Build docker images #1089
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# GitHub actions workflow which builds and publishes the docker images. Four images can come from this run | |
# 1. A latest image which is based on an actual release, also tagged with version number in format 'v*.*.*' | |
# 2. A prerelease image which is based on release candidates. This is only tagged with a version, 'v*.*.*' | |
# 3. A nightly image, which is based on the develop branch and is cut at 1 UTC which is about 8pm in my timezone | |
# 4. A custom image, sourced from a remote repository. Give the workflow a custom repo in the format 'owner/repo' | |
# and a branch in the format 'custom-branch' and an image will be built and uploaded with the custom branch | |
# name as it's tag. Do not use characters in your branch name that are not docker tag approved, or the build | |
# will fail. Hyphens are ok, underscores and either slashes are not. | |
# All are automated builds, by checking the matrix-org repo once a day and if a new release is found building | |
# the image, or in the case of nightly just building it every night, even weekends(sometimes things get committed | |
# then too). | |
# Added 2023.03.16: Push to GHCR.io registry as well. According to: | |
# https://docs.github.com/en/actions/publishing-packages/publishing-docker-images#publishing-images-to-docker-hub-and-github-packages | |
# it is as simple as logging into both dockerhub and ghcr.io and then updating the tags to reference both places. It's unclear | |
# if the image to go to dockerhub should be prefixed with 'docker.io' or not. Write permissions active for 'packages' is an | |
# important detail. | |
# Added 2023.07.08: Build from custom repo and branch | |
# Mutated the unified dockerfile to remove the $FROM ARG and use build-contexts instead, which allows overriding | |
# the image pulled from the outside. Added in a a local registry to store the intermediate image built, as the | |
# local docker store won't allow access to built images directly(some kind of security issue?). Information came from: | |
# https://docs.docker.com/build/ci/github-actions/named-contexts and the normal docs for docker buildx. | |
# Also went ahead and reformatted this file and fixed some loose conditions. | |
# We rebuild Release, Pre-Release and Nightly if there is a human change(push) to the master branch. Earlier in the day, a different | |
# workflow will make updates to the release files and commit those changes. These changes are not detected here. A later scheduled | |
# run will check for these changes and build appropriate images. In the case of Nightly, it will be built every night. | |
# The conditions to look for are: | |
# schedule: | |
# release: steps.changes.outputs.release == true | |
# prelease: steps.changes.outputs.prerelease == true | |
# nightly: github.event_name == 'schedule' | |
# | |
# push: always rebuild all images | |
# workflow_dispatch: always rebuild all images if master branch is chosen | |
name: Build docker images | |
on: | |
schedule: | |
- cron: '0 1 * * *' | |
push: | |
branches: | |
- "master" | |
workflow_dispatch: | |
inputs: | |
branch: | |
type: choice | |
options: | |
- master | |
- custom | |
custom_repo: | |
custom_branch: | |
pull_request: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
contents: read | |
packages: write | |
jobs: | |
build-unified: | |
runs-on: ubuntu-latest | |
services: | |
registry: | |
image: registry:2 | |
ports: | |
- 5000:5000 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- uses: dorny/paths-filter@v2 | |
# If the automated schedule for updating the version string has run and committed | |
# an update, it will not register as a push. Only human pushed changes register as | |
# such. | |
if: | | |
github.event_name == 'schedule' | |
id: changes | |
with: | |
base: 'master' | |
filters: | | |
release: | |
- 'release-versions/synapse-latest.txt' | |
prerelease: | |
- 'release-versions/synapse-prerelease.txt' | |
# - name: Set up QEMU | |
# id: qemu | |
# uses: docker/setup-qemu-action@v2 | |
# with: | |
# platforms: arm64 | |
- name: Get Release Version | |
id: get_release_version | |
if: | | |
github.event_name == 'push' || | |
steps.changes.outputs.release == 'true' || | |
github.event.inputs.branch == 'master' | |
run: | | |
echo "synapse_latest_version=$(cat release-versions/synapse-latest.txt)" >> $GITHUB_OUTPUT | |
- name: Get Pre-Release Version | |
id: get_prerelease_version | |
if: | | |
github.event_name == 'push' || | |
