name: Package & Release # The workflow to build and release official Kong packages and images. on: # yamllint disable-line rule:truthy pull_request: paths-ignore: - '**/*.md' - 'COPYRIGHT' - 'LICENSE' - '.github/workflows/build_and_test.yml' - 'changelog/**' - 'kong.conf.default' schedule: - cron: '0 0 * * *' push: branches: - master workflow_dispatch: inputs: official: description: 'Official release?' required: true type: boolean default: false version: description: 'Release version, e.g. `3.0.0.0-beta.2`' required: true type: string # `commit-ly` is a flag that indicates whether the build should be run per commit. env: # official release repo DOCKER_ORGANIZATION: kong DOCKER_REPOSITORY: kong/kong PRERELEASE_DOCKER_REPOSITORY: kong/kong-dev FULL_RELEASE: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || github.actor == 'dependabot[bot]'}} # only for PR GHA_CACHE: ${{ github.event_name == 'pull_request' }} # PRs opened from fork and from dependabot don't have access to repo secrets HAS_ACCESS_TO_GITHUB_TOKEN: ${{ github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') }} jobs: metadata: name: Metadata runs-on: ubuntu-24.04 outputs: kong-version: ${{ steps.build-info.outputs.kong-version }} prerelease-docker-repository: ${{ env.PRERELEASE_DOCKER_REPOSITORY }} docker-repository: ${{ steps.build-info.outputs.docker-repository }} release-desc: ${{ steps.build-info.outputs.release-desc }} release-label: ${{ steps.build-info.outputs.release-label || '' }} deploy-environment: ${{ steps.build-info.outputs.deploy-environment }} matrix: ${{ steps.build-info.outputs.matrix }} arch: ${{ steps.build-info.outputs.arch }} # use github.event.pull_request.head.sha instead of github.sha on a PR, as github.sha on PR is the merged commit (temporary commit) commit-sha: ${{ github.event.pull_request.head.sha || github.sha }} steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Build Info id: build-info run: | KONG_VERSION=$(bash scripts/grep-kong-version.sh) echo "kong-version=$KONG_VERSION" >> $GITHUB_OUTPUT if [ "${{ github.event_name == 'schedule' }}" == "true" ]; then echo "release-label=$(date -u +'%Y%m%d')" >> $GITHUB_OUTPUT fi matrix_file=".github/matrix-commitly.yml" if [ "$FULL_RELEASE" == "true" ]; then matrix_file=".github/matrix-full.yml" fi if [ "${{ github.event.inputs.official }}" == "true" ]; then release_desc="$KONG_VERSION (official)" echo "docker-repository=$DOCKER_REPOSITORY" >> $GITHUB_OUTPUT echo "deploy-environment=release" >> $GITHUB_OUTPUT else release_desc="$KONG_VERSION (pre-release)" echo "docker-repository=$PRERELEASE_DOCKER_REPOSITORY" >> $GITHUB_OUTPUT fi echo "release-desc=$release_desc" >> $GITHUB_OUTPUT echo "matrix=$(yq -I=0 -o=json $matrix_file)" >> $GITHUB_OUTPUT echo "docker-test-image=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ github.event.pull_request.head.sha || github.sha }}" >> $GITHUB_OUTPUT cat $GITHUB_OUTPUT echo "### :package: Building and packaging for $release_desc" >> $GITHUB_STEP_SUMMARY echo >> $GITHUB_STEP_SUMMARY echo '- event_name: ${{ github.event_name }}' >> $GITHUB_STEP_SUMMARY echo '- ref_name: ${{ github.ref_name }}' >> $GITHUB_STEP_SUMMARY echo '- inputs.version: ${{ github.event.inputs.version }}' >> $GITHUB_STEP_SUMMARY echo >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY cat $GITHUB_OUTPUT >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY build-packages: needs: metadata name: Build & Package - ${{ matrix.label }} environment: ${{ needs.metadata.outputs.deploy-environment }} strategy: fail-fast: false matrix: include: "${{ fromJSON(needs.metadata.outputs.matrix)['build-packages'] }}" runs-on: ubuntu-24.04 container: image: ${{ matrix.image }} options: --privileged steps: - name: Early Rpm Setup if: matrix.package == 'rpm' && matrix.image != '' run: | # tar/gzip is needed to restore git cache (if available) yum install -y tar gzip which file zlib-devel - name: Early Deb in Container Setup if: matrix.package == 'deb' && matrix.image != '' run: | # tar/gzip is needed to