lifecycle: build binary dependencies which link against SSL directly (#12724)
* lifecycle: install binary dependencies in dockerfile directly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * install ua-parser-builtins manually as its only distributed as binary Signed-off-by: Jens Langhammer <jens@goauthentik.io> * build duo_client from scratch, sigh Signed-off-by: Jens Langhammer <jens@goauthentik.io> * deps for kadmin Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ok fine Signed-off-by: Jens Langhammer <jens@goauthentik.io> * run on arm runner? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix yaml format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rewrite release pipeline to use re-usable workflows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix typo Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-usable multi-arch build? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also add suffix for amd64 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * parameterise image name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-use workflow for CI images...? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing checkout Signed-off-by: Jens Langhammer <jens@goauthentik.io> * inherit secrets Signed-off-by: Jens Langhammer <jens@goauthentik.io> * temp build directly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * get cache-to from python script Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better name? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * matrix for merging images? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-add build dep Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use multi-image tag Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include arch in buildcache Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L.
@ -29,9 +29,15 @@ outputs:
|
||||
imageTags:
|
||||
description: "Docker image tags"
|
||||
value: ${{ steps.ev.outputs.imageTags }}
|
||||
imageTagsJSON:
|
||||
description: "Docker image tags, as a JSON array"
|
||||
value: ${{ steps.ev.outputs.imageTagsJSON }}
|
||||
attestImageNames:
|
||||
description: "Docker image names used for attestation"
|
||||
value: ${{ steps.ev.outputs.attestImageNames }}
|
||||
cacheTo:
|
||||
description: "cache-to value for the docker build step"
|
||||
value: ${{ steps.ev.outputs.cacheTo }}
|
||||
imageMainTag:
|
||||
description: "Docker image main tag"
|
||||
value: ${{ steps.ev.outputs.imageMainTag }}
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
|
||||
import configparser
|
||||
import os
|
||||
from json import dumps
|
||||
from time import time
|
||||
|
||||
parser = configparser.ConfigParser()
|
||||
@ -48,7 +49,7 @@ if is_release:
|
||||
]
|
||||
else:
|
||||
suffix = ""
|
||||
if image_arch and image_arch != "amd64":
|
||||
if image_arch:
|
||||
suffix = f"-{image_arch}"
|
||||
for name in image_names:
|
||||
image_tags += [
|
||||
@ -70,12 +71,23 @@ def get_attest_image_names(image_with_tags: list[str]):
|
||||
return ",".join(set(image_tags))
|
||||
|
||||
|
||||
# Generate `cache-to` param
|
||||
cache_to = ""
|
||||
if should_push:
|
||||
_cache_tag = "buildcache"
|
||||
if image_arch:
|
||||
_cache_tag += f"-{image_arch}"
|
||||
cache_to = f"type=registry,ref={get_attest_image_names(image_tags)}:{_cache_tag},mode=max"
|
||||
|
||||
|
||||
with open(os.environ["GITHUB_OUTPUT"], "a+", encoding="utf-8") as _output:
|
||||
print(f"shouldPush={str(should_push).lower()}", file=_output)
|
||||
print(f"sha={sha}", file=_output)
|
||||
print(f"version={version}", file=_output)
|
||||
print(f"prerelease={prerelease}", file=_output)
|
||||
print(f"imageTags={','.join(image_tags)}", file=_output)
|
||||
print(f"imageTagsJSON={dumps(image_tags)}", file=_output)
|
||||
print(f"attestImageNames={get_attest_image_names(image_tags)}", file=_output)
|
||||
print(f"imageMainTag={image_main_tag}", file=_output)
|
||||
print(f"imageMainName={image_tags[0]}", file=_output)
|
||||
print(f"cacheTo={cache_to}", file=_output)
|
||||
|
||||
11
.github/actions/docker-push-variables/test.sh
vendored
11
.github/actions/docker-push-variables/test.sh
vendored
@ -1,7 +1,18 @@
|
||||
#!/bin/bash -x
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
# Non-pushing PR
|
||||
GITHUB_OUTPUT=/dev/stdout \
|
||||
GITHUB_REF=ref \
|
||||
GITHUB_SHA=sha \
|
||||
IMAGE_NAME=ghcr.io/goauthentik/server,beryju/authentik \
|
||||
GITHUB_REPOSITORY=goauthentik/authentik \
|
||||
python $SCRIPT_DIR/push_vars.py
|
||||
|
||||
# Pushing PR/main
|
||||
GITHUB_OUTPUT=/dev/stdout \
|
||||
GITHUB_REF=ref \
|
||||
GITHUB_SHA=sha \
|
||||
IMAGE_NAME=ghcr.io/goauthentik/server,beryju/authentik \
|
||||
GITHUB_REPOSITORY=goauthentik/authentik \
|
||||
DOCKER_USERNAME=foo \
|
||||
python $SCRIPT_DIR/push_vars.py
|
||||
|
||||
Reference in New Issue
Block a user