rabbitmq-server/.github/workflows/oci-make.yaml at ec8ddd9ab2428516e83ccdcb4d49b7e9dc6fe129 · rabbitmq/rabbitmq-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# When changing the OTP version, make sure to update all references:
# - the default in workflow_dispatch
# - otp_version in both jobs
#
#
name: OCI (make)
on:
  pull_request:
    paths:
      - deps/**
      - scripts/**
      - Makefile
      - plugins.mk
      - rabbitmq-components.mk
      - packaging/**
      - .github/workflows/oci-make.yaml
  workflow_run:
    workflows: [Peer Discovery AWS Integration Test]
    types:
      - requested
  workflow_dispatch:
    inputs:
      otp_version:
        # a tag of the erlang image, see https://hub.docker.com/_/erlang for available tags
        # also used in the setup-beam step (same tag should work for both)
        description: OTP version (eg. `26`, `26.2.5.6`)
        default: 28
      build_arm:
        description: Build for ARM64 as well?
        type: boolean
        default: false
env:
  REGISTRY_IMAGE: pivotalrabbitmq/rabbitmq
  VERSION: 4.3.0+${{ github.sha }}
concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true
jobs:
  build-package-generic-unix:
    strategy:
      matrix:
        otp_version:
        - ${{ github.event.inputs.otp_version || '28' }}
    runs-on: ubuntu-latest
    outputs:
      # When dependabot, or a user from a fork, creates PRs, secrets are not injected, and the OCI workflow can't push the image
      # This check acts as a gate keeper
      authorized: ${{ steps.authorized.outputs.authorized }}
    steps:
      - name: CHECK IF IMAGE WILL PUSH
        id: authorized
        run: |
          if [ -n "${{ secrets.DOCKERHUB_PASSWORD }}" ]; then
            echo "authorized=true" | tee -a $GITHUB_OUTPUT
          else
            echo "authorized=false" | tee -a $GITHUB_OUTPUT
          fi
      - name: Checkout
        if: steps.authorized.outputs.authorized == 'true'
        uses: actions/checkout@v6
      - name: Configure Erlang
        if: steps.authorized.outputs.authorized == 'true'
        uses: erlef/setup-beam@v1
        with:
          otp-version: ${{ matrix.otp_version }}
          elixir-version: latest
      - name: make package-generic-unix
        if: steps.authorized.outputs.authorized == 'true'
        run: |
          make package-generic-unix PROJECT_VERSION=${{ env.VERSION }}
      - name: Upload package-generic-unix
        if: steps.authorized.outputs.authorized == 'true'
        uses: actions/upload-artifact@v7
        with:
          name: package-generic-unix-otp${{ matrix.otp_version }}
          path: PACKAGES/rabbitmq-server-*.tar.xz

  build-and-push:
    strategy:
      fail-fast: false
      matrix:
        otp_version:
        - ${{ github.event.inputs.otp_version || '28' }}
    needs: build-package-generic-unix
    runs-on: ubuntu-latest
    if: ${{ needs.build-package-generic-unix.outputs.authorized == 'true' }}
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Download package-generic-unix
        uses: actions/download-artifact@v8
        with:
          name: package-generic-unix-otp${{ matrix.otp_version }}
          path: PACKAGES
      - name: Rename package-generic-unix
        run: |
          cp \
            PACKAGES/rabbitmq-server-generic-unix-*.tar.xz \
            packaging/docker-image/package-generic-unix.tar.xz
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v6
        with:
          images: ${{ env.REGISTRY_IMAGE }}
          flavor: |
            suffix=-otp${{ matrix.otp_version }}
          tags: |
            type=ref,event=branch
            type=ref,event=pr
            type=sha,format=long
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v4
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v4
      - name: Login to Docker Hub
        uses: docker/login-action@v4
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}
      - name: Build and push by digest
        id: build
        uses: docker/build-push-action@v7
        with:
          push: true
          context: packaging/docker-image
          labels: ${{ steps.meta.outputs.labels }}
          platforms: ${{ github.event.inputs.build_arm && 'linux/amd64, linux/arm64' || 'linux/amd64' }}
          tags: ${{ steps.meta.outputs.tags }}
          cache-to: type=gha,mode=max,scope=${{ matrix.otp_version }}
          cache-from: type=gha,scope=${{ matrix.otp_version }}
          build-args: |
            OTP_VERSION=${{ matrix.otp_version }}
            RABBITMQ_VERSION=${{ env.VERSION }}