-
Notifications
You must be signed in to change notification settings - Fork 1
112 lines (98 loc) · 4.35 KB
/
publish.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: Publish artifacts to (internal) Gitlab Packages
on:
push:
branches:
- main
- develop
pull_request:
types: [ opened, synchronize ]
workflow_dispatch:
env:
PRIVATE_DOCKER_REGISTRY_URL: ${{ secrets.GITLAB_DOCKER_REGISTRY_URL }}
PRIVATE_DOCKER_REGISTRY_USER: Deploy-Token
PRIVATE_DOCKER_REGISTRY_PASS: ${{ secrets.GITLAB_PKG_REGISTRY_TOKEN }}
PRIVATE_MVN_REGISTRY_TOKEN: ${{ secrets.GITLAB_PKG_REGISTRY_TOKEN }}
PRIVATE_MVN_REGISTRY_URL: ${{ secrets.GITLAB_MAVEN_REGISTRY_URL }}
PRIVATE_MVN_REGISTRY_USER: Deploy-Token
PRIVATE_MVN_REGISTRY_PASS: ${{ secrets.GITLAB_PKG_REGISTRY_TOKEN }}
jobs:
publish:
permissions:
contents: read
packages: write
runs-on: self-hosted
if: |
"contains(github.event.head_commit.message, 'release-please--branches--main')" ||
${{ github.event_name == 'pull_request' }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup JDK 18
uses: actions/setup-java@v3
with:
java-version: '18'
distribution: 'temurin'
cache: maven
- name: Setup depends
run: |
pip install yq
- name: Setup maven settings.xml
run: |
envsubst < ./.m2/settings.default.xml.tpl > ./.m2/settings.xml
- name: Set extra environment and metadata
id: metadata
run: |
GIT_SHORT_COMMIT=$(git rev-parse --short "$GITHUB_SHA")
CURRENT_VERSION=$(xq -r .project.version pom.xml)
DOCKER_IMAGE_NAME=$(basename ${GITHUB_REPOSITORY})
echo "DOCKER_IMAGE_NAME=${DOCKER_IMAGE_NAME}" >> "$GITHUB_ENV"
if [ ${{github.event_name}} == "pull_request" ]
then
PR_NUMBER=$(echo $GITHUB_REF | awk -F/ '{ print $3 }')
ARTIFACT_VERSION="${CURRENT_VERSION}-PR${PR_NUMBER}"
echo "ARTIFACT_VERSION=${ARTIFACT_VERSION}" | tee -a "$GITHUB_ENV" | tee -a "$GITHUB_OUTPUT"
echo "DOCKER_LATEST_IMAGE_TAG=" >> "$GITHUB_ENV"
else
# Make sure develop branch artifacts include SNAPSHOT
BRANCH=${GITHUB_REF##*/}
echo "BRANCH=${GITHUB_REF##*/}" >> "$GITHUB_OUTPUT"
if [[ "${BRANCH}" == "develop" ]] && [[ "${CURRENT_VERSION}" =~ .*-SNAPSHOT$ ]]
then
echo "DEVELOP_SNAPSHOT_OK=true" >> "$GITHUB_OUTPUT"
fi
ARTIFACT_VERSION=${CURRENT_VERSION}
echo "ARTIFACT_VERSION=${ARTIFACT_VERSION}" | tee -a "$GITHUB_ENV" | tee -a "$GITHUB_OUTPUT"
echo "DOCKER_LATEST_IMAGE_TAG=${{ env.PRIVATE_DOCKER_REGISTRY_URL }}/${DOCKER_IMAGE_NAME}:latest" >> "$GITHUB_ENV"
fi
echo "DOCKER_COMMIT_TAG=${ARTIFACT_VERSION}-${GIT_SHORT_COMMIT}" | tee -a "$GITHUB_ENV" | tee -a "$GITHUB_OUTPUT"
echo "DOCKER_COMMIT_GHRUNID_TAG=${ARTIFACT_VERSION}-${GIT_SHORT_COMMIT}-${GITHUB_RUN_ID}" | tee -a "$GITHUB_ENV" | tee -a "$GITHUB_OUTPUT"
- name: Docker Login
uses: docker/login-action@v2
if: |
steps.metadata.outputs.BRANCH == 'main' ||
steps.metadata.outputs.DEVELOP_SNAPSHOT_OK == 'true' ||
github.event_name == 'pull_request'
with:
registry: ${{ env.PRIVATE_DOCKER_REGISTRY_URL }}
username: ${{ env.PRIVATE_DOCKER_REGISTRY_USER }}
password: ${{ env.PRIVATE_DOCKER_REGISTRY_PASS }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build and Push docker image
uses: docker/build-push-action@v4
if: |
steps.metadata.outputs.BRANCH == 'main' ||
steps.metadata.outputs.DEVELOP_SNAPSHOT_OK == 'true' ||
github.event_name == 'pull_request'
with:
context: .
push: true
tags: |
${{ env.DOCKER_LATEST_IMAGE_TAG }}
${{ env.PRIVATE_DOCKER_REGISTRY_URL }}/${{ env.DOCKER_IMAGE_NAME }}:${{ env.ARTIFACT_VERSION }}
${{ env.PRIVATE_DOCKER_REGISTRY_URL }}/${{ env.DOCKER_IMAGE_NAME }}:${{ env.DOCKER_COMMIT_TAG }}
${{ env.PRIVATE_DOCKER_REGISTRY_URL }}/${{ env.DOCKER_IMAGE_NAME }}:${{ env.DOCKER_COMMIT_GHRUNID_TAG }}
build-args: |
PRIVATE_MVN_REGISTRY_URL=${{ env.PRIVATE_MVN_REGISTRY_URL }}
PRIVATE_MVN_REGISTRY_USER=${{ env.PRIVATE_MVN_REGISTRY_USER }}
PRIVATE_MVN_REGISTRY_PASS=${{ env.PRIVATE_MVN_REGISTRY_PASS }}