fix: forward-port all recent containers from stable branches, apply JFactoryPodioT patch #1311
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-push | |
| on: | |
| schedule: | |
| - cron: "30 */6 * * *" | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| workflow_dispatch: | |
| inputs: | |
| EDM4EIC_VERSION: | |
| required: false | |
| default: '' | |
| type: string | |
| EICRECON_VERSION: | |
| required: false | |
| default: '' | |
| type: string | |
| JUGGLER_VERSION: | |
| required: false | |
| default: '' | |
| type: string | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: false | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| ## Default versions are specified in packages.yaml but can be overridden | |
| ## note: nightly builds will always use the master/main branch | |
| EDM4EIC_VERSION: ${{ inputs.EDM4EIC_VERSION }} | |
| EICRECON_VERSION: ${{ inputs.EICRECON_VERSION }} | |
| JUGGLER_VERSION: ${{ inputs.JUGGLER_VERSION }} | |
| ## Dockerhub registry | |
| DH_REGISTRY: docker.io | |
| DH_REGISTRY_USER: eicweb | |
| DH_PUSH: 0 | |
| ## GitHub registry | |
| GH_REGISTRY: ghcr.io | |
| GH_REGISTRY_USER: eic | |
| GH_PUSH: 1 # required | |
| ## Number of jobs to start during container builds | |
| JOBS: 4 | |
| ## Internal tag used for the CI | |
| INTERNAL_TAG: pipeline-${{ github.run_id }} | |
| jobs: | |
| base: | |
| name: Build base on ${{ matrix.arch }} | |
| runs-on: ${{ matrix.runner }} | |
| strategy: | |
| matrix: | |
| include: | |
| - BASE_IMAGE: debian:stable-slim | |
| BUILD_IMAGE: debian_stable_base | |
| PLATFORM: linux/amd64 | |
| runner: ubuntu-latest | |
| arch: amd64 | |
| - BASE_IMAGE: debian:stable-slim | |
| BUILD_IMAGE: debian_stable_base | |
| PLATFORM: linux/amd64/v3 | |
| runner: ubuntu-latest | |
| arch: amd64_v3 | |
| - BASE_IMAGE: debian:stable-slim | |
| BUILD_IMAGE: debian_stable_base | |
| PLATFORM: linux/arm64 | |
| runner: ubuntu-24.04-arm | |
| arch: arm64 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Inject enhanced GitHub environment variables | |
| uses: rlespinasse/github-slug-action@v5 | |
| - name: Load spack version and cherry-picks | |
| id: spack | |
| shell: bash | |
| run: | | |
| source spack.sh | |
| echo "orgrepo=${SPACK_ORGREPO}" | tee -a $GITHUB_OUTPUT | |
| echo "version=${SPACK_VERSION}" | tee -a $GITHUB_OUTPUT | |
| echo "sha=$(.ci/resolve_git_ref ${SPACK_ORGREPO} ${SPACK_VERSION})" | tee -a $GITHUB_OUTPUT | |
| echo "cherrypicks=${SPACK_CHERRYPICKS//$'\n'/ }" | tee -a $GITHUB_OUTPUT | |
| echo "cherrypicks_files=${SPACK_CHERRYPICKS_FILES//$'\n'/ }" | tee -a $GITHUB_OUTPUT | |
| - name: Load spack-packages version and cherry-picks | |
| id: spack-packages | |
| shell: bash | |
| run: | | |
| source spack-packages.sh | |
| echo "orgrepo=${SPACKPACKAGES_ORGREPO}" | tee -a $GITHUB_OUTPUT | |
| echo "version=${SPACKPACKAGES_VERSION}" | tee -a $GITHUB_OUTPUT | |
| echo "sha=$(.ci/resolve_git_ref ${SPACKPACKAGES_ORGREPO} ${SPACKPACKAGES_VERSION})" | tee -a $GITHUB_OUTPUT | |
