@@ -11,73 +11,204 @@ jobs:
1111 build-and-push-debian-images :
1212 strategy :
1313 matrix :
14- branch-name :
15- - master
16- - rel/auth-4.9.x
14+ # platform:
15+ # - runner: ubuntu-24.04
16+ # arch: linux/amd64
17+ # - runner: ubuntu-24.04-arm
18+ # arch: linux/arm64
19+ branch :
20+ - name : master
21+ platforms : linux/amd64,linux/arm64
22+ # - name: rel/auth-4.9.x
23+ # platforms: linux/amd64
1724 image :
18- - id : debian-11-pdns-base
19- debian-image-name : python
20- debian-image-tag : 3.11-slim-bullseye
25+ # - id: debian-11-pdns-base
26+ # debian-image-name: python
27+ # debian-image-tag: 3.11-slim-bullseye
2128 - id : debian-12-pdns-base
2229 debian-image-name : debian
2330 debian-image-tag : bookworm-slim
2431 fail-fast : false
25- runs-on : ubuntu-22 .04
32+ runs-on : ubuntu-24 .04
2633 permissions :
2734 contents : read
2835 packages : write
2936 steps :
30- - uses : actions/checkout@v4
31-
3237 - run : |
3338 echo "image-id-lowercase=ghcr.io/${{ github.repository }}/${{ matrix.image.id }}" | tr '[:upper:]' '[:lower:]' >> "$GITHUB_ENV"
34- echo "image-tag=$(echo ${{ matrix.branch-name }} | cut -d '/' -f 2)" >> "$GITHUB_ENV"
35-
36- - name : Build image
37- run : |
38- docker build . --file Dockerfile \
39- --tag ${{ env.image-id-lowercase }}:${{ env.image-tag }} \
40- --build-arg DEBIAN_IMAGE_NAME=${{ matrix.image.debian-image-name }} \
41- --build-arg DEBIAN_IMAGE_TAG=${{ matrix.image.debian-image-tag }} \
42- --build-arg REPO_BRANCH=${{ matrix.branch-name }}
43-
39+ echo "image-tag=$(echo ${{ matrix.branch.name }} | cut -d '/' -f 2)" >> "$GITHUB_ENV"
40+ echo "image-id-lowercase=ghcr.io/${{ github.repository }}/${{ matrix.image.id }}" | tr '[:upper:]' '[:lower:]'
41+ echo "image-tag=$(echo ${{ matrix.branch.name }} | cut -d '/' -f 2)"
42+ - uses : actions/checkout@v4
43+ with :
44+ persist-credentials : false
45+ - name : Set up Docker Buildx for multi-platform builds
46+ uses : docker/setup-buildx-action@v3
47+ with :
48+ platforms : linux/arm64
49+ # - name: Set up QEMU
50+ # uses: docker/setup-qemu-action@v3
51+ # with:
52+ # platforms: ${{ matrix.branch.platforms }}
53+ # https://github.com/docker/buildx/issues/1335#issuecomment-1343712346
54+ - name : Enable qemu SUID
55+ run : docker run --rm --privileged multiarch/qemu-user-static:latest --reset -p yes --credential yes
56+ - run : docker ps --all
4457 - name : Login to GitHub Container Registry
4558 if : ${{ github.event_name != 'pull_request' }}
4659 uses : docker/login-action@v3
4760 with :
4861 registry : ghcr.io
4962 username : ${{ github.actor }}
5063 password : ${{ secrets.GITHUB_TOKEN }}
64+ - name : Docker image metadata
65+ id : meta
66+ uses : docker/metadata-action@v5
67+ with :
68+ images : ${{ env.image-id-lowercase }}
69+ tags : ${{ env.image-tag }}
70+ - name : Build and load images
71+ id : build-image
72+ uses : docker/build-push-action@v6
73+ with :
74+ context : .
75+ file : Dockerfile
76+ platforms : ${{ matrix.branch.platforms }}
77+ push : ${{ github.event_name != 'pull_request' && 'true' || 'false' }}
78+ tags : ${{ steps.meta.outputs.tags }}
79+ build-args : |
80+ DEBIAN_IMAGE_NAME=${{ matrix.image.debian-image-name }}
81+ DEBIAN_IMAGE_TAG=${{ matrix.image.debian-image-tag }}
82+ REPO_BRANCH=${{ matrix.branch.name }}
5183
52- - name : Push into Github Container Registry
53- if : ${{ github.event_name != 'pull_request' }}
54- run : |
55- docker push ${{ env.image-id-lowercase }}:${{ env.image-tag }}
56-
57- purge-old-images :
58- name : Purge old PDNS CI images
59- needs : build-and-push-debian-images
60- runs-on : ubuntu-22.04
61- if : ${{ github.event_name != 'pull_request' }}
62- permissions :
63- contents : read
64- packages : write
65- strategy :
66- matrix :
67- image-id :
68- - debian-11-pdns-base
69- - debian-12-pdns-base
70- fail-fast : false
71- steps :
72- - name : Get repository name
73- run : |
74- echo "${{ github.repository }}" | awk -F'/' '{print "repo-name="$2}' >> "$GITHUB_ENV"
75-
76- - name : Purge old images keeping the 5 more recent ones
77- # FIXME: move to tag v5 when available.