restore git cache (if available) apt-get update apt-get install -y git tar gzip file sudo - name: Cache Git id: cache-git if: (matrix.package == 'rpm') && matrix.image != '' uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: /usr/local/git key: ${{ matrix.label }}-git-2.41.0 # el-7,8, amazonlinux-2,2023 doesn't have git 2.18+, so we need to install it manually - name: Install newer Git if: (matrix.package == 'rpm') && matrix.image != '' && steps.cache-git.outputs.cache-hit != 'true' run: | if which apt 2>/dev/null; then apt update apt install -y wget libz-dev libssl-dev libcurl4-gnutls-dev libexpat1-dev gettext make gcc autoconf sudo else yum update -y yum groupinstall -y 'Development Tools' yum install -y wget zlib-devel openssl-devel curl-devel expat-devel gettext-devel perl-CPAN perl-devel fi wget https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.41.0.tar.gz tar xf git-2.41.0.tar.gz cd git-2.41.0 make configure ./configure --prefix=/usr/local/git make -j$(nproc) make install - name: Add Git to PATH if: (matrix.package == 'rpm') && matrix.image != '' run: | echo "/usr/local/git/bin" >> $GITHUB_PATH - name: Checkout Kong source code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Swap git with https run: git config --global url."https://github".insteadOf git://github - name: Generate build cache key id: cache-key if: env.GHA_CACHE == 'true' uses: ./.github/actions/build-cache-key with: prefix: ${{ matrix.label }}-build extra: | ${{ hashFiles('kong/**') }} - name: Cache Packages id: cache-deps if: env.GHA_CACHE == 'true' uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: bazel-bin/pkg key: ${{ steps.cache-key.outputs.cache-key }} - name: Set .requirements into environment variables run: | grep -v '^#' .requirements >> $GITHUB_ENV - name: Setup Bazel uses: bazel-contrib/setup-bazel@c5acdfb288317d0b5c0bbd7a396a3dc868bb0f86 #0.9.10 with: bazelisk-version: "1.20.0" # Avoid downloading Bazel every time. bazelisk-cache: true - name: Install Deb Dependencies if: matrix.package == 'deb' && steps.cache-deps.outputs.cache-hit != 'true' run: | sudo apt-get update && sudo DEBIAN_FRONTEND=noninteractive apt-get install -y \ automake \ build-essential \ curl \ file \ libyaml-dev \ m4 \ perl \ pkg-config \ unzip \ zlib1g-dev - name: Install Ubuntu Cross Build Dependencies (arm64) if: matrix.package == 'deb' && steps.cache-deps.outputs.cache-hit != 'true' && endsWith(matrix.label, 'arm64') run: | sudo apt-get install crossbuild-essential-arm64 -y - name: Install Rpm Dependencies if: matrix.package == 'rpm' && matrix.image != '' run: | yum groupinstall -y 'Development Tools' dnf install -y 'dnf-command(config-manager)' dnf config-manager --set-enabled powertools || true # enable devel packages on rockylinux:8 dnf config-manager --set-enabled crb || true # enable devel packages on rockylinux:9 yum install -y libyaml-devel yum install -y cpanminus || (yum install -y perl && curl -L https://raw.githubusercontent.com/miyagawa/cpanminus/master/cpanm | perl - App::cpanminus) # amazonlinux2023 removed cpanminus # required for openssl 3.x config cpanm IPC/Cmd.pm - name: Build Kong dependencies if: steps.cache-deps.outputs.cache-hit != 'true' env: GH_TOKEN: ${{ github.token }} run: | bazel build --config release //build:kong --verbose_failures ${{ matrix.bazel-args }} - name: Package Kong - ${{ matrix.package }} if: matrix.package != 'rpm' && steps.cache-deps.outputs.cache-hit != 'true' run: | bazel build --config release :kong_${{ matrix.package }} --verbose_failures ${{ matrix.bazel-args }} - name: Package Kong - rpm if: matrix.package == 'rpm' && steps.cache-deps.outputs.cache-hit != 'true' env: RELEASE_SIGNING_GPG_KEY: ${{ secrets.RELEASE_SIGNING_GPG_KEY }} NFPM_RPM_PASSPHRASE: ${{ secrets.RELEASE_SIGNING_GPG_KEY_PASSPHRASE }} run: | if [ -n "${RELEASE_SIGNING_GPG_KEY:-}" ]; then RPM_SIGNING_KEY_FILE=$(mktemp) echo "$RELEASE_SIGNING_GPG_KEY" > $RPM_SIGNING_KEY_FILE export RPM_SIGNING_KEY_FILE=$RPM_SIGNING_KEY_FILE fi bazel build --config release :kong_${{ matrix.package-type }} --action_env=RPM_SIGNING_KEY_FILE --action_env=NFPM_RPM_PASSPHRASE ${{ matrix.bazel-args }} - name: Bazel Debug Outputs if: failure() run: | cat bazel-out/_tmp/actions/stderr-* sudo dmesg || true tail -n500 bazel-out/**/*/CMake.log || true - name: Upload artifacts uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: ${{ matrix.label }}-packages path: bazel-bin/pkg retention-days: 3 verify-manifest-packages: needs: [metadata, build-packages] name: Verify Manifest - Package ${{ matrix.label }} runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: include: "${{ fromJSON(needs.metadata.outputs.matrix)['build-packages'] }}" steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download artifact uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: ${{ matrix.label }}-packages path: bazel-bin/pkg - name: Install Python uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.11' cache: 'pip' # caching pip dependencies - name: Verify run: | cd scripts/explain_manifest pip install -r requirements.txt pkg=$(ls ../../bazel-bin/pkg/kong* |head -n1) python ./main.py -f filelist.txt -p $pkg -o test.txt -s ${{ matrix.check-manifest-suite }} build-images: name: Build Images - ${{ matrix.label }} needs: [metadata, build-packages] runs-on: ubuntu-24.04 permissions: # create comments on commits for docker images needs the `write` permission contents: write strategy: fail-fast: false matrix: include: "${{ fromJSON(needs.metadata.outputs.matrix)['build-images'] }}" steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download artifact uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: ${{ matrix.artifact-from }}-packages path: bazel-bin/pkg - name: Download artifact (alt) if: matrix.artifact-from-alt != '' uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: ${{ matrix.artifact-from-alt }}-packages path: bazel-bin/pkg - name: Login to Docker Hub if: ${{ env.HAS_ACCESS_TO_GITHUB_TOKEN == 'true' }} uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ env.DOCKER_ORGANIZATION }} password: ${{ secrets.DOCKER_OAT_PUSH }} - name: Docker meta id: meta uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 env: DOCKER_METADATA_PR_HEAD_SHA: true with: images: ${{ needs.metadata.outputs.prerelease-docker-repository }} tags: | type=raw,${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }} type=raw,enable=${{ matrix.label == 'ubuntu' }},${{ needs.metadata.outputs.commit-sha }} - name: Set up QEMU if: matrix.docker-platforms != '' uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Set platforms id: docker_platforms_arg run: | platforms="${{ matrix.docker-platforms }}" if [[ -z "$platforms" ]]; then platforms="linux/amd64" fi echo "platforms=$platforms" echo "platforms=$platforms" >> $GITHUB_OUTPUT - name: Set rpm platform id: docker_rpm_platform_arg if: matrix.package == 'rpm' run: | rpm_platform="${{ matrix.rpm_platform }}" if [[ -z "$rpm_platform" ]]; then rpm_platform="el9" fi echo "rpm_platform=$rpm_platform" echo "rpm_platform=$rpm_platform" >> $GITHUB_OUTPUT - name: Build Docker Image uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: file: build/dockerfiles/${{ matrix.package }}.Dockerfile context: . push: ${{ env.HAS_ACCESS_TO_GITHUB_TOKEN == 'true' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} platforms: ${{ steps.docker_platforms_arg.outputs.platforms }} build-args: | KONG_BASE_IMAGE=${{ matrix.base-image }} KONG_ARTIFACT_PATH=bazel-bin/pkg KONG_VERSION=${{ needs.metadata.outputs.kong-version }} RPM_PLATFORM=${{ steps.docker_rpm_platform_arg.outputs.rpm_platform }} EE_PORTS=8002 8445 8003 8446 8004 8447 - name: Comment on commit if: github.event_name == 'push' && matrix.label == 'ubuntu' uses: peter-evans/commit-comment@f6d60c65d05bb59f750fa51ad3de1d443ba0eb52 # v4.