83406b97f8
* [WIP] Adding the langage SDK specific docker images Fixes: #3789 * add multiple os build This introduces multiple containers images with various different OS's. The base build is based on debian (symlinked from the Dockerfile.debian) build. We also have UBi based images, and alpine based images * Adding the langage SDK specific docker images Fixes: #3789 * remove alpine builds * test docker readme sync * fix description * fix name of sync task Co-authored-by: Lee Briggs <lee@leebriggs.co.uk>
126 lines
3.9 KiB
YAML
126 lines
3.9 KiB
YAML
name: pulumi sdk containers build
|
|
on:
|
|
repository_dispatch:
|
|
types:
|
|
- docker-build
|
|
-
|
|
env:
|
|
VERSION: ${{ github.event.client_payload.ref }}
|
|
|
|
jobs:
|
|
base:
|
|
name: base sdk image build
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@master
|
|
- name: Build base image
|
|
uses: jaxxstorm/action-docker-build@release/v3.beta
|
|
with:
|
|
repository: pulumi/pulumi-base
|
|
buildkit: true
|
|
username: "pulumibot"
|
|
password: ${{ secrets.DOCKER_HUB_TOKEN }}
|
|
dockerfile: docker/base/Dockerfile
|
|
additional-tags: ${{ env.VERSION }}
|
|
tag-latest: true
|
|
build-args: PULUMI_VERSION=${{ env.VERSION }}
|
|
- uses: meeDamian/sync-readme@v1.0.6
|
|
name: Sync readme to Docker Hub
|
|
with:
|
|
user: "pulumibot"
|
|
pass: ${{ secrets.DOCKER_HUB_TOKEN }}
|
|
slug: pulumi/pulumi-base
|
|
readme: docker/README.md
|
|
description: Pulumi CLI container - bring your own SDK
|
|
|
|
base_os:
|
|
name: os base sdk image build
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os: [ "ubi", "debian" ]
|
|
steps:
|
|
- uses: actions/checkout@master
|
|
- name: Build base image
|
|
uses: jaxxstorm/action-docker-build@release/v3.beta
|
|
with:
|
|
repository: pulumi/pulumi-base
|
|
buildkit: true
|
|
username: "pulumibot"
|
|
password: ${{ secrets.DOCKER_HUB_TOKEN }}
|
|
dockerfile: docker/base/Dockerfile.${{ matrix.os }}
|
|
additional-tags: ${{ env.VERSION }}-${{ matrix.os }}
|
|
tag-latest: false
|
|
build-args: PULUMI_VERSION=${{ env.VERSION }}
|
|
|
|
sdk:
|
|
name: language sdk image
|
|
runs-on: ubuntu-latest
|
|
needs: base
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
sdk: [ "nodejs", "python", "dotnet", "go" ]
|
|
steps:
|
|
- uses: actions/checkout@master
|
|
- name: Build image
|
|
uses: jaxxstorm/action-docker-build@release/v3.beta
|
|
with:
|
|
repository: pulumi/pulumi-${{matrix.sdk}}
|
|
buildkit: true
|
|
username: "pulumibot"
|
|
password: ${{ secrets.DOCKER_HUB_TOKEN }}
|
|
dockerfile: docker/${{ matrix.sdk }}/Dockerfile
|
|
additional-tags: ${{ env.VERSION }}
|
|
build-args: PULUMI_VERSION=${{ env.VERSION }}
|
|
- uses: meeDamian/sync-readme@v1.0.6
|
|
name: Sync readme to Docker Hub
|
|
with:
|
|
user: "pulumibot"
|
|
pass: ${{ secrets.DOCKER_HUB_TOKEN }}
|
|
slug: pulumi/pulumi-${{matrix.sdk}}
|
|
readme: docker/README.md
|
|
description: Pulumi CLI container for ${{ matrix.sdk }}
|
|
|
|
os_sdk:
|
|
name: os language sdk image
|
|
runs-on: ubuntu-latest
|
|
needs: base_os
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
sdk: [ "nodejs", "python", "dotnet", "go" ]
|
|
os: [ "ubi", "debian" ]
|
|
steps:
|
|
- uses: actions/checkout@master
|
|
- name: Build image
|
|
uses: jaxxstorm/action-docker-build@release/v3.beta
|
|
with:
|
|
repository: pulumi/pulumi-${{matrix.sdk}}
|
|
buildkit: true
|
|
username: "pulumibot"
|
|
password: ${{ secrets.DOCKER_HUB_TOKEN }}
|
|
dockerfile: docker/${{ matrix.sdk }}/Dockerfile.${{ matrix.os }}
|
|
additional-tags: ${{ env.VERSION }}-${{ matrix.os }}
|
|
build-args: PULUMI_VERSION=${{ env.VERSION }}
|
|
|
|
image-scan:
|
|
name: scan container images
|
|
runs-on: ubuntu-latest
|
|
needs: os_sdk
|
|
strategy:
|
|
matrix:
|
|
image: [ "base", "nodejs", "python", "go" ]
|
|
os: [ "ubi" ]
|
|
steps:
|
|
- uses: actions/checkout@master
|
|
- name: Run Snyk to check Docker images for vulnerabilities
|
|
uses: snyk/actions/docker@master
|
|
env:
|
|
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
|
with:
|
|
image: pulumi/pulumi-${{matrix.image}}:${{ env.VERSION }}-${{ matrix.os }}
|
|
args: --severity-threshold=high --file=docker/${{matrix.image}}/Dockerfile.${{ matrix.os }}
|