Skip to content

Commit f8743e9

Browse files
crazy-maxcrazy-max
committed
ci: use docker github builder to build frontend images
Signed-off-by: CrazyMax <[email protected]>
1 parent 1a767c3 commit f8743e9

File tree

1 file changed

+107
-104
lines changed

1 file changed

+107
-104
lines changed

.github/workflows/frontend.yml

Lines changed: 107 additions & 104 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ jobs:
4444
prepare:
4545
runs-on: ubuntu-24.04
4646
outputs:
47-
channels: ${{ steps.set.outputs.matrix }}
47+
includes: ${{ steps.set.outputs.includes }}
4848
tag: ${{ steps.set.outputs.tag }}
4949
steps:
5050
-
@@ -56,140 +56,143 @@ jobs:
5656
INPUT_CHANNELS: |
5757
mainline
5858
labs
59+
INPUT_IMAGE-NAME: ${{ env.IMAGE_NAME }}
5960
with:
6061
script: |
6162
const ref = core.getInput('ref');
6263
const channels = core.getMultilineInput('channels');
64+
const imageName = core.getInput('image-name');
65+
66+
function getTags(channel) {
67+
let tagSuffix = '';
68+
if (channel !== 'mainline') {
69+
tagSuffix = `-${channel}`;
70+
}
71+
let tagLatest = '';
72+
let tagVersion = '';
73+
if (ref.startsWith('refs/tags/dockerfile/')) {
74+
const version = ref.replace('refs/tags/dockerfile/', '').replace(new RegExp(`-${channel}$`), '');
75+
if (/^[0-9]+\.[0-9]+\.[0-9]+$/.test(version)) {
76+
tagLatest = channel === 'mainline' ? 'latest' : channel;
77+
}
78+
tagVersion = version;
79+
}
80+
return { tagSuffix, tagLatest, tagVersion };
81+
}
82+
6383
const matrix = [];
6484
if (ref.startsWith('refs/tags/dockerfile/')) {
6585
const version = ref.replace('refs/tags/dockerfile/', '');
6686
for (const channel of channels) {
6787
if (version.endsWith(`-${channel}`)) {
68-
matrix.push(channel);
88+
const { tagSuffix, tagLatest, tagVersion } = getTags(channel);
89+
matrix.push({
90+
channel: channel,
91+
imageName: imageName,
92+
tagSuffix: tagSuffix,
93+
tagLatest: tagLatest,
94+
tagVersion: tagVersion
95+
});
6996
break;
7097
}
7198
}
7299
if (matrix.length === 0) {
73100
// default to mainline if no channel suffix
74-
matrix.push('mainline');
101+
const { tagSuffix, tagLatest, tagVersion } = getTags('mainline');
102+
matrix.push({
103+
channel: 'mainline',
104+
imageName: imageName,
105+
tagSuffix: tagSuffix,
106+
tagLatest: tagLatest,
107+
tagVersion: tagVersion
108+
});
75109
}
76110
core.setOutput('tag', ref.replace('refs/tags/', ''));
77111
} else {
78-
matrix.push('mainline', 'labs');
112+
for (const channel of channels) {
113+
const { tagSuffix, tagLatest, tagVersion } = getTags(channel);
114+
matrix.push({
115+
channel: channel,
116+
imageName: imageName,
117+
tagSuffix: tagSuffix,
118+
tagLatest: tagLatest,
119+
tagVersion: tagVersion
120+
});
121+
}
79122
}
123+
80124
core.info(JSON.stringify(matrix, null, 2));
81-
core.setOutput('matrix', JSON.stringify(matrix));
125+
core.setOutput('includes', JSON.stringify(matrix));
82126
83127
image:
84-
runs-on: ubuntu-24.04
128+
uses: docker/github-builder-experimental/.github/workflows/bake.yml@813ea76fdb0a744196f46fd25149937a6dbd42a2
85129
needs:
86-
- test
87130
- prepare
131+
- test
88132
strategy:
89133
fail-fast: false
90134
matrix:
91-
channel: ${{ fromJson(needs.prepare.outputs.channels) }}
92-
steps:
93-
-
94-
name: Prepare
95-
