name: CD # Controls when the action will run. on: # Triggers the workflow on push on the master branch push: branches: - master # Allows you to run this workflow manually from the Actions tab workflow_dispatch: schedule: - cron: '0 0 * * *' # Remove all permissions by default permissions: {} env: BASENAME: bitnami/minideb LATEST: trixie # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "build" shellcheck: # The type of runner that the job will run on runs-on: ubuntu-24.04 if: github.event_name != 'schedule' || github.repository == 'bitnami/minideb' name: Shellcheck # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Install Dependencies run: | sudo apt-get -qq update sudo apt-get install -y shellcheck - name: Verify scripts with shellcheck run: | bash shellcheck build_multiarch: runs-on: ubuntu-24.04 needs: [ shellcheck ] strategy: matrix: dist: [bullseye, bookworm, trixie] arch: [amd64, arm64] name: Build ${{ matrix.dist }} on ${{ matrix.arch }} steps: - name: Check out repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Use local build action id: build uses: ./.github/actions/build with: dist: "${{ matrix.dist }}" platform: "${{ matrix.arch }}" is_latest: ${{ matrix.dist == env.LATEST }} - name: Push to DockerHUB if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master' env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} DOCKER_REGISTRY: docker.io DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} run: | bash pushone "${{ matrix.dist }}" "${{ matrix.arch }}" if ${{ matrix.dist == env.LATEST }} ; then bash pushone "latest" "${{ matrix.arch }}" fi - name: Push to AWS if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master' env: DOCKER_USERNAME: AWS DOCKER_REGISTRY: public.ecr.aws AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLIC_GALLERY_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PUBLIC_GALLERY_SECRET_KEY }} run: | # AWS login export DOCKER_PASSWORD="$(aws ecr-public get-login-password --region us-east-1)" bash pushone "${{ matrix.dist }}" "${{ matrix.arch }}" if ${{ matrix.dist == env.LATEST }} ; then bash pushone "latest" "${{ matrix.arch }}" fi deploy_manifests: runs-on: ubuntu-24.04 needs: [ build_multiarch ] if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master' steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Push Manifests to DockerHUB env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} DOCKER_REGISTRY: docker.io run: | DISTS="bullseye bookworm trixie latest" bash pushmanifest - name: Push Manifests to AWS env: DOCKER_USERNAME: AWS DOCKER_REGISTRY: public.ecr.aws AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLIC_GALLERY_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PUBLIC_GALLERY_SECRET_KEY }} run: | # AWS login export DOCKER_PASSWORD="$(aws ecr-public get-login-password --region us-east-1)" DISTS="bullseye bookworm trixie latest" bash pushmanifest # If the CI Pipeline does not succeed we should notify the interested agents notify: name: Send notification needs: - build_multiarch - deploy_manifests if: ${{ always() && github.repository == 'bitnami/minideb' && (needs.build_multiarch.result == 'failure' || needs.deploy_manifests.result == 'failure') }} uses: bitnami/support/.github/workflows/gchat-notification.yml@main with: workflow: ${{ github.workflow }} job-url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} secrets: webhook-url: ${{ secrets.GCHAT_CONTENT_ALERTS_WEBHOOK_URL }}