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} body: | ### Bazel Build Docker image available `${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}` Artifacts available https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} verify-manifest-images: needs: [metadata, build-images] name: Verify Manifest - Image ${{ matrix.label }} runs-on: ubuntu-24.04 if: github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') strategy: fail-fast: false matrix: include: "${{ fromJSON(needs.metadata.outputs.matrix)['build-images'] }}" steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install Python uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.11' cache: 'pip' # caching pip dependencies - name: Verify run: | cd scripts/explain_manifest # docker image verify requires sudo to set correct permissions, so we # also install deps for root sudo -E pip install -r requirements.txt IMAGE=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }} sudo -E python ./main.py --image $IMAGE -f docker_image_filelist.txt -s docker-image if [[ ! -z "${{ matrix.docker-platforms }}" ]]; then DOCKER_DEFAULT_PLATFORM=linux/arm64 sudo -E python ./main.py --image $IMAGE -f docker_image_filelist.txt -s docker-image fi scan-images: name: Scan Images - ${{ matrix.label }} needs: [metadata, build-images] runs-on: ubuntu-24.04 timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT) }} if: |- always() && vars.DISABLE_SCA_SCAN == 'false' && fromJSON(needs.metadata.outputs.matrix)['scan-vulnerabilities'] != '' && needs.build-images.result == 'success' && (github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]')) strategy: fail-fast: false matrix: include: "${{ fromJSON(needs.metadata.outputs.matrix)['scan-vulnerabilities'] }}" env: IMAGE: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }} steps: - name: Install regctl uses: regclient/actions/regctl-installer@f07124ffba4b0cbf96b2a666d481ed9d44b5e7e4 - name: Login to Docker Hub if: ${{ env.HAS_ACCESS_TO_GITHUB_TOKEN }} uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ env.DOCKER_ORGANIZATION }} password: ${{ secrets.DOCKER_OAT_PUSH }} # TODO: Refactor matrix file to support and parse platforms specific to distro # Workaround: Look for specific amd64 and arm64 hardcooded architectures - name: Parse Architecture Specific Image Manifest Digests id: image_manifest_metadata run: | manifest_list_exists="$( if regctl manifest get "${IMAGE}" --format raw-body --require-list -v panic &> /dev/null; then echo true else echo false fi )" echo "manifest_list_exists=$manifest_list_exists" echo "manifest_list_exists=$manifest_list_exists" >> $GITHUB_OUTPUT amd64_sha="$(regctl image digest "${IMAGE}" --platform linux/amd64 || echo '')" arm64_sha="$(regctl image digest "${IMAGE}" --platform linux/arm64 || echo '')" echo "amd64_sha=$amd64_sha" echo "amd64_sha=$amd64_sha" >> $GITHUB_OUTPUT echo "arm64_sha=$arm64_sha" echo "arm64_sha=$arm64_sha" >> $GITHUB_OUTPUT - name: Scan AMD64 Image digest id: sbom_action_amd64 if: steps.image_manifest_metadata.outputs.amd64_sha != '' uses: Kong/public-shared-actions/security-actions/scan-docker-image@a92df3beb1e69e27d86be56346488f15fecaf0de # scan-docker-image@6.1.1 with: asset_prefix: kong-${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}-linux-amd64 image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }} skip_cis_scan: true # FIXME - name: Scan ARM64 Image digest if: steps.image_manifest_metadata.outputs.manifest_list_exists == 'true' && steps.image_manifest_metadata.outputs.arm64_sha != '' id: sbom_action_arm64 uses: Kong/public-shared-actions/security-actions/scan-docker-image@a92df3beb1e69e27d86be56346488f15fecaf0de # scan-docker-image@6.1.1 with: asset_prefix: kong-${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}-linux-arm64 image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }} skip_cis_scan: true # FIXME release-packages: name: Release Packages - ${{ matrix.label }} - ${{ needs.metadata.outputs.release-desc }} needs: [metadata, build-packages, build-images] runs-on: ubuntu-24.04 if: fromJSON(needs.metadata.outputs.matrix)['release-packages'] != '' timeout-minutes: 5 # PULP takes a while to publish environment: release strategy: # limit to 3 jobs at a time max-parallel: 3 fail-fast: false matrix: include: "${{ fromJSON(needs.metadata.outputs.matrix)['release-packages'] }}" steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download artifact uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: ${{ matrix.artifact-from }}-packages path: bazel-bin/pkg - name: Set package architecture id: pkg-arch run: | arch='amd64' if [[ '${{ matrix.label }}' == *'arm64' ]]; then arch='arm64' fi echo "arch=$arch" echo "arch=$arch" >> $GITHUB_OUTPUT - name: Upload Packages env: ARCHITECTURE: ${{ steps.pkg-arch.outputs.arch }} OFFICIAL_RELEASE: ${{ github.event.inputs.official }} ARTIFACT_VERSION: ${{ matrix.artifact-version }} ARTIFACT_TYPE: ${{ matrix.artifact-type }} ARTIFACT: ${{ matrix.artifact }} INPUT_VERSION: ${{ github.event.inputs.version }} PACKAGE_TYPE: ${{ matrix.package }} KONG_RELEASE_LABEL: ${{ needs.metadata.outputs.release-label }} VERBOSE: ${{ runner.debug == '1' && '1' || '' }} CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} CLOUDSMITH_DRY_RUN: '' IGNORE_CLOUDSMITH_FAILURES: ${{ vars.IGNORE_CLOUDSMITH_FAILURES }} USE_CLOUDSMITH: ${{ vars.USE_CLOUDSMITH }} run: | sha256sum bazel-bin/pkg/* # set the version input as tags passed to release-scripts # note: release-scripts rejects user tags if missing internal flag # # this can be a comma-sepratated list of tags to apply if [[ "$OFFICIAL_RELEASE" == 'false' ]]; then if echo "$INPUT_VERSION" | grep -qs -E 'rc|alpha|beta|nightly'; then PACKAGE_TAGS="$INPUT_VERSION" export PACKAGE_TAGS fi fi scripts/release-kong.sh release-images: name: Release Images - ${{ matrix.label }} - ${{ needs.metadata.outputs.release-desc }} needs: [metadata, build-images] runs-on: ubuntu-24.04 if: fromJSON(needs.metadata.outputs.matrix)['release-images'] != '' strategy: # limit to 3 jobs at a time max-parallel: 3 fail-fast: false matrix: include: "${{ fromJSON(needs.metadata.outputs.matrix)['release-images'] }}" steps: - name: Login to Docker Hub if: ${{ env.HAS_ACCESS_TO_GITHUB_TOKEN == 'true' }} uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ env.DOCKER_ORGANIZATION }} password: ${{ secrets.DOCKER_OAT_PUSH }} - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get latest commit SHA on master run: | echo "latest_sha=$(git ls-remote origin -h refs/heads/master | cut -f1)" >> $GITHUB_ENV - name: Docker meta id: meta uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 with: images: ${{ needs.metadata.outputs.docker-repository }} sep-tags: " " tags: | type=raw,value=latest,enable=${{ matrix.label == 'ubuntu' && github.ref_name == 'master' && env.latest_sha == needs.metadata.outputs.commit-sha }} type=match,enable=${{ github.event_name == 'workflow_dispatch' }},pattern=^\d+\.\d+,value=${{ github.event.inputs.version }} type=match,enable=${{ github.event_name == 'workflow_dispatch' && matrix.label == 'ubuntu' }},pattern=^\d+\.\d+,value=${{ github.event.inputs.version }},suffix= type=raw,enable=${{ github.event_name == 'workflow_dispatch' }},${{ github.event.inputs.version }} type=raw,enable=${{ github.event_name == 'workflow_dispatch' && matrix.label == 'ubuntu' }},${{ github.event.inputs.version }},suffix= type=ref,event=branch type=ref,enable=${{ matrix.label == 'ubuntu' }},event=branch,suffix= type=ref,event=tag type=ref,enable=${{ matrix.label == 'ubuntu' }},event=tag,suffix= type=ref,event=pr type=schedule,pattern=nightly type=schedule,enable=${{ matrix.label == 'ubuntu' }},pattern=nightly,suffix= type=schedule,pattern={{date 'YYYYMMDD'}} type=schedule,enable=${{ matrix.label == 'ubuntu' }},pattern={{date 'YYYYMMDD'}},suffix= flavor: | latest=false suffix=-${{ matrix.label }} - name: Install regctl uses: regclient/actions/regctl-installer@f07124ffba4b0cbf96b2a666d481ed9d44b5e7e4 - name: Push Images if: ${{ env.HAS_ACCESS_TO_GITHUB_TOKEN == 'true' }} env: TAGS: "${{ steps.meta.outputs.tags }}" run: | PRERELEASE_IMAGE=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }} docker pull $PRERELEASE_IMAGE for tag in $TAGS; do regctl -v debug image copy $PRERELEASE_IMAGE $tag done