e5ea3cae8b
- Добавлена возможность использовать секреты HVault - Actions берутся из локального зеркала - доп. правки Co-authored-by: Yaroslav Bondarenko <yaroslav.bondarenko@avroid.tech> Reviewed-on: https://git.avroid.tech/Templates/template-docker-repository/pulls/3 Reviewed-by: Vasiliy Chipizhin <vasiliy.chipizhin@avroid.team> Reviewed-by: Aleksandr Vodyanov <aleksandr.vodyanov@avroid.team>
66 lines
2.5 KiB
YAML
66 lines
2.5 KiB
YAML
name: Build and publish docker image
|
||
|
||
on: [push]
|
||
|
||
env:
|
||
CI: ON
|
||
|
||
# Allow workflow to be manually run from the Gitea UI
|
||
workflow_dispatch:
|
||
|
||
jobs:
|
||
build_and_push:
|
||
runs-on: act-runner-label
|
||
name: Builds the image and publishes to docker hub
|
||
container:
|
||
image: harbor.avroid.tech/docker-hub-proxy/catthehacker/ubuntu:act-latest
|
||
steps:
|
||
- run: printenv
|
||
|
||
- name: Retrieve secrets from Hashicorp Vault
|
||
id: retrieve-secrets
|
||
uses: https://git-mirrors.avroid.tech/Mirrors-actions/vault-action.git@v3
|
||
with:
|
||
url: https://vault.avroid.tech
|
||
method: approle
|
||
roleId: ${{ secrets.HVAULT_GITEA_ACTIONS_ROLE_ID }}
|
||
secretId: ${{ secrets.HVAULT_GITEA_ACTIONS_SECRET_ID }}
|
||
# Ниже указываем {путь к секрету в HVault} {имя ключа секрета} | {имя переменной окружения куда засетим значение секрета}
|
||
# Доступ к секретам осуществляется через заранее созданный AppRole "gitea-actions-role" в HVault и подключенную
|
||
# к ней политику "gitea-actions". В политике описывается доступ к необходимым секретам. Политику можно посмотреть
|
||
# через UI Hashicorp Vault.
|
||
secrets: |
|
||
team-devops/data/services/registry/Harbor/harbor.avroid.tech 'service.user.ci.login' | HARBOR_LOGIN ;
|
||
team-devops/data/services/registry/Harbor/harbor.avroid.tech 'service.user.ci.token' | HARBOR_TOKEN ;
|
||
|
||
- name: Login to Harbor Docker Registry
|
||
uses: https://git-mirrors.avroid.tech/Mirrors-actions/login-action@v3
|
||
with:
|
||
registry: https://harbor.avroid.tech
|
||
username: ${{ env.HARBOR_LOGIN }}
|
||
password: ${{ env.HARBOR_TOKEN }}
|
||
|
||
- name: Check out repository code
|
||
uses: https://git-mirrors.avroid.tech/Mirrors-actions/checkout@v4
|
||
|
||
- name: "Build image"
|
||
run: |
|
||
make build
|
||
|
||
- name: "Push image"
|
||
run: |
|
||
make push
|
||
if: ${{ gitea.ref == 'refs/heads/master' }}
|
||
|
||
- name: "Clear image"
|
||
run: |
|
||
make clean
|
||
|
||
- name: Create and push tag
|
||
run: |
|
||
git config user.name "Jenkins"
|
||
git config user.email "svc-jenkins@avroid.tech"
|
||
git tag $(make getTag)
|
||
git push origin $(make getTag)
|
||
if: ${{ gitea.ref == 'refs/heads/master' }}
|