|
| 1 | +# SPDX-FileCopyrightText: 2026 Catalan Lover <catalanlover@protonmail.com> |
| 2 | +# |
| 3 | +# SPDX-License-Identifier: Apache-2.0 |
| 4 | +# This file is derived from the ghcr-all-dev-branches.yml workflow, but instead of pushing its results, it only validates the Docker build. It also runs on all excluded branches to validate builds on excluded branches. |
| 5 | + |
| 6 | +name: "Validate Docker Build" |
| 7 | + |
| 8 | +# Main is not excluded due to that we want access to validate the build on main and to enable scout mode just like we have for breaking synapse changes. |
| 9 | +on: |
| 10 | + push: |
| 11 | + branches-ignore: |
| 12 | + - "dependabot/**" |
| 13 | + - "github-actions/**" |
| 14 | + schedule: |
| 15 | + - cron: "20 20 * * *" |
| 16 | + merge_group: |
| 17 | + branches: [main] |
| 18 | + |
| 19 | +concurrency: |
| 20 | + group: docker-test-build-${{ github.ref }} |
| 21 | + cancel-in-progress: true |
| 22 | + |
| 23 | +env: |
| 24 | + IMAGE_NAME: draupnir |
| 25 | + PLATFORMS: linux/amd64,linux/arm64 |
| 26 | + IMG_SOURCE: https://github.com/${{ github.repository }} |
| 27 | + |
| 28 | +jobs: |
| 29 | + validate-docker-build: |
| 30 | + runs-on: ubuntu-latest |
| 31 | + permissions: |
| 32 | + contents: read |
| 33 | + steps: |
| 34 | + - name: Check out |
| 35 | + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd |
| 36 | + with: |
| 37 | + fetch-depth: 0 |
| 38 | + fetch-tags: true |
| 39 | + - name: Set lowercase image owner |
| 40 | + id: image_owner |
| 41 | + run: |
| 42 | + echo "image_owner=$(echo '${{ github.repository_owner }}' | tr |
| 43 | + '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT |
| 44 | + |
| 45 | + # Needed for multi platform builds |
| 46 | + - name: Set up QEMU |
| 47 | + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a |
| 48 | + with: |
| 49 | + platforms: ${{ env.PLATFORMS }} |
| 50 | + |
| 51 | + - name: Set up Docker Buildx |
| 52 | + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd |
| 53 | + |
| 54 | + - name: Derive image tags |
| 55 | + id: meta |
| 56 | + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf |
| 57 | + with: |
| 58 | + images: |
| 59 | + ghcr.io/${{ steps.image_owner.outputs.image_owner }}/${{ |
| 60 | + env.IMAGE_NAME }} |
| 61 | + tags: | |
| 62 | + type=ref,event=branch |
| 63 | + type=sha,prefix=sha- |
| 64 | +
|
| 65 | + - name: Build image |
| 66 | + id: push |
| 67 | + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f |
| 68 | + with: |
| 69 | + context: . |
| 70 | + file: ./Dockerfile |
| 71 | + platforms: ${{ env.PLATFORMS }} |
| 72 | + push: false |
| 73 | + # Shared Buildx cache scope reused by all container image workflows. |
| 74 | + # Keep the scope name aligned across workflows to maximize cache hits. |
| 75 | + cache-from: type=gha,scope=draupnir-container-build |
| 76 | + labels: | |
| 77 | + org.opencontainers.image.source=${{ env.IMG_SOURCE }} |
| 78 | + org.opencontainers.image.revision=${{ github.sha }} |
| 79 | + org.opencontainers.image.version=${{ github.ref_name }}-${{ github.sha }} |
| 80 | + org.opencontainers.image.ref.name=${{ github.ref_name }} |
| 81 | + org.opencontainers.image.licenses=Apache-2.0 |
| 82 | +
|
| 83 | + # prettier-ignore |
| 84 | + outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=Draupnir is a community management platform for Matrix. |
| 85 | + sbom: true |
| 86 | + provenance: true |
| 87 | + tags: ${{ steps.meta.outputs.tags }} |
0 commit comments