@@ -11,73 +11,207 @@ jobs:
1111 build-and-push-debian-images :
1212 strategy :
1313 matrix :
14+ platform :
15+ - runner : ubuntu-24.04
16+ arch : linux/amd64
17+ - runner : ubuntu-24.04-arm
18+ arch : linux/arm64
1419 branch-name :
1520 - master
16- - rel/auth-4.9.x
21+ # - rel/auth-4.9.x
1722 image :
18- - id : debian-11-pdns-base
19- debian-image-name : python
20- debian-image-tag : 3.11-slim-bullseye
23+ # - id: debian-11-pdns-base
24+ # debian-image-name: python
25+ # debian-image-tag: 3.11-slim-bullseye
2126 - id : debian-12-pdns-base
2227 debian-image-name : debian
2328 debian-image-tag : bookworm-slim
2429 fail-fast : false
25- runs-on : ubuntu-22.04
30+ runs-on : ${{ matrix.platform.runner }}
2631 permissions :
2732 contents : read
2833 packages : write
2934 steps :
30- - uses : actions/checkout@v4
31-
3235 - run : |
3336 echo "image-id-lowercase=ghcr.io/${{ github.repository }}/${{ matrix.image.id }}" | tr '[:upper:]' '[:lower:]' >> "$GITHUB_ENV"
3437 echo "image-tag=$(echo ${{ matrix.branch-name }} | cut -d '/' -f 2)" >> "$GITHUB_ENV"
35-
36- - name : Build image
37- run : |
38- docker build . --file Dockerfile \
39- --tag ${{ env.image-id-lowercase }}:${{ env.image-tag }} \
40- --build-arg DEBIAN_IMAGE_NAME=${{ matrix.image.debian-image-name }} \
41- --build-arg DEBIAN_IMAGE_TAG=${{ matrix.image.debian-image-tag }} \
42- --build-arg REPO_BRANCH=${{ matrix.branch-name }}
43-
38+ echo "image-id-lowercase=ghcr.io/${{ github.repository }}/${{ matrix.image.id }}" | tr '[:upper:]' '[:lower:]'
39+ echo "image-tag=$(echo ${{ matrix.branch-name }} | cut -d '/' -f 2)"
40+ - uses : actions/checkout@v4
41+ with :
42+ persist-credentials : false
43+ - name : Set up Docker Buildx for multi-platform builds
44+ uses : docker/setup-buildx-action@v3
45+ - name : Set up QEMU
46+ uses : docker/setup-qemu-action@v3
47+ # https://github.com/docker/buildx/issues/1335#issuecomment-1343712346
48+ - run : docker ps --all
4449 - name : Login to GitHub Container Registry
4550 if : ${{ github.event_name != 'pull_request' }}
4651 uses : docker/login-action@v3
4752 with :
4853 registry : ghcr.io
4954 username : ${{ github.actor }}
5055 password : ${{ secrets.GITHUB_TOKEN }}
51-
52- - name : Push into Github Container Registry
53- if : ${{ github.event_name != 'pull_request' }}
54- run : |
55- docker push ${{ env.image-id-lowercase }}:${{ env.image-tag }}
56-
57- purge-old-images :
58- name : Purge old PDNS CI images
59- needs : build-and-push-debian-images
60- runs-on : ubuntu-22.04
61- if : ${{ github.event_name != 'pull_request' }}
62- permissions :
63- contents : read
64- packages : write
65- strategy :
66- matrix :
67- image-id :
68- - debian-11-pdns-base
69- - debian-12-pdns-base
70- fail-fast : false
71- steps :
72- - name : Get repository name
56+ - name : Build and load images
57+ id : build-image
58+ uses : docker/build-push-action@v6
59+ with :
60+ context : .
61+ file : Dockerfile
62+ platforms : ${{ matrix.branch.platforms }}
63+ push : ${{ github.event_name != 'pull_request' && 'true' || 'false' }}
64+ tags : ${{ env.image-id-lowercase }}
65+ build-args : |
66+ DEBIAN_IMAGE_NAME=${{ matrix.image.debian-image-name }}
67+ DEBIAN_IMAGE_TAG=${{ matrix.image.debian-image-tag }}
68+ REPO_BRANCH=${{ matrix.branch-name }}
69+ outputs : type=image,push-by-digest=true,name-canonical=true
70+ - name : Export output digest
71+ env :
72+ ARCH : ${{ matrix.platform.arch }}
73+ DIGEST : ${{ steps.build-image.outputs.digest }}
7374 run : |
74- echo "${{ github.repository }}" | awk -F'/' '{print "repo-name="$2}' >> "$GITHUB_ENV"
75+ mkdir -p $RUNNER_TEMP/digests
76+ touch "$RUNNER_TEMP/digests/${DIGEST#sha256:}"
77+ # generate suffix for digest file
78+ echo "PLATFORM_PAIR=${ARCH//\//-}" >> $GITHUB_ENV
79+ - name : Upload digest
80+ uses : actions/upload-artifact@v4
81+ with :
82+ name : digests-${{ env.matrix.image.id }}-${{ env.image-tag }}-${{ env.PLATFORM_PAIR }}
83+ path : ${{ runner.temp }}/digests/*
84+ if-no-files-found : error
85+ retention-days : 1
7586
76- - name : Purge old images keeping the 5 more recent ones
77- # FIXME: move to tag v5 when available.
