Skip to content

Update temporal submodule for branch main #4008

Update temporal submodule for branch main

Update temporal submodule for branch main #4008

Workflow file for this run

name: Build Docker Images
permissions:
contents: read
packages: read
security-events: write
on:
push:
branches:
- main
- release/*
- cloud/*
pull_request:
branches:
- main
workflow_dispatch:
inputs:
commit:
description: "Commit sha"
required: true
jobs:
build-push-images:
runs-on: ubuntu-latest-16-cores
# Usually, a successful job takes ~17 mins.
# Anything more than 30 mins is a sign that job is stuck.
# This is a workaround until we find the root cause.
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: "true"
ref: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.commit || '' }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: ${{ !env.ACT }}
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PAT }}
- name: Set SHA when dispatched
run: |
SHA=$([ "$GITHUB_EVENT_NAME" = "workflow_dispatch" ] && echo "${{ github.event.inputs.commit }}" || echo "${GITHUB_SHA}")
echo "SHA=${SHA}" >> $GITHUB_ENV
- name: Prepare build args
id: build_args
run: |
github_sha_short=${SHA:0:7}
echo "IMAGE_TAG=sha-${github_sha_short}" >> $GITHUB_ENV
TEMPORAL_SHA=$(git submodule status -- temporal | awk '{print $1}')
echo "TEMPORAL_SHA=${TEMPORAL_SHA}" >> $GITHUB_ENV
TCTL_SHA=$(git submodule status -- tctl | awk '{print $1}')
echo "TCTL_SHA=${TCTL_SHA}" >> $GITHUB_ENV
TAG_LATEST=${{(github.event_name == 'push' && github.ref == 'refs/heads/main') && 'true' || 'false'}}
echo "TAG_LATEST=${TAG_LATEST}" >> $GITHUB_ENV
echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
- uses: actions/setup-go@v5
with:
cache-dependency-path: "**/*.sum"
go-version-file: 'temporal/go.mod'
# You can't use `load` when building a multiarch image, so we build and load the
# native image and build multiarch images later
- name: Bake native images for security scanning
run: BAKE_OUTPUT=docker make build-native
- name: Bake and push multiarch images
if: ${{ github.event_name == 'push' && !env.ACT }}
run: BAKE_OUTPUT=registry make build
# TODO: can we loop this somehow?
- name: Run Trivy vulnerability scanner on Server image
uses: ./.github/actions/trivy
with:
image-tags: temporaliotest/server:${{ env.IMAGE_TAG }}
image-name: server
- name: Run Trivy vulnerability scanner on Admin Tools image
if: ${{ github.event_name == 'push' && !env.ACT }}
uses: ./.github/actions/trivy
with:
image-tags: temporaliotest/admin-tools:${{ env.IMAGE_TAG }}
image-name: admin-tools
- name: Run Trivy vulnerability scanner on Auto Setup image
if: ${{ github.event_name == 'push' && !env.ACT }}
uses: ./.github/actions/trivy
with:
image-tags: temporaliotest/auto-setup:${{ env.IMAGE_TAG }}
image-name: auto-setup
- name: Ensure images work
run: make IMAGE_TAG=${{env.IMAGE_TAG}} test
- name: Upload compose logs
if: always()
continue-on-error: true
uses: actions/upload-artifact@v3
with:
name: docker-compose-logs
path: docker-compose.log