From d815238221724525335e5db82050d1c07daedc37 Mon Sep 17 00:00:00 2001 From: Alon Dotan Date: Sun, 28 Dec 2025 13:43:45 +0200 Subject: [PATCH 1/6] * Support builds on native runners --- .github/actions/push-digests/action.yml | 6 +++-- .github/workflows/Test.yml | 4 ++-- .github/workflows/docker_build.yml | 32 ++++++++++++++++--------- Dockerfile | 2 ++ 4 files changed, 29 insertions(+), 15 deletions(-) diff --git a/.github/actions/push-digests/action.yml b/.github/actions/push-digests/action.yml index a72fad3..229b11b 100644 --- a/.github/actions/push-digests/action.yml +++ b/.github/actions/push-digests/action.yml @@ -19,10 +19,12 @@ inputs: id: required: false description: "The id of the image to push the digests to" + default: "0" tag: required: false description: "The tag of the image to push the digests to" default: "" + runs: using: 'composite' steps: @@ -33,7 +35,7 @@ runs: - name: Log in to container registry. if: ${{ inputs.registry == 'ghcr.io' }} - uses: FhenixProtocol/actions/.github/actions/registry-login@v1.0.5 + uses: FhenixProtocol/actions/.github/actions/registry-login@alon.dotan/feature/support_builders with: service_account_key: ${{ inputs.service_account_key }} registry: ${{ inputs.registry }} @@ -43,7 +45,7 @@ runs: uses: actions/download-artifact@v4 with: path: ${{ runner.temp }}/digests - pattern: digests-*-${{ inputs.id }}-${{ github.job }} + pattern: digests*${{ inputs.id }}*${{ github.run_id }} merge-multiple: true - name: Set tag based on trigger diff --git a/.github/workflows/Test.yml b/.github/workflows/Test.yml index 8fe454c..fd252e2 100644 --- a/.github/workflows/Test.yml +++ b/.github/workflows/Test.yml @@ -5,14 +5,14 @@ on: pull_request: paths: - - '.github/workflows/**' + - '.github/**' jobs: build-and-push: permissions: contents: read packages: write - uses: ./.github/workflows/docker_build.yml + uses: FhenixProtocol/actions/.github/workflows/docker_build.yml@alon.dotan/feature/support_builders with: registry: 'ghcr.io' image_name: 'fhenixprotocol/actions/ubuntu' diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index 2cfdc35..4c0525d 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -21,10 +21,6 @@ on: platforms: required: false type: string - runs_on: - required: false - type: string - default: '["ubuntu-latest", "ubuntu-latest-arm64"]' build_args: required: false type: string @@ -32,7 +28,7 @@ on: id: required: false type: string - default: '' + default: '0' context: required: false type: string @@ -41,6 +37,14 @@ on: required: false type: string default: '' + arm_runner: + required: false + type: string + default: 'ubuntu-24.04-arm' + amd64_runner: + required: false + type: string + default: 'ubuntu-24.04' secrets: service_account_key: required: false @@ -53,8 +57,13 @@ jobs: build: strategy: matrix: - runs_on: ${{ fromJSON(inputs.runs_on) }} - runs-on: ${{ matrix.runs_on }} + include: + - platform: linux/amd64 + runner: ${{ inputs.amd64_runner }} + - platform: linux/arm64 + runner: ${{ inputs.arm_runner }} + + runs-on: ${{ matrix.runner }} steps: - name: Checkout repository uses: actions/checkout@v4 @@ -71,7 +80,7 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Log in to container registry. if: ${{ inputs.registry == 'ghcr.io' }} - uses: FhenixProtocol/actions/.github/actions/registry-login@v1.0.5 + uses: FhenixProtocol/actions/.github/actions/registry-login@alon.dotan/feature/support_builders with: service_account_key: ${{ secrets.service_account_key }} registry: ${{ inputs.registry }} @@ -86,7 +95,7 @@ jobs: uses: docker/build-push-action@v5 with: context: ${{ inputs.context }} - platforms: ${{ inputs.runs_on }} + platforms: ${{ inputs.platforms }} file: ${{ inputs.dockerfile }} tags: ${{ inputs.registry }}/${{ inputs.image_name }} labels: ${{ steps.meta.outputs.labels }} @@ -102,17 +111,18 @@ jobs: - name: Upload digest uses: actions/upload-artifact@v4 with: - name: digests-${{ matrix.runs_on }}-${{ inputs.id }}-${{ github.job }} + name: digests-${{ env.PLATFORM_PAIR }}-${{ inputs.id }}-${{ github.run_id }} path: ${{ runner.temp }}/digests/* if-no-files-found: error retention-days: 1 + merge: runs-on: ubuntu-latest needs: - build steps: - name: Push digests - uses: