util/tracing: switch to semconv v1.37.0 #7142
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: frontend | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions | |
| permissions: | |
| contents: read | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - 'master' | |
| - 'v[0-9]+.[0-9]+' | |
| tags: | |
| - 'dockerfile/*' | |
| pull_request: | |
| paths-ignore: | |
| - 'README.md' | |
| - 'docs/**' | |
| - 'frontend/dockerfile/docs/**' | |
| env: | |
| GO_VERSION: "1.25" | |
| SETUP_BUILDX_VERSION: "edge" | |
| SETUP_BUILDKIT_TAG: "moby/buildkit:latest" | |
| SCOUT_VERSION: "1.13.0" | |
| IMAGE_NAME: "docker/dockerfile-upstream" | |
| jobs: | |
| test: | |
| uses: ./.github/workflows/.test.yml | |
| secrets: inherit | |
| with: | |
| cache_scope: frontend-integration-tests | |
| pkgs: ./frontend/dockerfile | |
| kinds: | | |
| integration | |
| dockerfile | |
| codecov_flags: dockerfile-frontend | |
| prepare: | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| channels: ${{ steps.set.outputs.matrix }} | |
| tag: ${{ steps.set.outputs.tag }} | |
| steps: | |
| - | |
| name: Set outputs | |
| id: set | |
| uses: actions/github-script@v8 | |
| env: | |
| INPUT_REF: ${{ github.ref }} | |
| INPUT_CHANNELS: | | |
| mainline | |
| labs | |
| with: | |
| script: | | |
| const ref = core.getInput('ref'); | |
| const channels = core.getMultilineInput('channels'); | |
| const matrix = []; | |
| if (ref.startsWith('refs/tags/dockerfile/')) { | |
| const version = ref.replace('refs/tags/dockerfile/', ''); | |
| for (const channel of channels) { | |
| if (version.endsWith(`-${channel}`)) { | |
| matrix.push(channel); | |
| break; | |
| } | |
| } | |
| if (matrix.length === 0) { | |
| // default to mainline if no channel suffix | |
| matrix.push('mainline'); | |
| } | |
| core.setOutput('tag', ref.replace('refs/tags/', '')); | |
| } else { | |
| matrix.push('mainline', 'labs'); | |
| } | |
| core.info(JSON.stringify(matrix, null, 2)); | |
| core.setOutput('matrix', JSON.stringify(matrix)); | |
| image: | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - test | |
| - prepare | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| channel: ${{ fromJson(needs.prepare.outputs.channels) }} | |
| steps: | |
| - | |
| name: Prepare | |
| uses: actions/github-script@v8 | |
| env: | |
| INPUT_CHANNEL: ${{ matrix.channel }} | |
| INPUT_REF: ${{ github.ref }} | |
| with: | |
| script: | | |
| const channel = core.getInput('channel'); | |
| const ref = core.getInput('ref'); | |
| if (channel !== 'mainline') { | |
| core.exportVariable('TAG_SUFFIX', `-${channel}`); | |
| } | |
| if (ref.startsWith('refs/tags/dockerfile/')) { | |
| const version = ref.replace('refs/tags/dockerfile/', '').replace(new RegExp(`-${channel}$`), ''); | |
| if (/^[0-9]+\.[0-9]+\.[0-9]+$/.test(version)) { | |
| // stable release | |
| core.exportVariable('TAG_LATEST', channel === 'mainline' ? 'latest' : channel); | |
| } | |
| core.exportVariable('TAG_VERSION', version); | |
| } | |
| - | |
| name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| version: ${{ env.SETUP_BUILDX_VERSION }} | |
| driver-opts: image=${{ env.SETUP_BUILDKIT_TAG }} | |
| buildkitd-flags: --debug | |
| - | |
| name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.IMAGE_NAME }} | |
| # versioning strategy | |
| ## push tag dockerfile/1.17.0 | |
| ### docker/dockerfile-upstream:1.17.0 | |
| ### docker/dockerfile-upstream:1.17 | |
| ### docker/dockerfile-upstream:1 | |
| ### docker/dockerfile-upstream:latest | |
| ## push tag dockerfile/1.17.0-labs | |
| ### docker/dockerfile-upstream:1.17.0-labs | |
| ### docker/dockerfile-upstream:1.17-labs | |
| ### docker/dockerfile-upstream:1-labs | |
