[OOB] Upgrades 'php' to '1.22.0' #530
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Build" | |
on: | |
pull_request: | |
push: | |
branches: | |
- master | |
- backport/** | |
jobs: | |
# | |
# Building Stage | |
# | |
build: | |
strategy: | |
matrix: | |
variant: | |
- dotnet-core | |
- dotnet-framework | |
- java | |
- nodejs | |
- nodejs-protect | |
- php | |
runs-on: ubuntu-latest | |
outputs: | |
artifact-image-dotnet-core: ${{ steps.detect-artifact.outputs.artifact-image-dotnet-core }} | |
artifact-version-dotnet-core: ${{ steps.detect-artifact.outputs.artifact-version-dotnet-core }} | |
artifact-image-dotnet-framework: ${{ steps.detect-artifact.outputs.artifact-image-dotnet-framework }} | |
artifact-version-dotnet-framework: ${{ steps.detect-artifact.outputs.artifact-version-dotnet-framework }} | |
artifact-image-java: ${{ steps.detect-artifact.outputs.artifact-image-java }} | |
artifact-version-java: ${{ steps.detect-artifact.outputs.artifact-version-java }} | |
artifact-image-nodejs: ${{ steps.detect-artifact.outputs.artifact-image-nodejs }} | |
artifact-version-nodejs: ${{ steps.detect-artifact.outputs.artifact-version-nodejs }} | |
artifact-image-nodejs-protect: ${{ steps.detect-artifact.outputs.artifact-image-nodejs-protect }} | |
artifact-version-nodejs-protect: ${{ steps.detect-artifact.outputs.artifact-version-nodejs-protect }} | |
artifact-image-php: ${{ steps.detect-artifact.outputs.artifact-image-php }} | |
artifact-version-php: ${{ steps.detect-artifact.outputs.artifact-version-php }} | |
env: | |
AGENT_TYPE: ${{ matrix.variant }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Load Manifest | |
id: load-manifest | |
run: | | |
$manifest = Get-Content './src/${{ env.AGENT_TYPE }}/manifest.json' | ConvertFrom-Json | |
"version=$($manifest.version)" >> $env:GITHUB_OUTPUT | |
"image-name-suffix=$($manifest.imageNameSuffix)" >> $env:GITHUB_OUTPUT | |
"docker-file=$($manifest.dockerFile)" >> $env:GITHUB_OUTPUT | |
"context=$($manifest.context)" >> $env:GITHUB_OUTPUT | |
"platforms=$($manifest.platforms)" >> $env:GITHUB_OUTPUT | |
"image-name=ghcr.io/contrast-security-oss/agent-operator-images/agent-$($manifest.imageNameSuffix)" >> $env:GITHUB_OUTPUT | |
shell: pwsh | |
- name: Setup QEMU | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: arm64 | |
- name: Setup Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
install: true | |
version: latest | |
- name: Docker Meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ steps.load-manifest.outputs.image-name }} | |
tags: | | |
type=raw,value=trunk-artifact,enable=${{ github.ref == 'refs/heads/master' }} | |
type=raw,value=backport-artifact,enable=${{ startsWith(github.ref, 'refs/heads/backport/') }} | |
type=raw,value=pr-artifact,enable=${{ github.event_name == 'pull_request' }} | |
- uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- uses: docker/build-push-action@v5 | |
id: build | |
with: | |
file: ${{ steps.load-manifest.outputs.docker-file }} | |
context: ${{ steps.load-manifest.outputs.context }} | |
platforms: ${{ steps.load-manifest.outputs.platforms }} | |
push: ${{ !(github.event_name == 'pull_request' && github.actor == 'dependabot[bot]') }} # dependabot cant push on pr's | |
cache-from: ${{ github.actor != 'dependabot[bot]' && format('type=registry,ref={0}:cache', steps.load-manifest.outputs.image-name) || ''}} | |
cache-to: ${{ github.actor != 'dependabot[bot]' && format('type=registry,ref={0}:cache,mode=max', steps.load-manifest.outputs.image-name) || ''}} | |
build-args: | | |
VERSION=${{ steps.load-manifest.outputs.version }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: | | |
org.opencontainers.image.title=agent-operator-images | |