FhenixProtocol/actions/.github/actions/push-digests@v1.0.5 + uses: FhenixProtocol/actions/.github/actions/push-digests@alon.dotan/feature/support_builders with: registry: ${{ inputs.registry }} image_name: "${{ inputs.image_name }}" diff --git a/Dockerfile b/Dockerfile index 5ade7a1..3d4214c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,7 @@ FROM ubuntu:latest +RUN apt-get update && apt-get install -y lsb-release + RUN lsb_release -a RUN uname -a From 4b331d9d59a9a0ff686f4ed8738aecbc67647744 Mon Sep 17 00:00:00 2001 From: Alon Dotan Date: Sun, 28 Dec 2025 16:54:12 +0200 Subject: [PATCH 2/6] Create release --- .github/actions/push-digests/action.yml | 7 +------ .github/workflows/Test.yml | 14 +++++++------- .github/workflows/docker_build.yml | 24 ++++++++++++------------ 3 files changed, 20 insertions(+), 25 deletions(-) diff --git a/.github/actions/push-digests/action.yml b/.github/actions/push-digests/action.yml index 229b11b..22d660a 100644 --- a/.github/actions/push-digests/action.yml +++ b/.github/actions/push-digests/action.yml @@ -24,7 +24,6 @@ inputs: required: false description: "The tag of the image to push the digests to" default: "" - runs: using: 'composite' steps: @@ -32,22 +31,19 @@ runs: uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Log in to container registry. if: ${{ inputs.registry == 'ghcr.io' }} - uses: FhenixProtocol/actions/.github/actions/registry-login@alon.dotan/feature/support_builders + uses: FhenixProtocol/actions/.github/actions/registry-login@2.0.0 with: service_account_key: ${{ inputs.service_account_key }} registry: ${{ inputs.registry }} docker_registry_token: ${{ inputs.docker_registry_token }} - - name: Download digests uses: actions/download-artifact@v4 with: path: ${{ runner.temp }}/digests pattern: digests*${{ inputs.id }}*${{ github.run_id }} merge-multiple: true - - name: Set tag based on trigger id: set-tag shell: bash @@ -71,7 +67,6 @@ runs: type=raw,value=${{ steps.set-tag.outputs.TAG }} type=sha type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/') }} - - name: Create manifest list and push working-directory: ${{ runner.temp }}/digests shell: bash diff --git a/.github/workflows/Test.yml b/.github/workflows/Test.yml index fd252e2..793550f 100644 --- a/.github/workflows/Test.yml +++ b/.github/workflows/Test.yml @@ -5,15 +5,15 @@ on: pull_request: paths: - - '.github/**' + - ".github/**" jobs: build-and-push: permissions: - contents: read - packages: write - uses: FhenixProtocol/actions/.github/workflows/docker_build.yml@alon.dotan/feature/support_builders + contents: read + packages: write + uses: FhenixProtocol/actions/.github/workflows/docker_build.yml@2.0.0 with: - registry: 'ghcr.io' - image_name: 'fhenixprotocol/actions/ubuntu' - id: 'ubuntu' + registry: "ghcr.io" + image_name: "fhenixprotocol/actions/ubuntu" + id: "ubuntu" diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index 4c0525d..b368830 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -24,11 +24,11 @@ on: build_args: required: false type: string - default: '' + default: "" id: required: false type: string - default: '0' + default: "0" context: required: false type: string @@ -36,15 +36,15 @@ on: tag: required: false type: string - default: '' - arm_runner: + default: "" + arm64_runner: required: false type: string - default: 'ubuntu-24.04-arm' + default: "ubuntu-24.04-arm" amd64_runner: required: false type: string - default: 'ubuntu-24.04' + default: "ubuntu-24.04" secrets: service_account_key: required: false @@ -58,10 +58,10 @@ jobs: strategy: matrix: include: - - platform: linux/amd64 - runner: ${{ inputs.amd64_runner }} - - platform: linux/arm64 - runner: ${{ inputs.arm_runner }} + - platform: linux/amd64 + runner: ${{ inputs.amd64_runner }} + - platform: linux/arm64 + runner: ${{ inputs.arm64_runner }} runs-on: ${{ matrix.runner }} steps: @@ -80,7 +80,7 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Log in to container registry. if: ${{ inputs.registry == 'ghcr.io' }} - uses: FhenixProtocol/actions/.github/actions/registry-login@alon.dotan/feature/support_builders + uses: FhenixProtocol/actions/.github/actions/registry-login@2.0.0 with: service_account_key: ${{ secrets.service_account_key }} registry: ${{ inputs.registry }} @@ -122,7 +122,7 @@ jobs: - build steps: - name: Push digests - uses: FhenixProtocol/actions/.github/actions/push-digests@alon.dotan/feature/support_builders + uses: FhenixProtocol/actions/.github/actions/push-digests@2.0.0 with: registry: ${{ inputs.registry }} image_name: "${{ inputs.image_name }}" From 4d53a98905fddaae44fc84c5ec7b40951535c1a6 Mon Sep 17 00:00:00 2001 From: Alon Dotan Date: Mon, 2 Feb 2026 14:35:13 +0200 Subject: [PATCH 3/6] Fix login issues --- .github/actions/push-digests/action.yml | 11 +++++++++-- .github/actions/registry-login/action.yml | 6 +++++- .github/workflows/Test.yml | 2 +- .github/workflows/docker_build.yml | 13 ++++++++++--- 4 files changed, 25 insertions(+), 7 deletions(-) diff --git a/.github/actions/push-digests/action.yml b/.github/actions/push-digests/action.yml index 22d660a..36d7945 100644 --- a/.github/actions/push-digests/action.yml +++ b/.github/actions/push-digests/action.yml @@ -29,21 +29,24 @@ runs: steps: - name: Checkout repository uses: actions/checkout@v4 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Log in to container registry. - if: ${{ inputs.registry == 'ghcr.io' }} - uses: FhenixProtocol/actions/.github/actions/registry-login@2.0.0 + uses: FhenixProtocol/actions/.github/actions/registry-login@2.x.x with: service_account_key: ${{ inputs.service_account_key }} registry: ${{ inputs.registry }} docker_registry_token: ${{ inputs.docker_registry_token }} + - name: Download digests uses: actions/download-artifact@v4 with: path: ${{ runner.temp }}/digests pattern: digests*${{ inputs.id }}*${{ github.run_id }} merge-multiple: true + - name: Set tag based on trigger id: set-tag shell: bash @@ -57,7 +60,9 @@ runs: elif [[ "${{ github.ref }}" == refs/tags/publish/* ]]; then TAG="${{ github.ref_name }}" echo "TAG=${TAG#publish/}" >> $GITHUB_OUTPUT + fi + - name: Docker meta id: meta uses: docker/metadata-action@v5 @@ -67,12 +72,14 @@ runs: type=raw,value=${{ steps.set-tag.outputs.TAG }} type=sha type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/') }} + - name: Create manifest list and push working-directory: ${{ runner.temp }}/digests shell: bash run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ $(printf '${{ inputs.registry }}/${{ inputs.image_name }}@sha256:%s ' *) + - name: Inspect image shell: bash run: | diff --git a/.github/actions/registry-login/action.yml b/.github/actions/registry-login/action.yml index 398c65f..910ec1a 100644 --- a/.github/actions/registry-login/action.yml +++ b/.github/actions/registry-login/action.yml @@ -14,24 +14,28 @@ runs: using: "composite" steps: - name: Log in to github container registry. - if: ${{ inputs.registry == 'ghcr.io' }} + if: contains(inputs.registry, 'ghcr.io') uses: docker/login-action@v3 with: registry: ${{ inputs.registry }} username: ${{ github.actor }} password: ${{ inputs.docker_registry_token || github.token }} + - id: 'auth' if: contains(inputs.registry, 'pkg.dev') uses: 'google-github-actions/auth@v2' with: credentials_json: '${{ inputs.service_account_key }}' + - name: 'Set up Cloud SDK' if: contains(inputs.registry, 'pkg.dev') uses: 'google-github-actions/setup-gcloud@v2' + - name: 'Use gcloud CLI' if: contains(inputs.registry, 'pkg.dev') shell: bash run: 'gcloud info' + - name: Configure Docker to use the GCP project if: contains(inputs.registry, 'pkg.dev') shell: bash diff --git a/.github/workflows/Test.yml b/.github/workflows/Test.yml index 793550f..a370b5a 100644 --- a/.github/workflows/Test.yml +++ b/.github/workflows/Test.yml @@ -12,7 +12,7 @@ jobs: permissions: contents: read packages: write - uses: FhenixProtocol/actions/.github/workflows/docker_build.yml@2.0.0 + uses: FhenixProtocol/actions/.github/workflows/docker_build.yml@2.x.x with: registry: "ghcr.io" image_name: "fhenixprotocol/actions/ubuntu" diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index b368830..a096b16 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -70,26 +70,31 @@ jobs: with: submodules: recursive token: ${{ secrets.git_submodule_token || github.token }} + - name: Prepare. run: | platform=${{ matrix.platform }} echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Set up QEMU. uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx. uses: