Rework the container image build actions (#26007)
parent
59b38f9ee4
commit
d184524233
6 changed files with 198 additions and 124 deletions
@ -0,0 +1,94 @@ |
||||
on: |
||||
workflow_call: |
||||
inputs: |
||||
platforms: |
||||
required: true |
||||
type: string |
||||
use_native_arm64_builder: |
||||
type: boolean |
||||
push_to_images: |
||||
type: string |
||||
version_suffix: |
||||
type: string |
||||
flavor: |
||||
type: string |
||||
tags: |
||||
type: string |
||||
labels: |
||||
type: string |
||||
|
||||
jobs: |
||||
build-image: |
||||
runs-on: ubuntu-latest |
||||
|
||||
steps: |
||||
- uses: actions/checkout@v3 |
||||
|
||||
- uses: docker/setup-qemu-action@v2 |
||||
if: contains(inputs.platforms, 'linux/arm64') && !inputs.use_native_arm64_builder |
||||
|
||||
- uses: docker/setup-buildx-action@v2 |
||||
id: buildx |
||||
if: ${{ !(inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')) }} |
||||
|
||||
- name: Start a local Docker Builder |
||||
if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64') |
||||
run: | |
||||
docker run --rm -d --name buildkitd -p 1234:1234 --privileged moby/buildkit:latest --addr tcp://0.0.0.0:1234 |
||||
|
||||
- uses: docker/setup-buildx-action@v2 |
||||
id: buildx-native |
||||
if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64') |
||||
with: |
||||
driver: remote |
||||
endpoint: tcp://localhost:1234 |
||||
platforms: linux/amd64 |
||||
append: | |
||||
- endpoint: tcp://${{ vars.DOCKER_BUILDER_HETZNER_ARM64_01_HOST }}:13865 |
||||
platforms: linux/arm64 |
||||
name: mastodon-docker-builder-arm64-01 |
||||
driver-opts: |
||||
- servername=mastodon-docker-builder-arm64-01 |
||||
env: |
||||
BUILDER_NODE_1_AUTH_TLS_CACERT: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_CACERT }} |
||||
BUILDER_NODE_1_AUTH_TLS_CERT: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_CERT }} |
||||
BUILDER_NODE_1_AUTH_TLS_KEY: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_KEY }} |
||||
|
||||
- name: Log in to Docker Hub |
||||
if: contains(inputs.push_to_images, 'tootsuite') |
||||
uses: docker/login-action@v2 |
||||
with: |
||||
username: ${{ secrets.DOCKERHUB_USERNAME }} |
||||
password: ${{ secrets.DOCKERHUB_TOKEN }} |
||||
|
||||
- name: Log in to the Github Container registry |
||||
if: contains(inputs.push_to_images, 'ghcr.io') |
||||
uses: docker/login-action@v2 |
||||
with: |
||||
registry: ghcr.io |
||||
username: ${{ github.actor }} |
||||
password: ${{ secrets.GITHUB_TOKEN }} |
||||
|
||||
- uses: docker/metadata-action@v4 |
||||
id: meta |
||||
if: ${{ inputs.push_to_images != '' }} |
||||
with: |
||||
images: ${{ inputs.push_to_images }} |
||||
# Only tag with latest when ran against the latest stable branch |
||||
# This needs to be updated after each minor version release |
||||
flavor: ${{ inputs.flavor }} |
||||
tags: ${{ inputs.tags }} |
||||
labels: ${{ inputs.labels }} |
||||
|
||||
- uses: docker/build-push-action@v4 |
||||
with: |
||||
context: . |
||||
build-args: MASTODON_VERSION_SUFFIX=${{ inputs.version_suffix }} |
||||
platforms: ${{ inputs.platforms }} |
||||
provenance: false |
||||
builder: ${{ steps.buildx.outputs.name || steps.buildx-native.outputs.name }} |
||||
push: ${{ inputs.push_to_images != '' }} |
||||
tags: ${{ steps.meta.outputs.tags }} |
||||
labels: ${{ steps.meta.outputs.labels }} |
||||
cache-from: type=gha |
||||
cache-to: type=gha,mode=max |
@ -1,79 +0,0 @@ |
||||
name: Build container image |
||||
on: |
||||
workflow_dispatch: |
||||
push: |
||||
branches: |
||||
- 'main' |
||||
tags: |
||||
- '*' |
||||
pull_request: |
||||
paths: |
||||
- .github/workflows/build-image.yml |
||||
- Dockerfile |
||||
permissions: |
||||
contents: read |
||||
packages: write |
||||
|
||||
jobs: |
||||
build-image: |
||||
runs-on: ubuntu-latest |
||||
|
||||
concurrency: |
||||
group: ${{ github.workflow }}-${{ github.ref }} |
||||
cancel-in-progress: true |
||||
|
||||
steps: |
||||
- uses: actions/checkout@v3 |
||||
- uses: hadolint/hadolint-action@v3.1.0 |
||||
- uses: docker/setup-qemu-action@v2 |
||||
- uses: docker/setup-buildx-action@v2 |
||||
|
||||
- name: Log in to Docker Hub |
||||
uses: docker/login-action@v2 |
||||
with: |
||||
username: ${{ secrets.DOCKERHUB_USERNAME }} |
||||
password: ${{ secrets.DOCKERHUB_TOKEN }} |
