Potentially this should build.

2024-06-21 13:24:30 +02:00 · 2024-06-21 13:24:30 +02:00 · 4695cba98c
commit 4695cba98c
parent ba23c7393a
10 changed files with 21 additions and 32 deletions
--- a/.github/workflows/docker.build.yml
+++ b/.github/workflows/docker.build.yml
@ -15,7 +15,7 @@ env:
 jobs:
  docker-build:
    name: Build Swarm Load Balancer
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
    steps:
      - uses: benzine-framework/action-setup-php@main
      - uses: benzine-framework/action-get-datetime@main
@ -37,7 +37,6 @@ jobs:
          pull: true
          push: ${{ github.ref == 'refs/heads/main' }}
          tags: |
-            ${{ env.DOCKER_IMAGE }}:latest
            ${{ env.DOCKER_IMAGE }}:date-${{ env.DATE }}
            ${{ env.DOCKER_IMAGE }}:sha-${{ github.sha }}
          cache-from: ${{ env.DOCKER_CACHE_FROM }}
--- a/.github/workflows/docker.clean.yml
+++ b/.github/workflows/docker.clean.yml
@ -15,7 +15,7 @@ on:
 jobs:
  cleanup-delete-candidate-image:
    name: Delete candidate image
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
    steps:
      - run: docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
      - uses: vlaurin/action-ghcr-prune@v0.6.0
@ -23,14 +23,14 @@ jobs:
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          organization: ${{ github.repository_owner }}
-          container: bouncer
+          container: ${{ github.repository_name }}
          dry-run: true
          prune-tags-regexes: |
            ^build-${{ github.sha }}$

  cleanup-untagged-images:
    name: Delete untagged images
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
    steps:
      - run: docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
      - uses: vlaurin/action-ghcr-prune@v0.6.0
--- a/.github/workflows/docker.release.yml
+++ b/.github/workflows/docker.release.yml
@ -9,26 +9,16 @@ on:
  workflow_dispatch:

 env:
-  CANDIDATE_IMAGE: ghcr.io/benzine-framework/bouncer:build-${{ github.sha }}
-  RELEASE_IMAGE_GHCR: ghcr.io/benzine-framework/bouncer:latest
-  RELEASE_IMAGE_DOCKER: benzine/bouncer:latest
+  CANDIDATE_IMAGE: ghcr.io/${{ github.repository_owner }}/${{ github.repository_name }}:sha-${{ github.sha }}
+  RELEASE_IMAGE: ghcr.io/${{ github.repository_owner }}/${{ github.repository_name }}:latest

 jobs:
  release-ghcr:
    name: GHCR
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
    steps:
-      - run: docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
+      - run: docker login ghcr.io -u ${{ vars.SERVICE_ACCOUNT_USERNAME }} -p ${{ secrets.SERVICE_ACCOUNT_TOKEN }}
      - run: docker pull ${{ env.CANDIDATE_IMAGE }}
-      - run: docker tag ${{ env.CANDIDATE_IMAGE }} ${{ env.RELEASE_IMAGE_GHCR }}
-      - run: docker push ${{ env.RELEASE_IMAGE_GHCR }}
+      - run: docker tag ${{ env.CANDIDATE_IMAGE }} ${{ env.RELEASE_IMAGE }}
+      - run: docker push ${{ env.RELEASE_IMAGE }}

-  release-docker-hub:
-    name: Docker Hub
-    runs-on: ubuntu-latest
-    steps:
-      - run: docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
-      - run: docker login docker.io -u matthewbaggett -p ${{ secrets.DOCKER_HUB_TOKEN }}
-      - run: docker pull ${{ env.CANDIDATE_IMAGE }}
-      - run: docker tag ${{ env.CANDIDATE_IMAGE }} ${{ env.RELEASE_IMAGE_DOCKER }}
-      - run: docker push ${{ env.RELEASE_IMAGE_DOCKER }}
--- a/.github/workflows/docker.validate.yml
+++ b/.github/workflows/docker.validate.yml
@ -13,12 +13,12 @@ on:
      - completed

 env:
-  CANDIDATE_IMAGE: ghcr.io/benzine-framework/bouncer:build-${{ github.sha }}
+  CANDIDATE_IMAGE: ghcr.io/${{ github.repository_owner }}/${{ github.repository_name }}:hash-${{ github.sha }}

 jobs:
  validate-install-report:
    name: Run Install Report
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
    steps:
      - run: docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
      - name: "Pull Candidate Image"
@ -27,7 +27,7 @@ jobs:
        run: docker run --rm ${{ env.CANDIDATE_IMAGE }} /usr/bin/install-report
  validate-dive-report:
    name: Run Dive
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
    steps:
      - run: docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
      - name: "Pull Candidate Image"
@ -48,7 +48,7 @@ jobs:
          config-file: ${{ github.workspace }}/.dive-ci.yml
  validate-vulnerability-report:
    name: Run Trivy
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
    steps:
      - run: docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
      - name: "Pull Candidate Image"
--- a/.github/workflows/php.check.yml
+++ b/.github/workflows/php.check.yml
@ -10,7 +10,7 @@ on:
 jobs:
  php-stan:
    name: PHPStan
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
    permissions:
      checks: write # To post annotations
      contents: read # For repo checkout
@ -20,7 +20,7 @@ jobs:

  php-cs-fixer:
    name: PHP-CS-Fixer
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
    permissions:
      checks: write # For trunk to post annotations
      contents: read # For repo checkout
--- a/.github/workflows/tag.release.yml
+++ b/.github/workflows/tag.release.yml
@ -17,7 +17,7 @@ env:
 jobs:
  build-tagged-release:
    name: Build Swarm Load Balancer
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
    if: startsWith(github.ref, 'refs/tags/v')
    steps:
      - run: echo "Building Tagged Release ${{ env.TAG_IMAGE_GHCR }} & ${{ env.TAG_IMAGE_DOCKER }}"
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -10,7 +10,7 @@ on:
 jobs:
  test-integration:
    name: Integration Tests
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
    steps:
      - uses: actions/checkout@v4
      - name: Start Bouncer
--- a/.github/workflows/trunk.cache.yml
+++ b/.github/workflows/trunk.cache.yml
@ -22,7 +22,7 @@ concurrency:
 jobs:
  trunk-cache:
    name: Trunk Cache
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
    permissions:
      actions: write
    steps:
--- a/.github/workflows/trunk.check.yml
+++ b/.github/workflows/trunk.check.yml
@ -10,7 +10,7 @@ on:
 jobs:
  trunk-check:
    name: Trunk Check Runner
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
    permissions:
      checks: write # For trunk to post annotations
      contents: read # For repo checkout
--- a/.github/workflows/trunk.upgrade.yml
+++ b/.github/workflows/trunk.upgrade.yml
@ -20,7 +20,7 @@ concurrency:
 jobs:
  trunk-upgrade:
    name: Upgrade Trunk
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
    permissions:
      contents: write # For trunk to create PRs
      pull-requests: write # For trunk to create PRs