| echo "cherrypicks=${SPACKPACKAGES_CHERRYPICKS//$'\n'/ }" | tee -a $GITHUB_OUTPUT | |
| echo "cherrypicks_files=${SPACKPACKAGES_CHERRYPICKS_FILES//$'\n'/ }" | tee -a $GITHUB_OUTPUT | |
| - name: Load key4hep-spack version | |
| id: key4hep-spack | |
| run: | | |
| source key4hep-spack.sh | |
| echo "orgrepo=${KEY4HEPSPACK_ORGREPO}" | tee -a $GITHUB_OUTPUT | |
| echo "version=${KEY4HEPSPACK_VERSION}" | tee -a $GITHUB_OUTPUT | |
| echo "sha=$(.ci/resolve_git_ref ${KEY4HEPSPACK_ORGREPO} ${KEY4HEPSPACK_VERSION})" | tee -a $GITHUB_OUTPUT | |
| - name: Load eic-spack version | |
| id: eic-spack | |
| run: | | |
| source eic-spack.sh | |
| echo "orgrepo=${EICSPACK_ORGREPO}" | tee -a $GITHUB_OUTPUT | |
| echo "version=${EICSPACK_VERSION}" | tee -a $GITHUB_OUTPUT | |
| echo "sha=$(.ci/resolve_git_ref ${EICSPACK_ORGREPO} ${EICSPACK_VERSION})" | tee -a $GITHUB_OUTPUT | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: linux/amd64,linux/amd64/v3,linux/arm64 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| id: buildx | |
| - name: Cache build mounts | |
| # Cache mount contents (ccache, apt cache, spack cache) using GitHub Actions cache | |
| # This is separate from the registry cache which stores image layers | |
| # Reference: https://docs.docker.com/build/ci/github-actions/cache/#cache-mounts | |
| # Implementation: https://github.com/reproducible-containers/buildkit-cache-dance | |
| uses: actions/cache@v4 | |
| id: cache-base-mounts | |
| with: | |
| path: cache-mount-base-${{ matrix.arch }} | |
| key: ${{ matrix.arch }}-base-mounts-${{ github.ref_name }} | |
| restore-keys: | | |
| ${{ matrix.arch }}-base-mounts-main | |
| ${{ matrix.arch }}-base-mounts- | |
| - name: Inject cache mounts into builder | |
| uses: reproducible-containers/buildkit-cache-dance@v3 | |
| with: | |
| builder: ${{ steps.buildx.outputs.name }} | |
| cache-dir: cache-mount-base-${{ matrix.arch }} | |
| cache-map: | | |
| { | |
| "var-cache-apt": "/var/cache/apt", | |
| "var-lib-apt": "/var/lib/apt", | |
| "var-cache-spack": "/var/cache/spack" | |
| } | |
| skip-extraction: ${{ steps.cache-base-mounts.outputs.cache-hit }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| name=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/${{ matrix.BUILD_IMAGE }} | |
| tags: | | |
| type=sha,prefix=${{ matrix.arch }}- | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| if: ${{ env.GH_PUSH == '1' }} | |
| with: | |
| registry: ${{ env.GH_REGISTRY }} | |
| username: ${{ secrets.GHCR_REGISTRY_USER }} | |
| password: ${{ secrets.GHCR_REGISTRY_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| id: build | |
| with: | |
| file: containers/debian/Dockerfile | |
| context: containers/debian | |
| platforms: ${{ matrix.PLATFORM }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| outputs: type=image,name=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/${{ matrix.BUILD_IMAGE }},push-by-digest=true,name-canonical=true,push=true | |
| build-args: | | |
| BASE_IMAGE=${{ matrix.BASE_IMAGE }} | |
| BUILD_IMAGE=${{ matrix.BUILD_IMAGE }} | |
