Bump the github-actions-updates group with 3 updates #145
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: ci | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| # Keep compatibility with existing branch protection rules | |
| test: | |
| if: ${{ (github.event_name == 'pull_request' || github.ref_name == 'main') && github.actor != 'dependabot[bot]' }} | |
| uses: ./.github/workflows/.test.yml | |
| # New efficient build jobs | |
| lint: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: ci/checkout-repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: ci/check-modules | |
| run: make check-modules | |
| # Build AMD64 image (fast native build) | |
| build-amd64: | |
| runs-on: ubuntu-24.04 | |
| needs: [test, lint] | |
| if: ${{ (github.event_name == 'pull_request' || github.ref_name == 'main') && github.actor != 'dependabot[bot]' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build AMD64 image (temp tag) | |
| run: | | |
| docker buildx build \ | |
| --platform linux/amd64 \ | |
| --build-arg DOCKER_BUILD_IMAGE=golang:1.24 \ | |
| --build-arg DOCKER_BASE_IMAGE=alpine:3.20 \ | |
| . -f build/Dockerfile -t mattermost/elrond:temp-${{ github.sha }}-amd64 \ | |
| --push | |
| env: | |
| DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # Build ARM64 image (fast native build) | |
| build-arm64: | |
| runs-on: ubuntu-24.04-arm | |
| needs: [test, lint] | |
| if: ${{ (github.event_name == 'pull_request' || github.ref_name == 'main') && github.actor != 'dependabot[bot]' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build ARM64 image (temp tag) | |
| run: | | |
| docker buildx build \ | |
| --platform linux/arm64 \ | |
| --build-arg DOCKER_BUILD_IMAGE=golang:1.24 \ | |
| --build-arg DOCKER_BASE_IMAGE=alpine:3.20 \ | |
| . -f build/Dockerfile -t mattermost/elrond:temp-${{ github.sha }}-arm64 \ | |
| --push | |
| env: | |
| DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # Create unified multi-arch manifest (clean tag) | |
| create-manifest: | |
| runs-on: ubuntu-24.04 | |
| needs: [build-amd64, build-arm64] | |
| if: ${{ (github.event_name == 'pull_request' || github.ref_name == 'main') && github.actor != 'dependabot[bot]' }} | |
| steps: | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Create unified multi-arch manifest | |
| run: | | |
| # Determine clean tag | |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | |
| CLEAN_TAG="pr-${{ github.event.number }}" | |
| elif [ "${{ github.ref }}" = "refs/heads/main" ]; then | |
| # Create timestamp-based tag for main merges (format: test-YYYYMMDD.HHMMSS) | |
| TIMESTAMP=$(date -u +"%Y%m%d.%H%M%S") | |
| CLEAN_TAG="test-${TIMESTAMP}" | |
| else | |
| CLEAN_TAG="${{ github.ref_name }}" | |
| fi | |
| # Create manifest from temp tags | |
| docker manifest create mattermost/elrond:${CLEAN_TAG} \ | |
| --amend mattermost/elrond:temp-${{ github.sha }}-amd64 \ | |
| --amend mattermost/elrond:temp-${{ github.sha }}-arm64 | |
| # Push the clean unified tag | |
| docker manifest push mattermost/elrond:${CLEAN_TAG} | |
| echo "✅ Clean unified multi-arch tag: mattermost/elrond:${CLEAN_TAG}" | |
| # Cleanup temp tags using Docker Hub API | |
| echo "🗑️ Cleaning up temp tags from Docker Hub..." | |
| # Delete temp tags using Docker Hub API | |
| TEMP_AMD64_TAG="temp-${{ github.sha }}-amd64" | |
| TEMP_ARM64_TAG="temp-${{ github.sha }}-arm64" | |
| # Get Docker Hub API token | |
| DOCKER_HUB_TOKEN=$(curl -s -X POST \ | |
| -H "Content-Type: application/json" \ | |
| -d '{"username": "${{ secrets.DOCKERHUB_USERNAME }}", "password": "${{ secrets.DOCKERHUB_CLEANUP_TOKEN }}"}' \ | |
| https://hub.docker.com/v2/users/login/ | jq -r .token) | |
| # Delete AMD64 temp tag | |
| curl -X DELETE \ | |
| -H "Authorization: JWT ${DOCKER_HUB_TOKEN}" \ | |
| "https://hub.docker.com/v2/repositories/mattermost/elrond/tags/${TEMP_AMD64_TAG}/" \ | |
| && echo "✅ Deleted AMD64 temp tag" || echo "⚠️ AMD64 temp tag not found or already deleted" | |
| # Delete ARM64 temp tag | |
| curl -X DELETE \ | |
| -H "Authorization: JWT ${DOCKER_HUB_TOKEN}" \ | |
| "https://hub.docker.com/v2/repositories/mattermost/elrond/tags/${TEMP_ARM64_TAG}/" \ | |
| && echo "✅ Deleted ARM64 temp tag" || echo "⚠️ ARM64 temp tag not found or already deleted" | |
| echo "✅ Temp tags cleaned up from Docker Hub" | |
| # Store the clean tag for potential future steps | |
| echo "IMAGE_TAG=${CLEAN_TAG}" >> $GITHUB_ENV |