Google Git
Sign in
apache/beam/refs/heads/fix-postcommit-python-validates-container/./.github/workflows/republish_released_docker_containers.yml
blob: a35b1e0b3b30bba177c00b32aa3ebd1ef80a3aea [file] [log] [blame]
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Workflow that enables republishing released docker images to avoid vulnerabilities
name: Republish Released Docker Images
on:
workflow_dispatch:
inputs:
RELEASE:
description: Beam version of current release (e.g. 2.XX.0)
required: false
RC:
description: Integer RC version for the release (e.g. 3 for RC3)
required: false
schedule:
- cron: "0 6 * * 1"
env:
docker_registry: gcr.io
release: "${{ github.event.inputs.RELEASE || '2.71.0' }}"
rc: "${{ github.event.inputs.RC || '3' }}"
jobs:
build:
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
# Split up images to publish so that longer ones are able to run independently/finish faster, otherwise this takes >6 hours
# Any task which is skipped from a broader task must be explicitly included in this list to avoid accidentally missing new
# tasks as they are added.
images_to_publish: [
{"gradle_task": ":pushAllRunnersDockerImages", "include_skip_flags": "-Pinclude-ml -Pinclude-distroless"},
{"gradle_task": ":sdks:python:container:push310", "include_skip_flags": "-Pinclude-ml -Pinclude-distroless"},
{"gradle_task": ":sdks:python:container:push311", "include_skip_flags": "-Pinclude-ml -Pinclude-distroless"},
{"gradle_task": ":sdks:python:container:push312", "include_skip_flags": "-Pinclude-ml -Pinclude-distroless"},
{"gradle_task": ":sdks:python:container:pushAll", "include_skip_flags": "-Pinclude-ml -Pinclude-distroless -Pskip-python-39-images -Pskip-python-310-images -Pskip-python-311-images -Pskip-python-312-images"},
{"gradle_task": ":pushAllSdkDockerImages", "include_skip_flags": "-Pskip-python-images"},
{"gradle_task": ":pushAllDockerImages", "include_skip_flags": "-Pskip-runner-images -Pskip-sdk-images"}
]
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: "release-${{ env.release }}-postrelease"
repository: apache/beam
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@v1.3.1
- name: Install Java 11
uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '11'
- name: Install Python 3.10
uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Authenticate on GCP
uses: google-github-actions/auth@v3
with:
service_account: ${{ secrets.GCP_SA_EMAIL }}
credentials_json: ${{ secrets.GCP_SA_KEY }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Remove default github maven configuration
# This step is a workaround to avoid a decryption issue of Beam's
# net.linguica.gradle.maven.settings plugin and github's provided maven
# settings.xml file
run: rm ~/.m2/settings.xml || true
- name: GCloud Docker credential helper
run: |
gcloud auth configure-docker ${{ env.docker_registry }}
- name: Push docker images
run: |
./gradlew ${{ matrix.images_to_publish.gradle_task }} \
-PisRelease \
-PpythonVersion=3.10 \
-Pdocker-pull-licenses \
-Pprune-images ${{ matrix.images_to_publish.include_skip_flags }} \
-Pdocker-repository-root=gcr.io/apache-beam-testing/updated_released_container_images \
-Pdocker-tag-list=${{ env.release }},${{ github.sha }},$(date +'%Y-%m-%d') \
--no-daemon \
--no-parallel