1- # Post-submit and daily build and publish of the Helm chart and Docker container
2- # This is a separate workflow than image-build.yml because image-build.yml is
3- # run in the PR context, and those runs aren't allowed package:write permissions if
4- # the source is a fork (GitHub errors and invalidates the entire workflow if you try).
5-
61name : Publish Docker Image
72on :
83 push :
116 schedule :
127 # Once weekly on fridays at noon
138 - cron : ' 00 12 * * 5'
14- # Allow for manually triggering the workflow
159 workflow_dispatch :
10+
1611jobs :
17- build-image :
18- name : Build Docker image
12+ build-linux- image :
13+ name : Build Docker image for Linux
1914 runs-on : ubuntu-latest
2015 permissions :
2116 contents : read
2217 packages : write
2318 env :
2419 BASE_REPO : " ghcr.io/stacklok"
25- CODEGATE_SERVER_IMAGE : " ghcr.io/stacklok/codegate"
20+ CODEGATE_SERVER_IMAGE : " ghcr.io/stacklok/codegate-linux "
2621 steps :
2722 - name : Checkout
2823 uses : actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
29- - name : Set up QEMU for cross-platform builds
30- uses : docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3
3124 - name : Set up Docker Buildx
3225 uses : docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3
3326 - name : Compute version number
@@ -55,13 +48,10 @@ jobs:
5548 org.opencontainers.image.version=${{ github.sha }}
5649flavor : |
5750 latest=true
58- # Even if tags are floating, it's handy and user-friendly to have a
59- # matching tag for each build. This way, we can search for the digest
60- # and verify that it's the same as the digest in the Helm chart.
6151tags : |
6252 type=raw,value=${{ steps.version-string.outputs.tag }}
63- name : Build image
64- id : image-build
53+ name : Build image for Linux
54+ id : image-build-linux
6555 uses : docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v5
6656 with :
6757 context : .
7262 labels : ${{ steps.docker-metadata.outputs.labels }}
7363 cache-from : type=gha
7464 cache-to : type=gha,mode=max
75-
65+
66+ build-macos-image :
67+ name : Build Docker image for macOS
68+ runs-on : macos-latest
69+ permissions :
70+ contents : read
71+ packages : write
72+ env :
73+ BASE_REPO : " ghcr.io/stacklok"
74+ CODEGATE_SERVER_IMAGE : " ghcr.io/stacklok/codegate-macos"
75+ steps :
76+ - name : Checkout
77+ uses : actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
78+ - name : Set up Docker Buildx
79+ uses : docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3
80+ - name : Compute version number
81+ id : version-string
82+ run : |
83+ DATE="$(date +%Y%m%d)"
84+ COMMIT="$(git rev-parse --short HEAD)"
85+ echo "tag=0.$DATE.$GITHUB_RUN_NUMBER+ref.$COMMIT" >> "$GITHUB_OUTPUT"
86+ name : Login to GHCR
87+ uses : docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
88+ with :
89+ registry : ghcr.io
90+ username : ${{ github.actor }}
91+ password : ${{ secrets.GITHUB_TOKEN }}
92+ - name : Set container metadata
93+ uses : docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5
94+ id : docker-metadata
95+ with :
96+ images : ${{ env.CODEGATE_SERVER_IMAGE }}
97+ labels : |
98+ org.opencontainers.image.source=${{ github.repositoryUrl }}
99+ org.opencontainers.image.description="This is a container for the Stacklok Codegate server"
100+ org.opencontainers.image.title="Stacklok Codegate Server"
101+ org.opencontainers.image.vendor="Stacklok Inc."
102+ org.opencontainers.image.version=${{ github.sha }}
103+ flavor : |
104+ latest=true
105+ tags : |
106+ type=raw,value=${{ steps.version-string.outputs.tag }}
107+ name : Build image for macOS
108+ id : image-build-macos
109+ uses : docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v5
110+ with :
111+ context : .
112+ platforms : darwin/amd64
113+ push : true
114+ file : ./Dockerfile
115+ tags : ${{ steps.docker-metadata.outputs.tags }}
116+ labels : ${{ steps.docker-metadata.outputs.labels }}
117+ cache-from : type=gha
118+ cache-to : type=gha,mode=max
0 commit comments