diff --git a/.github/actions/push-digests/action.yml b/.github/actions/push-digests/action.yml index a72fad3..36d7945 100644 --- a/.github/actions/push-digests/action.yml +++ b/.github/actions/push-digests/action.yml @@ -19,6 +19,7 @@ inputs: id: required: false description: "The id of the image to push the digests to" + default: "0" tag: required: false description: "The tag of the image to push the digests to" @@ -28,12 +29,12 @@ runs: steps: - name: Checkout repository uses: actions/checkout@v4 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to container registry. - if: ${{ inputs.registry == 'ghcr.io' }} - uses: FhenixProtocol/actions/.github/actions/registry-login@v1.0.5 + uses: FhenixProtocol/actions/.github/actions/registry-login@2.x.x with: service_account_key: ${{ inputs.service_account_key }} registry: ${{ inputs.registry }} @@ -43,7 +44,7 @@ runs: uses: actions/download-artifact@v4 with: path: ${{ runner.temp }}/digests - pattern: digests-*-${{ inputs.id }}-${{ github.job }} + pattern: digests*${{ inputs.id }}*${{ github.run_id }} merge-multiple: true - name: Set tag based on trigger @@ -59,7 +60,9 @@ runs: elif [[ "${{ github.ref }}" == refs/tags/publish/* ]]; then TAG="${{ github.ref_name }}" echo "TAG=${TAG#publish/}" >> $GITHUB_OUTPUT + fi + - name: Docker meta id: meta uses: docker/metadata-action@v5 @@ -76,6 +79,7 @@ runs: run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ $(printf '${{ inputs.registry }}/${{ inputs.image_name }}@sha256:%s ' *) + - name: Inspect image shell: bash run: | diff --git a/.github/actions/registry-login/action.yml b/.github/actions/registry-login/action.yml index 398c65f..910ec1a 100644 --- a/.github/actions/registry-login/action.yml +++ b/.github/actions/registry-login/action.yml @@ -14,24 +14,28 @@ runs: using: "composite" steps: - name: Log in to github container registry. - if: ${{ inputs.registry == 'ghcr.io' }} + if: contains(inputs.registry, 'ghcr.io') uses: docker/login-action@v3 with: registry: ${{ inputs.registry }} username: ${{ github.actor }} password: ${{ inputs.docker_registry_token || github.token }} + - id: 'auth' if: contains(inputs.registry, 'pkg.dev') uses: 'google-github-actions/auth@v2' with: credentials_json: '${{ inputs.service_account_key }}' + - name: 'Set up Cloud SDK' if: contains(inputs.registry, 'pkg.dev') uses: 'google-github-actions/setup-gcloud@v2' + - name: 'Use gcloud CLI' if: contains(inputs.registry, 'pkg.dev') shell: bash run: 'gcloud info' + - name: Configure Docker to use the GCP project if: contains(inputs.registry, 'pkg.dev') shell: bash diff --git a/.github/workflows/Test.yml b/.github/workflows/Test.yml index 8fe454c..a370b5a 100644 --- a/.github/workflows/Test.yml +++ b/.github/workflows/Test.yml @@ -5,15 +5,15 @@ on: pull_request: paths: - - '.github/workflows/**' + - ".github/**" jobs: build-and-push: permissions: - contents: read - packages: write - uses: ./.github/workflows/docker_build.yml + contents: read + packages: write + uses: FhenixProtocol/actions/.github/workflows/docker_build.yml@2.x.x with: - registry: 'ghcr.io' - image_name: 'fhenixprotocol/actions/ubuntu' - id: 'ubuntu' + registry: "ghcr.io" + image_name: "fhenixprotocol/actions/ubuntu" + id: "ubuntu" diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index 2cfdc35..e4fb493 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -21,18 +21,14 @@ on: platforms: required: false type: string - runs_on: - required: false - type: string - default: '["ubuntu-latest", "ubuntu-latest-arm64"]' build_args: required: false type: string - default: '' + default: "" id: required: false type: string - default: '' + default: "0" context: required: false type: string @@ -40,7 +36,15 @@ on: tag: required: false type: string - default: '' + default: "" + arm64_runner: + required: false + type: string + default: "ubuntu-24.04-arm" + amd64_runner: + required: false + type: string + default: "ubuntu-24.04" secrets: service_account_key: required: false @@ -48,45 +52,68 @@ on: required: false docker_registry_token: required: false + dockerhub_username: + required: false + dockerhub_token: + required: false jobs: build: strategy: matrix: - runs_on: ${{ fromJSON(inputs.runs_on) }} - runs-on: ${{ matrix.runs_on }} + include: + - platform: linux/amd64 + runner: ${{ inputs.amd64_runner }} + - platform: linux/arm64 + runner: ${{ inputs.arm64_runner }} + + runs-on: ${{ matrix.runner }} steps: - name: Checkout repository uses: actions/checkout@v4 with: submodules: recursive token: ${{ secrets.git_submodule_token || github.token }} + - name: Prepare. run: | platform=${{ matrix.platform }} echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Set up QEMU. uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx. uses: docker/setup-buildx-action@v3 + - name: Log in to container registry. - if: ${{ inputs.registry == 'ghcr.io' }} - uses: FhenixProtocol/actions/.github/actions/registry-login@v1.0.5 + uses: FhenixProtocol/actions/.github/actions/registry-login@2.x.x with: service_account_key: ${{ secrets.service_account_key }} registry: ${{ inputs.registry }} docker_registry_token: ${{ secrets.docker_registry_token }} + + - name: Log in to Docker Hub + if: env.DOCKERHUB_USERNAME != '' + uses: docker/login-action@v3 + env: + DOCKERHUB_USERNAME: ${{ secrets.dockerhub_username }} + with: + username: ${{ secrets.dockerhub_username }} + password: ${{ secrets.dockerhub_token }} + - name: Extract metadata (tags, labels) Docker image. id: meta uses: docker/metadata-action@v5 with: images: ${{ inputs.registry }}/${{ inputs.image_name }} + - name: Build and push ${{ inputs.image_name }} Docker image. id: build uses: docker/build-push-action@v5 with: context: ${{ inputs.context }} - platforms: ${{ inputs.runs_on }} + platforms: ${{ inputs.platforms }} file: ${{ inputs.dockerfile }} tags: ${{ inputs.registry }}/${{ inputs.image_name }} labels: ${{ steps.meta.outputs.labels }} @@ -94,25 +121,28 @@ jobs: outputs: type=image,push-by-digest=true,name-canonical=true,push=true cache-from: type=gha cache-to: type=gha,mode=max + - name: Export digest run: | mkdir -p ${{ runner.temp }}/digests digest="${{ steps.build.outputs.digest }}" touch "${{ runner.temp }}/digests/${digest#sha256:}" + - name: Upload digest uses: actions/upload-artifact@v4 with: - name: digests-${{ matrix.runs_on }}-${{ inputs.id }}-${{ github.job }} + name: digests-${{ env.PLATFORM_PAIR }}-${{ inputs.id }}-${{ github.run_id }} path: ${{ runner.temp }}/digests/* if-no-files-found: error retention-days: 1 + merge: runs-on: ubuntu-latest needs: - build steps: - name: Push digests - uses: FhenixProtocol/actions/.github/actions/push-digests@v1.0.5 + uses: FhenixProtocol/actions/.github/actions/push-digests@2.x.x with: registry: ${{ inputs.registry }} image_name: "${{ inputs.image_name }}" diff --git a/Dockerfile b/Dockerfile index 5ade7a1..3d4214c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,7 @@ FROM ubuntu:latest +RUN apt-get update && apt-get install -y lsb-release + RUN lsb_release -a RUN uname -a