-
Notifications
You must be signed in to change notification settings - Fork 1
executable file
·266 lines (240 loc) · 10 KB
/
docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
# GitHub actions workflow which builds and publishes the docker images. Four images can come from this run
# 1. A latest image which is based on an actual release, also tagged with version number in format 'v*.*.*'
# 2. A prerelease image which is based on release candidates. This is only tagged with a version, 'v*.*.*'
# 3. A nightly image, which is based on the develop branch and is cut at 1 UTC which is about 8pm in my timezone
# 4. A custom image, sourced from a remote repository. Give the workflow a custom repo in the format 'owner/repo'
# and a branch in the format 'custom-branch' and an image will be built and uploaded with the custom branch
# name as it's tag. Do not use characters in your branch name that are not docker tag approved, or the build
# will fail. Hyphens are ok, underscores and either slashes are not.
# All are automated builds, by checking the matrix-org repo once a day and if a new release is found building
# the image, or in the case of nightly just building it every night, even weekends(sometimes things get committed
# then too).
# Added 2023.03.16: Push to GHCR.io registry as well. According to:
# https://docs.github.com/en/actions/publishing-packages/publishing-docker-images#publishing-images-to-docker-hub-and-github-packages
# it is as simple as logging into both dockerhub and ghcr.io and then updating the tags to reference both places. It's unclear
# if the image to go to dockerhub should be prefixed with 'docker.io' or not. Write permissions active for 'packages' is an
# important detail.
# Added 2023.07.08: Build from custom repo and branch
# Mutated the unified dockerfile to remove the $FROM ARG and use build-contexts instead, which allows overriding
# the image pulled from the outside. Added in a a local registry to store the intermediate image built, as the
# local docker store won't allow access to built images directly(some kind of security issue?). Information came from:
# https://docs.docker.com/build/ci/github-actions/named-contexts and the normal docs for docker buildx.
# Also went ahead and reformatted this file and fixed some loose conditions.
# We rebuild Release, Pre-Release and Nightly if there is a human change(push) to the master branch. Earlier in the day, a different
# workflow will make updates to the release files and commit those changes. These changes are not detected here. A later scheduled
# run will check for these changes and build appropriate images. In the case of Nightly, it will be built every night.
# The conditions to look for are:
# schedule:
# release: steps.changes.outputs.release == true
# prelease: steps.changes.outputs.prerelease == true
# nightly: github.event_name == 'schedule'
#
# push: always rebuild all images
# workflow_dispatch: always rebuild all images if master branch is chosen
name: Build docker images
on:
schedule:
- cron: '0 1 * * *'
push:
branches:
- "master"
workflow_dispatch:
inputs:
branch:
type: choice
options:
- master
- custom
custom_repo:
custom_branch:
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
packages: write
jobs:
build-unified:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: dorny/paths-filter@v2
# If the automated schedule for updating the version string has run and committed
# an update, it will not register as a push. Only human pushed changes register as
# such.
if: |
github.event_name == 'schedule'
id: changes
with:
base: 'master'
filters: |
release:
- 'release-versions/synapse-latest.txt'
prerelease:
- 'release-versions/synapse-prerelease.txt'
# - name: Set up QEMU
# id: qemu
# uses: docker/setup-qemu-action@v2
# with:
# platforms: arm64
- name: Get Release Version
id: get_release_version
if: |
github.event_name == 'push' ||
steps.changes.outputs.release == 'true' ||
github.event.inputs.branch == 'master'
run: |
echo "synapse_latest_version=$(cat release-versions/synapse-latest.txt)" >> $GITHUB_OUTPUT
- name: Get Pre-Release Version
id: get_prerelease_version
if: |
github.event_name == 'push' ||
steps.changes.outputs.prerelease == 'true' ||
github.event.inputs.branch == 'master'
run: |
echo "synapse_prerelease_version=$(cat release-versions/synapse-prerelease.txt)" >> $GITHUB_OUTPUT
- name: Grab Context
env:
EVENT_CONTEXT: ${{ toJSON(github) }}
STEPS_CONTEXT: ${{ toJSON(steps) }}
run: |
echo $EVENT_CONTEXT
- name: Grab Github ENV outputs
run: |
echo ${GITHUB_OUTPUT}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
with:
driver-opts: network=host
- name: Log in to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to GHCR.io
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push Latest Image
if: |
github.event_name == 'push' ||
steps.changes.outputs.release == 'true' ||
github.event.inputs.branch == 'master'
uses: docker/build-push-action@v4
with:
push: true
context: .
