Skip to content

Commit 8eb7495

Browse files
committed
feat(ci): Build copy of Bitnami images for vendorized charts
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
1 parent 2d0b88d commit 8eb7495

1 file changed

Lines changed: 130 additions & 0 deletions

File tree

Lines changed: 130 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,130 @@
1+
name: Build Bitnami Container Images
2+
3+
on:
4+
workflow_dispatch:
5+
6+
permissions:
7+
contents: read
8+
packages: write
9+
10+
jobs:
11+
build_and_push_images:
12+
name: Build and Push ${{ matrix.image.name }} Image
13+
runs-on: ubuntu-latest
14+
strategy:
15+
matrix:
16+
image:
17+
# On Ref we use the specific commit SHA to ensure reproducible builds
18+
# It can be: branch, tag or SHA
19+
- name: PostgresSQL
20+
image_name: chainloop-dev/chainloop/postgresql
21+
path: bitnami/postgresql/16/debian-12
22+
sparse_checkout: bitnami/postgresql/16/debian-12
23+
ref: 5d351cc8a742d6a6f417f879ba2df9882b617676
24+
- name: PostgresSQL Exporter
25+
image_name: chainloop-dev/chainloop/postgres-exporter
26+
path: bitnami/postgres-exporter/0/debian-12
27+
sparse_checkout: bitnami/postgres-exporter/0/debian-12
28+
ref: 1d0408ccfbdc43b90bc6449227ce731079e42f6b
29+
- name: OS Shell
30+
image_name: chainloop-dev/chainloop/os-shell
31+
path: bitnami/os-shell/12/debian-12
32+
sparse_checkout: bitnami/os-shell/12/debian-12
33+
ref: dde1f3b2d7b271de64c6ce948a04716cb96199a1
34+
- name: Dex
35+
image_name: chainloop-dev/chainloop/dex
36+
path: bitnami/dex/2/debian-12
37+
sparse_checkout: bitnami/dex/2/debian-12
38+
ref: 19c7a5ade4364ff1b52c65004291203ff2096eb0
39+
- name: Vault
40+
image_name: chainloop-dev/chainloop/vault
41+
path: bitnami/vault/1/debian-12
42+
sparse_checkout: bitnami/vault/1/debian-12
43+
ref: 28d8f22ad6b7c3871c2f429c72e5ccf3344ae5bc
44+
- name: Vault CSI Provider
45+
image_name: chainloop-dev/chainloop/vault-csi-provider
46+
path: bitnami/vault-csi-provider/1/debian-12
47+
sparse_checkout: bitnami/vault-csi-provider/1/debian-12
48+
ref: 673c94210db93a8df808765b6b213661686aeb33
49+
- name: Vault K8s
50+
image_name: chainloop-dev/chainloop/vault-k8s
51+
path: bitnami/vault-k8s/1/debian-12
52+
sparse_checkout: bitnami/vault-k8s/1/debian-12
53+
ref: 62cb6e1498e873dd9ab92880073a43896b470c4b
54+
env:
55+
REGISTRY: ghcr.io
56+
IMAGE_NAME: ${{ matrix.image.image_name }}
57+
BITNAMI_PATH: bitnami-containers
58+
59+
steps:
60+
- name: Checkout repository
61+
uses: actions/checkout@v4
62+
63+
- name: Checkout Bitnami containers repository
64+
uses: actions/checkout@v4
65+
with:
66+
repository: bitnami/containers
67+
path: ${{ env.BITNAMI_PATH }}
68+
ref: ${{ matrix.image.ref }}
69+
sparse-checkout: ${{ matrix.image.sparse_checkout }}
70+
sparse-checkout-cone-mode: false
71+
72+
- name: Extract version from Bitnami Dockerfile
73+
id: extract_version
74+
run: |
75+
VERSION=$(grep -E 'APP_VERSION=' ${{ env.BITNAMI_PATH }}/${{ matrix.image.path }}/Dockerfile | cut -d'"' -f2)
76+
if [ -z "$VERSION" ]; then
77+
echo "Failed to extract version from Dockerfile"
78+
exit 1
79+
fi
80+
echo "version=$VERSION" >> $GITHUB_OUTPUT
81+
echo "Extracted ${{ matrix.image.name }} version: $VERSION"
82+
83+
- name: Set up Docker Buildx
84+
uses: docker/setup-buildx-action@v3
85+
86+
- name: Log in to the Container registry
87+
uses: docker/login-action@v3
88+
with:
89+
registry: ${{ env.REGISTRY }}
90+
username: ${{ github.actor }}
91+
password: ${{ secrets.GITHUB_TOKEN }}
92+
93+
- name: Extract metadata
94+
id: meta
95+
uses: docker/metadata-action@v5
96+
with:
97+
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
98+
tags: |
99+
type=raw,value=${{ steps.extract_version.outputs.version }}
100+
type=raw,value=latest
101+
type=sha,format=long
102+
103+
- name: Build and push Docker image
104+
id: build
105+
uses: docker/build-push-action@v5
106+
with:
107+
context: ${{ env.BITNAMI_PATH }}/${{ matrix.image.path }}
108+
platforms: linux/amd64,linux/arm64
109+
push: true
110+
tags: ${{ steps.meta.outputs.tags }}
111+
labels: ${{ steps.meta.outputs.labels }}
112+
113+
- name: Install Cosign
114+
uses: sigstore/cosign-installer@v3
115+
with:
116+
cosign-release: "v2.4.1"
117+
118+
- name: Sign container image
119+
env:
120+
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_KEY }}
121+
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
122+
run: |
123+
cosign sign --tlog-upload=false --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }}
124+
125+
- name: Output build information
126+
run: |
127+
echo "Successfully built and pushed ${{ matrix.image.name }} image"
128+
echo "Image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}"
129+
echo "Version: ${{ steps.extract_version.outputs.version }}"
130+
echo "Digest: ${{ steps.build.outputs.digest }}"

0 commit comments

Comments
 (0)