Skip to content

[OOB] Upgrades 'php' to '1.38.0' #885

[OOB] Upgrades 'php' to '1.38.0'

[OOB] Upgrades 'php' to '1.38.0' #885

Workflow file for this run

name: "Build"
on:
pull_request:
push:
branches:
- master
- backport/**
jobs:
#
# Building Stage
#
build:
strategy:
matrix:
variant:
- dotnet-core
- dotnet-framework
- java
- nodejs
- php
- python
runs-on: ubuntu-latest
outputs:
artifact-image-dotnet-core: ${{ steps.detect-artifact.outputs.artifact-image-dotnet-core }}
artifact-version-dotnet-core: ${{ steps.detect-artifact.outputs.artifact-version-dotnet-core }}
artifact-image-dotnet-framework: ${{ steps.detect-artifact.outputs.artifact-image-dotnet-framework }}
artifact-version-dotnet-framework: ${{ steps.detect-artifact.outputs.artifact-version-dotnet-framework }}
artifact-image-java: ${{ steps.detect-artifact.outputs.artifact-image-java }}
artifact-version-java: ${{ steps.detect-artifact.outputs.artifact-version-java }}
artifact-image-nodejs: ${{ steps.detect-artifact.outputs.artifact-image-nodejs }}
artifact-version-nodejs: ${{ steps.detect-artifact.outputs.artifact-version-nodejs }}
artifact-image-php: ${{ steps.detect-artifact.outputs.artifact-image-php }}
artifact-version-php: ${{ steps.detect-artifact.outputs.artifact-version-php }}
artifact-image-python: ${{ steps.detect-artifact.outputs.artifact-image-python }}
artifact-version-python: ${{ steps.detect-artifact.outputs.artifact-version-python }}
env:
AGENT_TYPE: ${{ matrix.variant }}
steps:
- uses: actions/checkout@v4
- name: Load Manifest
id: load-manifest
run: |
$manifest = Get-Content './src/${{ env.AGENT_TYPE }}/manifest.json' | ConvertFrom-Json
"version=$($manifest.version)" >> $env:GITHUB_OUTPUT
"image-name-suffix=$($manifest.imageNameSuffix)" >> $env:GITHUB_OUTPUT
"docker-file=$($manifest.dockerFile)" >> $env:GITHUB_OUTPUT
"context=$($manifest.context)" >> $env:GITHUB_OUTPUT
"platforms=$($manifest.platforms)" >> $env:GITHUB_OUTPUT
"image-name=ghcr.io/contrast-security-oss/agent-operator-images/agent-$($manifest.imageNameSuffix)" >> $env:GITHUB_OUTPUT
shell: pwsh
- name: Setup QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: arm64
- name: Setup Buildx
uses: docker/setup-buildx-action@v3
with:
install: true
version: latest
- name: Docker Meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ steps.load-manifest.outputs.image-name }}
tags: |
type=raw,value=trunk-artifact,enable=${{ github.ref == 'refs/heads/master' }}
type=raw,value=backport-artifact,enable=${{ startsWith(github.ref, 'refs/heads/backport/') }}
type=raw,value=pr-artifact,enable=${{ github.event_name == 'pull_request' }}
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/build-push-action@v6
id: build
with:
file: ${{ steps.load-manifest.outputs.docker-file }}
context: ${{ steps.load-manifest.outputs.context }}
platforms: ${{ steps.load-manifest.outputs.platforms }}
push: ${{ !(github.event_name == 'pull_request' && github.actor == 'dependabot[bot]') }} # dependabot cant push on pr's
cache-from: ${{ github.actor != 'dependabot[bot]' && format('type=registry,ref={0}:cache', steps.load-manifest.outputs.image-name) || ''}}
cache-to: ${{ github.actor != 'dependabot[bot]' && format('type=registry,ref={0}:cache,mode=max', steps.load-manifest.outputs.image-name) || ''}}
build-args: |
VERSION=${{ steps.load-manifest.outputs.version }}
tags: ${{ steps.meta.outputs.tags }}
labels: |
org.opencontainers.image.title=agent-operator-images
org.opencontainers.image.description=Images of agents for the agent-operator.
org.opencontainers.image.url=/~https://github.com/Contrast-Security-OSS/agent-operator-images
org.opencontainers.image.source=/~https://github.com/Contrast-Security-OSS/agent-operator-images
org.opencontainers.image.version=${{ steps.load-manifest.outputs.version }}
- name: Detect Artifact
id: detect-artifact
if: ${{ !(github.event_name == 'pull_request' && github.actor == 'dependabot[bot]') }}
run: |
$artifactImage = '${{ steps.load-manifest.outputs.image-name }}@${{ steps.build.outputs.digest }}'
"artifact-image-${{ env.AGENT_TYPE }}=$artifactImage" >> $env:GITHUB_OUTPUT
"artifact-version-${{ env.AGENT_TYPE }}=${{ steps.load-manifest.outputs.version }}" >> $env:GITHUB_OUTPUT
shell: pwsh
test:
runs-on: ubuntu-latest
needs:
- build
strategy:
matrix:
variants:
- type: dotnet-core
digest: ${{ needs.build.outputs.artifact-image-dotnet-core }}
version: ${{ needs.build.outputs.artifact-version-dotnet-core }}
- type: dotnet-framework
digest: ${{ needs.build.outputs.artifact-image-dotnet-framework }}
version: ${{ needs.build.outputs.artifact-version-dotnet-framework }}
- type: java
digest: ${{ needs.build.outputs.artifact-image-java }}
version: ${{ needs.build.outputs.artifact-version-java }}
- type: nodejs
digest: ${{ needs.build.outputs.artifact-image-nodejs }}
version: ${{ needs.build.outputs.artifact-version-nodejs }}
- type: php
digest: ${{ needs.build.outputs.artifact-image-php }}
version: ${{ needs.build.outputs.artifact-version-php }}
- type: python
digest: ${{ needs.build.outputs.artifact-image-python }}
version: ${{ needs.build.outputs.artifact-version-python }}
