ci: build head docker images on changes in main

sydorovdmytro · sydorovdmytro · commit b4dd4d7d7c84 · 2025-05-16T15:07:23.000+02:00
Builds docker images with `head-&lt;architecture&gt;` tags on every push to main.
Pushes images only if executed on the main branch.
diff --git a/.github/workflows/push-head-images.yaml b/.github/workflows/push-head-images.yaml
@@ -0,0 +1,50 @@
+name: Build and push head images
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-head-images:
+    runs-on: ubuntu-latest
+    name: Publish head images
+    if: |
+      github.repository_owner == 'loft-sh' &&
+      github.ref_name == 'main'
+    permissions:
+      contents: read
+      id-token: write # This is the key for OIDC cosign!
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          cache: false
+          go-version-file: go.mod
+
+      - name: Install just
+        uses: extractions/setup-just@v1
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup GoReleaser and Build Images
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --config .goreleaser.head_images.yaml --clean --skip=announce,validate
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TELEMETRY_PRIVATE_KEY: ""
+          CI_BRANCH: ${{ github.ref_name }}
diff --git a/.goreleaser.head_images.yaml b/.goreleaser.head_images.yaml
@@ -0,0 +1,158 @@
+version: 2
+
+project_name: vcluster
+
+before:
+  hooks:
+    - 'echo "Building head images for {{ .Env.CI_BRANCH }} branch"'
+
+builds:
+  - id: vcluster
+    env:
+      - CGO_ENABLED=0
+      - GO111MODULE=on
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+    binary: vcluster
+    main: ./cmd/vcluster
+    dir: .
+    flags:
+      - -trimpath
+      - -mod
+      - vendor
+    tags:
+      - embed_chart
+    ldflags:
+      - -s -w
+      - -X github.com/loft-sh/vcluster/pkg/telemetry.SyncerVersion={{.Version}}
+      - -X github.com/loft-sh/vcluster/pkg/telemetry.telemetryPrivateKey={{ with index .Env "TELEMETRY_PRIVATE_KEY" }}{{ . }}{{ end }}
+
+  - id: vcluster-cli
+    env:
+      - CGO_ENABLED=0
+      - GO111MODULE=on
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+    binary: vcluster
+    main: ./cmd/vclusterctl
+    dir: .
+    flags:
+      - -trimpath
+      - -mod
+      - vendor
+    tags:
+      - embed_chart
+    ldflags:
+      - -s -w
+      - -X main.version={{.Version}}
+      - -X github.com/loft-sh/vcluster/pkg/telemetry.SyncerVersion={{.Version}}
+      - -X github.com/loft-sh/vcluster/pkg/telemetry.telemetryPrivateKey={{ with index .Env "TELEMETRY_PRIVATE_KEY" }}{{ . }}{{ end }}
+
+dockers:
+  # --- Vcluster images ---
+  - image_templates:
+      - "ghcr.io/loft-sh/vcluster-oss:head-amd64"
+    use: buildx
+    dockerfile: Dockerfile.release
+    ids:
+      - vcluster
+    build_flag_templates:
+      - "--platform=linux/amd64"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version=head"
+    extra_files:
+      - dist/vcluster_linux_amd64_v1/vcluster
+    skip_push: '{{ ne .Env.CI_BRANCH "main" }}'
+
+  - image_templates:
+      - "ghcr.io/loft-sh/vcluster-oss:head-arm64v8"
+    use: buildx
+    goarch: arm64
+    dockerfile: Dockerfile.release
+    ids:
+      - vcluster
+    build_flag_templates:
+      - "--platform=linux/arm64/v8"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version=head"
+    extra_files:
+      - dist/vcluster_linux_arm64_v8.0/vcluster
+    skip_push: '{{ ne .Env.CI_BRANCH "main" }}'
+
+  # --- Vcluster-cli images ---
+  - image_templates:
+      - "ghcr.io/loft-sh/vcluster-cli:head-amd64"
+    use: buildx
+    dockerfile: Dockerfile.cli.release
+    ids:
+      - vcluster-cli
+    build_flag_templates:
+      - "--platform=linux/amd64"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version=head"
+    extra_files:
+      - dist/vcluster-cli_linux_amd64_v1/vcluster-cli
+    skip_push: '{{ ne .Env.CI_BRANCH "main" }}'
+
+  - image_templates:
+      # Only build head-arm64v8 tag when on main branch
+      - "ghcr.io/loft-sh/vcluster-cli:head-arm64v8"
+    use: buildx
+    goarch: arm64
+    dockerfile: Dockerfile.cli.release
+    ids:
+      - vcluster-cli
+    build_flag_templates:
+      - "--platform=linux/arm64/v8"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version=head"
+    extra_files:
+      - dist/vcluster-cli_linux_arm64_v8.0/vcluster-cli
+    skip_push: '{{ ne .Env.CI_BRANCH "main" }}'
+
+docker_manifests:
+  # --- Head multi arch ---
+  - name_template: ghcr.io/loft-sh/vcluster-oss:head
+    image_templates:
+      - ghcr.io/loft-sh/vcluster-oss:head-amd64
+      - ghcr.io/loft-sh/vcluster-oss:head-arm64v8h
+    skip_push: '{{ ne .Env.CI_BRANCH "main" }}'
+
+  # --- Head multi arch for CLI ---
+  - name_template: ghcr.io/loft-sh/vcluster-cli:head
+    image_templates:
+      - ghcr.io/loft-sh/vcluster-cli:head-amd64
+      - ghcr.io/loft-sh/vcluster-cli:head-arm64v8
+    skip_push: '{{ ne .Env.CI_BRANCH "main" }}'
+
+# Keep release disabled to avoid creating GitHub releases
+release:
+  disable: true
+
+docker_signs:
+  - cmd: cosign
+    env:
+      - COSIGN_EXPERIMENTAL=1
+    artifacts: all
+    args:
+      - "sign"
+      - "${artifact}"
+      - "--yes" # needed on cosign 2.0.0+
