build-minio-image #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-minio-image | |
| on: | |
| schedule: | |
| - cron: "0 0 * * 1" # Monday 00:00 UTC (1hr before update-minio) | |
| workflow_dispatch: | |
| inputs: | |
| minio_version: | |
| description: 'MinIO version (e.g., RELEASE.2025-01-15T12-00-00Z) or leave empty for latest' | |
| required: false | |
| default: '' | |
| jobs: | |
| build-and-push-minio: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Detect latest MinIO version | |
| id: version | |
| run: | | |
| # Use manual input if provided, otherwise fetch from GitHub API | |
| if [ -n "${{ github.event.inputs.minio_version }}" ]; then | |
| VERSION="${{ github.event.inputs.minio_version }}" | |
| echo "Using manually specified version: $VERSION" | |
| else | |
| echo "Fetching latest MinIO release from GitHub API..." | |
| VERSION=$(curl -s https://api.github.com/repos/minio/minio/releases/latest | \ | |
| grep '"tag_name":' | \ | |
| sed -E 's/.*"([^"]+)".*/\1/') | |
| echo "Detected latest version: $VERSION" | |
| fi | |
| echo "minio_version=$VERSION" >> "$GITHUB_OUTPUT" | |
| - name: Check if image already exists | |
| id: check | |
| run: | | |
| echo "Checking if kurlsh/minio:${{ steps.version.outputs.minio_version }} exists..." | |
| if docker manifest inspect kurlsh/minio:${{ steps.version.outputs.minio_version }} > /dev/null 2>&1; then | |
| echo "exists=true" >> "$GITHUB_OUTPUT" | |
| echo "Image already exists. Skipping build." | |
| else | |
| echo "exists=false" >> "$GITHUB_OUTPUT" | |
| echo "Image does not exist. Proceeding with build." | |
| fi | |
| - name: Set up Docker Buildx | |
| if: steps.check.outputs.exists == 'false' | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| if: steps.check.outputs.exists == 'false' | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USER }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Build and push MinIO image | |
| if: steps.check.outputs.exists == 'false' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./addons/minio/build-images/minio | |
| file: ./addons/minio/build-images/minio/Dockerfile | |
| build-args: | | |
| RELEASE=${{ steps.version.outputs.minio_version }} | |
| push: true | |
| tags: | | |
| kurlsh/minio:${{ steps.version.outputs.minio_version }} | |
| kurlsh/minio:latest | |
| platforms: linux/amd64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| labels: | | |
| org.opencontainers.image.licenses=AGPL-3.0 | |
| org.opencontainers.image.source=https://github.com/minio/minio | |
| org.opencontainers.image.documentation=https://github.com/replicatedhq/kURL/tree/main/addons/minio | |
| - name: Update Docker Hub Description | |
| if: steps.check.outputs.exists == 'false' | |
| uses: peter-evans/dockerhub-description@v5 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USER }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| repository: kurlsh/minio | |
| readme-filepath: ./addons/minio/build-images/minio/README.md | |
| short-description: "MinIO object storage built from source (AGPL v3)" | |
| - name: Run Trivy vulnerability scanner | |
| if: steps.check.outputs.exists == 'false' | |
| uses: aquasecurity/trivy-action@0.33.1 | |
| with: | |
| image-ref: kurlsh/minio:${{ steps.version.outputs.minio_version }} | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| severity: 'HIGH,CRITICAL' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| - name: Upload Trivy results to GitHub Security | |
| if: steps.check.outputs.exists == 'false' && always() | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| - name: Output summary | |
| run: | | |
| echo "### MinIO Image Build Summary" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Version**: ${{ steps.version.outputs.minio_version }}" >> $GITHUB_STEP_SUMMARY | |
| if [ "${{ steps.check.outputs.exists }}" == "true" ]; then | |
| echo "- **Status**: ✅ Skipped (image already exists)" >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "- **Status**: 🔨 Built and pushed successfully" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Tags**:" >> $GITHUB_STEP_SUMMARY | |
| echo " - \`kurlsh/minio:${{ steps.version.outputs.minio_version }}\`" >> $GITHUB_STEP_SUMMARY | |
| echo " - \`kurlsh/minio:latest\`" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Next**: MinIO add-on update workflow will run at 01:00 UTC" >> $GITHUB_STEP_SUMMARY |