if: ${{ !(github.event_name == 'pull_request' && github.actor == 'dependabot[bot]') }}
steps:
- uses: actions/checkout@v4
- name: Login (Github)
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Test
run: |
docker pull '${{ matrix.variants.digest }}'
./validate-image.ps1 -Type '${{ matrix.variants.type }}' -Image '${{ matrix.variants.digest }}'
shell: pwsh
# Currently just used for pr's.
build-succeeded:
needs:
- build
- test
runs-on: ubuntu-latest
if: ${{ always() && github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' }}
steps:
- name: Ensure Build Success
if: ${{ needs.test.result != 'success' }}
run: exit 1
- name: Create Digest Comment
uses: peter-evans/create-or-update-comment@v4
if: ${{ github.actor != 'dependabot[bot]' }}
with:
issue-number: ${{ github.event.pull_request.number }}
body: |
Images built:
```
dotnet-core: ${{ needs.build.outputs.artifact-image-dotnet-core }}
dotnet-framework: ${{ needs.build.outputs.artifact-image-dotnet-framework }}
java: ${{ needs.build.outputs.artifact-image-java }}
nodejs: ${{ needs.build.outputs.artifact-image-nodejs }}
php: ${{ needs.build.outputs.artifact-image-php }}
python: ${{ needs.build.outputs.artifact-image-python }}
```
#
# Release Internal Stage
#
release-internal:
runs-on: ubuntu-latest
environment: internal
needs:
- build
- test
strategy:
matrix:
variants:
- type: dotnet-core
digest: ${{ needs.build.outputs.artifact-image-dotnet-core }}
version: ${{ needs.build.outputs.artifact-version-dotnet-core }}
- type: dotnet-framework
digest: ${{ needs.build.outputs.artifact-image-dotnet-framework }}
version: ${{ needs.build.outputs.artifact-version-dotnet-framework }}
- type: java
digest: ${{ needs.build.outputs.artifact-image-java }}
version: ${{ needs.build.outputs.artifact-version-java }}
- type: nodejs
digest: ${{ needs.build.outputs.artifact-image-nodejs }}
version: ${{ needs.build.outputs.artifact-version-nodejs }}
- type: php
digest: ${{ needs.build.outputs.artifact-image-php }}
version: ${{ needs.build.outputs.artifact-version-php }}
- type: python
digest: ${{ needs.build.outputs.artifact-image-python }}
version: ${{ needs.build.outputs.artifact-version-python }}
concurrency:
group: internal-${{ matrix.variants.type }}
if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/backport/') }}
steps:
- uses: actions/checkout@v4
- name: Login (Github)
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker Meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/contrast-security-oss/agent-operator-images/agent-${{ matrix.variants.type }}
tags: |
type=semver,pattern={{version}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }}
type=semver,pattern={{major}}.{{minor}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }}
type=semver,pattern={{major}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }}
type=raw,value=${{ matrix.variants.version }}
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
- name: Tag for Release
uses: akhilerm/tag-push-action@v2.2.0
with:
src: ${{ matrix.variants.digest }}
dst: |
${{ steps.meta.outputs.tags }}
#
# Release Public Stage
#
release-public:
runs-on: ubuntu-latest
environment: public
needs:
- build
- release-internal
strategy:
matrix:
variants:
- type: dotnet-core
digest: ${{ needs.build.outputs.artifact-image-dotnet-core }}
version: ${{ needs.build.outputs.artifact-version-dotnet-core }}
- type: dotnet-framework
digest: ${{ needs.build.outputs.artifact-image-dotnet-framework }}
version: ${{ needs.build.outputs.artifact-version-dotnet-framework }}
- type: java
digest: ${{ needs.build.outputs.artifact-image-java }}
version: ${{ needs.build.outputs.artifact-version-java }}
- type: nodejs
digest: ${{ needs.build.outputs.artifact-image-nodejs }}
version: ${{ needs.build.outputs.artifact-version-nodejs }}
- type: php
digest: ${{ needs.build.outputs.artifact-image-php }}
version: ${{ needs.build.outputs.artifact-version-php }}
- type: python
digest: ${{ needs.build.outputs.artifact-image-python }}
version: ${{ needs.build.outputs.artifact-version-python }}
concurrency:
group: public-${{ matrix.variants.type }}
if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/backport/') }}
steps:
- uses: actions/checkout@v4
- name: Login (Github)
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login (Dockerhub)
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PAT }}
- name: Login (Quay)
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Docker Meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
docker.io/contrast/agent-${{ matrix.variants.type }}
quay.io/contrast/agent-${{ matrix.variants.type }}
tags: |
type=semver,pattern={{version}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }}
type=semver,pattern={{major}}.{{minor}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }}
type=semver,pattern={{major}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }}
type=raw,value=${{ matrix.variants.version }}
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
- name: Tag for Release
uses: akhilerm/tag-push-action@v2.2.0
with:
src: ${{ matrix.variants.digest }}
dst: |
${{ steps.meta.outputs.tags }}