| SPACK_ORGREPO=${{ steps.spack.outputs.orgrepo }} | |
| SPACK_VERSION=${{ steps.spack.outputs.version }} | |
| SPACK_SHA=${{ steps.spack.outputs.sha }} | |
| SPACK_CHERRYPICKS=${{ steps.spack.outputs.cherrypicks }} | |
| SPACK_CHERRYPICKS_FILES=${{ steps.spack.outputs.cherrypicks_files }} | |
| SPACKPACKAGES_ORGREPO=${{ steps.spack-packages.outputs.orgrepo }} | |
| SPACKPACKAGES_VERSION=${{ steps.spack-packages.outputs.version }} | |
| SPACKPACKAGES_SHA=${{ steps.spack-packages.outputs.sha }} | |
| SPACKPACKAGES_CHERRYPICKS=${{ steps.spack-packages.outputs.cherrypicks }} | |
| SPACKPACKAGES_CHERRYPICKS_FILES=${{ steps.spack-packages.outputs.cherrypicks_files }} | |
| KEY4HEPSPACK_ORGREPO=${{ steps.key4hep-spack.outputs.orgrepo }} | |
| KEY4HEPSPACK_VERSION=${{ steps.key4hep-spack.outputs.version }} | |
| KEY4HEPSPACK_SHA=${{ steps.key4hep-spack.outputs.sha }} | |
| EICSPACK_ORGREPO=${{ steps.eic-spack.outputs.orgrepo }} | |
| EICSPACK_VERSION=${{ steps.eic-spack.outputs.version }} | |
| EICSPACK_SHA=${{ steps.eic-spack.outputs.sha }} | |
| jobs=${{ env.JOBS }} | |
| cache-from: | | |
| type=registry,ref=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/buildcache:${{ matrix.BUILD_IMAGE }}-${{ env.GITHUB_REF_POINT_SLUG }}-${{ matrix.arch }} | |
| type=registry,ref=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/buildcache:${{ matrix.BUILD_IMAGE }}-${{ env.GITHUB_BASE_REF_SLUG }}-${{ matrix.arch }} | |
| cache-to: type=registry,ref=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/buildcache:${{ matrix.BUILD_IMAGE }}-${{ env.GITHUB_REF_POINT_SLUG }}-${{ matrix.arch }},mode=max | |
| - name: Export digest to file | |
| # The build-push action outputs the digest at steps.build.outputs.digest | |
| # We write this to a file for the next job | |
| run: | | |
| mkdir -p /tmp/digests | |
| echo "${{ steps.meta.outputs.tags }}@${{ steps.build.outputs.digest }}" > /tmp/digests/${{ matrix.arch }}.digest | |
| - name: Upload digest as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: base-${{ matrix.arch }}-digest | |
| path: /tmp/digests/${{ matrix.arch }}.digest | |
| retention-days: 1 | |
| base-manifest: | |
| name: Push base manifest | |
| runs-on: ubuntu-latest | |
| needs: base | |
| steps: | |
| - name: Set up QEMU (for imagetools) | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| if: ${{ env.DH_PUSH == '1' }} | |
| with: | |
| registry: ${{ env.DH_REGISTRY }} | |
| username: ${{ env.DH_REGISTRY_USER }} | |
| password: ${{ secrets.DH_EICWEB_TOKEN }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| if: ${{ env.GH_PUSH == '1' }} | |
| with: | |
| registry: ${{ env.GH_REGISTRY }} | |
| username: ${{ secrets.GHCR_REGISTRY_USER }} | |
| password: ${{ secrets.GHCR_REGISTRY_TOKEN }} | |
| - name: Download all digest artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: /tmp/digests | |
| pattern: base-*-digest | |
| merge-multiple: true | |
| - name: Analyze digest artifacts | |
| id: digests | |
| run: | | |
| # Read the digests from the files | |
| DIGEST_AMD64=$(cat /tmp/digests/amd64.digest) | |
