Feat/ironbank mr workflow#736
Merged
Merged
Conversation
Adds an automated Iron Bank (repo1.dso.mil) release step to the
docker-release job, modelled on mitre/heimdall2's release-server-to-docker
workflow. On each published GitHub release, after the multi-arch
mitre/vulcan image is built and pushed, it files a GitLab issue + MR
against Vulcan's Iron Bank mirror (project 17073) bumping the manifest
to the freshly published image.
- Uses mitre/ironbank_release_action@v1 (SHA-pinned).
- Version comes from docker/metadata-action's {{version}} output (semver,
v-stripped) — equivalent to Heimdall's format-tag preprocessing.
- Resolves per-architecture digests (resources[0]=amd64, resources[1]=arm64)
via `docker buildx imagetools inspect`, since build-push-action only
exposes the multi-arch index digest.
- update_commands escapes double-quotes for the action's `eval`.
wdower
force-pushed
the
feat/ironbank-mr-workflow
branch
from
62d014b to
7b89f35
Compare
…i-arch builds - mainline.yml: on push to master, build/push mitre/vulcan:<sha> + :latest and open an Iron Bank MR against the vulcan-mainline repo1 project (19019) - release.yml: publish the stable moving tag as release-latest (was latest); latest now means the bleeding-edge mainline build - both workflows default to free QEMU emulated multi-arch builds; Docker Build Cloud is opt-in via the use_build_cloud workflow_dispatch input - build via docker/bake-action + a TAG_SUFFIXES-driven 'registry' bake target; remove the now-unused 'release' bake target - docs: point stable docker pull/run examples at mitre/vulcan:release-latest Signed-off-by: Will <will@dower.dev>
Contributor
Author
|
Failing due to vulns in the Bundle Audit. Those should probably be fixed in another PR and then this one rebased on an updated master to fix. |
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds the release workflow for creating an MR on repo1 when we publish a new Vulcan version. Uses mitre/ironbank_release_action marketplace action.