docker/setup-buildx-action@v3 + - name: Log in to container registry. - if: ${{ inputs.registry == 'ghcr.io' }} - uses: FhenixProtocol/actions/.github/actions/registry-login@2.0.0 + uses: FhenixProtocol/actions/.github/actions/registry-login@2.x.x with: service_account_key: ${{ secrets.service_account_key }} registry: ${{ inputs.registry }} docker_registry_token: ${{ secrets.docker_registry_token }} + - name: Extract metadata (tags, labels) Docker image. id: meta uses: docker/metadata-action@v5 with: images: ${{ inputs.registry }}/${{ inputs.image_name }} + - name: Build and push ${{ inputs.image_name }} Docker image. id: build uses: docker/build-push-action@v5 @@ -103,11 +108,13 @@ jobs: outputs: type=image,push-by-digest=true,name-canonical=true,push=true cache-from: type=gha cache-to: type=gha,mode=max + - name: Export digest run: | mkdir -p ${{ runner.temp }}/digests digest="${{ steps.build.outputs.digest }}" touch "${{ runner.temp }}/digests/${digest#sha256:}" + - name: Upload digest uses: actions/upload-artifact@v4 with: @@ -122,7 +129,7 @@ jobs: - build steps: - name: Push digests - uses: FhenixProtocol/actions/.github/actions/push-digests@2.0.0 + uses: FhenixProtocol/actions/.github/actions/push-digests@2.x.x with: registry: ${{ inputs.registry }} image_name: "${{ inputs.image_name }}" From e206ca3edbc44dc24bbe0425d2116ebf72c43de5 Mon Sep 17 00:00:00 2001 From: Roee Zolantz Date: Wed, 11 Mar 2026 17:16:58 +0200 Subject: [PATCH 4/6] [FEAT] Add optional Docker Hub login to avoid rate limits --- .github/workflows/docker_build.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index a096b16..1229fe2 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -52,6 +52,10 @@ on: required: false docker_registry_token: required: false + dockerhub_username: + required: false + dockerhub_token: + required: false jobs: build: @@ -89,6 +93,13 @@ jobs: registry: ${{ inputs.registry }} docker_registry_token: ${{ secrets.docker_registry_token }} + - name: Log in to Docker Hub + if: ${{ secrets.dockerhub_username != '' && secrets.dockerhub_token != '' }} + uses: docker/login-action@v3 + with: + username: ${{ secrets.dockerhub_username }} + password: ${{ secrets.dockerhub_token }} + - name: Extract metadata (tags, labels) Docker image. id: meta uses: docker/metadata-action@v5 @@ -128,6 +139,13 @@ jobs: needs: - build steps: + - name: Log in to Docker Hub + if: ${{ secrets.dockerhub_username != '' && secrets.dockerhub_token != '' }} + uses: docker/login-action@v3 + with: + username: ${{ secrets.dockerhub_username }} + password: ${{ secrets.dockerhub_token }} + - name: Push digests uses: FhenixProtocol/actions/.github/actions/push-digests@2.x.x with: From 1637807a0e6c671fbabfc26ad85152e27a24d759 Mon Sep 17 00:00:00 2001 From: Roee Zolantz Date: Thu, 12 Mar 2026 12:13:35 +0200 Subject: [PATCH 5/6] [FIX] Remove unnecessary Docker Hub login from merge job --- .github/workflows/docker_build.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index 1229fe2..305eb10 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -139,13 +139,6 @@ jobs: needs: - build steps: - - name: Log in to Docker Hub - if: ${{ secrets.dockerhub_username != '' && secrets.dockerhub_token != '' }} - uses: docker/login-action@v3 - with: - username: ${{ secrets.dockerhub_username }} - password: ${{ secrets.dockerhub_token }} - - name: Push digests uses: FhenixProtocol/actions/.github/actions/push-digests@2.x.x with: From a46610bb5e3ee418edb57583a2abf5bf51fa8cb2 Mon Sep 17 00:00:00 2001 From: Roee Zolantz Date: Sun, 15 Mar 2026 20:31:12 +0200 Subject: [PATCH 6/6] [FIX] Use env var for secret check in if condition --- .github/workflows/docker_build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index 305eb10..e4fb493 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -94,8 +94,10 @@ jobs: docker_registry_token: ${{ secrets.docker_registry_token }} - name: Log in to Docker Hub - if: ${{ secrets.dockerhub_username != '' && secrets.dockerhub_token != '' }} + if: env.DOCKERHUB_USERNAME != '' uses: docker/login-action@v3 + env: + DOCKERHUB_USERNAME: ${{ secrets.dockerhub_username }} with: username: ${{ secrets.dockerhub_username }} password: ${{ secrets.dockerhub_token }}