| DIGEST_AMD64_V3=$(cat /tmp/digests/amd64_v3.digest) | |
| DIGEST_ARM64=$(cat /tmp/digests/arm64.digest) | |
| # Get the base image name from the digests (they'll be the same) | |
| REGISTRY_IMAGE_TAG=$(echo $DIGEST_AMD64 | cut -d'@' -f1) | |
| REGISTRY_IMAGE=$(echo $REGISTRY_IMAGE_TAG | cut -d':' -f1) | |
| REGISTRY=$(echo $REGISTRY_IMAGE | cut -d'/' -f1-2) | |
| IMAGE=$(echo $REGISTRY_IMAGE | cut -d'/' -f3) | |
| TAG=$(echo $REGISTRY_IMAGE_TAG | cut -d':' -f2) | |
| echo "Registry Name: $REGISTRY" | |
| echo "Image Name: $IMAGE" | |
| echo "Tag Name: $TAG" | |
| echo "AMD64 Digest: $DIGEST_AMD64" | |
| echo "AMD64_V3 Digest: $DIGEST_AMD64_V3" | |
| echo "ARM64 Digest: $DIGEST_ARM64" | |
| echo "registry=$REGISTRY" >> $GITHUB_OUTPUT | |
| echo "image=$IMAGE" >> $GITHUB_OUTPUT | |
| echo "tag=$TAG" >> $GITHUB_OUTPUT | |
| echo "amd64=$DIGEST_AMD64" >> $GITHUB_OUTPUT | |
| echo "amd64_v3=$DIGEST_AMD64_V3" >> $GITHUB_OUTPUT | |
| echo "arm64=$DIGEST_ARM64" >> $GITHUB_OUTPUT | |
| - name: Extract Docker metadata for final tags | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| name=${{ env.DH_REGISTRY }}/${{ env.DH_REGISTRY_USER }}/${{ steps.digests.outputs.image }},enable=${{ env.DH_PUSH != 0 }} | |
| name=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/${{ steps.digests.outputs.image }},enable=${{ env.GH_PUSH != 0 }} | |
| tags: | | |
| ${{ env.INTERNAL_TAG }} | |
| type=ref,prefix=unstable-pr-,event=pr | |
| type=match,pattern=^v(\d+\.\d+\.\d+-.*)$,group=1 | |
| - name: Create and push manifest list | |
| run: | | |
| # Create tag arguments from the multi-line 'tags' output from the meta step | |
| TAG_ARGS="" | |
| while read -r line; do | |
| TAG_ARGS="$TAG_ARGS --tag $line" | |
| done <<< "${{ steps.meta.outputs.tags }}" | |
| # Create the manifest list and tag it with the final tags | |
| docker buildx imagetools create \ | |
| $TAG_ARGS \ | |
| ${{ steps.digests.outputs.amd64 }} \ | |
| ${{ steps.digests.outputs.amd64_v3 }} \ | |
| ${{ steps.digests.outputs.arm64 }} | |
| eic: | |
| name: Build ${{ matrix.BUILD_IMAGE }}${{ matrix.ENV }} on ${{ matrix.arch }} | |
| runs-on: ${{ matrix.runner }} | |
| needs: base-manifest | |
| strategy: | |
| matrix: | |
| BUILD_IMAGE: [eic_] | |
| BUILD_TYPE: [default] | |
| BUILDER_IMAGE: [debian_stable_base] | |
| RUNTIME_IMAGE: [debian_stable_base] | |
| ENV: [ci, xl] | |
| arch: [amd64, amd64_v3, arm64] | |
| include: | |
| - arch: amd64 | |
| runner: ubuntu-latest | |
| PLATFORM: linux/amd64 | |
| - arch: amd64_v3 | |
| runner: ubuntu-latest | |
| PLATFORM: linux/amd64/v3 | |
| - arch: arm64 | |
| runner: ubuntu-24.04-arm | |
| PLATFORM: linux/arm64 | |
| steps: | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Resolve benchmarks versions | |
| id: benchmarks | |
| shell: bash | |
| run: | | |
| echo "common_bench=$(.ci/resolve_git_ref https://eicweb.phy.anl.gov/EIC/benchmarks/common_bench.git master)" | tee -a $GITHUB_OUTPUT | |
| echo "detector_benchmarks=$(.ci/resolve_git_ref https://eicweb.phy.anl.gov/EIC/benchmarks/detector_benchmarks.git master)" | tee -a $GITHUB_OUTPUT | |
