Use another mirror method #209

Workflow file for this run

.github/workflows/build_all.yml at effcccb

	name: Build all
	on:
	workflow_dispatch:
	push:
	branches:
	- main
	paths-ignore:
	- '**/README.md'
	schedule:
	# Every Saturday at 2AM UTC
	- cron: "0 2 * * 6"
	pull_request:
	branches:
	- 'main'

	env:
	DNF_CACHE_PATH: /var/cache/libdnf5 # F41+ and newer F40 with libdnf5
	HOST_DNF_CACHE_PATH: /tmp/libdnf5 # Any path is okay
	DNF_CACHE_PURGE_THRESHOLD_MB: 400
	FEDORA_VERSION: "41"

	jobs:
	build-and-push:
	strategy:
	matrix:
	job:
	- { name: amd64, os: ubuntu-latest, pretty-name: Build and push amd64 image }
	- { name: arm64, os: ubuntu-24.04-arm, pretty-name: Build and push arm64 image }
	runs-on: ${{ matrix.job.os }}
	name: ${{ matrix.job.pretty-name }}
	permissions:
	contents: read
	packages: write
	id-token: write # needed for signing the images with GitHub OIDC Token
	attestations: write

	steps:
	- name: Check out the repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials: false

	- name: Mkdir for DNF Cache
	run: mkdir -p ${{ env.HOST_DNF_CACHE_PATH }}

	- name: Restore DNF Cache
	uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
	with:
	path: ${{ env.HOST_DNF_CACHE_PATH }}
	key: dnf-cache-${{ matrix.job.name }}

	- name: Install Cosign
	uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2

	- name: Extract metadata for Docker (main)
	id: meta-main
	uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
	with:
	images: ghcr.io/${{ github.repository }}
	flavor: \|
	latest=false
	tags: \|
	type=raw,value={{date 'YYYYMMDD'}}-${{ matrix.job.name }},enable={{is_default_branch}}
	type=raw,value=latest-${{ matrix.job.name }},enable={{is_default_branch}}
	type=ref,event=pr,suffix=-${{ matrix.job.name }}

	- name: Log in to ghcr.io (Using Action)
	uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7
	with:
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	registry: ghcr.io

	- name: Buildah Action (main)
	id: build-image-main
	uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2.13
	with:
	context: fe
	containerfiles: fe/Dockerfile.${{ env.FEDORA_VERSION }}
	tags: ${{ steps.meta-main.outputs.tags }}
	oci: true
	extra-args: \|
	--squash
	-v ${{ env.HOST_DNF_CACHE_PATH }}:${{ env.DNF_CACHE_PATH }}

	- name: Purge dnf5 cache if too big
	run: \|
	# Folder size (KB)
	folder_size=$(du -sk ${{ env.HOST_DNF_CACHE_PATH }} \| cut -f1)
	echo "Folder size: ${folder_size} KB; $(($folder_size /1024)) MB"

	# 100MB = 100 * 1024 KB
	threshold=$((${{ env.DNF_CACHE_PURGE_THRESHOLD_MB }} * 1024))
	echo "Threshold size: ${threshold} KB; ${{ env.DNF_CACHE_PURGE_THRESHOLD_MB }} MB"

	if [ "$folder_size" -gt "$threshold" ]; then
	echo "Threshold size exceed, purging."
	rm -rf ${{ env.HOST_DNF_CACHE_PATH }}/*
	echo '### DNF Cache purging: true' >> $GITHUB_STEP_SUMMARY
	else
	echo "Threshold size is not exceed."
	echo '### DNF Cache purging: false' >> $GITHUB_STEP_SUMMARY
	fi

	- name: Get Date for creating cache key
	id: get-date
	shell: bash
	run: \|
	echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT

	- name: Save DNF Cache
	uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
	with:
	path: ${{ env.HOST_DNF_CACHE_PATH }}
	key: dnf-cache-${{ matrix.job.name }}-${{ steps.get-date.outputs.date }}

	- name: Push (main)
	id: push-main
	uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8
	with:
	image: ${{ steps.build-image-main.outputs.image }}
	tags: ${{ steps.build-image-main.outputs.tags }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	extra-args: \|
	--compression-format=zstd

