Skip to content
Check Cuprate Latest Tag and Build Docker

Check Cuprate Latest Tag and Build Docker #1564

Sign in to view logs

Check Cuprate Latest Tag and Build Docker

Check Cuprate Latest Tag and Build Docker #1564

Workflow file for this run

.github/workflows/docker-build.yml at 06c5765
name: Check Cuprate Latest Tag and Build Docker
on:
schedule:
# Run every 8 hours
- cron: '0 */8 * * *'
# Allow manual trigger
workflow_dispatch:
# Run on push to main branch
push:
branches:
- main
paths:
- 'Dockerfile'
- 'docker-compose.yml'
- '.github/workflows/docker-build.yml'
concurrency:
group: docker-build-${{ github.ref }}
cancel-in-progress: true
jobs:
check-upstream-tag:
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
outputs:
should_build: ${{ steps.check-image.outputs.should_build }}
version: ${{ steps.get-latest-tag.outputs.version }}
cuprate_tag: ${{ steps.get-latest-tag.outputs.cuprate_tag }}
steps:
- name: Get latest Cuprate tag
id: get-latest-tag
run: |
# Fetch the latest tag from Cuprate repository that matches the pattern
LATEST_TAG=$(curl -s https://api.github.com/repos/cuprate/cuprate/tags | jq -r '[.[] | select(.name | startswith("cuprated-"))] | .[0].name')
echo "Latest Cuprate tag: $LATEST_TAG"
# Extract version number from tag (e.g., cuprated-0.0.1 -> 0.0.1)
VERSION=${LATEST_TAG#cuprated-}
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "cuprate_tag=$LATEST_TAG" >> $GITHUB_OUTPUT
- name: Login to GitHub Container Registry
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Check if image for version already exists
id: check-image
env:
IMAGE: ghcr.io/${{ github.repository_owner }}/cuprate-docker:${{ steps.get-latest-tag.outputs.version }}
run: |
# Always rebuild on push to main (Dockerfile/workflow changes)
if [ "${{ github.event_name }}" = "push" ]; then
echo "Push event detected — forcing rebuild."
echo "should_build=true" >> "$GITHUB_OUTPUT"
elif docker manifest inspect "$IMAGE" > /dev/null 2>&1; then
echo "Image $IMAGE already exists. Skipping build."
echo "should_build=false" >> "$GITHUB_OUTPUT"
else
echo "should_build=true" >> "$GITHUB_OUTPUT"
fi
build-arch:
needs: check-upstream-tag
if: needs.check-upstream-tag.outputs.should_build == 'true'
runs-on: ${{ matrix.runner }}
strategy:
fail-fast: false
matrix:
include:
- platform: linux/amd64
runner: ubuntu-latest
suffix: amd64
- platform: linux/arm64
runner: ubuntu-24.04-arm
suffix: arm64
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0 # Fetch all history for better versioning
# Set up Docker Buildx
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
with:
version: latest
- name: Login to GitHub Container Registry
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
with:
images: |
ghcr.io/${{ github.repository_owner }}/cuprate-docker
flavor: |
suffix=-${{ matrix.suffix }}
tags: |
type=raw,value=latest
type=raw,value=${{ needs.check-upstream-tag.outputs.version }}
type=sha,format=short
type=ref,event=branch
type=ref,event=tag
- name: Build and push Docker image
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
with:
context: .
push: true
platforms: ${{ matrix.platform }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
CUPRATE_TAG=${{ needs.check-upstream-tag.outputs.cuprate_tag }}
BUILD_DATE=${{ github.event.head_commit.timestamp }}
VCS_REF=${{ github.sha }}
VERSION=${{ needs.check-upstream-tag.outputs.version }}
# Arch-isolated caching to prevent cross-arch cache collisions
cache-from: |
type=gha
type=registry,ref=ghcr.io/${{ github.repository_owner }}/cuprate-docker:buildcache-${{ matrix.suffix }}
cache-to: |
type=gha,mode=max
type=registry,ref=ghcr.io/${{ github.repository_owner }}/cuprate-docker:buildcache-${{ matrix.suffix }},mode=max
# Provenance/SBOM must be disabled when manually merging per-arch images
# with imagetools create, otherwise attestation manifests are picked up
# as platform variants and corrupt the multi-arch manifest list.
provenance: false
sbom: false
merge-manifests:
needs: [check-upstream-tag, build-arch]
if: needs.check-upstream-tag.outputs.should_build == 'true'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Login to GitHub Container Registry
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Docker meta
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
with:
images: |
ghcr.io/${{ github.repository_owner }}/cuprate-docker
tags: |
type=raw,value=latest
type=raw,value=${{ needs.check-upstream-tag.outputs.version }}
type=sha,format=short
type=ref,event=branch
type=ref,event=tag
- name: Create and push multi-arch manifest list
run: |
TAG_ARGS=""
while IFS= read -r tag; do
if [ -n "$tag" ]; then
TAG_ARGS="$TAG_ARGS -t $tag"
fi
done <<< "${{ steps.meta.outputs.tags }}"
SOURCE_AMD64="ghcr.io/${{ github.repository_owner }}/cuprate-docker:${{ needs.check-upstream-tag.outputs.version }}-amd64"
SOURCE_ARM64="ghcr.io/${{ github.repository_owner }}/cuprate-docker:${{ needs.check-upstream-tag.outputs.version }}-arm64"
echo "Creating manifest list with tags: $TAG_ARGS"
echo "Source images: $SOURCE_AMD64 $SOURCE_ARM64"
docker buildx imagetools create \
$TAG_ARGS \
"$SOURCE_AMD64" \
"$SOURCE_ARM64"