org.opencontainers.image.description=Images of agents for the agent-operator. | |
org.opencontainers.image.url=/~https://github.com/Contrast-Security-OSS/agent-operator-images | |
org.opencontainers.image.source=/~https://github.com/Contrast-Security-OSS/agent-operator-images | |
org.opencontainers.image.version=${{ steps.load-manifest.outputs.version }} | |
- name: Detect Artifact | |
id: detect-artifact | |
if: ${{ !(github.event_name == 'pull_request' && github.actor == 'dependabot[bot]') }} | |
run: | | |
$artifactImage = '${{ steps.load-manifest.outputs.image-name }}@${{ steps.build.outputs.digest }}' | |
"artifact-image-${{ env.AGENT_TYPE }}=$artifactImage" >> $env:GITHUB_OUTPUT | |
"artifact-version-${{ env.AGENT_TYPE }}=${{ steps.load-manifest.outputs.version }}" >> $env:GITHUB_OUTPUT | |
shell: pwsh | |
test: | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
strategy: | |
matrix: | |
variants: | |
- type: dotnet-core | |
digest: ${{ needs.build.outputs.artifact-image-dotnet-core }} | |
version: ${{ needs.build.outputs.artifact-version-dotnet-core }} | |
- type: dotnet-framework | |
digest: ${{ needs.build.outputs.artifact-image-dotnet-framework }} | |
version: ${{ needs.build.outputs.artifact-version-dotnet-framework }} | |
- type: java | |
digest: ${{ needs.build.outputs.artifact-image-java }} | |
version: ${{ needs.build.outputs.artifact-version-java }} | |
- type: nodejs | |
digest: ${{ needs.build.outputs.artifact-image-nodejs }} | |
version: ${{ needs.build.outputs.artifact-version-nodejs }} | |
- type: nodejs-protect | |
digest: ${{ needs.build.outputs.artifact-image-nodejs-protect }} | |
version: ${{ needs.build.outputs.artifact-version-nodejs-protect }} | |
- type: php | |
digest: ${{ needs.build.outputs.artifact-image-php }} | |
version: ${{ needs.build.outputs.artifact-version-php }} | |
if: ${{ !(github.event_name == 'pull_request' && github.actor == 'dependabot[bot]') }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login (Github) | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Test | |
run: | | |
docker pull '${{ matrix.variants.digest }}' | |
./validate-image.ps1 -Type '${{ matrix.variants.type }}' -Image '${{ matrix.variants.digest }}' | |
shell: pwsh | |
# Currently just used for pr's. | |
build-succeeded: | |
needs: | |
- build | |
- test | |
runs-on: ubuntu-latest | |
if: ${{ always() && github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' }} | |
steps: | |
- name: Ensure Build Success | |
if: ${{ needs.test.result != 'success' }} | |
run: exit 1 | |
- name: Create Digest Comment | |
uses: peter-evans/create-or-update-comment@v3 | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
body: | | |
Images built: | |
``` | |
dotnet-core: ${{ needs.build.outputs.artifact-image-dotnet-core }} | |
dotnet-framework: ${{ needs.build.outputs.artifact-image-dotnet-framework }} | |
java: ${{ needs.build.outputs.artifact-image-java }} | |
nodejs: ${{ needs.build.outputs.artifact-image-nodejs }} | |
nodejs-protect: ${{ needs.build.outputs.artifact-image-nodejs-protect }} | |
php: ${{ needs.build.outputs.artifact-image-php }} | |
``` | |
# | |
# Release Internal Stage | |
# | |
release-internal: | |
runs-on: ubuntu-latest | |
environment: internal | |
needs: | |
- build | |
- test | |
strategy: | |
matrix: | |
variants: | |
- type: dotnet-core | |
digest: ${{ needs.build.outputs.artifact-image-dotnet-core }} | |
version: ${{ needs.build.outputs.artifact-version-dotnet-core }} | |
- type: dotnet-framework | |
digest: ${{ needs.build.outputs.artifact-image-dotnet-framework }} | |
version: ${{ needs.build.outputs.artifact-version-dotnet-framework }} | |
- type: java | |
digest: ${{ needs.build.outputs.artifact-image-java }} | |