labels: "gitsha1=${{ github.sha }}"
tags: |
realtyem/synapse:latest
realtyem/synapse:${{ steps.get_release_version.outputs.synapse_latest_version }}
ghcr.io/realtyem/synapse:latest
ghcr.io/realtyem/synapse:${{ steps.get_release_version.outputs.synapse_latest_version }}
build-contexts: |
matrixdotorg/synapse=docker-image://matrixdotorg/synapse:${{ steps.get_release_version.outputs.synapse_latest_version }}
file: "Dockerfile-unified"
platforms: linux/amd64
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and Push Pre-Release Image
if: |
github.event_name == 'push' ||
steps.changes.outputs.prerelease == 'true' ||
github.event.inputs.branch == 'master'
uses: docker/build-push-action@v4
with:
push: true
context: .
labels: "gitsha1=${{ github.sha }}"
tags: |
realtyem/synapse:${{ steps.get_prerelease_version.outputs.synapse_prerelease_version }}
ghcr.io/realtyem/synapse:${{ steps.get_prerelease_version.outputs.synapse_prerelease_version }}
build-contexts: |
matrixdotorg/synapse=docker-image://matrixdotorg/synapse:${{ steps.get_prerelease_version.outputs.synapse_prerelease_version }}
file: "Dockerfile-unified"
platforms: linux/amd64
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and Push Nightly Image
if: |
github.event_name == 'push' ||
github.event_name == 'schedule' ||
github.event.inputs.branch == 'master'
uses: docker/build-push-action@v4
with:
push: true
context: .
tags: |
realtyem/synapse:nightly
ghcr.io/realtyem/synapse:nightly
build-contexts: |
matrixdotorg/synapse=docker-image://matrixdotorg/synapse:develop
file: "Dockerfile-unified"
platforms: linux/amd64
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Experimental Image - Download external repo
if: github.event.inputs.branch == 'custom'
uses: actions/checkout@v3
with:
repository: ${{ github.event.inputs.custom_repo }}
ref: ${{ github.event.inputs.custom_branch }}
path: 'external_repo'
- name: Build Experimental Image from External Repo
if: github.event.inputs.branch == 'custom'
uses: docker/build-push-action@v4
with:
push: true
context: external_repo
tags: |
localhost:5000/externalimage:latest
file: "external_repo/docker/Dockerfile"
platforms: linux/amd64
cache-from: type=gha
cache-to: type=gha,mode=max
- name: List docker images
if: github.event.inputs.branch == 'custom'
run: |
docker images -a
- name: Build and Push Experimental Image
if: github.event.inputs.branch == 'custom'
uses: docker/build-push-action@v4
with:
# ${{ github.event.inputs.custom_repo }}:${{ github.event.inputs.custom_branch }}
push: true
context: .
tags: |
docker.io/realtyem/synapse:${{ github.event.inputs.custom_branch }}
ghcr.io/realtyem/synapse:${{ github.event.inputs.custom_branch }}
build-contexts: |
matrixdotorg/synapse=docker-image://localhost:5000/externalimage:latest
file: "Dockerfile-unified"
platforms: linux/amd64
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and Push Pull Request(develop only) Image
if: |
github.event_name == 'pull_request'
uses: docker/build-push-action@v4
with:
push: true
context: .
tags: |
realtyem/synapse:${{ github.head_ref }}
ghcr.io/realtyem/synapse:${{ github.head_ref }}
build-contexts: |
matrixdotorg/synapse=docker-image://matrixdotorg/synapse:develop
file: "Dockerfile-unified"
platforms: linux/amd64
cache-from: type=gha
cache-to: type=gha,mode=max