uses: actions/github-script@v8
96-
env:
97-
INPUT_CHANNEL: ${{ matrix.channel }}
98-
INPUT_REF: ${{ github.ref }}
99-
with:
100-
script: |
101-
const channel = core.getInput('channel');
102-
const ref = core.getInput('ref');
103-
if (channel !== 'mainline') {
104-
core.exportVariable('TAG_SUFFIX', `-${channel}`);
105-
}
106-
if (ref.startsWith('refs/tags/dockerfile/')) {
107-
const version = ref.replace('refs/tags/dockerfile/', '').replace(new RegExp(`-${channel}$`), '');
108-
if (/^[0-9]+\.[0-9]+\.[0-9]+$/.test(version)) {
109-
// stable release
110-
core.exportVariable('TAG_LATEST', channel === 'mainline' ? 'latest' : channel);
111-
}
112-
core.exportVariable('TAG_VERSION', version);
113-
}
114-
-
115-
name: Set up QEMU
116-
uses: docker/setup-qemu-action@v3
117-
-
118-
name: Set up Docker Buildx
119-
uses: docker/setup-buildx-action@v3
120-
with:
121-
version: ${{ env.SETUP_BUILDX_VERSION }}
122-
driver-opts: image=${{ env.SETUP_BUILDKIT_TAG }}
123-
buildkitd-flags: --debug
124-
-
125-
name: Docker meta
126-
id: meta
127-
uses: docker/metadata-action@v5
128-
with:
129-
images: |
130-
${{ env.IMAGE_NAME }}
131-
# versioning strategy
132-
## push tag dockerfile/1.17.0
133-
### docker/dockerfile-upstream:1.17.0
134-
### docker/dockerfile-upstream:1.17
135-
### docker/dockerfile-upstream:1
136-
### docker/dockerfile-upstream:latest
137-
## push tag dockerfile/1.17.0-labs
138-
### docker/dockerfile-upstream:1.17.0-labs
139-
### docker/dockerfile-upstream:1.17-labs
140-
### docker/dockerfile-upstream:1-labs
141-
### docker/dockerfile-upstream:labs
142-
## push prerelease tag dockerfile/1.17.0-rc1
143-
### docker/dockerfile-upstream:1.17.0-rc1
144-
## push prerelease tag dockerfile/1.17.0-rc1-labs
145-
### docker/dockerfile-upstream:1.17.0-rc1-labs
146-
## push on master
147-
### docker/dockerfile-upstream:master
148-
### docker/dockerfile-upstream:master-labs
149-
tags: |
150-
type=ref,event=branch,suffix=${{ env.TAG_SUFFIX }}
151-
type=ref,event=pr,suffix=${{ env.TAG_SUFFIX }}
152-
type=semver,pattern={{version}},value=${{ env.TAG_VERSION }},suffix=${{ env.TAG_SUFFIX }}
153-
type=semver,pattern={{major}}.{{minor}},value=${{ env.TAG_VERSION }},suffix=${{ env.TAG_SUFFIX }}
154-
type=semver,pattern={{major}},value=${{ env.TAG_VERSION }},suffix=${{ env.TAG_SUFFIX }}
155-
type=raw,value=${{ env.TAG_LATEST }}
156-
flavor: |
157-
latest=false
158-
annotations: |
159-
org.opencontainers.image.title=Dockerfile Frontend
160-
org.opencontainers.image.vendor=Moby
161-
bake-target: frontend-meta-helper
162-
-
163-
name: Login to DockerHub
164-
uses: docker/login-action@v3
165-
if: ${{ github.repository == 'moby/buildkit' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/dockerfile/')) }}
166-
with:
135+
include: ${{ fromJson(needs.prepare.outputs.includes) }}
136+
permissions:
137+
contents: read
138+
id-token: write # for signing attestation manifests and registry authentication if needed with GitHub OIDC Token
139+
packages: write # for pushing manifests to GHCR if needed (caller must provide the same permissions used in the reusable workflow)
140+
with:
141+
runner: amd64
142+
target: frontend-image-cross
143+
output: image
144+
push: ${{ github.repository == 'moby/buildkit' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/dockerfile/')) }}