| echo "reconstruction_benchmarks=$(.ci/resolve_git_ref https://eicweb.phy.anl.gov/EIC/benchmarks/reconstruction_benchmarks.git master)" | tee -a $GITHUB_OUTPUT | |
| echo "physics_benchmarks=$(.ci/resolve_git_ref https://eicweb.phy.anl.gov/EIC/benchmarks/physics_benchmarks.git master)" | tee -a $GITHUB_OUTPUT | |
| - name: Resolve campaign versions | |
| id: campaigns | |
| shell: bash | |
| run: | | |
| echo "simulation_campaign_hepmc3=$(.ci/resolve_git_ref eic/simulation_campaign_hepmc3 main)" | tee -a $GITHUB_OUTPUT | |
| echo "job_submission_condor=$(.ci/resolve_git_ref eic/job_submission_condor main)" | tee -a $GITHUB_OUTPUT | |
| echo "job_submission_slurm=$(.ci/resolve_git_ref eic/job_submission_slurm main)" | tee -a $GITHUB_OUTPUT | |
| - name: Load secrets into mirrors.yaml | |
| id: mirrors | |
| run: | | |
| source spack-packages.sh | |
| export SPACKPACKAGES_VERSION | |
| export CI_REGISTRY=ghcr.io | |
| export CI_PROJECT_PATH=eic | |
| cat mirrors.yaml.in | envsubst > mirrors.yaml | |
| - name: Inject enhanced GitHub environment variables | |
| uses: rlespinasse/github-slug-action@v5 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: linux/amd64,linux/amd64/v3,linux/arm64 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| id: buildx | |
| - name: Cache build mounts | |
| # Cache mount contents (ccache, apt cache, spack cache) using GitHub Actions cache | |
| # This is separate from the registry cache which stores image layers | |
| # Reference: https://docs.docker.com/build/ci/github-actions/cache/#cache-mounts | |
| # Implementation: https://github.com/reproducible-containers/buildkit-cache-dance | |
| uses: actions/cache@v4 | |
| id: cache-eic-mounts | |
| with: | |
| path: cache-mount-eic-${{ matrix.arch }} | |
| key: ${{ matrix.arch }}-eic-${{ matrix.ENV }}-mounts-${{ github.ref_name }} | |
| restore-keys: | | |
| ${{ matrix.arch }}-eic-${{ matrix.ENV }}-mounts-main | |
| ${{ matrix.arch }}-eic-${{ matrix.ENV }}-mounts- | |
| ${{ matrix.arch }}-eic-mounts- | |
| - name: Inject cache mounts into builder | |
| uses: reproducible-containers/buildkit-cache-dance@v3 | |
| with: | |
| builder: ${{ steps.buildx.outputs.name }} | |
| cache-dir: cache-mount-eic-${{ matrix.arch }} | |
| cache-map: | | |
| { | |
| "ccache": "/ccache", | |
| "var-cache-spack": "/var/cache/spack" | |
| } | |
| skip-extraction: ${{ steps.cache-eic-mounts.outputs.cache-hit }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| name=${{ env.DH_REGISTRY }}/${{ env.DH_REGISTRY_USER }}/${{ matrix.BUILD_IMAGE }}${{ matrix.ENV }},enable=${{ env.DH_PUSH != 0 }} | |
| name=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/${{ matrix.BUILD_IMAGE }}${{ matrix.ENV }},enable=${{ env.GH_PUSH != 0 }} | |
| tags: | | |
| type=sha,prefix=${{ matrix.arch }}- | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| if: ${{ env.DH_PUSH == '1' }} | |
| with: | |
| registry: ${{ env.DH_REGISTRY }} | |
| username: ${{ env.DH_REGISTRY_USER }} | |
