From 4e3fb92d01f9442e06861b4a9cf766bcb55b8499 Mon Sep 17 00:00:00 2001 From: Kevin Meinhardt Date: Tue, 25 Jun 2024 20:30:03 +0200 Subject: [PATCH 1/8] Test hange --- .github/workflows/worker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/worker.yml b/.github/workflows/worker.yml index c60151b..47f25ef 100644 --- a/.github/workflows/worker.yml +++ b/.github/workflows/worker.yml @@ -1,4 +1,4 @@ -name: Worker +name: Worker (fork) on: workflow_call: From b0bf78434a802097685e2175c6772797fa4f81a4 Mon Sep 17 00:00:00 2001 From: Kevin Meinhardt Date: Wed, 26 Jun 2024 09:23:27 +0200 Subject: [PATCH 2/8] Push image ghcr --- .github/actions/build/action.yml | 57 +++++++++++++++------ .github/actions/context/action.yml | 80 ++++++++++++++++++++++++++++++ .github/workflows/push.yml | 30 +++++++++++ docker-compose.yml | 1 + 4 files changed, 154 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/push.yml diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index d4c9bbf..374423a 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -15,6 +15,10 @@ inputs: required: false description: "Node environment" default: "production" + latest: + required: false + description: "Tag latest version" + default: "false" outputs: tags: @@ -56,30 +60,55 @@ runs: id: image shell: bash run: | - echo "image=ghcr.io/mozilla/test-github-features" >> $GITHUB_OUTPUT + registry="ghcr.io" + repository="${{ github.repository }}" + image="$registry/$repository" + + echo "registry=$registry" >> $GITHUB_OUTPUT + echo "repository=$repository" >> $GITHUB_OUTPUT + echo "image=$image" >> $GITHUB_OUTPUT + + cat $GITHUB_OUTPUT - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: ${{ steps.image.outputs.image }} + flavor: | + suffix=-next,onlatest=true + latest=${{ inputs.latest == 'true' }} tags: | - type=raw,value=latest,enable={{is_default_branch}} - type=raw,value=staging,enable=${{ github.event_name == 'merge_group' }} type=ref,event=pr - type=sha + type=ref,event=branch + type=ref,event=tag + + - name: Docker tag + id: tag + shell: bash + run: | + # Extract metadata output json + cat < meta.json + ${{ steps.meta.outputs.json }} + EOF + + tag=$(cat meta.json | jq -r '.tags[0]') + tag_cache="$tag-cache" + + echo "tag=$tag" >> $GITHUB_OUTPUT + echo "tag_cache=$tag_cache" >> $GITHUB_OUTPUT + + cat $GITHUB_OUTPUT - name: Build Image - uses: docker/build-push-action@v5 + id: build + uses: docker/bake-action@v4 + env: + DOCKER_TAG: ${{ steps.tag.outputs.tag }} with: - context: . - platforms: linux/amd64 - pull: true + targets: app push: ${{ inputs.push }} load: ${{ inputs.push == 'false' }} - tags: ${{ steps.meta.outputs.tags }} - cache-from: type=gha - cache-to: type=gha,mode=max - build-args: | - VERSION=${{ steps.meta.outputs.tags }} - NODE_ENV=${{ inputs.node_env }} + set: | + *.cache-from=type=registry,ref=${{ steps.tag.outputs.tag_cache }} + *.cache-to=type=registry,ref=${{ steps.tag.outputs.tag_cache }},mode=max,compression-level=9,force-compression=true,ignore-error=true diff --git a/.github/actions/context/action.yml b/.github/actions/context/action.yml index 284638f..0b69210 100644 --- a/.github/actions/context/action.yml +++ b/.github/actions/context/action.yml @@ -1,6 +1,30 @@ name: 'Dump Context' description: 'Display context for action run' +outputs: + # All github action outputs are strings, even if set to "true" + # so when using these values always assert against strings or convert from json + # \$\{{ needs.context.outputs.is_fork == 'true' }} // true + # \$\{{ fromJson(needs.context.outputs.is_fork) == false }} // true + # \$\{{ needs.context.outputs.is_fork == true }} // false + # \$\{{ needs.context.outputs.is_fork }} // false + is_fork: + description: "" + value: ${{ steps.context.outputs.is_fork }} + is_default_branch: + description: "" + value: ${{ steps.context.outputs.is_default_branch }} + is_release_master: + description: "" + value: ${{ steps.context.outputs.is_release_master }} + is_release_tag: + description: "" + value: ${{ steps.context.outputs.is_release_tag }} + # Hardcode image name + image_name: + description: "" + value: mozilla/addons-server + runs: using: 'composite' steps: @@ -36,3 +60,59 @@ runs: INPUTS_CONTEXT: ${{ toJson(inputs) }} run: | echo "$INPUTS_CONTEXT" + + - name: Set context + id: context + env: + # The default branch of the repository, in this case "master" + default_branch: ${{ github.event.repository.default_branch }} + shell: bash + run: | + event_name="${{ github.event_name }}" + event_action="${{ github.event.action }}" + + # Stable check for if the workflow is running on the default branch + # https://stackoverflow.com/questions/64781462/github-actions-default-branch-variable + is_default_branch="${{ format('refs/heads/{0}', env.default_branch) == github.ref }}" + + # In most events, the epository refers to the head which would be the fork + is_fork="${{ github.event.repository.fork }}" + + # This is different in a pull_request where we need to check the head explicitly + if [[ "${{ github.event_name }}" == 'pull_request' ]]; then + # repository on a pull request refers to the base which is always mozilla/addons-server + is_head_fork="${{ github.event.pull_request.head.repo.fork }}" + # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions + is_dependabot="${{ github.actor == 'dependabot[bot]' }}" + + # If the head repository is a fork or if the PR is opened by dependabot + # we consider the run to be a fork. Dependabot and proper forks are treated + # the same in terms of limited read only github token scope + if [[ "$is_head_fork" == 'true' || "$is_dependabot" == 'true' ]]; then + is_fork="true" + fi + fi + + is_release_master="false" + is_release_tag="false" + + # Releases can only happen if we are NOT on a fork + if [[ "$is_fork" == 'false' ]]; then + # A master release occurs on a push to the default branch of the origin repository + if [[ "$event_name" == 'push' && "$is_default_branch" == 'true' ]]; then + is_release_master="true" + fi + + # A tag release occurs when a release is published + if [[ "$event_name" == 'release' && "$event_action" == 'publish' ]]; then + is_release_tag="true" + fi + fi + + echo "is_default_branch=$is_default_branch" >> $GITHUB_OUTPUT + echo "is_fork=$is_fork" >> $GITHUB_OUTPUT + echo "is_release_master=$is_release_master" >> $GITHUB_OUTPUT + echo "is_release_tag=$is_release_tag" >> $GITHUB_OUTPUT + + echo "event_name: $event_name" + cat $GITHUB_OUTPUT diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml new file mode 100644 index 0000000..596db8f --- /dev/null +++ b/.github/workflows/push.yml @@ -0,0 +1,30 @@ +name: Push + +on: + push: + branches: + - main + pull_request: + +permissions: + packages: write + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - id: context + uses: ./.github/actions/context + + - uses: ./.github/actions/build + with: + push: true + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + node_env: production + latest: ${{ steps.context.outputs.is_release_master }} + + diff --git a/docker-compose.yml b/docker-compose.yml index 633f92d..85f3477 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,7 @@ version: '3.8' services: app: + image: ${DOCKER_TAG:-} build: context: . args: From fd995efb67b20564ec5689f77b484f10fb64c11f Mon Sep 17 00:00:00 2001 From: Kevin Meinhardt Date: Wed, 26 Jun 2024 10:59:53 +0200 Subject: [PATCH 3/8] TMP: push artifact --- .github/actions/build/action.yml | 61 ++++++++++++++------------------ .github/actions/push/action.yml | 27 ++++++++++++++ .github/workflows/push.yml | 37 +++++++++++++++++-- 3 files changed, 88 insertions(+), 37 deletions(-) create mode 100644 .github/actions/push/action.yml diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index 374423a..9c96bba 