steps.changes.outputs.prerelease == 'true' || | |
github.event.inputs.branch == 'master' | |
run: | | |
echo "synapse_prerelease_version=$(cat release-versions/synapse-prerelease.txt)" >> $GITHUB_OUTPUT | |
- name: Grab Context | |
env: | |
EVENT_CONTEXT: ${{ toJSON(github) }} | |
STEPS_CONTEXT: ${{ toJSON(steps) }} | |
run: | | |
echo $EVENT_CONTEXT | |
- name: Grab Github ENV outputs | |
run: | | |
echo ${GITHUB_OUTPUT} | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
driver-opts: network=host | |
- name: Log in to DockerHub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Log in to GHCR.io | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and Push Latest Image | |
if: | | |
github.event_name == 'push' || | |
steps.changes.outputs.release == 'true' || | |
github.event.inputs.branch == 'master' | |
uses: docker/build-push-action@v4 | |
with: | |
push: true | |
context: . | |
labels: "gitsha1=${{ github.sha }}" | |
tags: | | |
realtyem/synapse:latest | |
realtyem/synapse:${{ steps.get_release_version.outputs.synapse_latest_version }} | |
ghcr.io/realtyem/synapse:latest | |
ghcr.io/realtyem/synapse:${{ steps.get_release_version.outputs.synapse_latest_version }} | |
build-contexts: | | |
matrixdotorg/synapse=docker-image://matrixdotorg/synapse:${{ steps.get_release_version.outputs.synapse_latest_version }} | |
file: "Dockerfile-unified" | |
platforms: linux/amd64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Build and Push Pre-Release Image | |
if: | | |
github.event_name == 'push' || | |
steps.changes.outputs.prerelease == 'true' || | |
github.event.inputs.branch == 'master' | |
uses: docker/build-push-action@v4 | |
with: | |
push: true | |
context: . | |
labels: "gitsha1=${{ github.sha }}" | |
tags: | | |
realtyem/synapse:${{ steps.get_prerelease_version.outputs.synapse_prerelease_version }} | |
ghcr.io/realtyem/synapse:${{ steps.get_prerelease_version.outputs.synapse_prerelease_version }} | |
build-contexts: | | |
matrixdotorg/synapse=docker-image://matrixdotorg/synapse:${{ steps.get_prerelease_version.outputs.synapse_prerelease_version }} | |
file: "Dockerfile-unified" | |
platforms: linux/amd64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Build and Push Nightly Image | |
if: | | |
github.event_name == 'push' || | |
github.event_name == 'schedule' || | |
github.event.inputs.branch == 'master' | |
uses: docker/build-push-action@v4 | |
with: | |
push: true | |
context: . | |
tags: | | |
realtyem/synapse:nightly | |
ghcr.io/realtyem/synapse:nightly | |
build-contexts: | | |
matrixdotorg/synapse=docker-image://matrixdotorg/synapse:develop | |
file: "Dockerfile-unified" | |
platforms: linux/amd64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Experimental Image - Download external repo | |
if: github.event.inputs.branch == 'custom' | |
uses: actions/checkout@v3 | |
with: | |
repository: ${{ github.event.inputs.custom_repo }} | |
ref: ${{ github.event.inputs.custom_branch }} | |
path: 'external_repo' | |
- name: Build Experimental Image from External Repo | |
if: github.event.inputs.branch == 'custom' | |
uses: docker/build-push-action@v4 | |
with: | |
push: true | |
context: external_repo | |
tags: | | |
localhost:5000/externalimage:latest | |
file: "external_repo/docker/Dockerfile" | |
platforms: linux/amd64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: List docker images | |
if: github.event.inputs.branch == 'custom' | |
run: | | |
docker images -a | |
- name: Build and Push Experimental Image | |
if: github.event.inputs.branch == 'custom' | |
uses: docker/build-push-action@v4 | |
with: | |
# ${{ github.event.inputs.custom_repo }}:${{ github.event.inputs.custom_branch }} | |
push: true | |
context: . | |
tags: | | |
docker.io/realtyem/synapse:${{ github.event.inputs.custom_branch }} | |
ghcr.io/realtyem/synapse:${{ github.event.inputs.custom_branch }} | |
build-contexts: | | |
matrixdotorg/synapse=docker-image://localhost:5000/externalimage:latest | |
file: "Dockerfile-unified" | |
platforms: linux/amd64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Build and Push Pull Request(develop only) Image | |
if: | | |
github.event_name == 'pull_request' | |
uses: docker/build-push-action@v4 | |
with: | |
push: true | |
context: . | |
tags: | | |
realtyem/synapse:${{ github.head_ref }} | |
ghcr.io/realtyem/synapse:${{ github.head_ref }} | |
build-contexts: | | |
matrixdotorg/synapse=docker-image://matrixdotorg/synapse:develop | |
file: "Dockerfile-unified" | |
platforms: linux/amd64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |