Docker/vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
111d6c2139d9ec8c9c29f3646672752ad84f73aa
vault/.gitea/workflows/build-and-push-image.yaml
Docker Images 111d6c2139 Initial commit
2025-02-18 12:53:36 +03:00

66 lines
2.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: Build and publish docker image
on: [push]
env:
CI: ON
# Allow workflow to be manually run from the Gitea UI
workflow_dispatch:
jobs:
build_and_push:
runs-on: act-runner-label
name: Builds the image and publishes to docker hub
container:
image: harbor.avroid.tech/docker-hub-proxy/catthehacker/ubuntu:act-latest
steps:
- run: printenv
- name: Retrieve secrets from Hashicorp Vault
id: retrieve-secrets
uses: https://git-mirrors.avroid.tech/Mirrors-actions/vault-action.git@v3
with:
url: https://vault.avroid.tech
method: approle
roleId: ${{ secrets.HVAULT_GITEA_ACTIONS_ROLE_ID }}
secretId: ${{ secrets.HVAULT_GITEA_ACTIONS_SECRET_ID }}
# Ниже указываем {путь к секрету в HVault} {имя ключа секрета} | {имя переменной окружения куда засетим значение секрета}
# Доступ к секретам осуществляется через заранее созданный AppRole "gitea-actions-role" в HVault и подключенную
# к ней политику "gitea-actions". В политике описывается доступ к необходимым секретам. Политику можно посмотреть
# через UI Hashicorp Vault.
secrets: |
team-devops/data/services/registry/Harbor/harbor.avroid.tech 'service.user.ci.login' | HARBOR_LOGIN ;
team-devops/data/services/registry/Harbor/harbor.avroid.tech 'service.user.ci.token' | HARBOR_TOKEN ;
- name: Login to Harbor Docker Registry
uses: https://git-mirrors.avroid.tech/Mirrors-actions/login-action@v3
with:
registry: https://harbor.avroid.tech
username: ${{ env.HARBOR_LOGIN }}
password: ${{ env.HARBOR_TOKEN }}
- name: Check out repository code
uses: https://git-mirrors.avroid.tech/Mirrors-actions/checkout@v4
- name: "Build image"
run: |
make build
- name: "Push image"
run: |
make push
if: ${{ gitea.ref == 'refs/heads/master' }}
- name: "Clear image"
run: |
make clean
- name: Create and push tag
run: |
git config user.name "Jenkins"
git config user.email "svc-jenkins@avroid.tech"
git tag $(make getTag)
git push origin $(make getTag)
if: ${{ gitea.ref == 'refs/heads/master' }}
Reference in New Issue View Git Blame Copy Permalink