-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #34 from wayofdev/feat/docker-bake
feat!: migrate to docker-bake.hcl approach
- Loading branch information
Showing
6 changed files
with
389 additions
and
91 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
--- | ||
|
||
rules: | ||
# If the efficiency is measured below X%, mark as failed. | ||
# Expressed as a ratio between 0-1. | ||
lowestEfficiency: 0.95 | ||
|
||
# If the amount of wasted space is at least X or larger than X, mark as failed. | ||
# Expressed in B, KB, MB, and GB. | ||
highestWastedBytes: 20MB | ||
|
||
# If the amount of wasted space makes up for X% or more of the image, mark as failed. | ||
# Note: the base image layer is NOT included in the total image size. | ||
# Expressed as a ratio between 0-1; fails if the threshold is met or crossed. | ||
highestUserWastedPercent: 0.20 | ||
|
||
... |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,204 @@ | ||
--- | ||
|
||
on: # yamllint disable-line rule:truthy | ||
workflow_dispatch: | ||
push: | ||
branches: | ||
- master | ||
release: | ||
types: | ||
- released | ||
schedule: | ||
- cron: "30 10 * * *" | ||
|
||
env: | ||
DOCKER_NAMESPACE: wayofdev/nginx | ||
GHCR_NAMESPACE: ghcr.io/wayofdev/docker-nginx | ||
|
||
name: 🚀 Build docker images with latest tag | ||
|
||
concurrency: | ||
group: "${{ github.workflow }}-${{ github.ref }}" | ||
cancel-in-progress: true | ||
|
||
jobs: | ||
build: | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
os_name: ["alpine"] | ||
nginx_type: ["dev", "k8s"] | ||
builder: [{arch: "amd64", os: "ubuntu-latest"}, {arch: "arm64", os: "ubuntu-latest"}] | ||
runs-on: ${{ matrix.builder.os }} | ||
steps: | ||
|
||
- name: 🌎 Set environment variables | ||
run: | | ||
tag="${{ matrix.nginx_type }}-${{ matrix.os_name }}-${{ matrix.builder.arch }}" | ||
target="nginx-${{ matrix.nginx_type }}-${{ matrix.os_name }}" | ||
echo "TARGET=${target}" >> "$GITHUB_ENV" | ||
echo "PLATFORM_CACHE_TAG=${tag}" >> "$GITHUB_ENV" | ||
- name: 📦 Check out the codebase | ||
uses: actions/[email protected] | ||
|
||
- name: 🤖 Generate dist files | ||
run: ansible-playbook src/playbook.yml -l ${{ matrix.nginx_type }}-${{ matrix.os_name }} | ||
|
||
- name: 🖥️ Setup docker QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
with: | ||
platforms: linux/${{ matrix.builder.arch }} | ||
|
||
- name: 🛠️ Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
with: | ||
platforms: linux/${{ matrix.builder.arch }} | ||
buildkitd-flags: "--debug" | ||
|
||
- name: 🐳 Extract docker meta data | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: | | ||
${{ env.DOCKER_NAMESPACE }} | ||
${{ env.GHCR_NAMESPACE }} | ||
tags: | | ||
type=raw,event=branch,value=latest | ||
type=ref,event=tag | ||
type=semver,pattern={{version}} | ||
type=semver,pattern={{major}}.{{minor}} | ||
flavor: | | ||
latest=false | ||
prefix=${{ matrix.nginx_type }}-${{ matrix.os_name }}- | ||
- name: ⚙️ Rename meta bake definition file | ||
run: | | ||
mv "${{ steps.meta.outputs.bake-file }}" "/tmp/bake-meta-${{ env.PLATFORM_CACHE_TAG }}.json" | ||
- name: 📤 Upload meta bake definition | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: bake-meta-${{ env.PLATFORM_CACHE_TAG }}.json | ||
path: /tmp/bake-meta-*.json | ||
if-no-files-found: error | ||
retention-days: 1 | ||
|
||
- name: 🔑 Login to docker-hub | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: docker.io | ||
username: ${{ secrets.DOCKER_USERNAME }} | ||
password: ${{ secrets.DOCKER_TOKEN }} | ||
|
||
