|
1 | | -name: Docker Multi Platform Builds |
| 1 | +name: Build & Push Docker image (multi-platform) |
2 | 2 |
|
3 | 3 | on: |
4 | | - workflow_dispatch: |
5 | 4 | push: |
6 | | - branches: |
7 | | - - 'main' |
8 | 5 | tags: |
9 | | - - 'v*.*.*' |
10 | | - pull_request: |
11 | | - branches: |
12 | | - - 'main' |
| 6 | + - "v*.*.*" |
| 7 | + workflow_dispatch: |
| 8 | + inputs: |
| 9 | + version: |
| 10 | + description: "Docker tag version (vMAJOR.MINOR.PATCH)" |
| 11 | + required: true |
| 12 | + |
| 13 | +permissions: |
| 14 | + contents: read |
| 15 | + |
| 16 | +env: |
| 17 | + DOCKERHUB_IMAGE: oceanenterprise/oe-node |
13 | 18 |
|
14 | 19 | jobs: |
15 | | - build: |
| 20 | + meta: |
| 21 | + name: Determine version |
16 | 22 | runs-on: ubuntu-latest |
17 | | - if: ${{ github.actor != 'dependabot[bot]' }} |
18 | | - strategy: |
19 | | - fail-fast: false |
20 | | - matrix: |
21 | | - platform: ${{ github.event_name == 'pull_request' && fromJSON('["linux/amd64"]') || fromJSON('["linux/amd64","linux/arm64","linux/arm/v7"]') }} |
| 23 | + outputs: |
| 24 | + version: ${{ steps.ver.outputs.version }} |
22 | 25 | steps: |
23 | | - - name: Prepare |
| 26 | + - name: Determine version |
| 27 | + id: ver |
| 28 | + run: | |
| 29 | + set -euo pipefail |
| 30 | + if [ "${{ github.event_name }}" = "push" ]; then |
| 31 | + echo "version=${{ github.ref_name }}" >> "$GITHUB_OUTPUT" |
| 32 | + else |
| 33 | + echo "version=${{ github.event.inputs.version }}" >> "$GITHUB_OUTPUT" |
| 34 | + fi |
| 35 | +
|
| 36 | + - name: Validate version format |
24 | 37 | run: | |
25 | | - platform=${{ matrix.platform }} |
26 | | - echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV |
| 38 | + set -euo pipefail |
| 39 | + VERSION="${{ steps.ver.outputs.version }}" |
| 40 | + if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then |
| 41 | + echo "Invalid version: $VERSION (expected vMAJOR.MINOR.PATCH, e.g. v1.1.0)" |
| 42 | + exit 1 |
| 43 | + fi |
| 44 | +
|
| 45 | + - name: Debug refs |
| 46 | + run: | |
| 47 | + echo "event: ${{ github.event_name }}" |
| 48 | + echo "ref: ${{ github.ref }}" |
| 49 | + echo "ref_name: ${{ github.ref_name }}" |
| 50 | + echo "version: ${{ steps.ver.outputs.version }}" |
| 51 | +
|
| 52 | + build-amd64: |
| 53 | + name: Build amd64 and push by digest |
| 54 | + runs-on: ubuntu-latest |
| 55 | + needs: meta |
| 56 | + if: ${{ github.actor != 'dependabot[bot]' }} |
| 57 | + steps: |
27 | 58 | - name: Checkout |
28 | | - uses: actions/checkout@v2 |
29 | | - - name: Set up QEMU |
30 | | - uses: docker/setup-qemu-action@v3 |
31 | | - with: |
32 | | - platforms: ${{ matrix.platform }} |
33 | | - image: tonistiigi/binfmt:qemu-v8.0.4 |
| 59 | + uses: actions/checkout@v4 |
| 60 | + |
34 | 61 | - name: Set up Docker Buildx |
35 | | - id: buildx |
36 | 62 | uses: docker/setup-buildx-action@v3 |
37 | | - with: |
38 | | - platforms: ${{ matrix.platform }} |
39 | | - - name: Login to Docker Hub |
40 | | - uses: docker/login-action@v1 |
| 63 | + |
| 64 | + - name: Log in to Docker Hub |
| 65 | + uses: docker/login-action@v3 |
41 | 66 | with: |