||||
if: github.repository == 'mastodon/mastodon' && github.event_name != 'pull_request' |
||||
|
||||
- name: Log in to the Github Container registry |
||||
uses: docker/login-action@v2 |
||||
with: |
||||
registry: ghcr.io |
||||
username: ${{ github.actor }} |
||||
password: ${{ secrets.GITHUB_TOKEN }} |
||||
if: github.repository == 'mastodon/mastodon' && github.event_name != 'pull_request' |
||||
|
||||
- uses: docker/metadata-action@v4 |
||||
id: meta |
||||
with: |
||||
images: | |
||||
tootsuite/mastodon |
||||
ghcr.io/mastodon/mastodon |
||||
# Only tag with latest when ran against the latest stable branch |
||||
# This needs to be updated after each minor version release |
||||
flavor: | |
||||
latest=${{ startsWith(github.ref, 'refs/tags/v4.1.') }} |
||||
tags: | |
||||
type=edge,branch=main |
||||
type=pep440,pattern={{raw}} |
||||
type=pep440,pattern=v{{major}}.{{minor}} |
||||
type=ref,event=pr |
||||
|
||||
- name: Generate version suffix |
||||
id: version_vars |
||||
if: github.repository == 'mastodon/mastodon' && github.event_name == 'push' && github.ref_name == 'main' |
||||
run: | |
||||
echo mastodon_version_suffix=+edge-$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT |
||||
|
||||
- uses: docker/build-push-action@v4 |
||||
with: |
||||
context: . |
||||
build-args: MASTODON_VERSION_SUFFIX=${{ steps.version_vars.outputs.mastodon_version_suffix }} |
||||
platforms: linux/amd64,linux/arm64 |
||||
provenance: false |
||||
builder: ${{ steps.buildx.outputs.name }} |
||||
push: ${{ github.repository == 'mastodon/mastodon' && github.event_name != 'pull_request' }} |
||||
tags: ${{ steps.meta.outputs.tags }} |
||||
labels: ${{ steps.meta.outputs.labels }} |
||||
cache-from: type=gha |
||||
cache-to: type=gha,mode=max |
@ -0,0 +1,34 @@ |
||||
name: Build container image for PR |
||||
on: |
||||
pull_request: |
||||
types: [labeled, synchronize, reopened, ready_for_review, opened] |
||||
|
||||
permissions: |
||||
contents: read |
||||
packages: write |
||||
|
||||
jobs: |
||||
compute-suffix: |
||||
runs-on: ubuntu-latest |
||||
if: ${{ !github.event.pull_request.draft && contains(github.event.pull_request.labels.*.name, 'build-image') }} |
||||
steps: |
||||
- id: version_vars |
||||
run: | |
||||
echo mastodon_version_suffix=+pr-${{ github.event.pull_request.number }}-$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT |
||||
outputs: |
||||
suffix: ${{ steps.version_vars.outputs.mastodon_version_suffix }} |
||||
|
||||
build-image: |
||||
needs: compute-suffix |
||||
uses: ./.github/workflows/build-container-image.yml |
||||
with: |
||||
platforms: linux/amd64,linux/arm64 |
||||
use_native_arm64_builder: true |
||||
push_to_images: | |
||||
ghcr.io/mastodon/mastodon |
||||
version_suffix: ${{ needs.compute-suffix.outputs.suffix }} |
||||
flavor: | |
||||
latest=auto |
||||
tags: | |
||||
type=ref,event=pr |
||||
secrets: inherit |
@ -0,0 +1,25 @@ |
||||
name: Build container release images |
||||
on: |
||||
push: |
||||
tags: |
||||
- '*' |
||||
|
||||
permissions: |
||||
contents: read |
||||
packages: write |
||||
|
||||
jobs: |
||||
build-image: |
||||
uses: ./.github/workflows/build-container-image.yml |
||||
with: |
||||
platforms: linux/amd64,linux/arm64 |
||||
use_native_arm64_builder: true |
||||
push_to_images: | |
||||
tootsuite/mastodon |
||||
ghcr.io/mastodon/mastodon |
||||
flavor: | |
||||
latest=${{ startsWith(github.ref, 'refs/tags/v4.1.') }} |
||||
tags: | |
||||
type=pep440,pattern={{raw}} |
||||
type=pep440,pattern=v{{major}}.{{minor}} |
||||
secrets: inherit |
@ -0,0 +1,21 @@ |
||||
name: Test container image build |
||||
on: |
||||
pull_request: |
||||
paths: |
||||
- .github/workflows/build-nightly.yml |
||||
- .github/workflows/build-push-pr.yml |
||||
- .github/workflows/build-releases.yml |
||||
- .github/workflows/test-image-build.yml |
||||
- Dockerfile |
||||
permissions: |
||||
contents: read |
||||
|
||||
jobs: |
||||
build-image: |
||||
concurrency: |
||||
group: ${{ github.workflow }}-${{ github.ref }} |
||||
cancel-in-progress: true |
||||
|
||||
uses: ./.github/workflows/build-container-image.yml |
||||
with: |
||||
platforms: linux/amd64 # Testing only on native platform so it is performant |
Loading…
Reference in new issue