name: Build and publish docker image on: [push] env: CI: ON # Allow workflow to be manually run from the Gitea UI workflow_dispatch: jobs: build_and_push: runs-on: docker name: Builds the image and publishes to docker hub container: image: harbor.avroid.tech/docker-hub-proxy/catthehacker/ubuntu:act-latest steps: - run: printenv - name: Retrieve secrets from Hashicorp Vault id: retrieve-secrets uses: https://git-mirrors.avroid.tech/Mirrors-actions/vault-action.git@v3 with: url: https://vault.avroid.tech method: approle roleId: ${{ secrets.HVAULT_GITEA_ACTIONS_ROLE_ID }} secretId: ${{ secrets.HVAULT_GITEA_ACTIONS_SECRET_ID }} # Ниже указываем {путь к секрету в HVault} {имя ключа секрета} | {имя переменной окружения куда засетим значение секрета} # Доступ к секретам осуществляется через заранее созданный AppRole "gitea-actions-role" в HVault и подключенную # к ней политику "gitea-actions". В политике описывается доступ к необходимым секретам. Политику можно посмотреть # через UI Hashicorp Vault. secrets: | team-devops/data/services/registry/Harbor/harbor.avroid.tech 'service.user.ci.login' | HARBOR_LOGIN ; team-devops/data/services/registry/Harbor/harbor.avroid.tech 'service.user.ci.token' | HARBOR_TOKEN ; - name: Login to Harbor Docker Registry uses: https://git-mirrors.avroid.tech/Mirrors-actions/login-action@v3 with: registry: https://harbor.avroid.tech username: ${{ env.HARBOR_LOGIN }} password: ${{ env.HARBOR_TOKEN }} - name: Check out repository code uses: https://git-mirrors.avroid.tech/Mirrors-actions/checkout@v4 - name: "Build image" run: | make build - name: "Push image" run: | make push if: ${{ gitea.ref == 'refs/heads/master' }} - name: "Clear image" run: | make clean - name: Create and push tag run: | git config user.name "Jenkins" git config user.email "svc-jenkins@avroid.tech" git tag $(make getTag) git push origin $(make getTag) if: ${{ gitea.ref == 'refs/heads/master' }}