-
-
Notifications
You must be signed in to change notification settings - Fork 19
163 lines (152 loc) · 6.04 KB
/
build_container_image.yaml
File metadata and controls
163 lines (152 loc) · 6.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
on:
push:
branches:
- main
paths:
- 'Dockerfile'
- '.github/workflows/build_container_image.yaml'
tags:
- "v*"
schedule:
- cron: '0 2 1 * *' # Monthly on the 1st at 2 AM UTC
issue_comment:
types: [created]
workflow_dispatch:
name: Build and publish container images
permissions:
contents: read
packages: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build-data-processing:
name: Build data processing container image
if: |
(github.event_name != 'issue_comment') ||
(github.event.issue.pull_request != null && contains(github.event.comment.body, 'cicd/build'))
strategy:
fail-fast: false
matrix:
include:
- platform: linux/amd64
runner: ubuntu-latest
arch: amd64
- platform: linux/arm64
runner: ubuntu-24.04-arm
arch: arm64
runs-on: ${{ matrix.runner }}
timeout-minutes: 90
steps:
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
ref: ${{ github.event_name == 'issue_comment' && format('refs/pull/{0}/head', github.event.issue.number) || github.ref }}
- name: Free up disk space
run: ./.github/scripts/free_disk_space.sh
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
with:
driver-opts: |
image=moby/buildkit:v0.12.5
- name: Login to GitHub Container Registry
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Generate image tags
id: tags
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
# Version tag (e.g., v1.0.0)
echo "tags=ghcr.io/${{ github.repository }}:${{ github.ref_name }}-${{ matrix.arch }}" >> $GITHUB_OUTPUT
echo "manifest_tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
elif [[ "${{ github.event_name }}" == "schedule" ]]; then
# Monthly build
DATE=$(date +%Y%m)
echo "tags=ghcr.io/${{ github.repository }}:monthly-${DATE}-${{ matrix.arch }}" >> $GITHUB_OUTPUT
echo "manifest_tag=monthly" >> $GITHUB_OUTPUT
else
# Manual dispatch or other
echo "tags=ghcr.io/${{ github.repository }}:latest-${{ matrix.arch }}" >> $GITHUB_OUTPUT
echo "manifest_tag=latest" >> $GITHUB_OUTPUT
fi
- name: Generate build metadata
id: meta
run: |
echo "build_date=$(date -u +"%Y-%m-%dT%H:%M:%SZ")" >> $GITHUB_OUTPUT
echo "vcs_ref=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
echo "version=$(git describe --tags --always 2>/dev/null || echo 'latest')" >> $GITHUB_OUTPUT
- name: Build and push container image
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
context: .
file: ./Dockerfile
platforms: ${{ matrix.platform }}
push: true
cache-from: type=gha,scope=app-${{ matrix.arch }}
cache-to: type=gha,mode=max,scope=app-${{ matrix.arch }},ignore-error=true
build-args: |
BUILD_DATE=${{ steps.meta.outputs.build_date }}
VCS_REF=${{ steps.meta.outputs.vcs_ref }}
VERSION=${{ steps.meta.outputs.version }}
tags: ${{ steps.tags.outputs.tags }}
create-data-processing-manifest:
name: Create data processing multi-arch manifest
runs-on: ubuntu-latest
needs: build-data-processing
timeout-minutes: 15
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
- name: Login to GitHub Container Registry
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Verify single-arch images availability (branch)
if: ${{ startsWith(github.ref, 'refs/heads/') }}
run: |
REPO="${{ github.repository }}"
for tag in latest-amd64 latest-arm64; do
for i in {1..20}; do
if docker buildx imagetools inspect ghcr.io/$REPO:$tag > /dev/null 2>&1; then
echo "Found ghcr.io/$REPO:$tag";
break;
fi
echo "Waiting for ghcr.io/$REPO:$tag to be available ($i/20)...";
sleep 3;
done
done
- name: Create and push development manifest
if: ${{ startsWith(github.ref, 'refs/heads/') }}
run: |
REPO="${{ github.repository }}"
docker buildx imagetools create \
-t ghcr.io/$REPO:latest \
ghcr.io/$REPO:latest-amd64 \
ghcr.io/$REPO:latest-arm64
- name: Verify single-arch images availability (tag)
if: ${{ startsWith(github.ref, 'refs/tags/') }}
run: |
REPO="${{ github.repository }}"
for arch in amd64 arm64; do
for i in {1..20}; do
if docker buildx imagetools inspect ghcr.io/$REPO:${{ github.ref_name }}-$arch > /dev/null 2>&1; then
echo "Found ghcr.io/$REPO:${{ github.ref_name }}-$arch";
break;
fi
echo "Waiting for ghcr.io/$REPO:${{ github.ref_name }}-$arch to be available ($i/20)...";
sleep 3;
done
done
- name: Create and push tagged manifest
if: ${{ startsWith(github.ref, 'refs/tags/') }}
run: |
REPO="${{ github.repository }}"
docker buildx imagetools create \
-t ghcr.io/$REPO:${{ github.ref_name }} \
ghcr.io/$REPO:${{ github.ref_name }}-amd64 \
ghcr.io/$REPO:${{ github.ref_name }}-arm64