Skip to content

Commit

Permalink
refractor
Browse files Browse the repository at this point in the history
  • Loading branch information
@maiquanghiep
maiquanghiep committed Sep 1, 2024
1 parent 54fc078 commit c2a0798
Showing 1 changed file with 48 additions and 34 deletions.
82 changes: 48 additions & 34 deletions .github/workflows/reusable_docker_pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,53 @@ on:
default: false

jobs:
prepare-env:
runs-on: ubuntu-22.04
outputs:
build-secrets: ${{ steps.set-build-secrets.outputs.SECRETS }}
build-tags: ${{ steps.set-build-tags.outputs.TAGS }}
steps:
- name: Determine image name
id: set_image_name
run: |
if [ -n "${{ inputs.repoName }}" ]; then
echo "IMAGE_NAME=${{ inputs.repoName }}" >> $GITHUB_ENV
else
echo "IMAGE_NAME=$(echo $GITHUB_REPOSITORY | cut -d '/' -f 2)" >> $GITHUB_ENV
fi
# This block is used to not hard-coded the secrets in Build Docker image
# Secrets are only added when necessary
- name: Generate and mask build secrets
id: set-build-secrets
run: |
SECRETS=""
if [ -n "${{ inputs.go-private-repos-authentication }}" ]; then
SECRETS+='"GO_PRIVATE_TOKEN=${{ secrets.GO_PRIVATE_TOKEN }}"\n'
fi
echo "::add-mask::$SECRETS"
echo "SECRETS<<EOF" >> $GITHUB_OUTPUT
echo -e "$SECRETS" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
shell: bash

- name: Prepare tags
id: set-build-tags
run: |
BASE_TAG="${{ env.IMAGE_NAME }}:${{ github.sha }}"
TAGS="$BASE_TAG"
if [[ $GITHUB_REF == refs/tags/* ]]; then
TAGS="$TAGS ${{ env.IMAGE_NAME }}:${{ github.ref_name }}"
fi
echo "TAGS=$TAGS" >> $GITHUB_OUTPUT
docker_build:
runs-on: ubuntu-22.04
needs: prepare-env
steps:
- env:
build-secrets: ${{ needs.prepare-env.outputs.build-secrets }}
build-tags: ${{ needs.prepare-env.outputs.build-tags }}
- name: Checkout repository
uses: actions/checkout@v4

Expand All @@ -45,50 +89,20 @@ jobs:
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Determine image name
id: set_image_name
run: |
if [ -n "${{ inputs.repoName }}" ]; then
echo "IMAGE_NAME=${{ inputs.repoName }}" >> $GITHUB_ENV
else
echo "IMAGE_NAME=$(echo $GITHUB_REPOSITORY | cut -d '/' -f 2)" >> $GITHUB_ENV
fi
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Login to ECR
uses: docker/login-action@v3
with:
registry: ${{ vars.AWS_ECR_REGISTRY_ID }}
username: ${{ secrets.AWS_ACCESS_KEY_IDAWS_ACCESS_KEY_ID }}
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

# This block is used to not hard-coded the secrets in Build Docker image
# Secrets are only added when necessary
- name: Generate and mask build secrets
id: set-build-secrets
run: |
SECRETS=""
if [ -n "${{ inputs.go-private-repos-authentication }}" ]; then
SECRETS+='"GO_PRIVATE_TOKEN=${{ secrets.GO_PRIVATE_TOKEN }}"\n'
fi
echo "::add-mask::$SECRETS"
echo "SECRETS<<EOF" >> $GITHUB_OUTPUT
echo -e "$SECRETS" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
shell: bash

- name: Build Docker image
uses: docker/build-push-action@v6
with:
platforms: linux/amd64,linux/arm64
tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
tags: ${{ build-tags }}
context: ${{ inputs.dockerContext }}
file: ${{ inputs.dockerfile }}
secrets: ${{ steps.set-build-secrets.outputs.SECRETS }}
push: true
secrets: ${{ build-secrets }}
push: ${{ inputs.publish }}

0 comments on commit c2a0798

Please sign in to comment.