From 976cc3d0c6b74d28c3d2f64985a7c04c6b3d604a Mon Sep 17 00:00:00 2001 From: Daniel Schmidt Date: Tue, 21 Oct 2025 13:07:10 -0700 Subject: [PATCH] Updates workflows --- .github/workflows/build.yml | 107 ++++++++++++++++++++++++++-------- .github/workflows/release.yml | 5 +- 2 files changed, 84 insertions(+), 28 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 345d5a4..d35e6b0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,20 +7,25 @@ on: workflow_dispatch: env: + BUILD_SUFFIX: -build-${{ github.run_id }}_${{ github.run_attempt }} DOCKER_METADATA_SET_OUTPUT_ENV: 'true' jobs: build: - runs-on: ubuntu-latest + runs-on: ${{ matrix.runner }} outputs: - build-image: ${{ steps.build-meta.outputs.tags }} + image-arm64: ${{ steps.gen-output.outputs.image-arm64 }} + image-x64: ${{ steps.gen-output.outputs.image-x64 }} + strategy: + fail-fast: false + matrix: + runner: + - ubuntu-24.04 + - ubuntu-24.04-arm steps: - name: Checkout code uses: actions/checkout@v4 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -31,32 +36,84 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Produce the build image tag - id: build-meta + - id: build-meta + name: Docker meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + tags: type=sha,suffix=${{ env.BUILD_SUFFIX }} + + # Build cache is shared among all builds of the same architecture + - id: cache-meta + name: Docker meta uses: docker/metadata-action@v5 with: images: ghcr.io/${{ github.repository }} - tags: type=sha,suffix=-build-${{ github.run_id }}_${{ github.run_attempt }} + tags: type=raw,value=buildcache-${{ runner.arch }} - - name: Build and push the untested image + - id: get-registry + name: Get the sanitized registry name + run: | + echo "registry=$(echo '${{ steps.build-meta.outputs.tags }}' | cut -f1 -d:)" | tee -a "$GITHUB_OUTPUT" + + - id: build + name: Build/push the arch-specific image uses: docker/build-push-action@v6 with: - cache-from: type=gha - cache-to: type=gha + cache-from: type=registry,ref=${{ steps.cache-meta.outputs.tags }} + cache-to: type=registry,ref=${{ steps.cache-meta.outputs.tags }},mode=max labels: ${{ steps.build-meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 - provenance: true - push: true + provenance: mode=max sbom: true - tags: ${{ steps.build-meta.outputs.tags }} + tags: ${{ steps.get-registry.outputs.registry }} + outputs: type=image,push-by-digest=true,push=true + + - id: gen-output + name: Write arch-specific image digest to outputs + run: | + echo "image-${RUNNER_ARCH,,}=${{ steps.get-registry.outputs.registry }}@${{ steps.build.outputs.digest }}" | tee -a "$GITHUB_OUTPUT" + + merge: + runs-on: ubuntu-24.04 + needs: build + env: + DOCKER_APP_IMAGE_ARM64: ${{ needs.build.outputs.image-arm64 }} + DOCKER_APP_IMAGE_X64: ${{ needs.build.outputs.image-x64 }} + outputs: + image: ${{ steps.meta.outputs.tags }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - id: meta + name: Generate tag for the app image + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + tags: type=sha,suffix=${{ env.BUILD_SUFFIX }} + + - name: Push the multi-platform app image + run: | + docker buildx imagetools create \ + --tag "$DOCKER_METADATA_OUTPUT_TAGS" \ + "$DOCKER_APP_IMAGE_ARM64" "$DOCKER_APP_IMAGE_X64" test: - runs-on: ubuntu-latest - needs: - - build + runs-on: ubuntu-24.04 + needs: merge env: COMPOSE_FILE: docker-compose.yml:docker-compose.ci.yml - DOCKER_APP_IMAGE: ${{ needs.build.outputs.build-image }} + DOCKER_APP_IMAGE: ${{ needs.merge.outputs.image }} steps: - name: Checkout code uses: actions/checkout@v4 @@ -71,18 +128,21 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Run the test script + - name: Setup the stack run: | docker compose up --wait + + - name: Run test script + run: | docker compose exec app test/test.sh push: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 needs: - - build + - merge - test env: - DOCKER_APP_IMAGE: ${{ needs.build.outputs.build-image }} + DOCKER_APP_IMAGE: ${{ needs.merge.outputs.image }} steps: - name: Checkout code uses: actions/checkout@v4 @@ -95,7 +155,6 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Produce permanent image tags - id: branch-meta uses: docker/metadata-action@v5 with: images: ghcr.io/${{ github.repository }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 86d5f28..5d90890 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,7 +3,7 @@ name: Push Release Tags on: push: tags: - - '*' + - '**' workflow_dispatch: env: @@ -16,9 +16,6 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3