-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path__test-workflow-docker-build-images-multi-registry.yml
More file actions
101 lines (88 loc) · 4.14 KB
/
Copy path__test-workflow-docker-build-images-multi-registry.yml
File metadata and controls
101 lines (88 loc) · 4.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
---
name: Test for "docker-build-images" workflow - Multi registry inputs
run-name: Test for "docker-build-images" workflow - Multi registry inputs
on: # yamllint disable-line rule:truthy
workflow_call:
permissions: {}
jobs:
act-build-images-multi-registry:
name: Act - Build images with structured registry inputs
uses: ./.github/workflows/docker-build-images.yml
permissions:
contents: read
id-token: write
issues: read
packages: write
pull-requests: read
secrets:
oci-registry-password: |
{"push":"${{ secrets.GITHUB_TOKEN }}","pull:private":"${{ secrets.GITHUB_TOKEN }}"}
build-secret-github-app-key: ${{ secrets.CI_BOT_APP_PRIVATE_KEY }}
with:
cache-type: "registry"
sign: false
oci-registry: |
{"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"}
oci-registry-username: |
{"push":"${{ github.repository_owner }}","pull:private":"${{ github.repository_owner }}"}
images: |
[
{
"name": "test-multi-registry-inputs",
"context": ".",
"dockerfile": "./tests/application/Dockerfile",
"build-args": { "BUILD_RUN_ID": "${{ github.run_id }}" },
"target": "prod",
"platforms": ["linux/amd64"]
}
]
assert-multi-registry:
name: Assert - Build images with structured registry inputs
needs: act-build-images-multi-registry
runs-on: ubuntu-latest
permissions:
packages: read
steps:
- name: Login to GitHub Container Registry
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ github.token }}
- name: Assert built image output and pullability
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
env:
BUILT_IMAGES: ${{ needs.act-build-images-multi-registry.outputs.built-images }}
EXPECTED_IMAGE: ghcr.io/${{ github.repository }}/test-multi-registry-inputs
with:
script: |
const assert = require("assert");
const sha = context.sha;
const pullRequestNumber = context.payload.pull_request?.number;
const refName = process.env.GITHUB_REF_NAME;
const builtImages = JSON.parse(process.env.BUILT_IMAGES);
const builtImage = builtImages["test-multi-registry-inputs"];
assert(builtImage, `"built-images" output does not contain "test-multi-registry-inputs" image`);
assert.equal(builtImage.registry, "ghcr.io", `"registry" output is not valid`);
assert.match(builtImage.digest, /^sha256:[0-9a-f]{64}$/, `"digest" output is not valid`);
const expectedTag = context.eventName === "pull_request"
? `pr-${pullRequestNumber}-${sha.substring(0, 7)}`
: refName;
const expectedImage = `${process.env.EXPECTED_IMAGE}:${expectedTag}@${builtImage.digest}`;
assert.equal(builtImage.images[0], expectedImage, `"image" output is not valid`);
await exec.exec("docker", ["pull", expectedImage]);
- name: Assert registry cache usage with structured inputs
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
env:
EXPECTED_CACHE_IMAGE: ghcr.io/${{ github.repository }}/test-multi-registry-inputs/cache
EXPECTED_CACHE_TAG: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || github.ref_name }}
with:
script: |
const shouldAssertCache = context.eventName === "pull_request"
|| (context.eventName === "push" && !context.ref.startsWith("refs/tags/"));
if (!shouldAssertCache) {
core.info(`Skipping cache assertion for ${context.eventName} on ${context.ref}.`);
return;
}
const cacheImage = `${process.env.EXPECTED_CACHE_IMAGE}:${process.env.EXPECTED_CACHE_TAG}-linux-amd64`;
await exec.exec("docker", ["manifest", "inspect", cacheImage]);