From 9505bdc779e065f21e9dea3cd2af49d24f8da582 Mon Sep 17 00:00:00 2001 From: Veaceslav Doina <20563034+veaceslavdoina@users.noreply.github.com> Date: Wed, 16 Aug 2023 14:40:15 +0300 Subject: [PATCH] Add reusable workflow for Docker (#42) --- .github/workflows/docker-reusable.yml | 177 ++++++++++++++++++++++++++ .github/workflows/docker.yml | 111 +--------------- docker/job.yaml | 3 +- 3 files changed, 184 insertions(+), 107 deletions(-) create mode 100644 .github/workflows/docker-reusable.yml diff --git a/.github/workflows/docker-reusable.yml b/.github/workflows/docker-reusable.yml new file mode 100644 index 00000000..66fb8a28 --- /dev/null +++ b/.github/workflows/docker-reusable.yml @@ -0,0 +1,177 @@ +name: Docker - Reusable + + +on: + workflow_call: + inputs: + docker_file: + default: docker/Dockerfile + description: Dockerfile + required: false + type: string + docker_repo: + default: codexstorage/cs-codex-dist-tests + description: DockerHub repository + required: false + type: string + tag_latest: + default: true + description: Set latest tag for Docker images + required: false + type: boolean + tag_sha: + default: true + description: Set Git short commit as Docker tag + required: false + type: boolean + tag_suffix: + default: '' + description: Suffix for Docker images tag + required: false + type: string + + +env: + DOCKER_FILE: ${{ inputs.docker_file }} + DOCKER_REPO: ${{ inputs.docker_repo }} + TAG_LATEST: ${{ inputs.tag_latest }} + TAG_SHA: ${{ inputs.tag_sha }} + TAG_SUFFIX: ${{ inputs.tag_suffix }} + + +jobs: + # Build platform specific image + build: + strategy: + fail-fast: true + matrix: + target: + - os: linux + arch: amd64 + - os: linux + arch: arm64 + include: + - target: + os: linux + arch: amd64 + builder: ubuntu-22.04 + - target: + os: linux + arch: arm64 + builder: buildjet-4vcpu-ubuntu-2204-arm + + name: Build ${{ matrix.target.os }}/${{ matrix.target.arch }} + runs-on: ${{ matrix.builder }} + env: + PLATFORM: ${{ format('{0}/{1}', 'linux', matrix.target.arch) }} + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Docker - Meta + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.DOCKER_REPO }} + + - name: Docker - Set up Buildx + uses: docker/setup-buildx-action@v2 + + - name: Docker - Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Docker - Build and Push by digest + id: build + uses: docker/build-push-action@v4 + with: + context: . + file: ${{ env.DOCKER_FILE }} + platforms: ${{ env.PLATFORM }} + push: true + labels: ${{ steps.meta.outputs.labels }} + outputs: type=image,name=${{ env.DOCKER_REPO }},push-by-digest=true,name-canonical=true,push=true + + - name: Docker - Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + + - name: Docker - Upload digest + uses: actions/upload-artifact@v3 + with: + name: digests + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + + # Publish multi-platform image + publish: + name: Publish multi-platform image + runs-on: ubuntu-latest + needs: build + steps: + - name: Docker - Variables + run: | + # Adjust custom suffix when set and + if [[ -n "${{ env.TAG_SUFFIX }}" ]]; then + echo "TAG_SUFFIX=-${{ env.TAG_SUFFIX }}" >>$GITHUB_ENV + fi + # Disable SHA tags on tagged release + if [[ ${{ startsWith(github.ref, 'refs/tags/') }} == "true" ]]; then + echo "TAG_SHA=false" >>$GITHUB_ENV + fi + # Handle latest and latest-custom using raw + if [[ ${{ env.TAG_SHA }} == "false" ]]; then + echo "TAG_LATEST=false" >>$GITHUB_ENV + echo "TAG_RAW=true" >>$GITHUB_ENV + if [[ -z "${{ env.TAG_SUFFIX }}" ]]; then + echo "TAG_RAW_VALUE=latest" >>$GITHUB_ENV + else + echo "TAG_RAW_VALUE=latest-{{ env.TAG_SUFFIX }}" >>$GITHUB_ENV + fi + else + echo "TAG_RAW=false" >>$GITHUB_ENV + fi + + - name: Docker - Download digests + uses: actions/download-artifact@v3 + with: + name: digests + path: /tmp/digests + + - name: Docker - Set up Buildx + uses: docker/setup-buildx-action@v2 + + - name: Docker - Meta + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.DOCKER_REPO }} + flavor: | + latest=${{ env.TAG_LATEST }} + suffix=${{ env.TAG_SUFFIX }},onlatest=true + tags: | + type=semver,pattern={{version}} + type=raw,enable=${{ env.TAG_RAW }},value=latest + type=sha,enable=${{ env.TAG_SHA }} + + - name: Docker - Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Docker - Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.DOCKER_REPO }}@sha256:%s ' *) + + - name: Docker - Inspect image + run: | + docker buildx imagetools inspect ${{ env.DOCKER_REPO }}:${{ steps.meta.outputs.version }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 5b7e4599..87edbe92 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -11,113 +11,12 @@ on: - docker/Dockerfile - docker/docker-entrypoint.sh - .github/workflows/docker.yml + - .github/workflows/docker-reusable.yml workflow_dispatch: -env: - DOCKER_FILE: docker/Dockerfile - DOCKER_REPO: codexstorage/cs-codex-dist-tests - - jobs: - # Build platform specific image - build: - strategy: - fail-fast: true - matrix: - target: - - os: linux - arch: amd64 - - os: linux - arch: arm64 - include: - - target: - os: linux - arch: amd64 - builder: ubuntu-22.04 - - target: - os: linux - arch: arm64 - builder: buildjet-4vcpu-ubuntu-2204-arm - - name: Build ${{ matrix.target.os }}/${{ matrix.target.arch }} - runs-on: ${{ matrix.builder }} - outputs: - tags-linux-amd64: ${{ steps.tags.outputs.tags-linux-amd64 }} - tags-linux-arm64: ${{ steps.tags.outputs.tags-linux-arm64 }} - env: - PLATFORM: ${{ format('{0}/{1}', 'linux', matrix.target.arch) }} - SUFFIX: ${{ format('{0}-{1}', 'linux', matrix.target.arch) }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Docker - Meta - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.DOCKER_REPO }} - flavor: | - latest=false - tags: | - type=semver,pattern={{version}},suffix=-${{ env.SUFFIX }} - type=sha,suffix=-${{ env.SUFFIX }},enable=${{ !startsWith(github.ref, 'refs/tags/') }} - - - name: Docker - Set tags output - id: tags - run: | - if [[ '${{ matrix.target.os }}' == 'linux' && '${{ matrix.target.arch }}' == 'amd64' ]]; then - echo "tags-linux-amd64=${{ steps.meta.outputs.tags }}" >> "$GITHUB_OUTPUT" - elif [[ '${{ matrix.target.os }}' == 'linux' && '${{ matrix.target.arch }}' == 'arm64' ]]; then - echo "tags-linux-arm64=${{ steps.meta.outputs.tags }}" >> "$GITHUB_OUTPUT" - fi - - - name: Docker - Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Docker - Build and Push - uses: docker/build-push-action@v4 - with: - context: . - file: ${{ env.DOCKER_FILE }} - platforms: ${{ env.PLATFORM }} - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - # Publish single image - publish: - name: Push single image - runs-on: ubuntu-latest - needs: build - steps: - - name: Docker - Meta - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.DOCKER_REPO }} - tags: | - type=semver,pattern={{version}} - type=sha,enable=${{ !startsWith(github.ref, 'refs/tags/') }} - - - name: Docker - Set tags - run: | - # Transform multi-line tags in to the comma-seperated - TAGS=$(echo "${{ steps.meta.outputs.tags }}" | tr '\n' ',' | awk '{gsub(/,$/,"");}1') - echo "TAGS=${TAGS}" >>$GITHUB_ENV - - - name: Docker - Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Docker - Create and push manifest images - uses: Noelware/docker-manifest-action@master - with: - inputs: ${{ env.TAGS }} - images: ${{ needs.build.outputs.tags-linux-amd64 }},${{ needs.build.outputs.tags-linux-arm64 }} - push: true + build-and-push: + name: Build and Push + uses: ./.github/workflows/docker-reusable.yml + secrets: inherit diff --git a/docker/job.yaml b/docker/job.yaml index 35832095..a4443aaa 100644 --- a/docker/job.yaml +++ b/docker/job.yaml @@ -14,7 +14,8 @@ spec: spec: containers: - name: ${NAMEPREFIX}-runner - image: codexstorage/cs-codex-dist-tests:sha-300b91e + image: codexstorage/cs-codex-dist-tests:latest + imagePullPolicy: Always env: - name: RUNNERLOCATION value: InternalToCluster