This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Build & Publish | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| dockerfile: | ||
| required: false | ||
| type: string | ||
| description: "Path to Dockerfile" | ||
| default: "Dockerfile" | ||
| dockerContext: | ||
| required: false | ||
| type: string | ||
| description: "The Docker context" | ||
| default: "." | ||
| publish: | ||
| required: true | ||
| type: boolean | ||
| repoName: | ||
| required: false | ||
| type: string | ||
| description: "Custom repository name" | ||
| default: "" | ||
| go-private-repos-authentication: | ||
| description: 'Enable authentication for private repositories' | ||
| type: boolean | ||
| default: false | ||
| jobs: | ||
| prepare-env: | ||
| runs-on: ubuntu-22.04 | ||
| outputs: | ||
| build-secrets: ${{ steps.set-build-secrets.outputs.SECRETS }} | ||
| build-tags: ${{ steps.set-build-tags.outputs.TAGS }} | ||
| steps: | ||
| - name: Determine image name | ||
| id: set_image_name | ||
| run: | | ||
| if [ -n "${{ inputs.repoName }}" ]; then | ||
| echo "IMAGE_NAME=${{ inputs.repoName }}" >> $GITHUB_ENV | ||
| else | ||
| echo "IMAGE_NAME=$(echo $GITHUB_REPOSITORY | cut -d '/' -f 2)" >> $GITHUB_ENV | ||
| fi | ||
| # This block is used to not hard-coded the secrets in Build Docker image | ||
| # Secrets are only added when necessary | ||
| - name: Generate and mask build secrets | ||
| id: set-build-secrets | ||
| run: | | ||
| SECRETS="" | ||
| if [ -n "${{ inputs.go-private-repos-authentication }}" ]; then | ||
| SECRETS+='"GO_PRIVATE_TOKEN=${{ secrets.GO_PRIVATE_TOKEN }}"\n' | ||
| fi | ||
| echo "::add-mask::$SECRETS" | ||
| echo "SECRETS<<EOF" >> $GITHUB_OUTPUT | ||
| echo -e "$SECRETS" >> $GITHUB_OUTPUT | ||
| echo "EOF" >> $GITHUB_OUTPUT | ||
| shell: bash | ||
| - name: Prepare tags | ||
| id: set-build-tags | ||
| run: | | ||
| BASE_TAG="${{ env.IMAGE_NAME }}:${{ github.sha }}" | ||
| TAGS="$BASE_TAG" | ||
| if [[ $GITHUB_REF == refs/tags/* ]]; then | ||
| TAGS="$TAGS ${{ env.IMAGE_NAME }}:${{ github.ref_name }}" | ||
| fi | ||
| echo "TAGS=$TAGS" >> $GITHUB_OUTPUT | ||
| docker_build: | ||
| runs-on: ubuntu-22.04 | ||
| needs: prepare-env | ||
| env: | ||
| build-secrets: ${{ needs.prepare-env.outputs.build-secrets }} | ||
| build-tags: ${{ needs.prepare-env.outputs.build-tags }} | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Login to Docker Hub | ||
| uses: docker/login-action@v3 | ||
| if: inputs.publish == true | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
| - name: Login to ECR | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ vars.AWS_ECR_REGISTRY_ID }} | ||
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| - name: Build Docker image | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| platforms: linux/amd64,linux/arm64 | ||
| tags: ${{ build-tags }} | ||
| context: ${{ inputs.dockerContext }} | ||
| file: ${{ inputs.dockerfile }} | ||
| secrets: ${{ build-secrets }} | ||
| push: ${{ inputs.publish }} | ||