version: ${{ needs.build.outputs.artifact-version-java }} | |
- type: nodejs | |
digest: ${{ needs.build.outputs.artifact-image-nodejs }} | |
version: ${{ needs.build.outputs.artifact-version-nodejs }} | |
- type: nodejs-protect | |
digest: ${{ needs.build.outputs.artifact-image-nodejs-protect }} | |
version: ${{ needs.build.outputs.artifact-version-nodejs-protect }} | |
- type: php | |
digest: ${{ needs.build.outputs.artifact-image-php }} | |
version: ${{ needs.build.outputs.artifact-version-php }} | |
concurrency: | |
group: internal-${{ matrix.variants.type }} | |
if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/backport/') }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login (Github) | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Docker Meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ghcr.io/contrast-security-oss/agent-operator-images/agent-${{ matrix.variants.type }} | |
tags: | | |
type=semver,pattern={{version}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }} | |
type=semver,pattern={{major}}.{{minor}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }} | |
type=semver,pattern={{major}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }} | |
type=raw,value=${{ matrix.variants.version }} | |
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }} | |
- name: Tag for Release | |
uses: akhilerm/tag-push-action@v2.1.0 | |
with: | |
src: ${{ matrix.variants.digest }} | |
dst: | | |
${{ steps.meta.outputs.tags }} | |
# | |
# Release Public Stage | |
# | |
release-public: | |
runs-on: ubuntu-latest | |
environment: public | |
needs: | |
- build | |
- release-internal | |
strategy: | |
matrix: | |
variants: | |
- type: dotnet-core | |
digest: ${{ needs.build.outputs.artifact-image-dotnet-core }} | |
version: ${{ needs.build.outputs.artifact-version-dotnet-core }} | |
- type: dotnet-framework | |
digest: ${{ needs.build.outputs.artifact-image-dotnet-framework }} | |
version: ${{ needs.build.outputs.artifact-version-dotnet-framework }} | |
- type: java | |
digest: ${{ needs.build.outputs.artifact-image-java }} | |
version: ${{ needs.build.outputs.artifact-version-java }} | |
- type: nodejs | |
digest: ${{ needs.build.outputs.artifact-image-nodejs }} | |
version: ${{ needs.build.outputs.artifact-version-nodejs }} | |
- type: nodejs-protect | |
digest: ${{ needs.build.outputs.artifact-image-nodejs-protect }} | |
version: ${{ needs.build.outputs.artifact-version-nodejs-protect }} | |
- type: php | |
digest: ${{ needs.build.outputs.artifact-image-php }} | |
version: ${{ needs.build.outputs.artifact-version-php }} | |
concurrency: | |
group: public-${{ matrix.variants.type }} | |
if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/backport/') }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login (Github) | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login (Dockerhub) | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PAT }} | |
- name: Login (Quay) | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: Docker Meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
docker.io/contrast/agent-${{ matrix.variants.type }} | |
quay.io/contrast/agent-${{ matrix.variants.type }} | |
tags: | | |
type=semver,pattern={{version}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }} | |
type=semver,pattern={{major}}.{{minor}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }} | |
type=semver,pattern={{major}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }} | |
type=raw,value=${{ matrix.variants.version }} | |
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }} | |
- name: Tag for Release | |
uses: akhilerm/tag-push-action@v2.1.0 | |
with: | |
src: ${{ matrix.variants.digest }} | |
dst: | | |
${{ steps.meta.outputs.tags }} |