-
Notifications
You must be signed in to change notification settings - Fork 3
165 lines (141 loc) · 5.06 KB
/
rw-docker-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
name: Docker Build
# Builds the Dockerfile for both amd64 and arm64.
on:
workflow_call:
inputs:
publish:
description: Whether to publish the image to the registry
default: false
type: boolean
source-root:
description: Root location of the project (where Dockerfile is)
default: .
type: string
ref:
description: Ref to build (or empty to use the current context)
default: ''
type: string
outputs:
version:
description: The version of the image produced
value: ${{ jobs.merge.outputs.version }}
digest:
description: The digest (sha256) of the image produced
value: ${{ jobs.merge.outputs.digest }}
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- platform: linux/amd64
name: linux-amd64
- platform: linux/arm64
name: linux-arm64
runs-on: ubuntu-latest
name: Build (${{ matrix.platform }})
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ inputs.ref }}
- name: Metadata (GitHub)
id: metadata-github
run: |
# Lowercase the repository name, as Docker image names need to be lowercase.
echo "name=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_OUTPUT
# Count the amount of commits in the repository.
echo "count=$(git rev-list --count HEAD)" >> $GITHUB_OUTPUT
- name: Metadata (Docker)
id: metadata-docker
uses: docker/metadata-action@v5
with:
images: ${{ steps.metadata-github.outputs.name }}
tags: |
type=raw,value=edge,enable={{is_default_branch}}
type=raw,value=edge-${{ steps.metadata-github.outputs.count }},priority=250,enable={{is_default_branch}}
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
- name: Setup QEMU
uses: docker/setup-qemu-action@v3
- name: Setup Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
if: ${{ inputs.publish }}
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build
id: build
uses: docker/build-push-action@v6
with:
context: ${{ inputs.source-root }}
platforms: ${{ matrix.platform }}
outputs: type=image,name=${{ steps.metadata-github.outputs.name }},push-by-digest=true,name-canonical=true,push=${{ inputs.publish && 'true' || 'false' }}
labels: ${{ steps.metadata-docker.outputs.labels }}
sbom: false
provenance: false
build-args: |
BUILD_VERSION=${{ steps.metadata-docker.outputs.version }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Export digest
if: ${{ inputs.publish }}
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
# Remove "sha256:" prefix from filename.
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
if: ${{ inputs.publish }}
uses: actions/upload-artifact@v4
with:
name: digests-${{ matrix.name }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
outputs:
image-name: ${{ steps.metadata-github.outputs.name }}
tags: ${{ steps.metadata-docker.outputs.tags }}
version: ${{ steps.metadata-docker.outputs.version }}
merge:
name: Publish image
if: ${{ inputs.publish }}
runs-on: ubuntu-latest
needs:
- build
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
pattern: digests-*
path: /tmp/digests
- name: Setup Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
if: ${{ inputs.publish }}
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Publish manifest list
id: publish
working-directory: /tmp/digests
run: |
# Add '-t' before each tag and make it a single string.
TAGS=$(echo "${{ needs.build.outputs.tags }}" | sed 's/^/ -t /' | tr -d '\n')
# List all digests in the folder and prefix with the image name + "@sha256:".
DIGEST_FILES=$(printf '${{ needs.build.outputs.image-name }}@sha256:%s ' $(ls digest*/* | xargs -n 1 basename))
# Create the manifest list and push it to the registry.
docker buildx imagetools create ${TAGS} ${DIGEST_FILES}
# Calculate the digest of this new manifest.
echo "digest=$(docker buildx imagetools inspect --raw ${{ needs.build.outputs.image-name }}:${{ needs.build.outputs.version }} | openssl dgst -sha256 | cut -d\ -f2)" >> $GITHUB_OUTPUT
outputs:
digest: ${{ steps.publish.outputs.digest }}
version: ${{ needs.build.outputs.version }}