pulumi/.github/workflows/trigger-container-build-event.yml
Paul Stack 8396030578
Enable command dispatch workflow for dealing with PRs (#5851)
There are a few things happening here:

- Rename the command dispatch release events to be prefixed with trigger-
- Introduce a new command-dispatch event

  This new event listens for a trigger term in a comment e.g. /run-acceptance-tests

  This trigger term is *only* needed when the PR is from a fork! When the trigger term is posted
  then the run-build-and-acceptance-tests.yml event is fired

- run-build-and-acceptance-tests.yml

  If the user runs the code from a pulumi based branch, then the tests and builds will work as normal
  If this file is being run via respository_dispatch then it will be able to run the test and builds
  and also post a comment back to the PR with the link to the test run

It's important to say that PRs affecting the codegen and resource docs paths will only fire from a
pulumi based branch - there is currently no command dispatch events for these codegen and resource PRs!
2020-12-07 19:29:04 +00:00

152 lines
5.1 KiB
YAML

name: pulumi sdk containers build
on:
repository_dispatch:
types:
- docker-build
env:
VERSION: ${{ github.event.client_payload.ref }}
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
jobs:
pulumi:
name: pulumi image build
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v2
- name: Build Pulumi Image
uses: jaxxstorm/action-docker-build@e98e474ca0312b1a0300cdbf9357dd2df3c62c22
with:
repository: pulumi/pulumi
username: "pulumibot"
password: ${{ secrets.DOCKER_HUB_TOKEN }}
dockerfile: docker/pulumi/Dockerfile
additional-tags: v${{ env.VERSION }}
tag-latest: true
build-args: PULUMI_VERSION=v${{ env.VERSION }}
- name: Build Pulumi GitHub Actions Image
uses: jaxxstorm/action-docker-build@e98e474ca0312b1a0300cdbf9357dd2df3c62c22
with:
repository: pulumi/actions
username: "pulumibot"
password: ${{ secrets.DOCKER_HUB_TOKEN }}
dockerfile: docker/actions/Dockerfile
additional-tags: v${{ env.VERSION }}
tag-latest: true
build-args: PULUMI_VERSION=v${{ env.VERSION }}
base:
name: base sdk image build
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@master
- name: Build base image
uses: jaxxstorm/action-docker-build@e98e474ca0312b1a0300cdbf9357dd2df3c62c22
with:
repository: pulumi/pulumi-base
buildkit: true
username: "pulumibot"
password: ${{ secrets.DOCKER_HUB_TOKEN }}
dockerfile: docker/base/Dockerfile
additional-tags: ${{ env.VERSION }}
tag-latest: true
build-args: PULUMI_VERSION=${{ env.VERSION }}
- uses: meeDamian/sync-readme@v1.0.6
name: Sync readme to Docker Hub
with:
user: "pulumibot"
pass: ${{ secrets.DOCKER_HUB_TOKEN }}
slug: pulumi/pulumi-base
readme: docker/README.md
description: Pulumi CLI container - bring your own SDK
base_os:
name: os base sdk image build
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
os: [ "ubi", "debian" ]
steps:
- uses: actions/checkout@master
- name: Build base image
uses: jaxxstorm/action-docker-build@e98e474ca0312b1a0300cdbf9357dd2df3c62c22
with:
repository: pulumi/pulumi-base
buildkit: true
username: "pulumibot"
password: ${{ secrets.DOCKER_HUB_TOKEN }}
dockerfile: docker/base/Dockerfile.${{ matrix.os }}
additional-tags: ${{ env.VERSION }}-${{ matrix.os }}
tag-latest: false
build-args: PULUMI_VERSION=${{ env.VERSION }}
sdk:
name: language sdk image
runs-on: ubuntu-latest
needs: base
strategy:
fail-fast: false
matrix:
sdk: [ "nodejs", "python", "dotnet", "go" ]
steps:
- uses: actions/checkout@master
- name: Build image
uses: jaxxstorm/action-docker-build@e98e474ca0312b1a0300cdbf9357dd2df3c62c22
with:
repository: pulumi/pulumi-${{matrix.sdk}}
buildkit: true
username: "pulumibot"
password: ${{ secrets.DOCKER_HUB_TOKEN }}
dockerfile: docker/${{ matrix.sdk }}/Dockerfile
additional-tags: ${{ env.VERSION }}
build-args: PULUMI_VERSION=${{ env.VERSION }}
tag-latest: true
- uses: meeDamian/sync-readme@v1.0.6
name: Sync readme to Docker Hub
with:
user: "pulumibot"
pass: ${{ secrets.DOCKER_HUB_TOKEN }}
slug: pulumi/pulumi-${{matrix.sdk}}
readme: docker/README.md
description: Pulumi CLI container for ${{ matrix.sdk }}
os_sdk:
name: os language sdk image
runs-on: ubuntu-latest
needs: base_os
strategy:
fail-fast: false
matrix:
sdk: [ "nodejs", "python", "dotnet", "go" ]
os: [ "ubi", "debian" ]
steps:
- uses: actions/checkout@master
- name: Build image
uses: jaxxstorm/action-docker-build@e98e474ca0312b1a0300cdbf9357dd2df3c62c22
with:
repository: pulumi/pulumi-${{matrix.sdk}}
buildkit: true
username: "pulumibot"
password: ${{ secrets.DOCKER_HUB_TOKEN }}
dockerfile: docker/${{ matrix.sdk }}/Dockerfile.${{ matrix.os }}
additional-tags: ${{ env.VERSION }}-${{ matrix.os }}
build-args: PULUMI_VERSION=${{ env.VERSION }}
tag-latest: true
image-scan:
name: scan container images
runs-on: ubuntu-latest
needs: os_sdk
strategy:
matrix:
image: [ "base", "nodejs", "python", "go" ]
os: [ "ubi" ]
steps:
- uses: actions/checkout@master
- name: Run Snyk to check Docker images for vulnerabilities
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: pulumi/pulumi-${{matrix.image}}:${{ env.VERSION }}-${{ matrix.os }}
args: --severity-threshold=high --file=docker/${{matrix.image}}/Dockerfile.${{ matrix.os }}