feat: add reusable workflow for pushing images to GAR (#15)

sjquant · web-flow · commit 64546fec2ae3 · 2025-10-22T16:54:39.000+09:00
* feat: add reusable workflow for pushing images to GAR

* chore: update Google Cloud authentication action to v3
diff --git a/.github/workflows/build-push-gar.yaml b/.github/workflows/build-push-gar.yaml
@@ -0,0 +1,66 @@
+name: Reusable Workflow For Build-Push to Google Artifact Registry
+on:
+    workflow_call:
+        inputs:
+            gar-region:
+                type: string
+                default: "asia-northeast3"
+            gar-project-id:
+                required: true
+                type: string
+            gar-repository:
+                required: true
+                type: string
+            service-name:
+                required: true
+                type: string
+            image-tag:
+                required: true
+                type: string
+            workload-identity-provider:
+                required: true
+                type: string
+            service-account:
+                required: true
+                type: string
+            target:
+                required: false
+                type: string
+
+permissions:
+    contents: read
+    id-token: write
+
+jobs:
+    build-push:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v4
+
+            - name: Authenticate to Google Cloud
+              id: auth
+              uses: google-github-actions/auth@v3
+              with:
+                  workload_identity_provider: ${{ inputs.workload-identity-provider }}
+                  service_account: ${{ inputs.service-account }}
+                  token_format: "access_token"
+
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v2
+
+            - name: Log in to Google Artifact Registry
+              uses: docker/login-action@v3
+              with:
+                  registry: ${{ inputs.gar-region }}-docker.pkg.dev
+                  username: oauth2accesstoken
+                  password: ${{ steps.auth.outputs.access_token }}
+
+            - name: Build and push
+              uses: docker/build-push-action@v3
+              with:
+                  context: .
+                  push: true
+                  tags: ${{ inputs.gar-region }}-docker.pkg.dev/${{ inputs.gar-project-id }}/${{ inputs.gar-repository }}/${{ inputs.service-name }}:${{ inputs.image-tag }}
+                  target: ${{ inputs.target || '' }}
+                  cache-from: type=gha
+                  cache-to: type=gha,mode=max
diff --git a/.github/workflows/notify-teams.yaml b/.github/workflows/notify-teams.yaml
diff --git a/.github/workflows/prod-image-tag.yaml b/.github/workflows/prod-image-tag.yaml
@@ -13,6 +13,6 @@ jobs:
       RELEASE_TAG: ${{ steps.release-tag.outputs.RELEASE_TAG }}
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - id: release-tag
         run: echo "RELEASE_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
diff --git a/.github/workflows/staging-image-tag.yaml b/.github/workflows/staging-image-tag.yaml
@@ -13,8 +13,8 @@ jobs:
       IMAGE_TAG: ${{ steps.IMAGE_TAG.outputs.IMAGE_TAG }}
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: benjlevesque/short-sha@v1.2
+      - uses: actions/checkout@v4
+      - uses: benjlevesque/short-sha@v2.2
         id: short-sha
       - id: IMAGE_TAG
         run: echo "IMAGE_TAG=staging-${{ steps.short-sha.outputs.sha }}" >> $GITHUB_OUTPUT