78- uses : actions/delete-package-versions@v5.0.0
79- with :
80- package-name : ${{ env.repo-name }}/${{ matrix.image-id }}
81- package-type : container
82- min-versions-to-keep : 5
83- delete-only-untagged-versions : true
87+ #
88+ # - name: Build image
89+ # run: |
90+ # docker build . --file Dockerfile \
91+ # --tag ${{ env.image-id-lowercase }}:${{ env.image-tag }} \
92+ # --build-arg DEBIAN_IMAGE_NAME=${{ matrix.image.debian-image-name }} \
93+ # --build-arg DEBIAN_IMAGE_TAG=${{ matrix.image.debian-image-tag }} \
94+ # --build-arg REPO_BRANCH=${{ matrix.branch-name }}
95+ #
96+ # - name: Set up QEMU
97+ # uses: docker/setup-qemu-action@v3
98+ # with:
99+ # platforms: linux/arm64/v8
100+ # - name: Set up Docker Buildx for multi-platform builds
101+ # uses: docker/setup-buildx-action@v3
102+ # with:
103+ # platforms: ${{ inputs.platforms }}
104+ # - name: Login to Docker Hub
105+ # uses: docker/login-action@v3
106+ # with:
107+ # username: ${{ secrets.DOCKERHUB_USERNAME }}
108+ # password: ${{ secrets.DOCKERHUB_TOKEN }}
109+ # - name: Docker image metadata
110+ # id: meta
111+ # uses: docker/metadata-action@v5
112+ # with:
113+ # images: ${{ secrets.DOCKERHUB_ORGANIZATION_NAME }}/${{ inputs.image-name }}
114+ # tags: ${{ inputs.image-tags }}
115+ # - name: Build and load powerdns product images
116+ # id: build-image
117+ # uses: docker/build-push-action@v6
118+ # with:
119+ # context: .
120+ # file: Dockerfile
121+ # platforms: ${{ matrix.branch.platforms }}
122+ # push: ${{ inputs.push }}
123+ # sbom: true
124+ # tags: ${{ steps.meta.outputs.tags }}
125+ # build-args: ${{ inputs.build-args }}
126+ #
127+ # - name: Push into Github Container Registry
128+ # if: ${{ github.event_name != 'pull_request' }}
129+ # run: |
130+ # docker push ${{ env.image-id-lowercase }}:${{ env.image-tag }}
131+ #
132+ # publish-tag:
133+ # name: Generate and publish tag for multi-platform image
134+ # runs-on: ubuntu-24.04
135+ # if: ${{ inputs.push }}
136+ # needs: build
137+ # permissions:
138+ # contents: read
139+ # # This is used to complete the identity challenge
140+ # # with sigstore/fulcio when running outside of PRs.
141+ # id-token: write
142+ # outputs:
143+ # image-digest: ${{ steps.get-image-digest.outputs.image-digest }}
144+ # env:
145+ # IMAGE_NAME: ${{ secrets.DOCKERHUB_ORGANIZATION_NAME }}/${{ inputs.image-name }}
146+ # steps:
147+ # - name: Install cosign
148+ # uses: sigstore/cosign-installer@v3.7.0
149+ # - name: Download digests
150+ # uses: actions/download-artifact@v4
151+ # with:
152+ # path: ${{ runner.temp }}/digests
153+ # pattern: digests-${{ inputs.product }}-*
154+ # merge-multiple: true
155+ # - name: Login to Docker Hub
156+ # if: ${{ inputs.push }}
157+ # uses: docker/login-action@v3
158+ # with:
159+ # username: ${{ secrets.DOCKERHUB_USERNAME }}
160+ # password: ${{ secrets.DOCKERHUB_TOKEN }}
161+ # - name: Set up Docker Buildx
162+ # uses: docker/setup-buildx-action@v3
163+ # - name: Docker meta
164+ # id: meta
165+ # uses: docker/metadata-action@v5
166+ # with:
167+ # images: ${{ env.IMAGE_NAME }}
168+ # tags: ${{ inputs.image-tags }}
169+ # - name: Create manifest list and push
170+ # working-directory: ${{ runner.temp }}/digests
171+ # run: |
172+ # docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
173+ # $(printf $IMAGE_NAME'@sha256:%s ' *)
174+ # - name: Get image digest
175+ # id: get-image-digest
176+ # env:
177+ # TAG: ${{ steps.meta.outputs.version }}
178+ # run: |
179+ # echo "image-digest=$(docker buildx imagetools inspect $IMAGE_NAME:$TAG --format="{{json .Manifest}}" | jq -r .digest)" >> "$GITHUB_OUTPUT"
180+ # - name: Sign product image
181+ # id: sign-image
182+ # env:
183+ # TAG: |
184+ # ${{ env.IMAGE_NAME }}@${{ steps.get-image-digest.outputs.image-digest }}
185+ # # This step uses the identity token to provision an ephemeral certificate
186+ # # against the sigstore community Fulcio instance.
187+ # run: cosign sign --yes ${TAG}
188+ #
189+ #
190+ # purge-old-images:
191+ # name: Purge old PDNS CI images
192+ # needs: build-and-push-debian-images
193+ # runs-on: ubuntu-22.04
194+ # if: ${{ github.event_name != 'pull_request' }}
195+ # permissions:
196+ # contents: read
197+ # packages: write
198+ # strategy:
199+ # matrix:
200+ # image-id:
201+ # - debian-11-pdns-base
202+ # - debian-12-pdns-base
203+ # fail-fast: false
204+ # steps:
205+ # - name: Get repository name
206+ # run: |
207+ # echo "${{ github.repository }}" | awk -F'/' '{print "repo-name="$2}' >> "$GITHUB_ENV"
208+ #
209+ # - name: Purge old images keeping the 5 more recent ones
210+ # # FIXME: move to tag v5 when available.
211+ # uses: actions/delete-package-versions@v5.0.0
212+ # with:
213+ # package-name: ${{ env.repo-name }}/${{ matrix.image-id }}
214+ # package-type: container
215+ # min-versions-to-keep: 5
216+ # delete-only-untagged-versions: true
217+ #
0 commit comments