-
Notifications
You must be signed in to change notification settings - Fork 3
185 lines (159 loc) Β· 5.88 KB
/
server.yml
File metadata and controls
185 lines (159 loc) Β· 5.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
name: server
on:
workflow_dispatch:
workflow_call:
outputs:
image_tag:
description: Immutable image tag for this workflow run
value: ${{ jobs.push_merge.outputs.image_tag }}
permissions:
contents: read
packages: write
env:
IMAGE: ghcr.io/${{ github.repository_owner }}/server
RUNNER_AMD64: &runner_amd64 blacksmith-4vcpu-ubuntu-2404
RUNNER_ARM64: &runner_arm64 blacksmith-4vcpu-ubuntu-2404-arm
concurrency:
group: "server @ ${{ github.event_name }} @ ${{ github.ref_name }}"
cancel-in-progress: true
jobs:
build_per_arch:
strategy:
fail-fast: false
matrix:
include:
- arch: amd64
runner: *runner_amd64
platform: linux/amd64
- arch: arm64
runner: *runner_arm64
platform: linux/arm64
runs-on:
- ${{ matrix.runner }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 1
- name: Prepare
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Setup Blacksmith Builder
uses: useblacksmith/setup-docker-builder@v1
- name: Docker meta (server)
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push by digest (server)
id: build
uses: useblacksmith/build-push-action@v2
with:
context: ${{ github.workspace }}
file: .github/workflows/server-Dockerfile
platforms: ${{ matrix.platform }}
labels: ${{ steps.meta.outputs.labels }}
tags: ${{ env.IMAGE }}
outputs: type=image,push-by-digest=true,name-canonical=true,push=true
provenance: false
- name: Export digest (server)
run: |
mkdir -p ${{ runner.temp }}/digests
digest="${{ steps.build.outputs.digest }}"
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest (server)
uses: actions/upload-artifact@v4
with:
name: server-digests-${{ matrix.arch }}
path: ${{ runner.temp }}/digests/*
if-no-files-found: error
retention-days: 1
push_merge:
runs-on: *runner_amd64
needs: build_per_arch
outputs:
image_tag: ${{ steps.expose.outputs.tag }}
steps:
- name: Download digests (server)
uses: actions/download-artifact@v4
with:
path: ${{ runner.temp }}/digests
pattern: server-digests-*
merge-multiple: true
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Blacksmith Builder
uses: useblacksmith/setup-docker-builder@v1
- name: Docker meta (server)
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
tags: |
type=ref,event=branch
type=ref,event=tag
type=raw,value=${{ github.ref_name }}-${{ github.sha }}
type=raw,value=dev,enable=${{ github.ref == 'refs/heads/dev' }}
- name: Generate additional version tags (server)
id: version_tags
if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref_name, '-')
run: |
VERSION=${GITHUB_REF#refs/tags/}
VERSION=${VERSION#v}
IFS='.' read -r -a parts <<< "$VERSION"
ADDITIONAL_TAGS=""
if [ ${#parts[@]} -ge 1 ]; then
ADDITIONAL_TAGS="${{ env.IMAGE }}:v${parts[0]}"
fi
if [ ${#parts[@]} -ge 2 ]; then
ADDITIONAL_TAGS="$ADDITIONAL_TAGS,${{ env.IMAGE }}:v${parts[0]}.${parts[1]}"
fi
if [ ${#parts[@]} -ge 3 ]; then
ADDITIONAL_TAGS="$ADDITIONAL_TAGS,${{ env.IMAGE }}:v${parts[0]}.${parts[1]}.${parts[2]}"
fi
if [ ${#parts[@]} -ge 4 ]; then
ADDITIONAL_TAGS="$ADDITIONAL_TAGS,${{ env.IMAGE }}:v${parts[0]}.${parts[1]}.${parts[2]}.${parts[3]}"
fi
echo "additional_tags=$ADDITIONAL_TAGS" >> $GITHUB_OUTPUT
echo "Generated additional tags: $ADDITIONAL_TAGS"
- name: Create manifest list and push (server)
working-directory: ${{ runner.temp }}/digests
run: |
set -euo pipefail
shopt -s nullglob
digests=( *)
shopt -u nullglob
if [ ${#digests[@]} -eq 0 ]; then
echo "No server digest artifacts were downloaded; cannot create a multi-arch manifest." >&2
exit 1
fi
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.IMAGE }}@sha256:%s ' "${digests[@]}")
if [ -n "${{ steps.version_tags.outputs.additional_tags }}" ]; then
IFS=',' read -r -a additional_tags <<< "${{ steps.version_tags.outputs.additional_tags }}"
for tag in "${additional_tags[@]}"; do
if [ -n "$tag" ]; then
echo "Creating manifest for additional tag: $tag"
docker buildx imagetools create -t "$tag" \
$(printf '${{ env.IMAGE }}@sha256:%s ' "${digests[@]}")
fi
done
fi
- name: Inspect image (server)
run: |
docker buildx imagetools inspect ${{ env.IMAGE }}:${{ steps.meta.outputs.version }}
- name: Expose immutable image tag
id: expose
run: echo "tag=${{ github.ref_name }}-${{ github.sha }}" >> $GITHUB_OUTPUT