wayofdev · lotyp · Sep 14, 2024 · Sep 14, 2024
@@ -0,0 +1,17 @@
+---
+
+rules:
+  # If the efficiency is measured below X%, mark as failed.
+  # Expressed as a ratio between 0-1.
+  lowestEfficiency: 0.95
+
+  # If the amount of wasted space is at least X or larger than X, mark as failed.
+  # Expressed in B, KB, MB, and GB.
+  highestWastedBytes: 20MB
+
+  # If the amount of wasted space makes up for X% or more of the image, mark as failed.
+  # Note: the base image layer is NOT included in the total image size.
+  # Expressed as a ratio between 0-1; fails if the threshold is met or crossed.
+  highestUserWastedPercent: 0.20
+
+...
@@ -0,0 +1,204 @@
+---
+
+on:  # yamllint disable-line rule:truthy
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+  release:
+    types:
+      - released
+  schedule:
+    - cron: "30 10 * * *"
+
+env:
+  DOCKER_NAMESPACE: wayofdev/nginx
+  GHCR_NAMESPACE: ghcr.io/wayofdev/docker-nginx
+
+name: 🚀 Build docker images with latest tag
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        os_name: ["alpine"]
+        nginx_type: ["dev", "k8s"]
+        builder: [{arch: "amd64", os: "ubuntu-latest"}, {arch: "arm64", os: "ubuntu-latest"}]
+    runs-on: ${{ matrix.builder.os }}
+    steps:
+
+      - name: 🌎 Set environment variables
+        run: |
+          tag="${{ matrix.nginx_type }}-${{ matrix.os_name }}-${{ matrix.builder.arch }}"
+          target="nginx-${{ matrix.nginx_type }}-${{ matrix.os_name }}"
+          echo "TARGET=${target}" >> "$GITHUB_ENV"
+          echo "PLATFORM_CACHE_TAG=${tag}" >> "$GITHUB_ENV"
+
+      - name: 📦 Check out the codebase
+        uses: actions/[email protected]
+
+      - name: 🤖 Generate dist files
+        run: ansible-playbook src/playbook.yml -l ${{ matrix.nginx_type }}-${{ matrix.os_name }}
+
+      - name: 🖥️ Setup docker QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: linux/${{ matrix.builder.arch }}
+
+      - name: 🛠️ Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/${{ matrix.builder.arch }}
+          buildkitd-flags: "--debug"
+
+      - name: 🐳 Extract docker meta data
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.DOCKER_NAMESPACE }}
+            ${{ env.GHCR_NAMESPACE }}
+          tags: |
+            type=raw,event=branch,value=latest
+            type=ref,event=tag
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+          flavor: |
+            latest=false
+            prefix=${{ matrix.nginx_type }}-${{ matrix.os_name }}-
+
+      - name: ⚙️ Rename meta bake definition file
+        run: |
+          mv "${{ steps.meta.outputs.bake-file }}" "/tmp/bake-meta-${{ env.PLATFORM_CACHE_TAG }}.json"
+
+      - name: 📤 Upload meta bake definition
+        uses: actions/upload-artifact@v4
+        with:
+          name: bake-meta-${{ env.PLATFORM_CACHE_TAG }}.json
+          path: /tmp/bake-meta-*.json
+          if-no-files-found: error
+          retention-days: 1
+
+      - name: 🔑 Login to docker-hub
+        uses: docker/login-action@v3
+        with:
+          registry: docker.io
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      - name: 🔑 Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: 🚀 Bake image and push to docker-hub and GHCR
+        id: bake
+        uses: docker/[email protected]
+        with:
+          targets: ${{ env.TARGET }}
+          files: |
+            ./docker-bake.hcl
+            /tmp/bake-meta-${{ env.PLATFORM_CACHE_TAG }}.json
+          set: |
+            *.tags=
+            *.platform=linux/${{ matrix.builder.arch }}
+            *.cache-from=type=gha,scope=build-${{ env.PLATFORM_CACHE_TAG }}
+            *.cache-to=type=gha,scope=build-${{ env.PLATFORM_CACHE_TAG }}
+            *.output=type=image,"name=${{ env.DOCKER_NAMESPACE }},${{ env.GHCR_NAMESPACE }}",push-by-digest=true,name-canonical=true,push=true
+
+      - name: 📥 Export digest
+        run: |
+          mkdir -p /tmp/digests
+          echo "Bake Metadata: ${{ steps.bake.outputs.metadata }}"
+          digest=$(echo '${{ steps.bake.outputs.metadata }}' | jq -r '.["${{ env.TARGET }}"]["containerimage.digest"]')
+          if [[ -z "$digest" || "$digest" == "null" ]]; then
+            echo "Digest not found."
+            exit 1
+          fi
+          echo "Digest: $digest"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: 📤 Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_CACHE_TAG }}
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: 📥 Download meta bake definitions
+        uses: actions/download-artifact@v4
+        with:
+          pattern: bake-meta-*
+          path: /tmp
+          merge-multiple: true
+
+      - name: 📥 Download meta bake definitions
+        uses: actions/download-artifact@v4
+        with:
+          pattern: digests-*
+          path: /tmp/digests
+
+      - name: 🔑 Login to docker-hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      - name: 🔑 Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: 🖥️ Setup docker QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+
+      - name: 🛠️ Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+          buildkitd-flags: "--debug"
+
+      - name: 📦 Check out the codebase
+        uses: actions/[email protected]
+
+      - name: 🚀 Create manifest list and push
+        working-directory: /tmp
+        run: |
+          variants=($(ls bake-meta-*.json | sed -E 's/bake-meta-//; s/-amd64.json|-arm64.json//g' | sort -u))
+          for variant in "${variants[@]}"; do
+
+            # Fetch digests for amd64 and arm64 architectures
+            DIGEST_AMD64=$(basename $(ls /tmp/digests/digests-${variant}-amd64/*))
+            DIGEST_ARM64=$(basename $(ls /tmp/digests/digests-${variant}-arm64/*))
+            echo "Digest AMD64: $DIGEST_AMD64"
+            echo "Digest ARM64: $DIGEST_ARM64"
+
+            # Create the manifest list for Docker Hub
+            docker buildx imagetools create $(jq -cr ".target.\"docker-metadata-action\".tags | map(select(startswith(\"${DOCKER_NAMESPACE}\")) | \"-t \" + .) | join(\" \")" /tmp/bake-meta-${variant}-amd64.json) \
+              "${DOCKER_NAMESPACE}@sha256:${DIGEST_AMD64}" \
+              "${DOCKER_NAMESPACE}@sha256:${DIGEST_ARM64}"
+
+            # Create the manifest list for GHCR
+            docker buildx imagetools create $(jq -cr ".target.\"docker-metadata-action\".tags | map(select(startswith(\"${GHCR_NAMESPACE}\")) | \"-t \" + .) | join(\" \")" /tmp/bake-meta-${variant}-amd64.json) \
+              "${GHCR_NAMESPACE}@sha256:${DIGEST_AMD64}" \
+              "${GHCR_NAMESPACE}@sha256:${DIGEST_ARM64}"
+          done
+
+...