Skip to content

Commit 81061fb

Browse files
douyun-dtyqdouyun-dtyq
committed
dasd
1 parent f94203f commit 81061fb

File tree

5 files changed

+351
-206
lines changed

5 files changed

+351
-206
lines changed

.github/workflows/build.yml

Lines changed: 14 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,6 @@ on:
1818
env:
1919
TRY_MIRRORS: ""
2020
PUBLIC_MIRROR: "https://dl-cdn.alpinelinux.org" # no mirror needed at github actions
21-
IMAGE_NAME: php-dockerfile # only used for default local image name
2221

2322
jobs:
2423
prepare:
@@ -93,8 +92,8 @@ jobs:
9392
if "${{ secrets.AWS_ECR_CRED }}":
9493
images.append("${{ inputs.awsEcrImageName }}" or "public.ecr.aws/${{ github.repository }}")
9594
96-
serialized = json.dumps(images)
97-
githubOutput.write(f"images={serialized}\n")
95+
imagesString = " ".join(images)
96+
githubOutput.write(f"images={imagesString}\n")
9897
9998
githubOutput.close()
10099
@@ -171,47 +170,20 @@ jobs:
171170
shell: bash
172171
id: build
173172
run: |
174-
GITHUB_TOKEN="${{ github.token }}" ./build.py "${{ matrix.tag }}"
175-
176-
# push single arch image
177-
if [ "$(uname -m)" = "x86_64" ]; then
178-
DOCKER_ARCH="amd64"
179-
elif [ "$(uname -m)" = "aarch64" ]; then
180-
DOCKER_ARCH="arm64"
181-
else
182-
echo "unknown architecture: $(uname -m)"
183-
exit 1
184-
fi
185-
186-
IMAGE="${{ inputs.ghcrImageName || format('ghcr.io/{0}', github.repository) }}"
187-
docker tag "${IMAGE_NAME}:${{ matrix.tag }}" "${IMAGE}:${{ matrix.tag }}-${DOCKER_ARCH}"
188-
docker tag "${IMAGE_NAME}:${{ matrix.tag }}-debuggable" "${IMAGE}:${{ matrix.tag }}-debuggable-${DOCKER_ARCH}"
189-
docker push "${IMAGE}:${{ matrix.tag }}-${DOCKER_ARCH}"
190-
docker push "${IMAGE}:${{ matrix.tag }}-debuggable-${DOCKER_ARCH}"
191-
192-
digest=$(docker inspect "${IMAGE}:${{ matrix.tag }}-${DOCKER_ARCH}" | jq -r '.[0].RepoDigests[0]')
193-
digest="${digest#*@}"
173+
GITHUB_TOKEN="${{ github.token }}" \
174+
./build.py "${{ matrix.tag }}" \
175+
${{ needs.prepare.outputs.images }} \
176+
--oci \
177+
--arch-suffix \
178+
--gen-metadata \
179+
--push
180+
181+
digest=$(jq -r '.[0].RepoDigests[0]' metadata_stripped.json)
194182
echo "stripped_digest=${digest}" >> "${GITHUB_OUTPUT}"
195183
196-
digest=$(docker inspect "${IMAGE}:${{ matrix.tag }}-debuggable-${DOCKER_ARCH}" | jq -r '.[0].RepoDigests[0]')
197-
digest="${digest#*@}"
184+
digest=$(jq -r '.[0].RepoDigests[0]' metadata_debuggable.json)
198185
echo "debuggable_digest=${digest}" >> "${GITHUB_OUTPUT}"
199186
200-
if [ -n "${{ steps.set-secrets.outputs.has_dockerhub }}" ]; then
201-
IMAGE="${{ inputs.ghcrImageName || format('index.docker.io/{0}', github.repository) }}"
202-
docker tag "${IMAGE_NAME}:${{ matrix.tag }}" "${IMAGE}:${{ matrix.tag }}-${DOCKER_ARCH}"
203-
docker tag "${IMAGE_NAME}:${{ matrix.tag }}-debuggable" "${IMAGE}:${{ matrix.tag }}-debuggable-${DOCKER_ARCH}"
204-
docker push "${IMAGE}:${{ matrix.tag }}-${DOCKER_ARCH}"
205-
docker push "${IMAGE}:${{ matrix.tag }}-debuggable-${DOCKER_ARCH}"
206-
fi
207-
if [ -n "${{ steps.set-secrets.outputs.has_aws_ecr }}" ]; then
208-
IMAGE="${{ inputs.awsEcrImageName || format('public.ecr.aws/{0}', github.repository) }}"
209-
docker tag "${IMAGE_NAME}:${{ matrix.tag }}" "${IMAGE}:${{ matrix.tag }}-${DOCKER_ARCH}"
210-
docker tag "${IMAGE_NAME}:${{ matrix.tag }}-debuggable" "${IMAGE}:${{ matrix.tag }}-debuggable-${DOCKER_ARCH}"
211-
docker push "${IMAGE}:${{ matrix.tag }}-${DOCKER_ARCH}"
212-
docker push "${IMAGE}:${{ matrix.tag }}-debuggable-${DOCKER_ARCH}"
213-
fi
214-
215187
- name: Generate provenance attestation for stripped image at ghcr.io
216188
uses: actions/attest-build-provenance@v2
217189
id: attest-stripped-ghcr
@@ -270,6 +242,6 @@ jobs:
270242
run: |
271243
./.github/workflows/mergeimages.py \
272244
'${{ matrix.tag }}' \
273-
'${{ needs.prepare.outputs.images }}' \
274245
'${{ steps.build.outputs.stripped_digest }}' \
275-
'${{ steps.build.outputs.debuggable_digest }}'
246+
'${{ steps.build.outputs.debuggable_digest }}' \
247+
${{ needs.prepare.outputs.images }}

0 commit comments

Comments
 (0)