Skip to content

Build and publish Docker images and Maven artifacts #6

Build and publish Docker images and Maven artifacts

Build and publish Docker images and Maven artifacts #6

name: Build and publish Docker images and Maven artifacts
on:
release:
types: [published]
env:
REGISTRY: ghcr.io
REPOSITORY_OWNER: ${{ github.repository_owner }}
jobs:
build-and-push-image:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v2
with:
java-version: '17'
distribution: 'temurin'
- name: Log in to the Container registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
buildkitd-flags: --debug
- name: Prepare required files
run: ./gradlew clean build -x test
- name: downcase NAMESPACE
run: |
echo "NAMESPACE=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}
- name: Docker "connector" meta
id: connector-meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/connector
tags: |
type=raw,value=latest,enable={{is_default_branch}}
${{ github.ref_name }}
- name: Install Cosign
uses: sigstore/cosign-installer@main
- name: Write signing key to disk
run: echo "${{ secrets.SIGNING_SECRET }}" > cosign.key
- name: Build and push "connector"
id: build-and-push-connector
uses: docker/build-push-action@v4
with:
context: ./launchers/prod/connector
file: ./launchers/prod/connector/Dockerfile
push: true
tags: ${{ steps.connector-meta.outputs.tags }}
labels: ${{ steps.connector-meta.outputs.labels }}
- name: Sign "connector" image
run: |
cosign sign -y --key cosign.key \
${{ env.REGISTRY }}/${{ env.NAMESPACE }}/connector@${{ steps.build-and-push-connector.outputs.digest }}
env:
COSIGN_PASSWORD: ${{ secrets.SIGNING_SECRET_PASSWORD }}
- name: Docker "connector-persistence" meta
id: connector-persistence-meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/connector
tags: |
type=raw,value=persistence-latest,enable={{is_default_branch}}
${{ github.ref_name }}-persistence
- name: Build and push "connector-persistence"
id: build-and-push-connector-persistence
uses: docker/build-push-action@v4
with:
context: ./launchers/prod/connector-persistence
file: ./launchers/prod/connector-persistence/Dockerfile
push: true
tags: ${{ steps.connector-persistence-meta.outputs.tags }}
labels: ${{ steps.connector-persistence-meta.outputs.labels }}
- name: Sign "connector-persistence" image
run: |
cosign sign -y --key cosign.key \
${{ env.REGISTRY }}/${{ env.NAMESPACE }}/connector@${{ steps.build-and-push-connector-persistence.outputs.digest }}
env:
COSIGN_PASSWORD: ${{ secrets.SIGNING_SECRET_PASSWORD }}
build-and-publish-artifacts:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v2
with:
java-version: '17'
distribution: 'temurin'
- name: Build project
run: ./gradlew clean build -x test
- name: Publish artifacts to GitHub Packages
run: |
./gradlew -PextensionsVersion=${{ github.ref_name }} \
-Pgithub_owner=${{ github.repository_owner }} \
-Pgithub_repo=edc-ionos-s3 publish \
-Dorg.gradle.project.gitHubUser=${{ github.actor }} \
-Dorg.gradle.project.gitHubToken=${{ secrets.GITHUB_TOKEN }}