Skip to content
Docker

Docker #12119

Sign in to view logs

Docker

Docker #12119

Workflow file for this run

.github/workflows/docker.yml at 46a6b73
name: Docker
on:
check_run:
types:
- completed
workflow_dispatch:
inputs:
git_tag:
type: string
required: true
jobs:
tag:
name: Determine tag to build
runs-on: ubuntu-latest
permissions: {}
outputs:
TAG: ${{ steps.determine.outputs.tag }}
if: |
github.event_name == 'workflow_dispatch'
|| (
github.event_name == 'check_run'
&& github.event.check_run.conclusion == 'success'
&& github.event.check_run.app.client_id == 'Iv1.44befee49e3e76a4'
&& github.event.check_run.name == 'test_and_deploy_tag'
)
env:
CIRCLECI_EXTERNAL_ID: ${{ github.event.check_run.external_id }}
steps:
- id: determine
run: |
if [[ "${{ github.event_name }}" == "workflow_dispatch" && "${GIT_TAG}" != "" ]]; then
tag="${GIT_TAG}"
elif [[ "${{ github.event_name }}" == "check_run" ]]; then
echo ${CIRCLECI_EXTERNAL_ID}
CIRCLECI_WORKFLOW_ID=$(echo "${CIRCLECI_EXTERNAL_ID}" | jq -r '."workflow-id"')
CIRCLECI_WORKFLOW_DATA=$(curl "https://circleci.com/api/v2/workflow/${CIRCLECI_WORKFLOW_ID}")
CIRCLECI_PIPELINE_ID=$(echo "${CIRCLECI_WORKFLOW_DATA}" | jq -r '.pipeline_id')
CIRCLECI_PIPELINE_DATA=$(curl "https://circleci.com/api/v2/pipeline/${CIRCLECI_PIPELINE_ID}")
TAG=$(echo "${CIRCLECI_PIPELINE_DATA}" | jq -r '.vcs.tag')
if [[ "${TAG}" != "" ]]; then
tag="${TAG}"
fi
fi
if [[ "${tag}" != "" ]]; then
echo "tag=${tag}" >> $GITHUB_OUTPUT
echo "Trigger docker build & push on ${{ github.event_name }} and found tag ${TAG}" >> $GITHUB_STEP_SUMMARY
exit 0
else
echo "Cannot determine tag"
echo "Trigger docker build & push on ${{ github.event_name }} and cannot determine tag" >> $GITHUB_STEP_SUMMARY
exit 1
fi
env:
GIT_TAG: "${{ inputs.git_tag }}"
docker:
name: Docker build and push to GAR
runs-on: ubuntu-latest
environment: build
permissions:
contents: read
id-token: write
env:
GAR_LOCATION: us
GAR_REPOSITORY: fxa-prod
GCP_PROJECT_ID: moz-fx-fxa-prod
IMAGE: fxa-mono
RUN_ID: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GIT_TAG: ${{ needs.tag.outputs.TAG }}
needs:
- tag
steps:
- uses: actions/checkout@v4
with:
ref: ${{ env.GIT_TAG }}
persist-credentials: false
- uses: actions/setup-node@v4
- run: ./_scripts/l10n/clone.sh
- run: ./.circleci/base-install.sh
- run: ./_scripts/create-version-json.sh
- uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 #v3
with:
cache-binary: false
- id: meta
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 #v5
with:
images: |
${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPOSITORY}}/${{ env.IMAGE}}
${{ vars.DOCKERHUB_REPOSITORY }}
tags: |
type=raw,${{ env.GIT_TAG }}
- id: gcp-auth
uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f #v2
with:
token_format: 'access_token'
service_account: artifact-writer@${{ env.GCP_PROJECT_ID}}.iam.gserviceaccount.com
workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }}
- id: dockerhub-auth
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 #v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 #v3
with:
registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.gcp-auth.outputs.access_token }}
- id: build-and-push
uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 #v6
with:
context: .
file: _dev/docker/mono/Dockerfile
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
push: true
cache-from: type=gha
cache-to: type=gha,mode=max