1+ name : Build Bitnami Container Images
2+
3+ on :
4+ workflow_dispatch :
5+
6+ permissions :
7+ contents : read
8+ packages : write
9+
10+ jobs :
11+ build_and_push_images :
12+ name : Build and Push ${{ matrix.image.name }} Image
13+ runs-on : ubuntu-latest
14+ strategy :
15+ matrix :
16+ image :
17+ # On Ref we use the specific commit SHA to ensure reproducible builds
18+ # It can be: branch, tag or SHA
19+ - name : PostgresSQL
20+ image_name : chainloop-dev/chainloop/postgresql
21+ path : bitnami/postgresql/16/debian-12
22+ sparse_checkout : bitnami/postgresql/16/debian-12
23+ ref : 5d351cc8a742d6a6f417f879ba2df9882b617676
24+ - name : PostgresSQL Exporter
25+ image_name : chainloop-dev/chainloop/postgres-exporter
26+ path : bitnami/postgres-exporter/0/debian-12
27+ sparse_checkout : bitnami/postgres-exporter/0/debian-12
28+ ref : 1d0408ccfbdc43b90bc6449227ce731079e42f6b
29+ - name : OS Shell
30+ image_name : chainloop-dev/chainloop/os-shell
31+ path : bitnami/os-shell/12/debian-12
32+ sparse_checkout : bitnami/os-shell/12/debian-12
33+ ref : dde1f3b2d7b271de64c6ce948a04716cb96199a1
34+ - name : Dex
35+ image_name : chainloop-dev/chainloop/dex
36+ path : bitnami/dex/2/debian-12
37+ sparse_checkout : bitnami/dex/2/debian-12
38+ ref : 19c7a5ade4364ff1b52c65004291203ff2096eb0
39+ - name : Vault
40+ image_name : chainloop-dev/chainloop/vault
41+ path : bitnami/vault/1/debian-12
42+ sparse_checkout : bitnami/vault/1/debian-12
43+ ref : 28d8f22ad6b7c3871c2f429c72e5ccf3344ae5bc
44+ - name : Vault CSI Provider
45+ image_name : chainloop-dev/chainloop/vault-csi-provider
46+ path : bitnami/vault-csi-provider/1/debian-12
47+ sparse_checkout : bitnami/vault-csi-provider/1/debian-12
48+ ref : 673c94210db93a8df808765b6b213661686aeb33
49+ - name : Vault K8s
50+ image_name : chainloop-dev/chainloop/vault-k8s
51+ path : bitnami/vault-k8s/1/debian-12
52+ sparse_checkout : bitnami/vault-k8s/1/debian-12
53+ ref : 62cb6e1498e873dd9ab92880073a43896b470c4b
54+ env :
55+ REGISTRY : ghcr.io
56+ IMAGE_NAME : ${{ matrix.image.image_name }}
57+ BITNAMI_PATH : bitnami-containers
58+
59+ steps :
60+ - name : Checkout repository
61+ uses : actions/checkout@v4
62+
63+ - name : Checkout Bitnami containers repository
64+ uses : actions/checkout@v4
65+ with :
66+ repository : bitnami/containers
67+ path : ${{ env.BITNAMI_PATH }}
68+ ref : ${{ matrix.image.ref }}
69+ sparse-checkout : ${{ matrix.image.sparse_checkout }}
70+ sparse-checkout-cone-mode : false
71+
72+ - name : Extract version from Bitnami Dockerfile
73+ id : extract_version
74+ run : |
75+ VERSION=$(grep -E 'APP_VERSION=' ${{ env.BITNAMI_PATH }}/${{ matrix.image.path }}/Dockerfile | cut -d'"' -f2)
76+ if [ -z "$VERSION" ]; then
77+ echo "Failed to extract version from Dockerfile"
78+ exit 1
79+ fi
80+ echo "version=$VERSION" >> $GITHUB_OUTPUT
81+ echo "Extracted ${{ matrix.image.name }} version: $VERSION"
82+
83+ - name : Set up Docker Buildx
84+ uses : docker/setup-buildx-action@v3
85+
86+ - name : Log in to the Container registry
87+ uses : docker/login-action@v3
88+ with :
89+ registry : ${{ env.REGISTRY }}
90+ username : ${{ github.actor }}
91+ password : ${{ secrets.GITHUB_TOKEN }}
92+
93+ - name : Extract metadata
94+ id : meta
95+ uses : docker/metadata-action@v5
96+ with :
97+ images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
98+ tags : |
99+ type=raw,value=${{ steps.extract_version.outputs.version }}
100+ type=raw,value=latest
101+ type=sha,format=long
102+
103+ - name : Build and push Docker image
104+ id : build
105+ uses : docker/build-push-action@v5
106+ with :
107+ context : ${{ env.BITNAMI_PATH }}/${{ matrix.image.path }}
108+ platforms : linux/amd64,linux/arm64
109+ push : true
110+ tags : ${{ steps.meta.outputs.tags }}
111+ labels : ${{ steps.meta.outputs.labels }}
112+
113+ - name : Install Cosign
114+ uses : sigstore/cosign-installer@v3
115+ with :
116+ cosign-release : " v2.4.1"
117+
118+ - name : Sign container image
119+ env :
120+ COSIGN_PRIVATE_KEY : ${{ secrets.COSIGN_KEY }}
121+ COSIGN_PASSWORD : ${{ secrets.COSIGN_PASSWORD }}
122+ run : |
123+ cosign sign --tlog-upload=false --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }}
124+
125+ - name : Output build information
126+ run : |
127+ echo "Successfully built and pushed ${{ matrix.image.name }} image"
128+ echo "Image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}"
129+ echo "Version: ${{ steps.extract_version.outputs.version }}"
130+ echo "Digest: ${{ steps.build.outputs.digest }}"
0 commit comments