Merge pull request #1 from openzim/builx

Added platform support

Author: rgaudin

.github/workflows/ci.yml

@@ -15,7 +15,7 @@ jobs:
     - name: Install dependencies
       run: python -m pip install -U pytest black
     - name: Black
-      run: black -c compute_tags.py build_push.py
+      run: black --check .
     - name: Tests
       run: pytest tests.py
 

CHANGELOG.md

@@ -1,3 +1,18 @@
+# v4
+
+- added support for any registries (still defaults to docker.io + ghcr.io)
+- replaced `dockerhub-*` and `ghcr-*` inputs with more flexible `credentials` one
+- renamed `image-path` to `image-name`
+- added `platforms` to support multiarch using `buildx`.
+- refactored and simplified action and scripts
+- now internally using two main info:
+ - `DOCKER_TAG` with the version-only
+ - `DOCKER_TAG_LATEST` `true` or `false`.
+
+# v3
+
+- added support for build-args
+
 # v2
 
 - Fixed tag applied to images on tag event while having not set any tag-pattern

README.md

@@ -15,6 +15,27 @@ On ghcr.io, as for Docker Hub, first part of image name is the *user* owning the
 
 ## Usage
 
+### Minimal
+
+```yaml
+jobs:
+  build-and-push:
+    name: Deploy Docker Image
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build and push
+        uses: openzim/docker-publish-action@v4
+        with:
+          image-name: openzim/zimit
+            DOCKERIO_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}
+            DOCKERIO_TOKEN=${{ secrets.DOCKERHUB_PASSWORD }}
+            GHCR_IO_USERNAME=${{ secrets.GHCR_USERNAME }}
+            GHCR_IO_TOKEN=${{ secrets.GHCR_TOKEN }}
+          on-master: latest
+```
+
+### Complete
 
 ```yaml
 name: Docker
@@ -33,36 +54,42 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Build and push
-        uses: openzim/docker-publish-action@v1
+        uses: openzim/docker-publish-action@v4
         with:
-          image-path: openzim/zimit
+          image-name: openzim/zimit
+          registries: |
+            docker.io
+            gcr.io
+          credentials: |
+            DOCKERIO_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}
+            DOCKERIO_TOKEN=${{ secrets.DOCKERHUB_PASSWORD }}
+            GCR_IO_USERNAME=${{ secrets.GOOGLE_USERNAME }}
+            GCR_IO_TOKEN=${{ secrets.GOOGLE_TOKEN }}
+          context: sub-folder
           on-master: dev
           tag-pattern: /^v*([0-9.]+)$/
           latest-on-tag: true
           restrict-to: openzim/zimit
-          hub-username: ${{ secrets.DOCKERHUB_USERNAME }}
-          hub-password: ${{ secrets.DOCKERHUB_PASSWORD }}
-          ghcr-username: ${{ secrets.GHCR_USERNAME }}
-          ghcr-token: ${{ secrets.GHCR_TOKEN }}
           build-args:
             VERSION={version}
-            ARCH=amd64
 ```
 
 **Note**: th top-part `on` is just a filter on running that workflow. You can omit it but it's safer to not run it on refs that you know won't trigger anything. See [documentation](https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#on).
 
 | Input | Usage |
 | :--- | :--- |
-| `image-path`<font color=red>\*</font> | **Name of your image on the registry** (without the version part).<br />Ex.: `openzim/zimit` would refer to [this image](https://hub.docker.com/r/openzim/zimit).<br />The same name is pushed on **both registries**. |
-| `hub-username`<font color=red>\*</font> and `hub-password`<font color=red>\*</font> | **Docker Hub user credentials to push images with** |
-| `ghcr-username`<font color=red>\*</font> and `ghcr-token`<font color=red>\*</font> | **Github user credentials to push images with**<br />Token is a [PAT](https://github.com/settings/tokens) with `repo, workflow, write:packages` permissions.|
-| `context` | **Path in the repository to use as build context**<br />Relative to repository root. Defaults to `.`. Ex: `dnscache` or `workers/slave`. |
-| `dockerfile` | **Path to the Dockerfile recipe, relative to context**<br />Defaults to `Dockerfile`. Use `../` syntax if dockerfile is outside context. |
+| `image-name`<font color=red>\*</font> | **Name of your image on the registry** (without the version part).<br />Ex.: `openzim/zimit` would refer to [this image](https://hub.docker.com/r/openzim/zimit).<br />The same name is pushed to **all registries**. |
+| `registries` | **List of registries to push images to** (domain name only).<br />Ex.: `docker.io` for Docker Hub, `ghcr.io`, `gcr.io`, etc.<br />Defaults to `docker.io ghcr.io`. |
+| `credentials`<font color=red>\*</font> | **List of credentials for all registries**<br />Use the `REGISTRY_USERNAME=xxx` and `REGISTRY_TOKEN=xxx` formats to specify.<br />`REGISTRY` refers to the uppercase registry domain name without `.`.<br />Ex: `GHCRIO_USERNAME=xxx` for `ghcr.io`.<br />_Notes_: Github token is a [PAT](https://github.com/settings/tokens) with `repo, workflow, write:packages` permissions.<br />Docker hub token is account password.|
+| `context` | **Path in the repository to use as build context**<br />Relative to repository root.  Ex: `dnscache` or `workers/slave`.<br />Defaults to `.`. |
+| `dockerfile` | **Path to the Dockerfile recipe, relative to context**<br />Use `../` syntax if dockerfile is outside context.<br />Defaults to `Dockerfile`. |
+| `build-args` | **Arguments for `docker build --build-arg`**<br />Special value `{version}` will be replaced with the tag to set.<br />Use the `name=value` format and separate each by a space or new line.|
+| `platforms` | **List of platforms to build-for**.<br />Ex.: `linux/armv/v7 linux/amd64`.<br />Defaults to `linux/amd64`. |
 | `on-master` | **Tag to apply for every commit on default branch**.<br />Omit it if you don't want to push an image for non-tagged commits.<br />Only applies to commits on your default branch (`master` or `main`) |
 | `tag-pattern` | **Regular expression to match tags with**.<br />Only git tags matching this regexp will trigger a build+push to the corresponding docker tag.<br />If not specifying a group, whole git tag is used as is on docker. |
 | `latest-on-tag` | **Whether to push to docker tag `:latest` on every matched tag** (see `tag-pattern`)<br />Value must be `true` or `false`. Defaults to `false`. |
 | `restrict-to` | **Don't push if action is run for a different repository**<br />Specify as `{owner}/{repository}`. |
-| `build-args` | **Arguments for `docker build --build-arg`**<br />Special value `{version}` will be replaced with the tag to set.<br />Use the `name=value` format and separate each by a space or new line.|
+
 
 
 ⚠️ After your initial run creating your image, you need to manually **make it public** via Github's UI (see packages) if you intend to pull images without authenticating.

action.yml

@@ -6,9 +6,16 @@ branding:
   color: green
 
 inputs:
-  image-path:
+  image-name:
     description: target image path on both registries (ex. 'openzim/dnscache')
     required: true
+  registries:
+    description: list of registries to push to (defaults to docker.io ghcr.io)
+    required: false
+    default: docker.io ghcr.io
+  credentials:
+    description: list of credentials for each registry. Ex. DOCKERIO_USERNAME=xxx DOCKERIO_TOKEN=yyy GHCRIO_USERNAME=xxx
+    required: true
   context:
     description: folder to use as context for the build (ex. '.' or 'dnscache')
     required: false
@@ -17,6 +24,13 @@ inputs:
     description: Dockerfile path (relative to context) if not 'Dockerfile'
     required: false
     default: Dockerfile
+  build-args:
+    description: optional key/value pairs to pass as build arguments. {version} replaced with found version/latest (if any)
+    required: false
+  platforms:
+    description: specify platform to build for (one of linux/amd64, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6, etc)
+    required: false
+    default: linux/amd64
   on-master:
     description: tag to use on master commits. (ex. 'latest' or 'dev') Leave out if not wanted
     required: false
@@ -30,70 +44,50 @@ inputs:
   restrict-to:
     description: repository path to limit this action to (ex. 'openzim/zimfarm') to prevent forks from triggering it.
     required: false
-  hub-username:
-    description: Docker Hub username to push image
-    required: true
-  hub-password:
-    description: Docker Hub password to push image
-    required: true
-  ghcr-username:
-    description: GHCR username to push image
-    required: true
-  ghcr-token:
-    description: GHCR token to push image
-    required: true
-  build-args:
-    description: optional key/value pairs to pass as build arguments. {version} replaced with found version/latest (if any)
-    required: false
 
