Skip to content

Commit a7909da

Browse files
committed
feat: add comments and emoji
1 parent 02bf1d0 commit a7909da

3 files changed

Lines changed: 159 additions & 84 deletions

File tree

.github/workflows/docker-smurf.yml

Lines changed: 63 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -1,30 +1,27 @@
11
---
2-
name: Smurf-Docker
2+
# Reusable Smurf SDKR workflow — build, scan, and push Docker images.
3+
# Docs: docs/docker-smurf.md
4+
name: 🐳 Smurf-Docker
35

46
on:
57
workflow_call:
68
inputs:
9+
# ── General toggles ──────────────────────────────────────────────
710
docker_enable:
811
description: Set to true to run docker commands
912
type: string
1013
required: false
11-
aws_auth_method:
12-
description: AWS auth method to use like oidc and keys
13-
type: string
14-
required: false
15-
aws_eks_cluster_name:
16-
description: AWS eks cluster name
14+
docker_push:
15+
description: Set true for docker push
1716
type: string
1817
required: false
19-
aws_role:
20-
description: AWS OIDC role for aws authentication.
21-
type: string
22-
default: 'false'
2318
provider:
2419
description: Cloud provider (aws, azure, gcp, digitalocean)
2520
type: string
2621
required: false
2722
default: aws
23+
24+
# ── Docker image & build ─────────────────────────────────────────
2825
docker_image_name:
2926
description: Docker image name
3027
type: string
@@ -38,15 +35,6 @@ on:
3835
type: string
3936
required: false
4037
default: image
41-
docker_push:
42-
description: Set true for docker push
43-
type: string
44-
required: false
45-
docker_buildkit_enable:
46-
description: Set true to enable docker buildkit
47-
type: string
48-
required: false
49-
default: 'false'
5038
docker_registry:
5139
description: 'The registry to Push Docker Image (aws, az, gcp, hub)'
5240
type: string
@@ -67,6 +55,25 @@ on:
6755
description: Docker Image Build Platform
6856
type: string
6957
default: linux/amd64
58+
docker_buildkit_enable:
59+
description: Set true to enable docker buildkit
60+
type: string
61+
required: false
62+
default: 'false'
63+
64+
# ── AWS ──────────────────────────────────────────────────────────
65+
aws_auth_method:
66+
description: AWS auth method to use like oidc and keys
67+
type: string
68+
required: false
69+
aws_eks_cluster_name:
70+
description: AWS eks cluster name
71+
type: string
72+
required: false
73+
aws_role:
74+
description: AWS OIDC role for aws authentication.
75+
type: string
76+
default: 'false'
7077
aws_region:
7178
required: false
7279
type: string
@@ -81,6 +88,8 @@ on:
8188
type: string
8289
description: AWS assume role
8390
required: false
91+
92+
# ── GCP ──────────────────────────────────────────────────────────
8493
gcp_project_id:
8594
required: false
8695
type: string
@@ -105,6 +114,7 @@ on:
105114
required: false
106115

107116
secrets:
117+
# ── AWS secrets ──────────────────────────────────────────────────
108118
AWS_ACCESS_KEY_ID:
109119
required: false
110120
description: AWS Access Key ID for direct authentication
@@ -117,6 +127,8 @@ on:
117127
BUILD_ROLE:
118128
required: false
119129
description: AWS OIDC role for aws authentication
130+
131+
# ── GCP secrets ──────────────────────────────────────────────────
120132
GCP_WIP:
121133
required: false
122134
description: 'WIP Connected with Service Account'
@@ -129,39 +141,45 @@ on:
129141
GCP_SERVICE_ACCOUNT_KEY:
130142
required: false
131143
description: 'GCP service account JSON Key'
144+
145+
# ── Docker Hub secrets ───────────────────────────────────────────
132146
DOCKER_USERNAME:
133147
required: false
134148
description: Docker Hub username
135149
DOCKER_PASSWORD:
136150
required: false
137151
description: Docker Hub access token or password
152+
138153
aws_set_parameters:
139154
required: false
140155
description: Overriding the default values using --set flag
141156

142157
jobs:
158+
###############################################
159+
# BUILD → SAVE → UPLOAD ARTIFACT
160+
###############################################
143161
docker_build:
144162
if: inputs.docker_enable == 'true'
145163
runs-on: ubuntu-latest
146164
permissions:
147165
id-token: write
148166
contents: read
149167
steps:
150-
- name: Checkout
168+
- name: 📦 Checkout
151169
uses: actions/checkout@v6
152170

153-
- name: Setup Smurf
171+
- name: ⚙️ Setup Smurf
154172
uses: clouddrove/smurf@v1.1.5
155173

