@@ -11,61 +11,138 @@ jobs:
1111 build-and-push-debian-images :
1212 strategy :
1313 matrix :
14+ runner :
15+ - ubuntu-24.04
16+ - ubuntu-24.04-arm
1417 branch-name :
1518 - master
1619 - rel/auth-4.9.x
17- - rel/dnsdist-1.9.x
1820 image :
1921 - id : debian-11-pdns-base
2022 debian-image-name : python
2123 debian-image-tag : 3.11-slim-bullseye
2224 - id : debian-12-pdns-base
2325 debian-image-name : debian
2426 debian-image-tag : bookworm-slim
27+ exclude :
28+ - branch-name : rel/auth-4.9.x
29+ image : {id: debian-11-pdns-base, debian-image-name: python, debian-image-tag: 3.11-slim-bullseye}
30+ - branch-name : rel/auth-4.9.x
31+ runner : ubuntu-24.04-arm
2532 fail-fast : false
26- runs-on : ubuntu-22.04
33+ runs-on : ${{ matrix.runner }}
2734 permissions :
2835 contents : read
2936 packages : write
3037 steps :
31- - uses : actions/checkout@v4
32-
3338 - run : |
3439 echo "image-id-lowercase=ghcr.io/${{ github.repository }}/${{ matrix.image.id }}" | tr '[:upper:]' '[:lower:]' >> "$GITHUB_ENV"
3540 echo "image-tag=$(echo ${{ matrix.branch-name }} | cut -d '/' -f 2)" >> "$GITHUB_ENV"
36-
37- name : Build image
38- run : |
39- docker build . --file Dockerfile \
40- --tag ${{ env.image-id-lowercase }}:${{ env.image-tag }} \
41- --build-arg DEBIAN_IMAGE_NAME=${{ matrix.image.debian-image-name }} \
42- --build-arg DEBIAN_IMAGE_TAG=${{ matrix.image.debian-image-tag }} \
43- --build-arg REPO_BRANCH=${{ matrix.branch-name }}
44-
41+ uses : actions/checkout@v4
42+ with :
43+ persist-credentials : false
44+ - name : Set up Docker Buildx for multi-platform builds
45+ uses : docker/setup-buildx-action@v3
46+ - name : Set up QEMU
47+ uses : docker/setup-qemu-action@v3
4548 - name : Login to GitHub Container Registry
4649 if : ${{ github.event_name != 'pull_request' }}
4750 uses : docker/login-action@v3
4851 with :
4952 registry : ghcr.io
5053 username : ${{ github.actor }}
5154 password : ${{ secrets.GITHUB_TOKEN }}
55+ - name : Build and load images
56+ id : build-image
57+ uses : docker/build-push-action@v6
58+ with :
59+ context : .
60+ file : Dockerfile
61+ platforms : ${{ matrix.branch.platforms }}
62+ push : ${{ github.event_name != 'pull_request' && 'true' || 'false' }}
63+ tags : ${{ env.image-id-lowercase }}
64+ build-args : |
65+ DEBIAN_IMAGE_NAME=${{ matrix.image.debian-image-name }}
66+ DEBIAN_IMAGE_TAG=${{ matrix.image.debian-image-tag }}
67+ REPO_BRANCH=${{ matrix.branch-name }}
68+ outputs : type=image,push-by-digest=true,name-canonical=true
69+ - name : Export output digest
70+ env :
71+ DIGEST : ${{ steps.build-image.outputs.digest }}
72+ run : |
73+ mkdir -p $RUNNER_TEMP/digests
74+ touch "$RUNNER_TEMP/digests/${DIGEST#sha256:}"
75+ # generate suffix for digest file
76+ echo "ARCH=$(arch)" >> $GITHUB_ENV
77+ name : Upload digest
78+ uses : actions/upload-artifact@v4
79+ with :
80+ name : digests-${{ matrix.image.id }}-${{ env.image-tag }}-${{ env.ARCH }}
81+ path : ${{ runner.temp }}/digests/*
82+ if-no-files-found : error
83+ retention-days : 1
5284
53- - name : Push into Github Container Registry
85+ publish-tags :
86+ name : Generate and publish tag for multi-platform image
87+ strategy :
88+ matrix :
89+ branch-name :
90+ - master
91+ - rel/auth-4.9.x
92+ image-id :
93+ - debian-11-pdns-base
94+ - debian-12-pdns-base
95+ exclude :
96+ - branch-name : rel/auth-4.9.x
97+ image-id : debian-11-pdns-base
98+ fail-fast : false
99+ runs-on : ubuntu-24.04
100+ if : ${{ github.event_name != 'pull_request' }}
101+ needs : build-and-push-debian-images
102+ permissions :
103+ contents : read
104+ packages : write
105+ steps :
106+ - run : |
107+ echo "image-id-lowercase=ghcr.io/${{ github.repository }}/${{ matrix.image-id }}" | tr '[:upper:]' '[:lower:]' >> "$GITHUB_ENV"
108+ echo "image-tag=$(echo ${{ matrix.branch-name }} | cut -d '/' -f 2)" >> "$GITHUB_ENV"
109+ name : Download digests
110+ uses : actions/download-artifact@v4
111+ with :
112+ path : ${{ runner.temp }}/digests
113+ pattern : digests-${{ matrix.image-id }}-${{ env.image-tag }}-*
114+ merge-multiple : true
115+ - name : Login to GitHub Container Registry
54116 if : ${{ github.event_name != 'pull_request' }}
117+ uses : docker/login-action@v3
118+ with :
119+ registry : ghcr.io
120+ username : ${{ github.actor }}
121+ password : ${{ secrets.GITHUB_TOKEN }}
122+ - name : Set up Docker Buildx
123+ uses : docker/setup-buildx-action@v3
124+ - name : Docker meta
125+ id : meta
126+ uses : docker/metadata-action@v5
127+ with :
128+ images : ${{ env.image-id-lowercase }}
129+ tags : ${{ env.image-tag }}
130+ - name : Create manifest list and push
131+ working-directory : ${{ runner.temp }}/digests
55132 run : |
56- docker push ${{ env.image-id-lowercase }}:${{ env.image-tag }}
133+ docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
134+ $(printf ${{ env.image-id-lowercase }}'@sha256:%s ' *)
57135
58136purge-old-images :
59137 name : Purge old PDNS CI images
60- needs : build-and-push-debian-images
138+ needs : publish-tags
61139 runs-on : ubuntu-22.04
62- if : ${{ github.event_name != 'pull_request' }}
63140 permissions :
64141 contents : read
65142 packages : write
66143 strategy :
67144 matrix :
68- image-id :
145+ image-id :
69146 - debian-11-pdns-base
70147 - debian-12-pdns-base
71148 fail-fast : false
77154name : Purge old images keeping the 5 more recent ones
78155 # FIXME: move to tag v5 when available.
79156 uses : actions/delete-package-versions@v5.0.0
80- with :
157+ with :
81158 package-name : ${{ env.repo-name }}/${{ matrix.image-id }}
82159 package-type : container
83- min-versions-to-keep : 5
160+ min-versions-to-keep : 20
84161 delete-only-untagged-versions : true
0 commit comments