Skip to content

Commit 08dd60c

Browse files
willwang-openaiwillwang-openai
committed
add disk cleanup
1 parent 7f67edf commit 08dd60c

File tree

1 file changed

+40
-7
lines changed

1 file changed

+40
-7
lines changed

.github/workflows/build-image.yml

Lines changed: 40 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -25,24 +25,39 @@ jobs:
2525
attestations: write
2626
id-token: write
2727
steps:
28-
- uses: actions/checkout@v4
28+
- name: Maximize build space
29+
uses: easimon/maximize-build-space@master
30+
with:
31+
remove-dotnet: 'true'
32+
remove-android: 'true'
33+
remove-haskell: 'true'
34+
remove-codeql: 'true'
35+
remove-docker-images: 'true'
36+
37+
- name: Checkout
38+
uses: actions/checkout@v4
39+
2940
- name: Log in to ghcr.io
30-
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
41+
uses: docker/login-action@v3
3142
with:
3243
registry: ${{ env.REGISTRY }}
3344
username: ${{ github.actor }}
3445
password: ${{ secrets.GITHUB_TOKEN }}
46+
3547
- name: Set up QEMU
3648
uses: docker/setup-qemu-action@v3
49+
3750
- name: Set up Docker Buildx
3851
uses: docker/setup-buildx-action@v3
39-
52+
53+
# Build & push per-arch under SHA-suffixed tags to avoid a single-arch :latest window
4054
- name: Build and push (amd64)
55+
id: build_amd64
4156
uses: docker/build-push-action@v6
4257
with:
4358
platforms: linux/amd64
4459
push: ${{ github.event_name == 'push' }}
45-
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
60+
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:amd64-${{ github.sha }}
4661
cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
4762
cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max,compression=zstd,oci-mediatypes=true
4863
provenance: false
@@ -51,22 +66,40 @@ jobs:
5166
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
5267
5368
- name: Build and push (arm64)
69+
id: build_arm64
5470
uses: docker/build-push-action@v6
5571
with:
5672
platforms: linux/arm64
5773
push: ${{ github.event_name == 'push' }}
58-
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
74+
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:arm64-${{ github.sha }}
5975
cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
6076
cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max,compression=zstd,oci-mediatypes=true
6177
provenance: false
6278
sbom: false
6379
secrets: |
6480
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
65-
81+
82+
# Create a multi-arch manifest for :latest and :{sha}
83+
- name: Create multi-arch manifest
84+
if: ${{ github.event_name == 'push' }}
85+
run: |
86+
docker buildx imagetools create \
87+
-t "$REGISTRY/$IMAGE_NAME:latest" \
88+
-t "$REGISTRY/$IMAGE_NAME:${GITHUB_SHA}" \
89+
"$REGISTRY/$IMAGE_NAME@${{ steps.build_amd64.outputs.digest }}" \
90+
"$REGISTRY/$IMAGE_NAME@${{ steps.build_arm64.outputs.digest }}"
91+
92+
- name: Get manifest digest
93+
id: manifest_digest
94+
if: ${{ github.event_name == 'push' }}
95+
run: |
96+
DIGEST=$(docker buildx imagetools inspect "$REGISTRY/$IMAGE_NAME:latest" | awk '/^Digest:/{print $2; exit}')
97+
echo "digest=$DIGEST" >> "$GITHUB_OUTPUT"
98+
6699
- name: Generate artifact attestation
67100
uses: actions/attest-build-provenance@v2
68101
if: ${{ github.event_name == 'push' }}
69102
with:
70103
push-to-registry: true
71104
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
72-
subject-digest: ${{ steps.docker_build.outputs.digest }}
105+
subject-digest: ${{ steps.manifest_digest.outputs.digest }}

0 commit comments

Comments
 (0)