- name: 🔑 Login to GHCR | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.repository_owner }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: 🚀 Bake image and push to docker-hub and GHCR | ||
id: bake | ||
uses: docker/[email protected] | ||
with: | ||
targets: ${{ env.TARGET }} | ||
files: | | ||
./docker-bake.hcl | ||
/tmp/bake-meta-${{ env.PLATFORM_CACHE_TAG }}.json | ||
set: | | ||
*.tags= | ||
*.platform=linux/${{ matrix.builder.arch }} | ||
*.cache-from=type=gha,scope=build-${{ env.PLATFORM_CACHE_TAG }} | ||
*.cache-to=type=gha,scope=build-${{ env.PLATFORM_CACHE_TAG }} | ||
*.output=type=image,"name=${{ env.DOCKER_NAMESPACE }},${{ env.GHCR_NAMESPACE }}",push-by-digest=true,name-canonical=true,push=true | ||
- name: 📥 Export digest | ||
run: | | ||
mkdir -p /tmp/digests | ||
echo "Bake Metadata: ${{ steps.bake.outputs.metadata }}" | ||
digest=$(echo '${{ steps.bake.outputs.metadata }}' | jq -r '.["${{ env.TARGET }}"]["containerimage.digest"]') | ||
if [[ -z "$digest" || "$digest" == "null" ]]; then | ||
echo "Digest not found." | ||
exit 1 | ||
fi | ||
echo "Digest: $digest" | ||
touch "/tmp/digests/${digest#sha256:}" | ||
- name: 📤 Upload digest | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: digests-${{ env.PLATFORM_CACHE_TAG }} | ||
path: /tmp/digests/* | ||
if-no-files-found: error | ||
retention-days: 1 | ||
|
||
merge: | ||
needs: build | ||
runs-on: ubuntu-latest | ||
steps: | ||
|
||
- name: 📥 Download meta bake definitions | ||
uses: actions/download-artifact@v4 | ||
with: | ||
pattern: bake-meta-* | ||
path: /tmp | ||
merge-multiple: true | ||
|
||
- name: 📥 Download meta bake definitions | ||
uses: actions/download-artifact@v4 | ||
with: | ||
pattern: digests-* | ||
path: /tmp/digests | ||
|
||
- name: 🔑 Login to docker-hub | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ secrets.DOCKER_USERNAME }} | ||
password: ${{ secrets.DOCKER_TOKEN }} | ||
|
||
- name: 🔑 Login to GHCR | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.repository_owner }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: 🖥️ Setup docker QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
with: | ||
platforms: linux/amd64,linux/arm64 | ||
|
||
- name: 🛠️ Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
with: | ||
platforms: linux/amd64,linux/arm64 | ||
buildkitd-flags: "--debug" | ||
|
||
- name: 📦 Check out the codebase | ||
uses: actions/[email protected] | ||
|
||
- name: 🚀 Create manifest list and push | ||
working-directory: /tmp | ||
run: | | ||
variants=($(ls bake-meta-*.json | sed -E 's/bake-meta-//; s/-amd64.json|-arm64.json//g' | sort -u)) | ||
for variant in "${variants[@]}"; do | ||
# Fetch digests for amd64 and arm64 architectures | ||
DIGEST_AMD64=$(basename $(ls /tmp/digests/digests-${variant}-amd64/*)) | ||
DIGEST_ARM64=$(basename $(ls /tmp/digests/digests-${variant}-arm64/*)) | ||
echo "Digest AMD64: $DIGEST_AMD64" | ||
echo "Digest ARM64: $DIGEST_ARM64" | ||
# Create the manifest list for Docker Hub | ||
docker buildx imagetools create $(jq -cr ".target.\"docker-metadata-action\".tags | map(select(startswith(\"${DOCKER_NAMESPACE}\")) | \"-t \" + .) | join(\" \")" /tmp/bake-meta-${variant}-amd64.json) \ | ||
"${DOCKER_NAMESPACE}@sha256:${DIGEST_AMD64}" \ | ||
"${DOCKER_NAMESPACE}@sha256:${DIGEST_ARM64}" | ||
# Create the manifest list for GHCR | ||
docker buildx imagetools create $(jq -cr ".target.\"docker-metadata-action\".tags | map(select(startswith(\"${GHCR_NAMESPACE}\")) | \"-t \" + .) | join(\" \")" /tmp/bake-meta-${variant}-amd64.json) \ | ||
"${GHCR_NAMESPACE}@sha256:${DIGEST_AMD64}" \ | ||
"${GHCR_NAMESPACE}@sha256:${DIGEST_ARM64}" | ||
done | ||
... |
Oops, something went wrong.