feat(trino-container): add trino container to test extra tag command

SwanseaUniversityMedical · Apr 15, 2024 · 4841b78 · 4841b78
1 parent 0fb2790
commit 4841b78
Show file tree

Hide file tree

Showing 7 changed files with 79 additions and 1 deletion.
diff --git a/.github/commitlint.config.mjs b/.github/commitlint.config.mjs
@@ -8,6 +8,7 @@ export default {
         '',
         'deps',
         'controller-container',
+        'trino-container',
         'fizzbuzz-chart',
         'fizzbuzz-crds-chart'
     ]],

diff --git a/.github/labeler.yaml b/.github/labeler.yaml
@@ -23,6 +23,10 @@ controller-container:
 - base-branch:
   - '.+/controller-container(/.+)?'
 
+trino-container:
+- base-branch:
+  - '.+/trino-container(/.+)?'
+
 fizzbuzz-chart:
 - base-branch:
   - '.+/fizzbuzz-chart(/.+)?'

diff --git a/.github/workflows/controller-container.yaml b/.github/workflows/controller-container.yaml
@@ -4,6 +4,7 @@ on:
   pull_request:
     # Ignore PRs on branches specifically intended for other assets
     branches-ignore:
+      - '*/trino-container*'
       - '*/fizzbuzz-chart*'
       - '*/fizzbuzz-crds-chart*'
     # Only consider PRs that change files for this asset, including ci scripts
@@ -40,7 +41,7 @@ jobs:
   # Job name must be unique across repo to target
   # branch protection rules "required checks" properly!
   controller-container:
-    uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.10.0-containers
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@feat/extra-release-tags
     with:
       job-name: controller-container
       registry: ${{ vars.HARBOR_REGISTRY }}

diff --git a/.github/workflows/fizzbuzz-chart.yaml b/.github/workflows/fizzbuzz-chart.yaml
@@ -5,6 +5,7 @@ on:
     # Ignore PRs on branches specifically intended for other assets
     branches-ignore:
       - '*/controller-container*'
+      - '*/trino-container*'
       - '*/fizzbuzz-crds-chart*'
     # Only consider PRs that change files for this asset, including ci scripts
     paths:

diff --git a/.github/workflows/fizzbuzz-crds-chart.yaml b/.github/workflows/fizzbuzz-crds-chart.yaml
@@ -5,6 +5,7 @@ on:
     # Ignore PRs on branches specifically intended for other assets
     branches-ignore:
       - '*/controller-container*'
+      - '*/trino-container*'
       - '*/fizzbuzz-chart*'
     # Only consider PRs that change files for this asset, including ci scripts
     paths:

diff --git a/.github/workflows/trino-container.yaml b/.github/workflows/trino-container.yaml
@@ -0,0 +1,65 @@
+name: Trino Container
+
+on:
+  pull_request:
+    # Ignore PRs on branches specifically intended for other assets
+    branches-ignore:
+      - '*/controller-container*'
+      - '*/fizzbuzz-chart*'
+      - '*/fizzbuzz-crds-chart*'
+    # Only consider PRs that change files for this asset, including ci scripts
+    paths:
+      - '.github/workflows/trino-container.yaml'
+      - 'containers/trino/**'
+    # Make sure all workflows that are "required checks" for a given
+    # branch protection rule have the same paths: and branches-ignore:
+    # filters. Otherwise, you can end up in a deadlock waiting on a
+    # required check that will never be executed.
+  push:
+    # Only release off of release and maintenance branches for this asset
+    branches:
+      - 'maintenance/trino-container/[0-9]+.x.x'
+      - 'maintenance/trino-container/[0-9]+.[0-9]+.x'
+      - 'main'
+    # Only consider pushes that change files for this asset, including ci scripts
+    paths:
+      - '.github/workflows/trino-container.yaml'
+      - 'containers/trino/**'
+
+permissions:
+  contents: write
+  pull-requests: write
+  actions: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  # Needed to generate releases safely
+  cancel-in-progress: false
+
+jobs:
+  # Job name must be unique across repo to target
+  # branch protection rules "required checks" properly!
+  trino-container:
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@feat/extra-release-tags
+    with:
+      job-name: trino-container
+      registry: ${{ vars.HARBOR_REGISTRY }}
+      registry-user: ${{ vars.HARBOR_USER }}
+      registry-repo: ${{ vars.HARBOR_PROJECT }}/trino
+      release-tag-format: 'trino-container-${version}'
+      release-branches: |
+        [
+          'maintenance/trino-container/release/[0-9]+\.([0-9]+|x)\.x',
+          'main'
+        ]
+      registry-extra-tag-command: |
+        cat containers/trino/Dockerfile | grep ARG | cut -d "=" -f 2
+      cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
+      slack-channel: ${{ vars.SLACK_CHANNEL }}
+      build-file: containers/trino/Dockerfile
+      build-context: containers/trino
+    secrets:
+      cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
+      cosign-password: ${{ secrets.COSIGN_PASSWORD }}
+      registry-token: ${{ secrets.HARBOR_TOKEN }}
+      slack-token: ${{ secrets.SLACK_TOKEN }}
diff --git a/containers/trino/Dockerfile b/containers/trino/Dockerfile
@@ -0,0 +1,5 @@
+# renovate: datasource=docker depName=trinodb/trino
+ARG BASE_VERSION=444
+
+FROM trinodb/trino:$BASE_VERSION
+ARG BASE_VERSION