| ### docker/dockerfile-upstream:labs | |
| ## push prerelease tag dockerfile/1.17.0-rc1 | |
| ### docker/dockerfile-upstream:1.17.0-rc1 | |
| ## push prerelease tag dockerfile/1.17.0-rc1-labs | |
| ### docker/dockerfile-upstream:1.17.0-rc1-labs | |
| ## push on master | |
| ### docker/dockerfile-upstream:master | |
| ### docker/dockerfile-upstream:master-labs | |
| tags: | | |
| type=ref,event=branch,suffix=${{ env.TAG_SUFFIX }} | |
| type=ref,event=pr,suffix=${{ env.TAG_SUFFIX }} | |
| type=semver,pattern={{version}},value=${{ env.TAG_VERSION }},suffix=${{ env.TAG_SUFFIX }} | |
| type=semver,pattern={{major}}.{{minor}},value=${{ env.TAG_VERSION }},suffix=${{ env.TAG_SUFFIX }} | |
| type=semver,pattern={{major}},value=${{ env.TAG_VERSION }},suffix=${{ env.TAG_SUFFIX }} | |
| type=raw,value=${{ env.TAG_LATEST }} | |
| flavor: | | |
| latest=false | |
| annotations: | | |
| org.opencontainers.image.title=Dockerfile Frontend | |
| org.opencontainers.image.vendor=Moby | |
| bake-target: frontend-meta-helper | |
| - | |
| name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| if: ${{ github.repository == 'moby/buildkit' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/dockerfile/')) }} | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - | |
| name: Build | |
| uses: docker/bake-action@v6 | |
| with: | |
| # FIXME: remove context once git context with query string implemented in actions-toolkit | |
| source: ${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }} | |
| files: | | |
| ./docker-bake.hcl | |
| cwd://${{ steps.meta.outputs.bake-file-tags }} | |
| cwd://${{ steps.meta.outputs.bake-file-annotations }} | |
| targets: frontend-image-cross | |
| push: ${{ github.repository == 'moby/buildkit' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/dockerfile/')) }} | |
| provenance: mode=max,version=v1 | |
| sbom: true | |
| set: | | |
| *.cache-from=type=gha,scope=frontend-${{ matrix.channel }} | |
| *.cache-to=type=gha,scope=frontend-${{ matrix.channel }} | |
| *.no-cache-filter=${{ (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/dockerfile/')) && 'base' || '' }} | |
| env: | |
| FRONTEND_CHANNEL: ${{ matrix.channel }} | |
| scout: | |
| runs-on: ubuntu-24.04 | |
| if: ${{ github.ref == 'refs/heads/master' && github.repository == 'moby/buildkit' }} | |
| permissions: | |
| # same as global permission | |
| contents: read | |
| # required to write sarif report | |
| security-events: write | |
| needs: | |
| - image | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| tag: | |
| - master | |
| - master-labs | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v6 | |
| - | |
| name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - | |
| name: Scout | |
| id: scout | |
| uses: crazy-max/.github/.github/actions/docker-scout@ccae1c98f1237b5c19e4ef77ace44fa68b3bc7e4 | |
| with: | |
| version: ${{ env.SCOUT_VERSION }} | |
| format: sarif | |
| image: registry://${{ env.IMAGE_NAME }}:${{ matrix.tag }} | |
| - | |
| name: Result output | |
| run: | | |
| jq . ${{ steps.scout.outputs.result-file }} | |
| - | |
| name: Upload SARIF report | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: ${{ steps.scout.outputs.result-file }} | |
| release: | |
| runs-on: ubuntu-24.04 | |
| if: startsWith(github.ref, 'refs/tags/dockerfile') | |
| permissions: | |
| # required to create GitHub release | |
| contents: write | |
| needs: | |
| - prepare | |
| - test | |
| - image | |
| steps: | |
| - | |
| name: GitHub Release | |
| uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2.4.2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| draft: true | |
| name: ${{ needs.prepare.outputs.tag }} |