Build and Push Image #22

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/build.yml at dc19693

	---
	name: Build and Push Image
	run-name: "Build and Push Image"

	# Run on PRs and releases
	# We only push to production on a release
	"on":
	pull_request:
	types: [opened, synchronize, reopened]
	release:
	types: [published]

	env:
	prerelease_registry: "docker.packages.octopushq.com"
	image_name: "octopusdeploy/kubernetes-permissions-controller"

	jobs:
	build:
	if: >-
	${{ github.event_name == 'pull_request' \|\| github.event_name == 'release' }}
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- name: Check for significant changes
	id: changed-files-specific
	uses: tj-actions/changed-files@v45
	with:
	files_ignore: \|
	config/**
	.release-please-manifest.json
	release-please-config.json
	.github/**
	**.md

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	# Helm automatically sets the image version as a label with a limit of 63 which is exceeded by pre-release builds
	- name: Set short git commit SHA
	id: vars
	run: \|
	calculatedSha=$(git rev-parse --short ${{ github.sha }})
	echo "SHORT_SHA=$calculatedSha" >> $GITHUB_ENV

	- name: Determine PR version
	if: github.event_name == 'pull_request'
	id: new_version
	run: \|
	BRANCH_NAME=$(echo ${{ github.head_ref }} \| tr '/' '-' \| \
	tr '_' '-')
	CURRENT_VERSION=$(git describe --tags --abbrev=0 \|\| echo "0.0.0")
	VERSION="${CURRENT_VERSION}-${BRANCH_NAME}-${{ env.SHORT_SHA }}"
	echo "version=${VERSION}" >> "$GITHUB_ENV"

	- name: Generate application version
	if: github.event_name == 'release'
	id: release_version
	run: \|
	echo "version=${{ github.event.release.tag_name }}" >> "$GITHUB_ENV"

	- name: Login to Artifactory
	if: github.event_name == 'release' \|\| steps.changed-files-specific.outputs.any_changed == 'true'
	uses: docker/login-action@v3
	with:
	registry: "docker.packages.octopushq.com"
	username: ${{ secrets.ARTIFACTORY_USERNAME }}
	password: ${{ secrets.ARTIFACTORY_PASSWORD }}

	- name: Build and push to artifactory
	if: github.event_name == 'release' \|\| steps.changed-files-specific.outputs.any_changed == 'true'
	uses: docker/build-push-action@v5
	with:
	push: true
	cache-from: type=gha
	cache-to: type=gha,mode=max
	tags: ${{ env.prerelease_registry }}/${{ env.image_name }}:${{ env.version }}
	platforms: linux/amd64,linux/arm64

	# Only push to production if it's a release
	- name: Login to Docker Hub
	uses: docker/login-action@v3
	if: github.event_name == 'release'
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_PASSWORD }}

	- name: Push image to Docker Hub
	if: github.event_name == 'release'
	run: \|
	docker buildx imagetools create \
	--tag ${{ env.image_name }}:${{ env.version }} \
	--tag ${{ env.image_name }}:latest \
	${{ env.prerelease_registry }}/${{ env.image_name }}:${{ env.version }}

	- name: Generate SBOM with Trivy
	uses: aquasecurity/trivy-action@0.32.0
	with:
	format: 'cyclonedx'
	scan-type: 'fs'
	scan-ref: 'go.mod'
	output: 'sbom.json'

	- name: Upload SBOM as Artifact
	uses: actions/upload-artifact@v4
	with:
	name: sbom.json
	path: sbom.json
	overwrite: true

	- name: Upload SBOM to Dependency Track
	if: github.event_name == 'release'
	uses: OctopusDeploy/upload-sbom-go@v1.0.0
	with:
	dependency-track-url: ${{ secrets.DTRACK_URL }}
	dependency-track-key: ${{ secrets.DTRACK_KEY }}
	project-name: kubernetes-permissions-controller
	project-version: ${{ env.version }}
	parent-name: kubernetes-permissions-controller
	is-latest: true
	project-tags: kubernetes-permissions-controller,modern-deployments
	sbom-file: "sbom.json"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Build and Push Image #22

Workflow file

Build and Push Image #22

Uh oh!

Jobs

Run details

Workflow file for this run