 runs:
   using: composite
   steps:
-    - run: echo "IMAGE_TAGS=" >> $GITHUB_ENV
+    - name: check and store params
+      run: python3 $GITHUB_ACTION_PATH/check_inputs.py
       shell: bash
-
-    - name: save build-args to env
-      run: |
-        import os
-        import json
-        build_args = dict([item.split("=") if "=" in item else (item, "") for item in os.getenv("BUILD_ARGS", "").split()])
-        with open(os.getenv("GITHUB_ENV"), "a") as fh:
-          fh.write("BUILD_ARGS={}\n".format(json.dumps(build_args)))
-      shell: python
       env:
-        BUILD_ARGS: ${{ inputs.build-args }}
-
-    - name: Compute Image Tags
-      run: python3 $GITHUB_ACTION_PATH/compute_tags.py
-      shell: bash
-      env:
-        IMAGE_PATH: ${{ inputs.image-path }}
+        IMAGE_NAME: ${{ inputs.image-name }}
+        REGISTRIES: ${{ inputs.registries }}
+        CREDENTIALS: ${{ inputs.credentials }}
         CONTEXT: ${{ inputs.context }}
+        DOCKERFILE: ${{ inputs.dockerfile }}
+        BUILD_ARGS: ${{ inputs.build-args }}
+        PLATFORMS: ${{ inputs.platforms }}
         ON_MASTER: ${{ inputs.on-master }}
         TAG_PATTERN: ${{ inputs.tag-pattern }}
         LATEST_ON_TAG: ${{ inputs.latest-on-tag }}
         RESTRICT_TO: ${{ inputs.restrict-to }}
         DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
+        DOCKER_BUILDX_VERSION: 0.5.1
 
-    - name: Verify Image tags
-      run: |
-        import os
-        tags = [t for t in os.getenv("IMAGE_TAGS", "").strip().split(",") if t]
-        if not tags:
-            print("No expected tag to push to.")
-        else:
-          print("We'll build for and push to:")
-          for tag in tags:
-            print("- {}".format(tag))
-      shell: python
+    - name: find tag
+      run: python3 $GITHUB_ACTION_PATH/find_tag.py
+      shell: bash
+
+    - name: Display found tag
+      run: python3 $GITHUB_ACTION_PATH/display_tag.py
+      shell: bash
 
-    - name: Build and Push
-      run: python3 $GITHUB_ACTION_PATH/build_push.py
+    - name: docker install
+      run: python3 $GITHUB_ACTION_PATH/docker_install.py
+      shell: bash
+
+    - name: docker login
+      run: python3 $GITHUB_ACTION_PATH/docker_login.py
       shell: bash
       env:
-        CONTEXT: ${{ inputs.context }}
-        DOCKERFILE: ${{ inputs.dockerfile }}
-        DOCKERHUB_USERNAME: ${{ inputs.hub-username }}
-        DOCKERHUB_PASSWORD: ${{ inputs.hub-password }}
-        GHCR_USERNAME: ${{ inputs.ghcr-username }}
-        GHCR_TOKEN: ${{ inputs.ghcr-token }}
+        CREDENTIALS: ${{ inputs.credentials }}
+
+    - name: docker build-push
+      run: python3 $GITHUB_ACTION_PATH/docker_build.py
+      shell: bash
+
+    - name: docker logout
+      run: python3 $GITHUB_ACTION_PATH/docker_logout.py
+      shell: bash