78- uses : actions/delete-package-versions@v5.0.0
79- with :
80- package-name : ${{ env.repo-name }}/${{ matrix.image-id }}
81- package-type : container
82- min-versions-to-keep : 5
83- delete-only-untagged-versions : true
84+ #
85+ # - name: Build image
86+ # run: |
87+ # docker build . --file Dockerfile \
88+ # --tag ${{ env.image-id-lowercase }}:${{ env.image-tag }} \
89+ # --build-arg DEBIAN_IMAGE_NAME=${{ matrix.image.debian-image-name }} \
90+ # --build-arg DEBIAN_IMAGE_TAG=${{ matrix.image.debian-image-tag }} \
91+ # --build-arg REPO_BRANCH=${{ matrix.branch-name }}
92+ #
93+ # - name: Set up QEMU
94+ # uses: docker/setup-qemu-action@v3
95+ # with:
96+ # platforms: linux/arm64/v8
97+ # - name: Set up Docker Buildx for multi-platform builds
98+ # uses: docker/setup-buildx-action@v3
99+ # with:
100+ # platforms: ${{ inputs.platforms }}
101+ # - name: Login to Docker Hub
102+ # uses: docker/login-action@v3
103+ # with:
104+ # username: ${{ secrets.DOCKERHUB_USERNAME }}
105+ # password: ${{ secrets.DOCKERHUB_TOKEN }}
106+ # - name: Docker image metadata
107+ # id: meta
108+ # uses: docker/metadata-action@v5
109+ # with:
110+ # images: ${{ secrets.DOCKERHUB_ORGANIZATION_NAME }}/${{ inputs.image-name }}
111+ # tags: ${{ inputs.image-tags }}
112+ # - name: Build and load powerdns product images
113+ # id: build-image
114+ # uses: docker/build-push-action@v6
115+ # with:
116+ # context: .
117+ # file: Dockerfile
118+ # platforms: ${{ matrix.branch.platforms }}
119+ # push: ${{ inputs.push }}
120+ # sbom: true
121+ # tags: ${{ steps.meta.outputs.tags }}
122+ # build-args: ${{ inputs.build-args }}
123+ #
124+ # - name: Push into Github Container Registry
125+ # if: ${{ github.event_name != 'pull_request' }}
126+ # run: |
127+ # docker push ${{ env.image-id-lowercase }}:${{ env.image-tag }}
128+ #
129+ # publish-tag:
130+ # name: Generate and publish tag for multi-platform image
131+ # runs-on: ubuntu-24.04
132+ # if: ${{ inputs.push }}
133+ # needs: build
134+ # permissions:
135+ # contents: read
136+ # # This is used to complete the identity challenge
137+ # # with sigstore/fulcio when running outside of PRs.
138+ # id-token: write
139+ # outputs:
140+ # image-digest: ${{ steps.get-image-digest.outputs.image-digest }}
141+ # env:
142+ # IMAGE_NAME: ${{ secrets.DOCKERHUB_ORGANIZATION_NAME }}/${{ inputs.image-name }}
143+ # steps:
144+ # - name: Install cosign
145+ # uses: sigstore/cosign-installer@v3.7.0
146+ # - name: Download digests
147+ # uses: actions/download-artifact@v4
148+ # with:
149+ # path: ${{ runner.temp }}/digests
150+ # pattern: digests-${{ inputs.product }}-*
151+ # merge-multiple: true
152+ # - name: Login to Docker Hub
153+ # if: ${{ inputs.push }}
154+ # uses: docker/login-action@v3
155+ # with:
156+ # username: ${{ secrets.DOCKERHUB_USERNAME }}
157+ # password: ${{ secrets.DOCKERHUB_TOKEN }}
158+ # - name: Set up Docker Buildx
159+ # uses: docker/setup-buildx-action@v3
160+ # - name: Docker meta
161+ # id: meta
162+ # uses: docker/metadata-action@v5
163+ # with:
164+ # images: ${{ env.IMAGE_NAME }}
165+ # tags: ${{ inputs.image-tags }}
166+ # - name: Create manifest list and push
167+ # working-directory: ${{ runner.temp }}/digests
168+ # run: |
169+ # docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
170+ # $(printf $IMAGE_NAME'@sha256:%s ' *)
171+ # - name: Get image digest
172+ # id: get-image-digest
173+ # env:
174+ # TAG: ${{ steps.meta.outputs.version }}
175+ # run: |
176+ # echo "image-digest=$(docker buildx imagetools inspect $IMAGE_NAME:$TAG --format="{{json .Manifest}}" | jq -r .digest)" >> "$GITHUB_OUTPUT"
177+ # - name: Sign product image
178+ # id: sign-image
179+ # env:
180+ # TAG: |
181+ # ${{ env.IMAGE_NAME }}@${{ steps.get-image-digest.outputs.image-digest }}
182+ # # This step uses the identity token to provision an ephemeral certificate
183+ # # against the sigstore community Fulcio instance.
184+ # run: cosign sign --yes ${TAG}
185+ #
186+ #
187+ # purge-old-images:
188+ # name: Purge old PDNS CI images
189+ # needs: build-and-push-debian-images
190+ # runs-on: ubuntu-22.04
191+ # if: ${{ github.event_name != 'pull_request' }}
192+ # permissions:
193+ # contents: read
194+ # packages: write
195+ # strategy:
196+ # matrix:
197+ # image-id:
198+ # - debian-11-pdns-base
199+ # - debian-12-pdns-base
200+ # fail-fast: false
201+ # steps:
202+ # - name: Get repository name
203+ # run: |
204+ # echo "${{ github.repository }}" | awk -F'/' '{print "repo-name="$2}' >> "$GITHUB_ENV"
205+ #
206+ # - name: Purge old images keeping the 5 more recent ones
207+ # # FIXME: move to tag v5 when available.
208+ # uses: actions/delete-package-versions@v5.0.0
209+ # with:
210+ # package-name: ${{ env.repo-name }}/${{ matrix.image-id }}
211+ # package-type: container
212+ # min-versions-to-keep: 5
213+ # delete-only-untagged-versions: true
214+ #
0 commit comments