Build & Push Fetch-Repos Bot Runner image (Kaniko) #36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Push Fetch-Repos Bot Runner image (Kaniko) | |
| on: | |
| push: | |
| paths: | |
| - 'robot.yaml' | |
| - 'conda.yaml' | |
| - 'repos/fetch-repos/Dockerfile' | |
| pull_request: | |
| paths: | |
| - 'robot.yaml' | |
| - 'conda.yaml' | |
| - 'repos/fetch-repos/Dockerfile' | |
| workflow_dispatch: | |
| env: | |
| KANIKO_CACHE_ARGS: "--cache=true --cache-copy-layers=true --cache-ttl=24h" | |
| concurrency: | |
| group: kaniko-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-to-ghcr: | |
| runs-on: fetch-repos-bot-runner-k8s-kaniko | |
| container: | |
| image: gcr.io/kaniko-project/executor:v1.23.2-debug | |
| permissions: | |
| contents: read | |
| packages: write # push to GHCR | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/[email protected] | |
| - name: Build and Push Image to GHCR with kaniko | |
| env: | |
| GIT_USERNAME: ${{ github.actor }} | |
| GIT_PASSWORD: ${{ secrets.CR_PAT }} | |
| run: | | |
| # Set lowercase image names (replace / with -) | |
| REPO_LC=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]' | tr '/' '-') | |
| IMAGE_BASE="ghcr.io/${REPO_LC}-runner" | |
| CACHE_IMG="ghcr.io/${REPO_LC}-runner-cache:latest" | |
| echo "Building image: $IMAGE_BASE" | |
| echo "Using cache: $CACHE_IMG" | |
| cat <<EOF > /kaniko/.docker/config.json | |
| { | |
| "auths": { | |
| "ghcr.io": { | |
| "auth": "$(echo -n "$GIT_USERNAME:$GIT_PASSWORD" | base64 -w0)" | |
| } | |
| } | |
| } | |
| EOF | |
| /kaniko/executor --dockerfile="repos/fetch-repos/Dockerfile" \ | |
| --context="${{ github.repositoryUrl }}#${{ github.ref }}#${{ github.sha }}" \ | |
| --destination="$IMAGE_BASE:$(echo $GITHUB_SHA | head -c7)" \ | |
| $KANIKO_CACHE_ARGS \ | |
| --cache-repo="$CACHE_IMG" \ | |
| --push-retry 5 | |
| - name: Set NEW_TAG output | |
| id: set_tag | |
| run: | | |
| REPO_LC=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]' | tr '/' '-') | |
| IMAGE_BASE="ghcr.io/${REPO_LC}-runner" | |
| NEW_TAG="$IMAGE_BASE:$(echo $GITHUB_SHA | head -c7)" | |
| echo "NEW_TAG=$NEW_TAG" >> $GITHUB_OUTPUT | |
| - name: Update image tag in values.yaml only | |
| env: | |
| NEW_TAG: ${{ steps.set_tag.outputs.NEW_TAG }} | |
| uses: mikefarah/[email protected] | |
| with: | |
| cmd: | | |
| echo "Updating repos/fetch-repos/values.yaml to use tag $NEW_TAG" | |
| yq -i '.template.spec.containers[0].image = strenv(NEW_TAG)' repos/fetch-repos/values.yaml | |
| - name: Create or update tag-bump PR | |
| uses: peter-evans/[email protected] | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| branch: chore/update-runner-image | |
| commit-message: | | |
| chore: update runner image tag to ${{ steps.set_tag.outputs.NEW_TAG }} | |
| title: "chore: bump runner image → ${{ steps.set_tag.outputs.NEW_TAG }}" | |
| body: | | |
| Automated build updated: | |
| • repos/fetch-repos/values.yaml | |
| reviewers: joshyorko | |
| draft: false |