-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add workflow to publish nginx and service images to GHCR #676
Changes from 7 commits
25c36ce
76e2edd
c5706a9
fe874dc
cba32e0
b5c5d2e
1950f4e
ff18a23
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
name: GHCR | ||
|
||
on: | ||
workflow_dispatch: | ||
push: | ||
branches: [master] | ||
tags: ["v*.*.*"] | ||
|
||
env: | ||
REGISTRY: ghcr.io | ||
|
||
jobs: | ||
build-push-image: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: write | ||
|
||
strategy: | ||
matrix: | ||
image: [nginx, service] | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
fetch-tags: true | ||
submodules: recursive | ||
|
||
- name: Log into registry ${{ env.REGISTRY }} | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Extract Docker metadata | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/central-${{ matrix.image }} | ||
|
||
- name: Set up QEMU emulator for multi-arch images | ||
uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Build and push ${{ matrix.image }} Docker image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
file: ${{ matrix.image }}.dockerfile | ||
context: . | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
platforms: 'linux/amd64,linux/arm64' |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,15 @@ | ||
#!/bin/bash | ||
|
||
|
||
echo "writing client config..." | ||
if [[ $OIDC_ENABLED != 'true' ]] && [[ $OIDC_ENABLED != 'false' ]]; then | ||
echo 'OIDC_ENABLED must be either true or false' | ||
exit 1 | ||
fi | ||
|
||
envsubst < /usr/share/odk/nginx/client-config.json.template > /usr/share/nginx/html/client-config.json | ||
|
||
|
||
DH_PATH=/etc/dh/nginx.pem | ||
if [ "$SSL_TYPE" != "upstream" ] && [ ! -s "$DH_PATH" ]; then | ||
openssl dhparam -out "$DH_PATH" 2048 | ||
|
@@ -17,7 +27,6 @@ fi | |
|
||
# start from fresh templates in case ssl type has changed | ||
echo "writing fresh nginx templates..." | ||
cp /usr/share/odk/nginx/redirector.conf /etc/nginx/conf.d/redirector.conf | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You'll likely need to add this back. It was there because if you go from upstream to letsencrypt, the file at There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ahh, yes. I've added a comment. |
||
CNAME=$( [ "$SSL_TYPE" = "customssl" ] && echo "local" || echo "$DOMAIN") \ | ||
envsubst '$SSL_TYPE $CNAME $SENTRY_ORG_SUBDOMAIN $SENTRY_KEY $SENTRY_PROJECT' \ | ||
< /usr/share/odk/nginx/odk.conf.template \ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is more robust, but we don't do any other such checking elsewhere. I'd bias toward if true, then it's enabled. If it's anything else, it's not enabled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This came in as part of other work. I'd rather leave it like this here and file an issue to reconsider if you really want.