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -1,16 +1,6 @@ name: 'Docker Build' description: 'Builds docker image' inputs: - push: - required: true - description: "Build and push image to registry (cannot be used together with load)" - default: "false" - password: - required: false - description: "Password for the registry" - username: - required: false - description: "Username for the registry" node_env: required: false description: "Node environment" @@ -30,9 +20,9 @@ outputs: image: description: "The Docker image" value: ${{ steps.image.outputs.image }} - image_version: + tag: description: "Combines image and version to a valid image tag" - value: ${{ steps.image.outputs.image }}:${{ steps.meta.outputs.version }} + value: ${{ steps.tag.outputs.tag }} runs: using: "composite" @@ -46,28 +36,11 @@ runs: version: latest buildkitd-flags: --debug - # Login to a registry to push the image - - name: Login to Container Registry - # Only login if we are pushing the image - if: ${{ inputs.push == 'true' }} - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ inputs.username }} - password: ${{ inputs.password }} - - name: Docker Image id: image shell: bash run: | - registry="ghcr.io" - repository="${{ github.repository }}" - image="$registry/$repository" - - echo "registry=$registry" >> $GITHUB_OUTPUT - echo "repository=$repository" >> $GITHUB_OUTPUT - echo "image=$image" >> $GITHUB_OUTPUT - + echo "image=${{ github.repository }}" >> $GITHUB_OUTPUT cat $GITHUB_OUTPUT - name: Docker meta @@ -100,6 +73,12 @@ runs: cat $GITHUB_OUTPUT + - name: Tar file + id: tar + shell: bash + run: | + echo "path=/tmp/${{ steps.meta.outputs.version }}" >> $GITHUB_OUTPUT + - name: Build Image id: build uses: docker/bake-action@v4 @@ -107,8 +86,22 @@ runs: DOCKER_TAG: ${{ steps.tag.outputs.tag }} with: targets: app - push: ${{ inputs.push }} - load: ${{ inputs.push == 'false' }} set: | - *.cache-from=type=registry,ref=${{ steps.tag.outputs.tag_cache }} - *.cache-to=type=registry,ref=${{ steps.tag.outputs.tag_cache }},mode=max,compression-level=9,force-compression=true,ignore-error=true + *.output=type=docker,dest=${{ steps.tar.outputs.path }} + + - name: Get image digest + id: digest + shell: bash + run: | + echo '${{ steps.build.outputs.metadata }}' > metadata.json + echo "digest=$(cat metadata.json | jq -r '.app."containerimage.digest"')" >> $GITHUB_OUTPUT + cat $GITHUB_OUTPUT + + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ steps.meta.outputs.version }} + path: ${{ steps.tar.outputs.path }} + retention-days: 1 + compression-level: 9 + overwrite: true diff --git a/.github/actions/push/action.yml b/.github/actions/push/action.yml new file mode 100644 index 0000000..d2aad96 --- /dev/null +++ b/.github/actions/push/action.yml @@ -0,0 +1,27 @@ +name: 'Docker Push image to registry' +description: 'Pushes build docker image to registry' +inputs: + tag: + required: true + description: "The full docker tag to push" + password: + required: false + description: "Password for the registry" + username: + required: false + description: "Username for the registry" + +runs: + using: "composite" + steps: + - name: Login to Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ inputs.username }} + password: ${{ inputs.password }} + + - name: Push Image + shell: bash + run: | + docker image push ${{ inputs.tag }} diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 596db8f..609791e 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -9,10 +9,17 @@ on: permissions: packages: write +# TODO: +# 1. split out the push action to separate action +# 2. add caching based on fork behaviour, use GHA cache or registry.. + jobs: build: runs-on: ubuntu-latest + outputs: + version: ${{ steps.build.outputs.version }} + steps: - uses: actions/checkout@v4 @@ -20,11 +27,35 @@ jobs: uses: ./.github/actions/context - uses: ./.github/actions/build + id: build with: - push: true - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} node_env: production latest: ${{ steps.context.outputs.is_release_master }} + - uses: ./.github/actions/push + if: steps.context.outputs.is_fork == 'false' + with: + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + tag: ${{ steps.build.outputs.tag }} + + download: + runs-on: ubuntu-latest + needs: [build] + + steps: + - uses: actions/checkout@v4 + + - uses: actions/download-artifact@v4 + with: + name: ${{ needs.build.outputs.version }} + path: /tmp/ + + - name: Load image + shell: bash + run: | + docker load < /tmp/${{ needs.build.outputs.version }} + docker image ls + + From 76e19a3fb6cfeab54d8953e000c1bc3a3d71712b Mon Sep 17 00:00:00 2001 From: Kevin Meinhardt Date: Wed, 26 Jun 2024 11:44:18 +0200 Subject: [PATCH 4/8] TMP: load image when building --- .github/actions/build/action.yml | 1 + .github/actions/load/action.yml | 20 ++++++++++++++++++++ .github/actions/push/action.yml | 8 ++++++-- .github/workflows/push.yml | 12 ++---------- 4 files changed, 29 insertions(+), 12 deletions(-) create mode 100644 .github/actions/load/action.yml diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index 9c96bba..f4ac09c 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -86,6 +86,7 @@ runs: DOCKER_TAG: ${{ steps.tag.outputs.tag }} with: targets: app + load: true set: | *.output=type=docker,dest=${{ steps.tar.outputs.path }} diff --git a/.github/actions/load/action.yml b/.github/actions/load/action.yml new file mode 100644 index 0000000..73f716c --- /dev/null +++ b/.github/actions/load/action.yml @@ -0,0 +1,20 @@ +name: 'Docker Load image from tar file' +description: 'Loads a docker image from a tar file' +inputs: + version: + required: true + description: "The docker image version you want to load" + +runs: + using: "composite" + steps: + - uses: actions/download-artifact@v4 + with: + name: ${{ inputs.version }} + path: /tmp/ + + - name: Load image + shell: bash + run: | + docker load < /tmp/${{ inputs.version }} + docker image ls diff --git a/.github/actions/push/action.yml b/.github/actions/push/action.yml index d2aad96..f6087fb 100644 --- a/.github/actions/push/action.yml +++ b/.github/actions/push/action.yml @@ -10,6 +10,10 @@ inputs: username: required: false description: "Username for the registry" + registry: + required: false + description: "The registry to push to" + default: "ghcr.io" runs: using: "composite" @@ -17,11 +21,11 @@ runs: - name: Login to Container Registry uses: docker/login-action@v3 with: - registry: ghcr.io + registry: ${{ inputs.registry }} username: ${{ inputs.username }} password: ${{ inputs.password }} - name: Push Image shell: bash run: | - docker image push ${{ inputs.tag }} + docker image push ${{ inputs.registry }}/${{ inputs.tag }} diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 609791e..13a5286 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -46,16 +46,8 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: actions/download-artifact@v4 + - uses: ./.github/actions/load with: - name: ${{ needs.build.outputs.version }} - path: /tmp/ - - - name: Load image - shell: bash - run: | - docker load < /tmp/${{ needs.build.outputs.version }} - docker image ls - + version: ${{ needs.build.outputs.version }} From fccfdbd6bc66b9b2ff4fe0c405fb8fa6046fffb1 Mon Sep 17 00:00:00 2001 From: Kevin Meinhardt Date: Wed, 26 Jun 2024 13:08:04 +0200 Subject: [PATCH 5/8] TMP: is this working? --- .github/actions/build/action.yml | 28 +++++++------- .github/actions/load/action.yml | 20 ---------- .github/actions/push/action.yml | 1 + .github/actions/run/action.yml | 66 ++++++++++++-------------------- .github/workflows/push.yml | 9 +++-- 5 files changed, 46 insertions(+), 78 deletions(-) delete mode 100644 .github/actions/load/action.yml diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index f4ac09c..575d3fa 