| password: ${{ secrets.DH_EICWEB_TOKEN }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| if: ${{ env.GH_PUSH == '1' }} | |
| with: | |
| registry: ${{ env.GH_REGISTRY }} | |
| username: ${{ secrets.GHCR_REGISTRY_USER }} | |
| password: ${{ secrets.GHCR_REGISTRY_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| id: build | |
| with: | |
| file: containers/eic/Dockerfile | |
| context: containers/eic | |
| build-contexts: | | |
| spack-environment=spack-environment | |
| secrets: | | |
| "CI_REGISTRY_USER=${{ secrets.GHCR_REGISTRY_USER }}" | |
| "CI_REGISTRY_PASSWORD=${{ secrets.GHCR_REGISTRY_TOKEN }}" | |
| "GITHUB_REGISTRY_USER=${{ secrets.GHCR_REGISTRY_USER }}" | |
| "GITHUB_REGISTRY_TOKEN=${{ secrets.GHCR_REGISTRY_TOKEN }}" | |
| secret-files: | | |
| mirrors=mirrors.yaml | |
| platforms: ${{ matrix.PLATFORM }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| outputs: type=image,name=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/${{ matrix.BUILD_IMAGE }}${{ matrix.ENV }},push-by-digest=true,name-canonical=true,push=true | |
| build-args: | | |
| BENCHMARK_COM_SHA=${{ steps.benchmarks.outputs.common_bench }} | |
| BENCHMARK_DET_SHA=${{ steps.benchmarks.outputs.detector_benchmarks }} | |
| BENCHMARK_REC_SHA=${{ steps.benchmarks.outputs.reconstruction_benchmarks }} | |
| BENCHMARK_PHY_SHA=${{ steps.benchmarks.outputs.physics_benchmarks }} | |
| CAMPAIGNS_HEPMC3_SHA=${{ steps.campaigns.outputs.simulation_campaign_hepmc3 }} | |
| CAMPAIGNS_CONDOR_SHA=${{ steps.campaigns.outputs.job_submission_condor }} | |
| CAMPAIGNS_SLURM_SHA=${{ steps.campaigns.outputs.job_submission_slurm }} | |
| DOCKER_REGISTRY=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/ | |
| BUILDER_IMAGE=${{ matrix.BUILDER_IMAGE }} | |
| RUNTIME_IMAGE=${{ matrix.RUNTIME_IMAGE }} | |
| INTERNAL_TAG=${{ env.INTERNAL_TAG }} | |
| ENV=${{ matrix.ENV }} | |
| cache-from: | | |
| type=registry,ref=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/buildcache:${{ matrix.BUILD_IMAGE }}${{ matrix.ENV }}-${{ matrix.BUILD_TYPE }}-${{ env.GITHUB_REF_POINT_SLUG }}-${{ matrix.arch }} | |
| type=registry,ref=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/buildcache:${{ matrix.BUILD_IMAGE }}${{ matrix.ENV }}-${{ matrix.BUILD_TYPE }}-${{ env.GITHUB_BASE_REF_SLUG }}-${{ matrix.arch }} | |
| cache-to: type=registry,ref=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/buildcache:${{ matrix.BUILD_IMAGE }}${{ matrix.ENV }}-${{ matrix.BUILD_TYPE }}-${{ env.GITHUB_REF_POINT_SLUG }}-${{ matrix.arch }},mode=max | |
| - name: Export digest to file | |
| # The build-push action outputs the digest at steps.build.outputs.digest | |
| # We write this to a file for the next job | |
| run: | | |
| mkdir -p /tmp/digests | |
| echo "${{ steps.meta.outputs.tags }}@${{ steps.build.outputs.digest }}" > /tmp/digests/${{ matrix.arch }}.digest | |
| - name: Upload digest as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: eic-${{ matrix.ENV }}-${{ matrix.arch }}-digest | |
| path: /tmp/digests/${{ matrix.arch }}.digest | |