156-
- name: Docker Image Build
174+
- name: 🐳 Docker Image Build
157175
if: inputs.docker_buildkit_enable != 'true'
158176
run: |
159177
smurf sdkr build ${{ inputs.docker_image_name }}:${{ inputs.docker_image_tag }} \
160178
-f ${{ inputs.dockerfile_path }} \
161179
--platform ${{ inputs.docker_build_platform }} \
162180
--build-arg ${{ inputs.docker_build_args }}
163181
164-
- name: Docker Image Build with Buildkit
182+
- name: 🐳 Docker Image Build with Buildkit
165183
if: inputs.docker_buildkit_enable == 'true'
166184
run: |
167185
smurf sdkr build ${{ inputs.docker_image_name }}:${{ inputs.docker_image_tag }} \
@@ -170,17 +188,20 @@ jobs:
170188
--build-arg ${{ inputs.docker_build_args }} \
171189
--buildkit
172190
173-
- name: Save Docker Image as Artifact
191+
- name: 💾 Save Docker Image as Artifact
174192
run: |
175193
docker save ${{ inputs.docker_image_name }}:${{ inputs.docker_image_tag }} \
176194
-o ${{ inputs.docker_image_tar }}
177195
178-
- name: Upload Docker Image Artifact
196+
- name: 📤 Upload Docker Image Artifact
179197
uses: actions/upload-artifact@v7
180198
with:
181199
name: docker-image
182200
path: ${{ inputs.docker_image_tar }}
183201

202+
###############################################
203+
# DOWNLOAD → AUTH → SCAN → TAG → PUSH
204+
###############################################
184205
docker_scan_push:
185206
if: inputs.docker_enable == 'true' && inputs.docker_push == 'true'
186207
runs-on: ubuntu-latest
@@ -189,21 +210,22 @@ jobs:
189210
id-token: write
190211
contents: read
191212
steps:
192-
- name: Checkout
213+
- name: 📦 Checkout
193214
uses: actions/checkout@v6
194215

195-
- name: Setup Smurf
216+
- name: ⚙️ Setup Smurf
196217
uses: clouddrove/smurf@v1.1.5
197218

198-
- name: Download Docker Image Artifact
219+
- name: 📥 Download Docker Image Artifact
199220
uses: actions/download-artifact@v8
200221
with:
201222
name: docker-image
202223

203-
- name: Load Docker Image
224+
- name: 📂 Load Docker Image
204225
run: docker load -i ${{ inputs.docker_image_tar }}
205226

206-
- name: Install AWS CLI
227+
# ── Cloud authentication ─────────────────────────────────────────
228+
- name: 🟦 Install AWS CLI
207229
if: ${{ inputs.provider == 'aws' }}
208230
uses: aws-actions/configure-aws-credentials@v6
209231
with:
@@ -215,14 +237,14 @@ jobs:
215237
role-duration-seconds: 900
216238
role-skip-session-tagging: true
217239

218-
- name: Assume another IAM Role
240+
- name: 🔑 Assume another IAM Role
219241
if: inputs.aws_assume_role == 'true'
220242
uses: aws-actions/configure-aws-credentials@v6
221243
with:
222244
role-to-assume: ${{ inputs.aws_assume_role_arn }}
223245
aws-region: ${{ inputs.aws_region }}
224246

225-
- name: Authenticate Google Cloud with WIP and Service Account
247+
- name: ☁️ Authenticate Google Cloud with WIP and Service Account
226248
if: inputs.gcp_auth_method == 'wip'
227249
uses: google-github-actions/auth@v3
228250
with:
@@ -232,40 +254,41 @@ jobs:
232254
access_token_lifetime: 300s
233255
project_id: ${{ inputs.gcp_project_id }}
234256

235-
- name: Authenticate Google Cloud with Service Account JSON Key
257+
- name: ☁️ Authenticate Google Cloud with Service Account JSON Key
236258
if: inputs.gcp_auth_method == 'json'
237259
uses: google-github-actions/auth@v3
238260
with:
239261
credentials_json: ${{ secrets.GOOGLE_CREDENTIALS }}
240262

241-
- name: Set Docker Hub environment variables
263+
- name: 🐋 Set Docker Hub environment variables
242264
if: inputs.docker_registry == 'hub'
243265
run: |
244266
echo "DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }}" >> $GITHUB_ENV
245267
echo "DOCKER_PASSWORD=${{ secrets.DOCKER_PASSWORD }}" >> $GITHUB_ENV
246268
shell: bash
247269

248-
- name: Install Trivy
270+
# ── Scan & push ──────────────────────────────────────────────────
271+
- name: 🛡️ Install Trivy
249272
run: |
250273
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
251274
trivy --version
252275
253-
- name: Docker Image Scan
276+
- name: 🔍 Docker Image Scan
254277
run: |
255278
smurf sdkr scan ${{ inputs.docker_image_name }}:${{ inputs.docker_image_tag }}
256279
257-
- name: Docker Image Tag
280+
- name: 🏷️ Docker Image Tag
258281
if: inputs.docker_push == 'true'
259282
run: |
260283
smurf sdkr tag ${{ inputs.docker_image_name }}:${{ inputs.docker_image_tag }} \
261284
${{ inputs.docker_registry_url }}/${{ inputs.docker_image_name }}:${{ inputs.docker_image_tag }}
262285
263-
- name: Docker Image Push
286+
- name: 🚀 Docker Image Push
264287
if: inputs.docker_push == 'true' && inputs.gcp_docker_push != 'true'
265288
run: |
266289
smurf sdkr push ${{ inputs.docker_registry }} ${{ inputs.docker_registry_url }}/${{ inputs.docker_image_name }}:${{ inputs.docker_image_tag }}
267290
268-
- name: Docker Image Push on gcp
291+
- name: 🚀 Docker Image Push on GCP
269292
if: inputs.docker_push == 'true' && inputs.gcp_docker_push == 'true'
270293
run: |
271294
smurf sdkr push ${{ inputs.docker_registry }} \

0 commit comments

Comments
 (0)