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -11,9 +11,6 @@ inputs: default: "false" outputs: - tags: - description: "The Docker tags for the image" - value: ${{ steps.meta.outputs.tags }} version: description: "The version for the image" value: ${{ steps.meta.outputs.version }} @@ -27,9 +24,9 @@ outputs: runs: using: "composite" steps: - # Setup docker to build for multiple architectures - name: Set up QEMU uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 with: @@ -65,19 +62,17 @@ runs: ${{ steps.meta.outputs.json }} EOF - tag=$(cat meta.json | jq -r '.tags[0]') - tag_cache="$tag-cache" - - echo "tag=$tag" >> $GITHUB_OUTPUT - echo "tag_cache=$tag_cache" >> $GITHUB_OUTPUT - + echo "tag=$(cat meta.json | jq -r '.tags[0]')" >> $GITHUB_OUTPUT cat $GITHUB_OUTPUT - name: Tar file id: tar shell: bash + # image.tar is the name of the compressed image file + # This should be kept in sync with ./.github/actions/run/action.yml + # That loads the image from this file run: | - echo "path=/tmp/${{ steps.meta.outputs.version }}" >> $GITHUB_OUTPUT + echo "path=/tmp/image.tar" >> $GITHUB_OUTPUT - name: Build Image id: build @@ -87,8 +82,6 @@ runs: with: targets: app load: true - set: | - *.output=type=docker,dest=${{ steps.tar.outputs.path }} - name: Get image digest id: digest @@ -98,10 +91,17 @@ runs: echo "digest=$(cat metadata.json | jq -r '.app."containerimage.digest"')" >> $GITHUB_OUTPUT cat $GITHUB_OUTPUT + - name: Save Docker Image to Tar + shell: bash + run: | + docker save -o /tmp/image.tar ${{ steps.tag.outputs.tag }} + - name: Upload artifact uses: actions/upload-artifact@v4 with: - name: ${{ steps.meta.outputs.version }} + # The artifact name should be kept in sync with + # ./.github/actions/run/action.yml which downloads the artifact + name: docker-image path: ${{ steps.tar.outputs.path }} retention-days: 1 compression-level: 9 diff --git a/.github/actions/load/action.yml b/.github/actions/load/action.yml deleted file mode 100644 index 73f716c..0000000 --- a/.github/actions/load/action.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: 'Docker Load image from tar file' -description: 'Loads a docker image from a tar file' -inputs: - version: - required: true - description: "The docker image version you want to load" - -runs: - using: "composite" - steps: - - uses: actions/download-artifact@v4 - with: - name: ${{ inputs.version }} - path: /tmp/ - - - name: Load image - shell: bash - run: | - docker load < /tmp/${{ inputs.version }} - docker image ls diff --git a/.github/actions/push/action.yml b/.github/actions/push/action.yml index f6087fb..b349062 100644 --- a/.github/actions/push/action.yml +++ b/.github/actions/push/action.yml @@ -28,4 +28,5 @@ runs: - name: Push Image shell: bash run: | + docker image ls docker image push ${{ inputs.registry }}/${{ inputs.tag }} diff --git a/.github/actions/run/action.yml b/.github/actions/run/action.yml index 3793d4d..3fb45d3 100644 --- a/.github/actions/run/action.yml +++ b/.github/actions/run/action.yml @@ -1,58 +1,42 @@ name: 'Docker Run Action' description: 'Run a command in a new container' inputs: - image: - description: "The Docker image to run" + tag: + description: 'The docker image tag to run.' required: true - options: - description: 'Options' - required: false run: description: 'Run command in container' required: true runs: using: 'composite' steps: - - name: Validate inputs + - uses: actions/download-artifact@v4 + with: + # The artifact name should be kept in sync with + # ./.github/actions/build/action.yml which uploads the artifact + name: docker-image + path: /tmp/ + + # image.tar is the name of the compressed image file + # This should be kept in sync with ./.github/actions/build/action.yml + - name: Load image shell: bash run: | - if [[ -z "${{ inputs.image }}" ]]; then - echo "Image is required" - exit 1 - fi - if [[ -z "${{ inputs.run }}" ]]; then - echo "Run is required" - exit 1 - fi + docker load < /tmp/image.tar + docker image ls + - name: Run Docker Container shell: bash + env: + DOCKER_TAG: ${{ inputs.tag }} run: | - cat < exec.sh - #!