@@ -445,48 +445,49 @@ jobs:
445445 name : Build Docker Image
446446 runs-on : ubuntu-latest
447447
448+ permissions :
449+ contents : read
450+ packages : write
451+
448452 strategy :
449453 matrix :
450454 image_name : ${{ fromJson(needs.build-setup.outputs.image_names) }}
451455
452456 env :
453457 PLATFORMS : " ${{ join(fromJson(needs.build-setup.outputs.platforms), ',') }}"
454- DOCKER_IMAGE : " ghcr.io/getsentry/${{ matrix.image_name }}"
455- REVISION : " ${{ github.event.pull_request.head.sha || github.sha }}"
456458
457459 steps :
458460 - uses : actions/checkout@v4
459461
460- - uses : docker/setup-qemu-action@v3
461- - uses : docker/setup-buildx-action@v3
462-
463462 - uses : actions/download-artifact@v5
464463 with :
465464 pattern : " ${{ matrix.image_name }}@*"
466465 merge-multiple : true
467466
468467 - name : Build and push to ghcr.io
469468 if : " !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'"
470- run : |
471- docker login --username '${{ github.actor }}' --password '${{ secrets.GITHUB_TOKEN }}' ghcr.io
472-
473- docker buildx build \
474- --platform "${PLATFORMS}" \
475- --tag "${DOCKER_IMAGE}:${REVISION}" \
476- $( [[ "${IS_MASTER}" == "true" ]] && printf %s "--tag ${DOCKER_IMAGE}:nightly" ) \
477- --file Dockerfile.release \
478- --push \
479- .
469+ uses : getsentry/action-build-and-push-images@a53f146fc1ea3cb404f2dcf7378f5b60dd98d3ca
470+ with :
471+ image_name : ${{ matrix.image_name }}
472+ platforms : ${{ env.PLATFORMS }}
473+ dockerfile_path : " ./Dockerfile.release "
474+ ghcr : true
475+ tag_nightly : true
476+ tag_latest : true
477+ google_ar : false
478+ publish_on_pr : true
480479
481480 - name : Build and publish docker artifact
482481 if : " github.event.pull_request.head.repo.fork || github.actor == 'dependabot[bot]'"
483- run : |
484- docker buildx build \
485- --platform "${PLATFORMS}" \
486- --tag "${DOCKER_IMAGE}:${REVISION}" \
487- --file Dockerfile.release \
488- --output type=docker,dest=${{ matrix.image_name }}-docker-image \
489- .
482+ uses : getsentry/action-build-and-push-images@a53f146fc1ea3cb404f2dcf7378f5b60dd98d3ca
483+ with :
484+ image_name : ${{ matrix.image_name }}
485+ platforms : ${{ env.PLATFORMS }}
486+ dockerfile_path : " ./Dockerfile.release"
487+ ghcr : false
488+ google_ar : false
489+ outputs : " type=docker,dest=${{ matrix.image_name }}-docker-image"
490+ tags : " ghcr.io/getsentry/${{ matrix.image_name }}:${{ github.event.pull_request.head.sha || github.sha }}"
490491
491492 - name : Upload docker image
492493 if : " github.event.pull_request.head.repo.fork || github.actor == 'dependabot[bot]'"
@@ -521,21 +522,6 @@ jobs:
521522 steps :
522523 - uses : actions/checkout@v4
523524
524- - uses : docker/setup-qemu-action@v3
525- - uses : docker/setup-buildx-action@v3
526-
527- # Logic taken from: publish-to-gcr
528- - name : Google Auth
529- id : auth
530- uses : google-github-actions/auth@v2
531- with :
532- workload_identity_provider : projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool
533- service_account :
[email protected] 534-
535- - name : Configure docker
536- run : |
537- gcloud auth configure-docker us-central1-docker.pkg.dev
538-
539525 # Logic taken from: build-docker
540526 - uses : actions/download-artifact@v5
541527 with :
@@ -553,48 +539,19 @@ jobs:
553539 done
554540
555541name : Build and push to Internal AR
556- run : |
557- docker buildx build \
558- --platform "${PLATFORMS}" \
559- --tag "${AR_DOCKER_IMAGE}:${REVISION}" \
560- $( [[ "${IS_MASTER}" == "true" ]] && printf %s "--tag ${AR_DOCKER_IMAGE}:latest" ) \
561- --file Dockerfile.release \
562- --push \
563- .
564-
565- publish-to-dockerhub :
566- needs : [build-setup, build-docker]
567-
568- runs-on : ubuntu-22.04
569- name : Publish Relay to DockerHub
570-
571- strategy :
572- matrix :
573- image_name : ["relay"] # Don't publish relay-pop (for now)
574-
575- if : github.event_name == 'merge_group'
576-
577- env :
578- GHCR_DOCKER_IMAGE : " ghcr.io/getsentry/${{ matrix.image_name }}"
579- DH_DOCKER_IMAGE : " getsentry/${{ matrix.image_name }}"
580- REVISION : " ${{ github.event.pull_request.head.sha || github.sha }}"
581-
582- steps :
583- - name : Login to DockerHub
584- run : docker login --username=sentrybuilder --password ${{ secrets.DOCKER_HUB_RW_TOKEN }}
585-
586- - name : Copy Image from GHCR to DockerHub
587- run : |
588- # We push 3 tags to Dockerhub:
589- # 1) the full sha of the commit
590- docker buildx imagetools create --tag "${DH_DOCKER_IMAGE}:${REVISION}" "${GHCR_DOCKER_IMAGE}:${REVISION}"
591-
592- # 2) the short sha
593- SHORT_SHA=$(echo ${GITHUB_SHA} | cut -c1-8)
594- docker buildx imagetools create --tag "${DH_DOCKER_IMAGE}:${SHORT_SHA}" "${GHCR_DOCKER_IMAGE}:${REVISION}"
542+ uses : getsentry/action-build-and-push-images@a53f146fc1ea3cb404f2dcf7378f5b60dd98d3ca
543+ with :
544+ image_name : ${{ matrix.image_name }}
545+ platforms : ${{ env.PLATFORMS }}
546+ dockerfile_path : " ./Dockerfile.release"
547+ ghcr : false
548+ publish_on_pr : true
549+ tag_latest : true
550+ google_ar : true
551+ google_ar_image_name : ${{ env.AR_DOCKER_IMAGE }}
552+ google_workload_identity_provider : projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool
553+ google_service_account :
[email protected] 595554
596- # 3) nightly
597- docker buildx imagetools create --tag "${DH_DOCKER_IMAGE}:nightly" "${GHCR_DOCKER_IMAGE}:${REVISION}"
598555
599556 publish-to-gcr :
600557 timeout-minutes : 5
0 commit comments