42 | 67 | username: ${{ secrets.DOCKERHUB_USERNAME }} |
43 | | - password: ${{ secrets.DOCKER_PUSH_TOKEN }} |
| 68 | + password: ${{ secrets.DOCKERHUB_TOKEN }} |
44 | 69 |
|
45 | | - - name: Set Docker metadata |
46 | | - id: ocean_node_meta |
47 | | - uses: docker/metadata-action@v5 |
| 70 | + - name: Build and push (amd64) |
| 71 | + id: build |
| 72 | + uses: docker/build-push-action@v6 |
48 | 73 | with: |
49 | | - images: | |
50 | | - ocnenterprise/ocean-node |
51 | | - # generate Docker tags based on the following events/attributes |
52 | | - tags: | |
53 | | - type=ref,event=branch |
54 | | - type=semver,pattern={{version}} |
55 | | - type=ref,event=pr |
56 | | - # type=semver,pattern={{major}}.{{minor}} |
57 | | - # type=semver,pattern={{major}} |
58 | | - # type=sha |
59 | | - - name: Build and push |
| 74 | + context: . |
| 75 | + platforms: linux/amd64 |
| 76 | + push: true |
| 77 | + outputs: type=image,name=${{ env.DOCKERHUB_IMAGE }},push-by-digest=true,name-canonical=true,push=true |
| 78 | + cache-from: type=gha |
| 79 | + cache-to: type=gha,mode=max |
| 80 | + |
| 81 | + - name: Export digest |
| 82 | + run: | |
| 83 | + set -euo pipefail |
| 84 | + mkdir -p /tmp/digests |
| 85 | + digest="${{ steps.build.outputs.digest }}" |
| 86 | + echo "amd64 digest: $digest" |
| 87 | + touch "/tmp/digests/dockerhub-${digest#sha256:}" |
| 88 | +
|
| 89 | + - name: Upload digest |
| 90 | + uses: actions/upload-artifact@v4 |
| 91 | + with: |
| 92 | + name: digests-linux-amd64 |
| 93 | + path: /tmp/digests/* |
| 94 | + if-no-files-found: error |
| 95 | + retention-days: 1 |
| 96 | + |
| 97 | + build-arm64: |
| 98 | + name: Build arm64 and push by digest |
| 99 | + runs-on: ubuntu-24.04-arm |
| 100 | + needs: meta |
| 101 | + if: ${{ github.actor != 'dependabot[bot]' }} |
| 102 | + steps: |
| 103 | + - name: Checkout |
| 104 | + uses: actions/checkout@v4 |
| 105 | + |
| 106 | + - name: Set up Docker Buildx |
| 107 | + uses: docker/setup-buildx-action@v3 |
| 108 | + |
| 109 | + - name: Log in to Docker Hub |
| 110 | + uses: docker/login-action@v3 |
| 111 | + with: |
| 112 | + username: ${{ secrets.DOCKERHUB_USERNAME }} |
| 113 | + password: ${{ secrets.DOCKERHUB_TOKEN }} |
| 114 | + |
| 115 | + - name: Build and push (arm64) |
60 | 116 | id: build |
61 | | - uses: docker/build-push-action@v5 |
| 117 | + uses: docker/build-push-action@v6 |
62 | 118 | with: |
63 | | - builder: ${{ steps.buildx.outputs.name }} |
64 | 119 | context: . |
65 | | - platforms: ${{ matrix.platform }} |
66 | | - push: false |
67 | | - # tags: ${{ steps.ocean_node_meta.outputs.tags }} |
68 | | - labels: ${{ steps.ocean_node_meta.outputs.labels }} |
69 | | - outputs: type=image,name=ocnenterprise/ocean-node,push-by-digest=true,name-canonical=true,push=true |
| 120 | + platforms: linux/arm64 |
| 121 | + push: true |
| 122 | + outputs: type=image,name=${{ env.DOCKERHUB_IMAGE }},push-by-digest=true,name-canonical=true,push=true |
| 123 | + cache-from: type=gha |
| 124 | + cache-to: type=gha,mode=max |
| 125 | + |
70 | 126 | - name: Export digest |
71 | 127 | run: | |
| 128 | + set -euo pipefail |
72 | 129 | mkdir -p /tmp/digests |
