Merge pull request #1289 from tdiary/dependabot/bundler/sequel-5.100.0 #64
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Docker Image | |
| on: | |
| push: | |
| branches: [ 'master' ] | |
| tags: [ 'v*' ] | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: docker.io | |
| IMAGE_NAME: tdiary/tdiary | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| include: | |
| - runner: ubuntu-latest | |
| platform: linux/amd64 | |
| arch: amd64 | |
| - runner: ubuntu-24.04-arm | |
| platform: linux/arm64 | |
| arch: arm64 | |
| runs-on: ${{ matrix.runner }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| outputs: | |
| image-digest-amd64: ${{ steps.build-amd64.outputs.digest }} | |
| image-digest-arm64: ${{ steps.build-arm64.outputs.digest }} | |
| metadata: ${{ steps.meta.outputs.json }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver: docker-container | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| flavor: | | |
| latest=false | |
| - name: Build and push Docker image (AMD64) | |
| id: build-amd64 | |
| if: matrix.arch == 'amd64' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| platforms: ${{ matrix.platform }} | |
| provenance: false | |
| outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true | |
| - name: Build and push Docker image (ARM64) | |
| id: build-arm64 | |
| if: matrix.arch == 'arm64' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| platforms: ${{ matrix.platform }} | |
| provenance: false | |
| outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true | |
| merge: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Create and push manifest | |
| run: | | |
| # Extract metadata from build job | |
| METADATA='${{ needs.build.outputs.metadata }}' | |
| echo "Metadata: $METADATA" | |
| TAGS=$(echo "$METADATA" | jq -r '.tags[]') | |
| echo "Generated tags:" | |
| echo "$TAGS" | |
| if [ -z "$TAGS" ]; then | |
| echo "No tags generated, exiting" | |
| exit 1 | |
| fi | |
| # Get digests from build outputs | |
| AMD64_DIGEST="${{ needs.build.outputs.image-digest-amd64 }}" | |
| ARM64_DIGEST="${{ needs.build.outputs.image-digest-arm64 }}" | |
| echo "AMD64 Digest: $AMD64_DIGEST" | |
| echo "ARM64 Digest: $ARM64_DIGEST" | |
| # Create and push manifest for each tag | |
| for tag in $TAGS; do | |
| echo "Creating manifest for $tag" | |
| docker manifest create $tag \ | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@$AMD64_DIGEST \ | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@$ARM64_DIGEST | |
| docker manifest annotate $tag \ | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@$AMD64_DIGEST \ | |
| --os linux --arch amd64 | |
| docker manifest annotate $tag \ | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@$ARM64_DIGEST \ | |
| --os linux --arch arm64 | |
| docker manifest push $tag | |
| done | |
| - name: Test Docker image | |
| run: | | |
| # Extract metadata from build job | |
| METADATA='${{ needs.build.outputs.metadata }}' | |
| TAGS=$(echo "$METADATA" | jq -r '.tags[]') | |
| echo "Created tags:" | |
| for tag in $TAGS; do | |
| echo " - $tag" | |
| if docker manifest inspect $tag >/dev/null 2>&1; then | |
| echo " ✓ Multi-arch manifest verified" | |
| docker manifest inspect $tag | jq -r '.manifests[].platform | "\(.architecture)/\(.os)"' | sed 's/^/ /' | |
| else | |
| echo " ✗ Manifest verification failed" | |
| fi | |
| done |