ci: use docker bake

Author: pythoninthegrass

.github/workflows/docker.yml

@@ -17,6 +17,7 @@ on:
       # Docker and environment configs
       - 'Dockerfile*'
       - 'docker-compose.yml'
+      - 'docker-bake.hcl'
       - '.dockerignore'
       - '.env.example'
       # Dependencies and python configs
@@ -38,18 +39,12 @@ on:
 env:
   REGISTRY_URL: ghcr.io
   REGISTRY_USER: ${{ github.repository_owner }}
-  IMAGE: ${{ vars.IMAGE }}
+  IMAGE_NAME: ${{ vars.IMAGE || 'meetup_bot' }}
 
 jobs:
-  push_to_registry:
-    name: Push Docker image to container registry
-    # if: |
-    #   (github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/'))) ||
-    #   (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success')
+  build-and-push:
+    name: Build and push Docker image
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        dockerfile: [Dockerfile.web]
     concurrency:
       group: ${{ github.workflow }}-${{ github.ref }}
       cancel-in-progress: true
@@ -72,7 +67,7 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            name=${{ env.REGISTRY_URL }}/${{ env.REGISTRY_USER }}/${{ env.IMAGE }}
+            ${{ env.REGISTRY_URL }}/${{ env.REGISTRY_USER }}/${{ env.IMAGE_NAME }}
           tags: |
             type=raw,value=latest,enable=${{ endsWith(github.ref, 'main') }}
             type=ref,event=branch,enable=${{ !endsWith(github.ref, 'main') }}
@@ -88,21 +83,24 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
-          # Use native builders if available
           platforms: linux/amd64,linux/arm64
 
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v6
+      - name: Build and push with Docker Bake
+        uses: docker/bake-action@v4
         with:
-          context: .
-          file: ${{ matrix.dockerfile }}
+          files: |
+            ./docker-bake.hcl
+            ${{ steps.meta.outputs.bake-file }}
+          targets: multi-platform
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64,linux/arm64/v8
-          cache-from: |
-            type=gha,scope=${{ github.workflow }}
-            type=registry,ref=ghcr.io/${{ env.REGISTRY_USER }}/${{ env.IMAGE }}:buildcache
-          cache-to: |
-            type=gha,scope=${{ github.workflow }},mode=max
-            type=registry,ref=ghcr.io/${{ env.REGISTRY_USER }}/${{ env.IMAGE }}:buildcache,mode=max
+          set: |
+            *.cache-from=type=gha,scope=${{ github.workflow }}
+            *.cache-to=type=gha,mode=max,scope=${{ github.workflow }}
+            *.platform=linux/amd64,linux/arm64
+            *.args.PYTHON_VERSION=3.11
+            *.args.PORT=3100
+            REGISTRY_URL=${{ env.REGISTRY_URL }}
+            REGISTRY_USER=${{ env.REGISTRY_USER }}
+            IMAGE_NAME=${{ env.IMAGE_NAME }}
+            TAG=${{ steps.meta.outputs.version }}
+            DOCKERFILE=Dockerfile.web

docker-bake.hcl

@@ -0,0 +1,82 @@
+// Variables with defaults that can be overridden
+variable "REGISTRY_URL" {
+  default = "ghcr.io"
+}
+
+variable "REGISTRY_USER" {
+  default = ""              // Set from GitHub Actions
+}
+
+variable "IMAGE_NAME" {
+  default = "meetup_bot"    // Matches the label in Dockerfile.web
+}
+
+variable "TAG" {
+  default = "latest"
+}
+
+variable "DOCKERFILE" {
+  default = "Dockerfile.web"
+}
+
+// Base target with shared configuration
+target "docker-metadata-action" {
+  tags = [
+    "${REGISTRY_URL}/${REGISTRY_USER}/${IMAGE_NAME}:${TAG}",
+    "${REGISTRY_URL}/${REGISTRY_USER}/${IMAGE_NAME}:latest",
+  ]
+}
+
+// Default target that extends the base
+target "build" {
+  inherits = ["docker-metadata-action"]
+  context = "."
+  dockerfile = "${DOCKERFILE}"
+  args = {
+    PYTHON_VERSION = "3.11"
+  }
+}
+
+// Group target to build both platforms
+group "default" {
+  targets = ["build"]
+}
+
+// Optional specific targets for each platform
+target "amd64" {
+  inherits = ["build"]
+  platforms = ["linux/amd64"]
+  cache-from = [
+    "type=gha,scope=linux/amd64",
+    "type=registry,ref=${REGISTRY_URL}/${REGISTRY_USER}/${IMAGE_NAME}:buildcache"
+  ]
+  cache-to = [
+    "type=gha,mode=max,scope=linux/amd64"
+  ]
+}
+
+target "arm64" {
+  inherits = ["build"]
+  platforms = ["linux/arm64"]
+  cache-from = [
+    "type=gha,scope=linux/arm64",
+    "type=registry,ref=${REGISTRY_URL}/${REGISTRY_USER}/${IMAGE_NAME}:buildcache"
+  ]
+  cache-to = [
+    "type=gha,mode=max,scope=linux/arm64"
+  ]
+}
+
+// Matrix build target for multi-platform builds
+target "multi-platform" {
+  inherits = ["build"]
+  platforms = ["linux/amd64", "linux/arm64"]
+  cache-from = [
+    "type=gha,scope=build",
+    "type=registry,ref=${REGISTRY_URL}/${REGISTRY_USER}/${IMAGE_NAME}:buildcache"
+  ]
+  cache-to = [
+    "type=gha,mode=max,scope=build",
+    "type=registry,ref=${REGISTRY_URL}/${REGISTRY_USER}/${IMAGE_NAME}:buildcache,mode=max"
+  ]
+}

taskfiles/docker.yml

@@ -111,3 +111,19 @@ tasks:
     cmds:
       - docker system prune --all --force
       - docker builder prune --all --force
+
+  validate:
+    desc: Validate the docker-bake.hcl file
+    vars:
+      BAKE_OUTPUT:
+        sh: docker buildx bake --file docker-bake.hcl --print 2>&1 || true
+      VALIDATION_ERROR:
+        sh: echo "{{.BAKE_OUTPUT}}" | grep -q "ERROR:" && echo "true" || echo "false"
+    preconditions:
+      - sh: "test {{.VALIDATION_ERROR}} = false"
+        msg: |
+          Docker bake file is invalid. Error details:
+          {{.BAKE_OUTPUT}}
+    cmds:
+      - cmd: echo "Docker bake file is valid"
+        silent: true