133 lines
4.4 KiB
YAML
133 lines
4.4 KiB
YAML
name: Workflow to build and push docker image to registry
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
APP_NAME:
|
|
required: true
|
|
type: string
|
|
description: Application name which would be the name of Docker and Helm release
|
|
REGISTRY:
|
|
required: true
|
|
type: string
|
|
DOCKERFILE_PATH:
|
|
type: string
|
|
default: Dockerfile
|
|
USER_FOR_IMAGE_STORE:
|
|
type: string
|
|
default: registry-bot
|
|
VAULT_SECRETS_PATH:
|
|
type: string
|
|
default: ""
|
|
description: "Path in Vault to fetch build-time secrets (e.g., cicd/data/gmt-client)"
|
|
BUILD_ARG_NAMES:
|
|
type: string
|
|
default: ""
|
|
description: "Comma-separated list of build arg names to fetch from Vault"
|
|
secrets:
|
|
VAULT_TOKEN:
|
|
required: true
|
|
|
|
jobs:
|
|
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: catthehacker/ubuntu:act-22.04
|
|
|
|
steps:
|
|
|
|
- name: Import Secrets
|
|
uses: hashicorp/vault-action@v2
|
|
with:
|
|
url: https://vault.project-quest-dev.com
|
|
token: ${{ secrets.VAULT_TOKEN }}
|
|
secrets: |
|
|
cicd/data/docker password | REGISTRY_PASSWORD ;
|
|
cicd/data/docker username | REGISTRY_USERNAME ;
|
|
cicd/data/submodule token | SUBMODULE_TOKEN ;
|
|
cicd/data/submodule npm_token | NPM_TOKEN ;
|
|
|
|
- name: Import Build Args from Vault
|
|
if: ${{ inputs.VAULT_SECRETS_PATH != '' && inputs.BUILD_ARG_NAMES != '' }}
|
|
uses: hashicorp/vault-action@v2
|
|
with:
|
|
url: https://vault.project-quest-dev.com
|
|
token: ${{ secrets.VAULT_TOKEN }}
|
|
secrets: |
|
|
${{ inputs.VAULT_SECRETS_PATH }} * ;
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
fetch-depth: 0
|
|
token: ${{ env.SUBMODULE_TOKEN }}
|
|
|
|
- name: Set up Docker BuildX
|
|
uses: docker/setup-buildx-action@v2
|
|
with:
|
|
driver-opts: network=host
|
|
config-inline: |
|
|
[registries.insecure]
|
|
"${{ inputs.REGISTRY }}" = true
|
|
|
|
- &get_version
|
|
name: Extract version from tag or set commit SHA
|
|
id: vars
|
|
run: |
|
|
if [ "${{ github.ref_type }}" = "tag" ]; then
|
|
echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV
|
|
else
|
|
VERSION=$(echo "${{ github.sha }}" | cut -c1-7)
|
|
echo "VERSION=$VERSION" >> $GITHUB_ENV
|
|
fi
|
|
|
|
- name: Prepare Build Args
|
|
if: ${{ inputs.BUILD_ARG_NAMES != '' }}
|
|
run: |
|
|
BUILD_ARGS_FLAGS=""
|
|
|
|
# Разбираем comma-separated список имен аргументов
|
|
IFS=',' read -ra ARG_NAMES <<< "${{ inputs.BUILD_ARG_NAMES }}"
|
|
|
|
for arg_name in "${ARG_NAMES[@]}"; do
|
|
# Убираем пробелы
|
|
arg_name=$(echo "$arg_name" | xargs)
|
|
|
|
# Получаем значение из environment (импортировано из Vault)
|
|
arg_value=$(printenv "$arg_name" || echo "")
|
|
|
|
if [ -n "$arg_value" ]; then
|
|
BUILD_ARGS_FLAGS="$BUILD_ARGS_FLAGS --build-arg $arg_name=$arg_value"
|
|
echo "✓ Build arg added: $arg_name"
|
|
else
|
|
echo "⚠ Warning: $arg_name not found in Vault secrets"
|
|
fi
|
|
done
|
|
|
|
echo "BUILD_ARGS_FLAGS=$BUILD_ARGS_FLAGS" >> $GITHUB_ENV
|
|
echo "Build args prepared: $BUILD_ARGS_FLAGS"
|
|
|
|
- name: Login to Docker registry
|
|
uses: docker/login-action@v2
|
|
with:
|
|
registry: ${{ inputs.REGISTRY }}
|
|
username: ${{ env.REGISTRY_USERNAME }}
|
|
password: ${{ env.REGISTRY_PASSWORD }}
|
|
|
|
- name: Build Docker image
|
|
run: |
|
|
docker build \
|
|
--build-arg SUBMODULE_TOKEN=${{ env.NPM_TOKEN }} \
|
|
${BUILD_ARGS_FLAGS} \
|
|
-f ${{ inputs.DOCKERFILE_PATH }} \
|
|
-t ${{ inputs.REGISTRY }}/${{ inputs.USER_FOR_IMAGE_STORE }}/${{ inputs.APP_NAME }}:${{ env.VERSION }} \
|
|
.
|
|
|
|
- name: Push Docker image
|
|
run: |
|
|
docker push ${{ inputs.REGISTRY }}/${{ inputs.USER_FOR_IMAGE_STORE }}/${{ inputs.APP_NAME }}:${{ env.VERSION }}
|
|
|
|
- name: Logout from Docker registry
|
|
run: docker logout ${{ inputs.REGISTRY }}
|