73 | 130 | digest="${{ steps.build.outputs.digest }}" |
74 | | - touch "/tmp/digests/${digest#sha256:}" |
| 131 | + echo "arm64 digest: $digest" |
| 132 | + touch "/tmp/digests/dockerhub-arm64-${digest#sha256:}" |
| 133 | +
|
75 | 134 | - name: Upload digest |
76 | 135 | uses: actions/upload-artifact@v4 |
77 | 136 | with: |
78 | | - name: digests-${{ env.PLATFORM_PAIR }} |
| 137 | + name: digests-linux-arm64 |
79 | 138 | path: /tmp/digests/* |
80 | 139 | if-no-files-found: error |
81 | 140 | retention-days: 1 |
82 | 141 |
|
83 | 142 | merge: |
| 143 | + name: Create multi-arch manifest and push tags |
84 | 144 | runs-on: ubuntu-latest |
| 145 | + needs: [meta, build-amd64, build-arm64] |
85 | 146 | if: ${{ github.actor != 'dependabot[bot]' }} |
86 | | - needs: |
87 | | - - build |
88 | 147 | steps: |
89 | 148 | - name: Download digests |
90 | 149 | uses: actions/download-artifact@v4 |
91 | 150 | with: |
92 | 151 | path: /tmp/digests |
93 | 152 | pattern: digests-* |
94 | 153 | merge-multiple: true |
| 154 | + |
95 | 155 | - name: Set up Docker Buildx |
96 | 156 | uses: docker/setup-buildx-action@v3 |
97 | | - - name: Set Docker metadata |
98 | | - id: ocean_node_meta |
99 | | - uses: docker/metadata-action@v5 |
100 | | - with: |
101 | | - images: | |
102 | | - ocnenterprise/ocean-node |
103 | | - # generate Docker tags based on the following events/attributes |
104 | | - tags: | |
105 | | - type=ref,event=branch |
106 | | - type=semver,pattern={{version}} |
107 | | - type=ref,event=pr |
108 | | - # type=semver,pattern={{major}}.{{minor}} |
109 | | - # type=semver,pattern={{major}} |
110 | | - # type=sha |
111 | | - - name: Login to Docker Hub |
| 157 | + |
| 158 | + - name: Log in to Docker Hub |
112 | 159 | uses: docker/login-action@v3 |
113 | 160 | with: |
114 | 161 | username: ${{ secrets.DOCKERHUB_USERNAME }} |
115 | | - password: ${{ secrets.DOCKER_PUSH_TOKEN }} |
116 | | - - name: Create manifest list and push |
| 162 | + password: ${{ secrets.DOCKERHUB_TOKEN }} |
| 163 | + |
| 164 | + - name: Create manifest list and push (version + latest) |
117 | 165 | working-directory: /tmp/digests |
118 | 166 | run: | |
119 | | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ |
120 | | - $(printf 'ocnenterprise/ocean-node@sha256:%s ' *) |
121 | | - - name: Inspect image |
| 167 | + set -euo pipefail |
| 168 | + VERSION="${{ needs.meta.outputs.version }}" |
| 169 | + IMAGE="${{ env.DOCKERHUB_IMAGE }}" |
| 170 | +
|
| 171 | + |
| 172 | + DIGESTS=$(ls dockerhub-* | sed -e "s|dockerhub-arm64-|${IMAGE}@sha256:|" -e "s|dockerhub-|${IMAGE}@sha256:|" | tr '\n' ' ') |
| 173 | + echo "Digests: $DIGESTS" |
| 174 | +
|
| 175 | + docker buildx imagetools create \ |
| 176 | + -t "${IMAGE}:${VERSION}" \ |
| 177 | + -t "${IMAGE}:latest" \ |
| 178 | + $DIGESTS |
| 179 | +
|
| 180 | + - name: Inspect pushed image (version) |
122 | 181 | run: | |
123 | | - docker buildx imagetools inspect ocnenterprise/ocean-node:${{ steps.ocean_node_meta.outputs.version }} |
| 182 | + docker buildx imagetools inspect ${{ env.DOCKERHUB_IMAGE }}:${{ needs.meta.outputs.version }} |
0 commit comments