refactor: wip

Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>

.github/workflows/barman-base-image.yml

@@ -4,59 +4,36 @@ on:
   workflow_dispatch:
   schedule:
     - cron: "0 0 * * 0"
+  push:
+    branches:
+      - main
+    paths:
+      - 'containers/sidecar-requirements.txt'
 
-env:
+permissions: read-all
-  IMAGE_NAME: "ghcr.io/cloudnative-pg/plugin-barman-cloud-base"
-  PLATFORMS: "linux/amd64,linux/arm64"
-
-permissions:
-  contents: write
-  packages: write
-  security-events: write
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
-        with:
+      - name: Install QEMU static binaries
-          fetch-depth: 0
-
-      - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
-        with:
+      - name: Install Task
-          platforms: ${{ env.PLATFORMS }}
+        uses: arduino/setup-task@v2
-
+      - name: Install Dagger
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Log in to the GitHub Container registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build Docker Image
-        uses: docker/build-push-action@v6
-        with:
-          platforms: ${{ env.PLATFORMS }}
-          context: .
-          file: ./containers/Dockerfile.barmanbase
-          push: true
-          tags: ${{ env.IMAGE_NAME }}:latest
-
-      - name: Run Snyk to check Docker image for vulnerabilities
-        uses: snyk/actions/docker@master
-        continue-on-error: true
         env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          # renovate: datasource=github-tags depName=dagger/dagger versioning=semver
-        with:
+          DAGGER_VERSION: 0.18.5
-          image: "${{ env.IMAGE_NAME }}:latest"
+        run: |
-          args: --severity-threshold=high --file=./containers/Dockerfile.barmanbase
+          curl -L https://dl.dagger.io/dagger/install.sh | BIN_DIR=$HOME/.local/bin sh
-
+      - name: Publish a barman-base
-      - name: Upload result to GitHub Code Scanning
+        env:
-        uses: github/codeql-action/upload-sarif@v3
+          REGISTRY_USER: ${{ github.actor }}
-        with:
+          REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-          sarif_file: snyk.sarif
+        run: |
+          task publish-barman-base

Taskfile.yml

@@ -377,6 +377,33 @@ tasks:
         build --dir . --file containers/Dockerfile.sidecar --platform linux/amd64 --platform linux/arm64
         publish --ref {{.SIDECAR_IMAGE_NAME}} --tags {{.IMAGE_VERSION}}
 
+  publish-barman-base:
+    desc: Build and publish a barman-cloud base container image (sidecar)
+    vars:
+      BARMAN_BASE_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}-base{{if not (hasPrefix "refs/heads/main" .GITHUB_REF)}}-testing{{end}}
+      BARMAN_VERSION:
+        sh: grep "^barman" containers/sidecar-requirements.in | sed -E 's/.*==([^ ]+)/\1/'
+      BUILD_DATE:
+        sh: date +"%Y%m%d%H%M"
+    requires:
+      # We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here
+      # to prevent running this task locally by accident.
+      vars:
+        - CI
+        - GITHUB_REPOSITORY
+        - GITHUB_REF
+        - GITHUB_REF_NAME
+        - REGISTRY_USER
+        - REGISTRY_PASSWORD
+    env:
+      # renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main
+      DAGGER_DOCKER_SHA: bba3a4ee46fd663a5577337e2221db56c646a0b7
+    cmds:
+      - >
+        dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA}
+        --registry ghcr.io --username $REGISTRY_USER --password env:REGISTRY_PASSWORD
+        build --dir . --file containers/Dockerfile.barmanbase --platform linux/amd64 --platform linux/arm64
+        publish --ref {{.BARMAN_BASE_IMAGE_NAME}} --tags "{{.BARMAN_VERSION}}-{{.BUILD_DATE}}"
 
   controller-gen:
     desc: Run controller-gen