| retention-days: 1 | |
| eic-manifest: | |
| name: Push eic manifest | |
| runs-on: ubuntu-latest | |
| needs: eic | |
| strategy: | |
| matrix: | |
| ENV: [ci, xl] | |
| steps: | |
| - name: Set up QEMU (for imagetools) | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| if: ${{ env.DH_PUSH == '1' }} | |
| with: | |
| registry: ${{ env.DH_REGISTRY }} | |
| username: ${{ env.DH_REGISTRY_USER }} | |
| password: ${{ secrets.DH_EICWEB_TOKEN }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| if: ${{ env.GH_PUSH == '1' }} | |
| with: | |
| registry: ${{ env.GH_REGISTRY }} | |
| username: ${{ secrets.GHCR_REGISTRY_USER }} | |
| password: ${{ secrets.GHCR_REGISTRY_TOKEN }} | |
| - name: Download all digest artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: /tmp/digests | |
| pattern: eic-${{ matrix.ENV }}-*-digest | |
| merge-multiple: true | |
| - name: Analyze digest artifacts | |
| id: digests | |
| run: | | |
| # Read the digests from the files | |
| DIGEST_AMD64=$(cat /tmp/digests/amd64.digest) | |
| DIGEST_AMD64_V3=$(cat /tmp/digests/amd64_v3.digest) | |
| DIGEST_ARM64=$(cat /tmp/digests/arm64.digest) | |
| # Get the base image name from the digests (they'll be the same) | |
| REGISTRY_IMAGE_TAG=$(echo $DIGEST_AMD64 | cut -d'@' -f1) | |
| REGISTRY_IMAGE=$(echo $REGISTRY_IMAGE_TAG | cut -d':' -f1) | |
| REGISTRY=$(echo $REGISTRY_IMAGE | cut -d'/' -f1-2) | |
| IMAGE=$(echo $REGISTRY_IMAGE | cut -d'/' -f3) | |
| TAG=$(echo $REGISTRY_IMAGE_TAG | cut -d':' -f2) | |
| echo "Registry Name: $REGISTRY" | |
| echo "Image Name: $IMAGE" | |
| echo "Tag Name: $TAG" | |
| echo "AMD64 Digest: $DIGEST_AMD64" | |
| echo "AMD64_V3 Digest: $DIGEST_AMD64_V3" | |
| echo "ARM64 Digest: $DIGEST_ARM64" | |
| echo "registry=$REGISTRY" >> $GITHUB_OUTPUT | |
| echo "image=$IMAGE" >> $GITHUB_OUTPUT | |
| echo "tag=$TAG" >> $GITHUB_OUTPUT | |
| echo "amd64=$DIGEST_AMD64" >> $GITHUB_OUTPUT | |
| echo "amd64_v3=$DIGEST_AMD64_V3" >> $GITHUB_OUTPUT | |
| echo "arm64=$DIGEST_ARM64" >> $GITHUB_OUTPUT | |
| - name: Extract Docker metadata for final tags | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| name=${{ env.DH_REGISTRY }}/${{ env.DH_REGISTRY_USER }}/${{ steps.digests.outputs.image }},enable=${{ env.DH_PUSH != 0 }} | |
| name=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/${{ steps.digests.outputs.image }},enable=${{ env.GH_PUSH != 0 }} | |
| tags: | | |
| ${{ env.INTERNAL_TAG }} | |
| type=ref,prefix=unstable-pr-,event=pr | |
| type=match,pattern=^v(\d+\.\d+\.\d+-.*)$,group=1 | |
| - name: Create and push manifest list | |
| run: | | |
| # Create tag arguments from the multi-line 'tags' output from the meta step | |
| TAG_ARGS="" | |
| while read -r line; do | |
| TAG_ARGS="$TAG_ARGS --tag $line" | |
| done <<< "${{ steps.meta.outputs.tags }}" | |
| # Create the manifest list and tag it with the final tags | |
| docker buildx imagetools create \ | |
| $TAG_ARGS \ | |
| ${{ steps.digests.outputs.amd64 }} \ | |
| ${{ steps.digests.outputs.amd64_v3 }} \ | |
| ${{ steps.digests.outputs.arm64 }} |