/bin/bash - whoami - ${{ inputs.run }} - EOF + # Start the specified services + make up - cat < root.sh - #!/bin/bash - whoami - su -s /bin/bash -c './exec.sh' root + # Exec the run command in the container + # quoted 'EOF' to prevent variable expansion + cat <<'EOF' | docker compose exec --user root app sh + #!/bin/bash + whoami + ${{ inputs.run }} EOF - - # Make both files executable - chmod +x exec.sh - chmod +x root.sh - - # Debug info - echo "############" - cat root.sh - echo "############" - echo "############" - cat exec.sh - echo "############" - - # Execute inside docker container - cat root.sh | docker run ${{ inputs.options }} \ - -i --rm -u 0 \ - -v $(pwd):/app \ - ${{ inputs.image }} bash diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 13a5286..a8f7d3e 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest outputs: - version: ${{ steps.build.outputs.version }} + tag: ${{ steps.build.outputs.tag }} steps: - uses: actions/checkout@v4 @@ -46,8 +46,11 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/load + - uses: ./.github/actions/run with: - version: ${{ needs.build.outputs.version }} + tag: ${{ needs.build.outputs.tag }} + run: | + echo "Hello world" + npm run test From 89aa203871ca6f6bdcdab9b99d98fc26eb5dd560 Mon Sep 17 00:00:00 2001 From: Kevin Meinhardt Date: Wed, 26 Jun 2024 13:42:20 +0200 Subject: [PATCH 6/8] TMP: more stuff idk will work --- .github/actions/build/action.yml | 48 ++++++++++++++++++-------------- docker-compose.yml | 4 --- 2 files changed, 27 insertions(+), 25 deletions(-) diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index 575d3fa..ace7212 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -9,14 +9,21 @@ inputs: required: false description: "Tag latest version" default: "false" + target: + required: false + description: "Docker stage to target" + default: "final" outputs: - version: - description: "The version for the image" - value: ${{ steps.meta.outputs.version }} image: description: "The Docker image" value: ${{ steps.image.outputs.image }} + version: + description: "The version for the image" + value: ${{ steps.meta.outputs.version }} + digest: + description: "The build digest for the image" + value: ${{ steps.build.outputs.digest }} tag: description: "Combines image and version to a valid image tag" value: ${{ steps.tag.outputs.tag }} @@ -76,25 +83,18 @@ runs: - name: Build Image id: build - uses: docker/bake-action@v4 - env: - DOCKER_TAG: ${{ steps.tag.outputs.tag }} + uses: docker/build-push-action@v6 with: - targets: app - load: true - - - name: Get image digest - id: digest - shell: bash - run: | - echo '${{ steps.build.outputs.metadata }}' > metadata.json - echo "digest=$(cat metadata.json | jq -r '.app."containerimage.digest"')" >> $GITHUB_OUTPUT - cat $GITHUB_OUTPUT - - - name: Save Docker Image to Tar - shell: bash - run: | - docker save -o /tmp/image.tar ${{ steps.tag.outputs.tag }} + platforms: linux/amd64 + # Inject metadata produced earlier + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} + # Output image to a local tar file to be uploaded + outputs: type=docker,dest=${{ steps.tar.outputs.path }} + # Target a specified stage + target: ${{ inputs.target }} + push: true - name: Upload artifact uses: actions/upload-artifact@v4 @@ -106,3 +106,9 @@ runs: retention-days: 1 compression-level: 9 overwrite: true + + - name: Load Docker image + shell: bash + run: | + # Load the Docker image + docker load -i /tmp/image.tar diff --git a/docker-compose.yml b/docker-compose.yml index 85f3477..5626c57 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,10 +2,6 @@ version: '3.8' services: app: image: ${DOCKER_TAG:-} - build: - context: . - args: - NODE_ENV: development volumes: - node_modules:/app/node_modules - dist:/app/dist From 7027f321c0dc798654299a4ad6709344daea7aee Mon Sep 17 00:00:00 2001 From: Kevin Meinhardt Date: Wed, 26 Jun 2024 13:58:16 +0200 Subject: [PATCH 7/8] TMP: more --- .github/actions/build/action.yml | 21 ++++++++++++++++++--- .github/workflows/push.yml | 6 +----- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index ace7212..2dc0a9d 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -13,6 +13,10 @@ inputs: required: false description: "Docker stage to target" default: "final" + push: + required: false + description: "Should image be pushed to registries" + default: "false" outputs: image: @@ -31,6 +35,14 @@ outputs: runs: using: "composite" steps: + - name: Login to Container Registry + if: inputs.push == 'true' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ inputs.username }} + password: ${{ inputs.password }} + - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -51,7 +63,8 @@ runs: id: meta uses: docker/metadata-action@v5 with: - images: ${{ steps.image.outputs.image }} + images: | + ghcr.io/${{ steps.image.outputs.image }} flavor: | suffix=-next,onlatest=true latest=${{ inputs.latest == 'true' }} @@ -91,10 +104,12 @@ runs: labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }} # Output image to a local tar file to be uploaded - outputs: type=docker,dest=${{ steps.tar.outputs.path }} + # Also push to registry when appropriate + outputs: | + type=docker,dest=${{ steps.tar.outputs.path }} + type=image,name=${{ steps.tag.outputs.tag }},push=${{ inputs.push }} # Target a specified stage target: ${{ inputs.target }} - push: true - name: Upload artifact uses: actions/upload-artifact@v4 diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index a8f7d3e..e69021a 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -31,13 +31,9 @@ jobs: with: node_env: production latest: ${{ steps.context.outputs.is_release_master }} - - - uses: ./.github/actions/push - if: steps.context.outputs.is_fork == 'false' - with: + push: ${{ steps.context.outputs.is_fork == 'false' }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - tag: ${{ steps.build.outputs.tag }} download: runs-on: ubuntu-latest From 62ec5f9314ea0c4b5a1d93d070086bc492901836 Mon Sep 17 00:00:00 2001 From: Kevin Meinhardt Date: Wed, 26 Jun 2024 14:12:27 +0200 Subject: [PATCH 8/8] TMP: more --- .github/workflows/build.yml | 59 +++++++++++++++++++++++++++++++++++++ .github/workflows/push.yml | 3 ++ 2 files changed, 62 insertions(+) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..30035a7 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,59 @@ +name: Worker (fork) + +on: + workflow_call: + outputs: + image: + description: "The Docker image" + value: '' + version: + description: "The version for the image" + value: '' + digest: + description: "The build digest for the image" + value: '' + tag: + description: "Combines image and version to a valid image tag" + value: '' + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + context: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/context + + login_ghcr: + runs-on: ubuntu-latest + steps: + - name: Login to Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ github.token }} + logout: false + - shell: bash + run: | + docker system info + cat ~/.docker/config.json + + build: + runs-on: ubuntu-latest + needs: [context, login_ghcr] + steps: + - uses: actions/checkout@v4 + - shell: bash + run: | + docker system info + cat ~/.docker/config.json + + + + +# Build and upload image as artifact + diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index e69021a..a9f31d4 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -14,6 +14,9 @@ permissions: # 2. add caching based on fork behaviour, use GHA cache or registry.. jobs: + build_call: + uses: ./.github/workflows/build.yml + build: runs-on: ubuntu-latest