145+
envs: |
146+
FRONTEND_CHANNEL=${{ matrix.channel }}
147+
cache: true
148+
cache-scope: frontend-${{ matrix.channel }}
149+
set-meta-annotations: true
150+
meta-images: |
151+
${{ matrix.imageName }}
152+
# versioning strategy
153+
## push tag dockerfile/1.17.0
154+
### docker/dockerfile-upstream:1.17.0
155+
### docker/dockerfile-upstream:1.17
156+
### docker/dockerfile-upstream:1
157+
### docker/dockerfile-upstream:latest
158+
## push tag dockerfile/1.17.0-labs
159+
### docker/dockerfile-upstream:1.17.0-labs
160+
### docker/dockerfile-upstream:1.17-labs
161+
### docker/dockerfile-upstream:1-labs
162+
### docker/dockerfile-upstream:labs
163+
## push prerelease tag dockerfile/1.17.0-rc1
164+
### docker/dockerfile-upstream:1.17.0-rc1
165+
## push prerelease tag dockerfile/1.17.0-rc1-labs
166+
### docker/dockerfile-upstream:1.17.0-rc1-labs
167+
## push on master
168+
### docker/dockerfile-upstream:master
169+
### docker/dockerfile-upstream:master-labs
170+
meta-tags: |
171+
type=ref,event=branch,suffix=${{ matrix.tagSuffix }}
172+
type=ref,event=pr,suffix=${{ matrix.tagSuffix }}
173+
type=semver,pattern={{version}},value=${{ matrix.tagVersion }},suffix=${{ matrix.tagSuffix }}
174+
type=semver,pattern={{major}}.{{minor}},value=${{ matrix.tagVersion }},suffix=${{ matrix.tagSuffix }}
175+
type=semver,pattern={{major}},value=${{ matrix.tagVersion }},suffix=${{ matrix.tagSuffix }}
176+
type=raw,value=${{ matrix.tagLatest }}
177+
meta-flavor: |
178+
latest=false
179+
meta-annotations: |
180+
org.opencontainers.image.title=Dockerfile Frontend
181+
org.opencontainers.image.vendor=Moby
182+
meta-bake-target: frontend-meta-helper
183+
setup-qemu: true
184+
bake-sbom: true
185+
bake-set: |
186+
*.no-cache-filter=${{ (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/dockerfile/')) && 'base' || '' }}
187+
secrets:
188+
registry-auths: |
189+
- registry: docker.io
167190
username: ${{ secrets.DOCKERHUB_USERNAME }}
168191
password: ${{ secrets.DOCKERHUB_TOKEN }}
169-
-
170-
name: Build
171-
uses: docker/bake-action@v6
172-
with:
173-
# FIXME: remove context once git context with query string implemented in actions-toolkit
174-
source: ${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }}
175-
files: |
176-
./docker-bake.hcl
177-
cwd://${{ steps.meta.outputs.bake-file-tags }}
178-
cwd://${{ steps.meta.outputs.bake-file-annotations }}
179-
targets: frontend-image-cross
180-
push: ${{ github.repository == 'moby/buildkit' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/dockerfile/')) }}
181-
provenance: mode=max,version=v1
182-
sbom: true
183-
set: |
184-
*.cache-from=type=gha,scope=frontend-${{ matrix.channel }}
185-
*.cache-to=type=gha,scope=frontend-${{ matrix.channel }}
186-
*.no-cache-filter=${{ (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/dockerfile/')) && 'base' || '' }}
187-
env:
188-
FRONTEND_CHANNEL: ${{ matrix.channel }}
189192
190193
scout:
191194
runs-on: ubuntu-24.04
192-
if: ${{ github.ref == 'refs/heads/master' && github.repository == 'moby/buildkit' }}
195+
if: ${{ github.repository == 'moby/buildkit' && github.ref == 'refs/heads/master' }}
193196
permissions:
194197
# same as global permission
195198
contents: read

0 commit comments

Comments
 (0)