	- name: Attest (main)
	uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0
	if: github.event_name != 'pull_request'
	with:
	subject-name: ghcr.io/${{ github.repository }}
	subject-digest: ${{ steps.push-main.outputs.digest }}
	push-to-registry: true

	link-container-tags:
	runs-on: ubuntu-24.04-arm
	name: Link Container tags
	needs: build-and-push
	if: github.event_name != 'pull_request'
	permissions:
	contents: read
	packages: write
	id-token: write # needed for signing the images with GitHub OIDC Token
	attestations: write
	steps:
	- name: Login ghcr.io
	uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Create and push manifest (latest)
	id: manifest-latest
	uses: Noelware/docker-manifest-action@dbe59e31eb61049f37aa51bfc7f44d899215008e
	with:
	inputs: ghcr.io/${{ github.repository }}:latest
	images: \|
	ghcr.io/${{ github.repository }}:latest-amd64,
	ghcr.io/${{ github.repository }}:latest-arm64
	push: true

	- name: Get Date
	id: get-date
	shell: bash
	run: \|
	echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT

	- name: Create and push manifest (time)
	id: manifest-time
	uses: Noelware/docker-manifest-action@dbe59e31eb61049f37aa51bfc7f44d899215008e
	with:
	inputs: ghcr.io/${{ github.repository }}:${{ steps.get-date.outputs.date }}
	images: \|
	ghcr.io/${{ github.repository }}:${{ steps.get-date.outputs.date }}-amd64,
	ghcr.io/${{ github.repository }}:${{ steps.get-date.outputs.date }}-arm64
	push: true

	- name: Install Cosign
	uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2

	- name: "Image:Digest -> Digest"
	id: get-digest-only
	shell: bash
	run: \|
	echo "digest-latest=$(echo ${LATEST} \| awk -F'@' '{print $2}')" >> $GITHUB_OUTPUT
	echo "digest-time=$(echo ${TIME} \| awk -F'@' '{print $2}')" >> $GITHUB_OUTPUT
	env:
	LATEST: ${{ steps.manifest-latest.outputs.images }}
	TIME: ${{ steps.manifest-time.outputs.images }}

	- name: Attest (Tag resign) (latest)
	uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0
	with:
	subject-name: ghcr.io/${{ github.repository }}
	subject-digest: ${{ steps.get-digest-only.outputs.digest-latest }}
	push-to-registry: true

	- name: Sign the images with GitHub OIDC Token (recursive)
	env:
	IMAGES: ${{ steps.manifest-time.outputs.images }}
	run: \|
	cosign sign --yes --recursive ${IMAGES}

	- name: Attest (Tag resign) (time)
	uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0
	with:
	subject-name: ghcr.io/${{ github.repository }}
	subject-digest: ${{ steps.get-digest-only.outputs.digest-time }}
	push-to-registry: true

	# For PR Test Only
	# https://stackoverflow.com/questions/59077079/how-to-get-pull-request-number-within-github-actions-workflow
	link-container-tags-test:
	runs-on: ubuntu-24.04-arm
	name: Link Container tags (PR Test)
	needs: build-and-push
	if: github.event_name == 'pull_request'
	permissions:
	contents: read
	packages: write
	steps:
	- name: Get PR number
	id: pr
	run: echo "PR_NUMBER=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT

	- name: Login ghcr.io
	uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Create and push manifest (PR)
	id: manifest-time
	uses: Noelware/docker-manifest-action@dbe59e31eb61049f37aa51bfc7f44d899215008e
	with:
	inputs: ghcr.io/${{ github.repository }}:pr-${{ steps.pr.outputs.PR_NUMBER }}
	images: \|
	ghcr.io/${{ github.repository }}:pr-${{ steps.pr.outputs.PR_NUMBER }}-amd64,
	ghcr.io/${{ github.repository }}:pr-${{ steps.pr.outputs.PR_NUMBER }}-arm64
	push: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use another mirror method #209

Workflow file

Use another mirror method #209

Uh oh!

Workflow file for this run