marco/plugin-barman-cloud
1
0
Fork 0
mirror of https://github.com/cloudnative-pg/plugin-barman-cloud.git synced 2026-01-11 21:23:12 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

refactor: wip

Browse Source 
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
This commit is contained in:
Niccolò Fei 2025-08-18 12:35:15 +02:00 committed by Marco Nenciarini
parent 9d4239bed6
commit b4eea72689
2 changed files with 51 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
.github/workflows/barman-base-image.yml vendored
View File

@ -4,59 +4,36 @@ on:
workflow_dispatch:
schedule:
- cron: "0 0 * * 0"
push:
branches:
- main
paths:
- 'containers/sidecar-requirements.txt'
env:
IMAGE_NAME: "ghcr.io/cloudnative-pg/plugin-barman-cloud-base"
PLATFORMS: "linux/amd64,linux/arm64"
permissions:
contents: write
packages: write
security-events: write
permissions: read-all
jobs:
build:
runs-on: ubuntu-latest
permissions:
packages: write
contents: write
steps:
- name: Checkout
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Set up QEMU
uses: actions/checkout@v4
- name: Install QEMU static binaries
uses: docker/setup-qemu-action@v3
with:
platforms: ${{ env.PLATFORMS }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the GitHub Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build Docker Image
uses: docker/build-push-action@v6
with:
platforms: ${{ env.PLATFORMS }}
context: .
file: ./containers/Dockerfile.barmanbase
push: true
tags: ${{ env.IMAGE_NAME }}:latest
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
continue-on-error: true
- name: Install Task
uses: arduino/setup-task@v2
- name: Install Dagger
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: "${{ env.IMAGE_NAME }}:latest"
args: --severity-threshold=high --file=./containers/Dockerfile.barmanbase
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif
# renovate: datasource=github-tags depName=dagger/dagger versioning=semver
DAGGER_VERSION: 0.18.5
run: |
curl -L https://dl.dagger.io/dagger/install.sh | BIN_DIR=$HOME/.local/bin sh
- name: Publish a barman-base
env:
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
run: |
task publish-barman-base

27
Taskfile.yml
View File

@ -377,6 +377,33 @@ tasks:
build --dir . --file containers/Dockerfile.sidecar --platform linux/amd64 --platform linux/arm64
publish --ref {{.SIDECAR_IMAGE_NAME}} --tags {{.IMAGE_VERSION}}
publish-barman-base:
desc: Build and publish a barman-cloud base container image (sidecar)
vars:
BARMAN_BASE_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}-base{{if not (hasPrefix "refs/heads/main" .GITHUB_REF)}}-testing{{end}}
BARMAN_VERSION:
sh: grep "^barman" containers/sidecar-requirements.in | sed -E 's/.*==([^ ]+)/\1/'
BUILD_DATE:
sh: date +"%Y%m%d%H%M"
requires:
# We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here
# to prevent running this task locally by accident.
vars:
- CI
- GITHUB_REPOSITORY
- GITHUB_REF
- GITHUB_REF_NAME
- REGISTRY_USER
- REGISTRY_PASSWORD
env:
# renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main
DAGGER_DOCKER_SHA: bba3a4ee46fd663a5577337e2221db56c646a0b7
cmds:
- >
dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA}
--registry ghcr.io --username $REGISTRY_USER --password env:REGISTRY_PASSWORD
build --dir . --file containers/Dockerfile.barmanbase --platform linux/amd64 --platform linux/arm64
publish --ref {{.BARMAN_BASE_IMAGE_NAME}} --tags "{{.BARMAN_VERSION}}-{{.BUILD_DATE}}"
controller-gen:
desc: Run controller-gen