GitHub Actions updates

lmakarov · lmakarov · commit c697b68e109d · 2024-05-17T17:48:29.000+02:00
diff --git a/.github/scripts/docker-tag-delete.sh b/.github/scripts/docker-tag-delete.sh
@@ -18,7 +18,7 @@ if [[ "${1}" == "" ]]; then
 	exit 1
 else
 	# Split image:tag
-	IFS=$':' read IMAGE TAG <<< ${1};
+	IFS=$':' read IMAGE TAG <<< "${1}";
 	# Remove registry prefix from image if present
 	IMAGE=${IMAGE#"docker.io/"}
 fi
@@ -42,4 +42,4 @@ output=$(curl -sI "https://hub.docker.com/v2/repositories/${IMAGE}/tags/${TAG}/"
 )
 
 # Return and error if HTTP response code is not 204
-echo "${output}" | grep "HTTP/1.1 204 NO CONTENT"
+echo "${output}" | grep -i "HTTP/1.1 204 No Content"
diff --git a/.github/scripts/docker-tags.sh b/.github/scripts/docker-tags.sh
@@ -35,7 +35,7 @@ set_output() {
 	# Print with new lines for output in build logs
 	(IFS=$'\n'; echo "${outputArr[*]}")
 	# Using newlines in output variables does not seem to work, so we'll use comas
-	(IFS=$','; echo "::set-output name=tags::${outputArr[*]}")
+	(IFS=$','; echo tags="${outputArr[*]}" | tee -a ${GITHUB_OUTPUT})
 }
 
 # Image tags
@@ -71,4 +71,4 @@ fi
 # Note: imageTagArr is passed as variable name ("reference") and then expanded inside the called function
 # See https://stackoverflow.com/questions/16461656/how-to-pass-array-as-an-argument-to-a-function-in-bash/26443029#26443029
 # DockerHub tags
-set_output imageTagArr
+set_output imageTagArr
diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml
@@ -23,7 +23,7 @@ env:
 jobs:
   build:
     name: "Build: ${{ matrix.version }}/${{ matrix.arch }}"
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     strategy:
       fail-fast: false # Don't cancel other jobs if one fails
@@ -59,7 +59,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       -
         name: Environment variables
         run: |
@@ -70,18 +70,18 @@ jobs:
           echo ARM64_HOST_SSH_CERT="$(ssh-keyscan -t rsa ${{ secrets.ARM64_HOST }} 2>/dev/null)" | tee -a ${GITHUB_ENV}
       -
         name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
       -
         name: Check Docker
         run: |
           docker version
           docker info
       -
         name: Login to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -91,7 +91,7 @@ jobs:
       -
         # Build and cache image in the registry
         name: Build image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: ${{ env.BUILD_DIR }}
           file: ${{ env.BUILD_DIR }}/Dockerfile
@@ -103,13 +103,22 @@ jobs:
           # Push intermediate arch-specific build tag to repo
           tags: ${{ env.BUILD_IMAGE_TAG }}-${{ env.GIT_SHA7 }}-${{ env.ARCH }}
           push: ${{ github.event_name != 'pull_request' }} # Don't push for PRs
+          # Disable automatic image attestations
+          # With image attestations enabled, the image tag pushed to the registry is a manifest list.
+          # That makes it impossible to stitch different platform images together in a manifest list, since you
+          # cannot have a manifest list of manifest lists.
+          # See https://docs.docker.com/build/attestations/attestation-storage/
+          # TODO: Refactor to allow for image attestations
+          provenance: false
+          sbom: false
           # BUILD_IMAGE_TAG - persistent multi-arch tag, updated at the end of the build (success or failure)
-          cache-from: type=registry,ref=${{ env.BUILD_IMAGE_TAG }}
-          cache-to: type=inline # Write the cache metadata into the image configuration
+          # Use registry cache with max mode to cahce all image layers in the registry
+          cache-from: type=registry,ref=${{ env.BUILD_IMAGE_TAG }}-cache-${{ env.ARCH }}
+          cache-to: type=registry,ref=${{ env.BUILD_IMAGE_TAG }}-cache-${{ env.ARCH }},mode=max
 
   test:
     name: "Test: ${{ matrix.version }}/${{ matrix.arch }}"
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: build
 
     strategy:
@@ -134,12 +143,10 @@ jobs:
     steps:
       -
         name: Setup Bats
-        uses: mig4/setup-bats@v1
-        with:
-          bats-version: "1.3.0"
+        uses: bats-core/bats-action@2.0.0
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       -
         name: Environment variables
         run: |
@@ -181,14 +188,16 @@ jobs:
       # Dynamic variable names cannot be used when mapping step outputs to job outputs.
       # Step outputs cannot be accessed directly from other jobs. Dead end.
       - name: Store test results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
-          name: test-results
+          name: test-results-${{ env.GIT_SHA7 }}-${{ env.VERSION_PREFIX }}${{ env.VERSION }}-${{ env.ARCH }}
           path: ${{ github.workspace }}/test-results-*.txt
+          if-no-files-found: error
+          overwrite: true
 
   push:
     name: "Push: ${{ matrix.version }}/multi"
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     # Wait for test to either succeed or fail
     needs: test
@@ -208,7 +217,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       -
         name: Environment variables
         run: |
@@ -220,15 +229,16 @@ jobs:
       -
         # Login to Docker Hub
         name: Login to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Retrieve test results
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
         with:
-          name: test-results
+          pattern: test-results-${{ env.GIT_SHA7 }}-*
+          merge-multiple: true
       -
         # Generate persistent tags (edge, stable, release)
         name: Docker image tags
@@ -265,5 +275,5 @@ jobs:
             docker manifest push ${tag}
           done
           # Clean up intermediate arch-specific image tags (DockerHub only)
-          .github/scripts/docker-tag-delete.sh ${{ env.BUILD_IMAGE_TAG }}-${{ env.GIT_SHA7 }}-amd64
-          .github/scripts/docker-tag-delete.sh ${{ env.BUILD_IMAGE_TAG }}-${{ env.GIT_SHA7 }}-arm64
+          .github/scripts/docker-tag-delete.sh "${{ env.BUILD_IMAGE_TAG }}-${{ env.GIT_SHA7 }}-amd64"
+          .github/scripts/docker-tag-delete.sh "${{ env.BUILD_IMAGE_TAG }}-${{ env.GIT_SHA7 }}-arm64"
