }}"
|
|
registry_user="${{ secrets.REGISTRY_USER }}"
|
|
registry_password="${{ secrets.REGISTRY_PASSWORD }}"
|
|
|
|
# Extract registry host and image name
|
|
registry_host=$(echo "$new_repo" | cut -d/ -f1)
|
|
image_path=$(echo "$new_repo" | cut -d/ -f2-)
|
|
|
|
echo "Checking if $new_repo:$new_tag exists on registry $registry_host"
|
|
|
|
# Use Docker Registry API v2 to check manifest
|
|
# Format: https://registry/v2/{image_path}/manifests/{tag}
|
|
manifest_url="https://${registry_host}/v2/${image_path}/manifests/${new_tag}"
|
|
|
|
# Check with authentication
|
|
http_code=$(curl -s -o /dev/null -w "%{http_code}" \
|
|
-u "${registry_user}:${registry_password}" \
|
|
-H "Accept: application/vnd.docker.distribution.manifest.v2+json,application/vnd.docker.distribution.manifest.list.v2+json" \
|
|
"$manifest_url" || echo "000")
|
|
|
|
if [ "$http_code" = "200" ]; then
|
|
echo "Image already exists on registry (HTTP $http_code)"
|
|
echo "exists=true" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "Image does not exist on registry (HTTP $http_code)"
|
|
echo "exists=false" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: Skip if image already exists
|
|
if: steps.check_image.outputs.exists == 'true'
|
|
run: echo "${{ matrix.description }} image ${{ steps.img.outputs.new_image }} already exists on registry; skipping build."
|
|
|
|
- name: Set up Buildx
|
|
if: steps.check_image.outputs.exists == 'false'
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to registry
|
|
if: steps.check_image.outputs.exists == 'false'
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ steps.img.outputs.registry }}
|
|
username: ${{ secrets.REGISTRY_USER }}
|
|
password: ${{ secrets.REGISTRY_PASSWORD }}
|
|
|
|
- name: Build and push ${{ matrix.description }} (exact tag from deployment)
|
|
if: steps.check_image.outputs.exists == 'false'
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: ${{ matrix.build_context }}
|
|
push: true
|
|
tags: |
|
|
${{ steps.img.outputs.new_image }}
|
|
${{ steps.img.outputs.new_repo }}:latest
|
|
labels: |
|
|
org.opencontainers.image.source=${{ gitea.repository }}
|
|
org.opencontainers.image.revision=${{ gitea.sha }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|