Skip to content

Merge pull request #65 from equinor/dependabot/go_modules/golang.org/… #135

Merge pull request #65 from equinor/dependabot/go_modules/golang.org/…

Merge pull request #65 from equinor/dependabot/go_modules/golang.org/… #135

Workflow file for this run

name: Build & push
on:
push:
branches: [ main, release ]
permissions:
id-token: write
contents: read
jobs:
build-deploy:
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
target:
- name: "dev"
ref: "refs/heads/main"
acr-name: "radixdev"
client-id: "9f25e2ad-13ef-4fd5-b661-ab97687d548a"
subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b"
- name: "playground"
ref: "refs/heads/release"
acr-name: "radixdev"
client-id: "e0b5929a-ebe5-4a35-927c-97184cbed120"
subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b"
- name: "platform"
ref: "refs/heads/release"
acr-name: "radixprod"
client-id: "1a7cba57-f0e4-48af-8520-3c98349d6465"
subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a"
- name: "c2"
ref: "refs/heads/release"
acr-name: "radixc2prod"
client-id: "5d1aca8b-7b54-4a4d-b8ee-754b842e9fbe"
subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a"
steps:
- uses: actions/checkout@v4
if: matrix.target.ref == github.ref
- uses: azure/login@v1
if: matrix.target.ref == github.ref
with:
client-id: ${{matrix.target.client-id}}
tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
subscription-id: ${{matrix.target.subscription-id}}
- name: Get GitHub Public IP
if: matrix.target.ref == github.ref
id: github_public_ip
run: echo "ipv4=$(curl 'https://ifconfig.me/ip')" >> $GITHUB_OUTPUT
- name: Add GitHub IP to ACR
if: matrix.target.ref == github.ref
id: update_firewall
run: az acr network-rule add
--name ${{matrix.target.acr-name}}
--subscription ${{matrix.target.subscription-id}}
--ip-address ${{ steps.github_public_ip.outputs.ipv4 }}
- name: Generate image tag
if: matrix.target.ref == github.ref
id: tag
run: |
sha=${GITHUB_SHA::8}
ts=$(date +%s)
echo "tag=${GITHUB_REF_NAME}-${sha}-${ts}" >> $GITHUB_OUTPUT
- name: Build image
if: matrix.target.ref == github.ref
env:
AZURE_SUBSCRIPTION_ID: ${{matrix.target.subscription-id}}
ACR_NAME: ${{matrix.target.acr-name}}
IMAGE_NAME: radix-vulnerability-scanner
TAG: ${{steps.tag.outputs.tag}}
run: |
az acr task run \
--subscription ${AZURE_SUBSCRIPTION_ID} \
--name radix-image-builder-internal \
--registry ${ACR_NAME} \
--context ${GITHUB_WORKSPACE} \
--file ${GITHUB_WORKSPACE}/Dockerfile \
--set DOCKER_REGISTRY=${ACR_NAME} \
--set BRANCH=${GITHUB_REF_NAME} \
--set TAGS="--tag ${ACR_NAME}.azurecr.io/${IMAGE_NAME}:${TAG}" \
--set DOCKER_FILE_NAME=Dockerfile \
--set PUSH="--push" \
--set REPOSITORY_NAME=${IMAGE_NAME} \
--set CACHE="" \
--set CACHE_TO_OPTIONS="--cache-to=type=registry,ref=${ACR_NAME}.azurecr.io/${IMAGE_NAME}:radix-cache-${GITHUB_REF_NAME},mode=max"
- name: Revoke GitHub IP on ACR
if: ${{ steps.update_firewall.outcome == 'success' && !cancelled()}} # Always run this step even if previous step failed
run: az acr network-rule remove
--name ${{matrix.target.acr-name}}
--subscription ${{matrix.target.subscription-id}}
--ip-address ${{ steps.github_public_ip.outputs.ipv4 }}