-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
workflows: add shared docker-bake workflow
Add a shared callable workflow that performs a docker-build via `buildx bake` and optionally pushes to ghcr.io. Signed-off-by: David Rheinsberg <[email protected]>
- Loading branch information
Showing
1 changed file
with
151 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,151 @@ | ||
| # | ||
| # lib-docker-bake - Build and deploy container images | ||
| # | ||
| # This is a callable workflow that uses `docker buildx bake` to build a | ||
| # selected set of container images and then optionally deploys them. | ||
| # | ||
|
|
||
| name: "lib: build/deploy container images" | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| deploy: | ||
| default: false | ||
| description: "Deploy built images to their repositories" | ||
| required: false | ||
| type: boolean | ||
| ghcruser: | ||
| default: "" | ||
| description: "Username to use for authentication to ghcr.io (empty to skip)" | ||
| required: false | ||
| type: string | ||
| source: | ||
| default: "." | ||
| description: "Path to the source directory relative to the workspace" | ||
| required: false | ||
| type: string | ||
| target: | ||
| default: "default" | ||
| description: "Buildx target to work on" | ||
| required: true | ||
| type: string | ||
| secrets: | ||
| ghcrpass: | ||
| description: "Password to use for authentication to ghcr.io" | ||
| required: false | ||
|
|
||
| defaults: | ||
| run: | ||
| shell: "bash" | ||
|
|
||
| jobs: | ||
|
|
||
| # | ||
| # Configure Jobs | ||
| # | ||
| # This job prepares parameters for further processing. Amongst other things, | ||
| # it lists all targets and provides this output as JSON array to other | ||
| # jobs. This allows us to dynamically react to additions to the image list | ||
| # and create new jobs for each image. | ||
| # | ||
| # Note that we have to split image builds across jobs since the individual | ||
| # CI runners do not have enough disk capacity to build all images. | ||
| # | ||
| config: | ||
| name: "Job Configuration" | ||
|
|
||
| runs-on: ubuntu-latest | ||
|
|
||
| outputs: | ||
| images: ${{ steps.parameters.outputs.images }} | ||
| now: ${{ steps.parameters.outputs.now }} | ||
|
|
||
| steps: | ||
| - name: "Clone Repository" | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: "Determine Build Parameters" | ||
|
|
||
| id: parameters | ||
| working-directory: ${{ inputs.source }} | ||
|
|
||
| env: | ||
| CTX_INPUTS_TARGET: ${{ inputs.target }} | ||
|
|
||
| run: | | ||
| IMG_IMAGES=$(docker buildx bake --print "${CTX_INPUTS_TARGET}" | jq -ce ".target | keys") | ||
| IMG_NOW=$(date -u '+%Y%m%d%H%M') | ||
| echo "images=${IMG_IMAGES}" >>$GITHUB_OUTPUT | ||
| echo "now=${IMG_NOW}" >>$GITHUB_OUTPUT | ||
| - name: "Print Parameters" | ||
| env: | ||
| CTX_STEPS_PARAMETERS_OUTPUTS_IMAGES: ${{ steps.parameters.outputs.images }} | ||
| CTX_STEPS_PARAMETERS_OUTPUTS_NOW: ${{ steps.parameters.outputs.now }} | ||
| run: | | ||
| echo "Images:" | ||
| echo "${CTX_STEPS_PARAMETERS_OUTPUTS_IMAGES}" | jq . | ||
| echo "End of Images" | ||
| echo "Now: ${CTX_STEPS_PARAMETERS_OUTPUTS_NOW}" | ||
| # | ||
| # Build/Test Container Image | ||
| # | ||
| # This job is run for each target. It builds the container image locally and | ||
| # then runs configured tests (if any). | ||
| # | ||
| ci: | ||
| name: "Container Build/Test" | ||
|
|
||
| needs: config | ||
| runs-on: ubuntu-latest | ||
|
|
||
| env: | ||
| RAE_UNIQUEID: ${{ needs.config.outputs.now }} | ||
|
|
||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| image: ${{ fromJson(needs.config.outputs.images) }} | ||
|
|
||
| steps: | ||
| - name: "Clone Repository" | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: "Prepare QEMU Emulators" | ||
| uses: docker/setup-qemu-action@v2 | ||
|
|
||
| - name: "Prepare Docker Buildx" | ||
| id: buildx | ||
| uses: docker/setup-buildx-action@v2 | ||
|
|
||
| - name: "Build Image" | ||
|
|
||
| env: | ||
| CTX_MATRIX_IMAGE: ${{ matrix.image }} | ||
|
|
||
| working-directory: ${{ inputs.source }} | ||
| run: docker buildx bake --load "${CTX_MATRIX_IMAGE}" | ||
|
|
||
| - name: "Authenticate to GHCR" | ||
| if: inputs.deploy && inputs.ghcruser != '' | ||
|
|
||
| uses: docker/login-action@v2 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ inputs.ghcruser }} | ||
| password: ${{ secrets.ghcrpass }} | ||
|
|
||
| - name: "Deploy Image" | ||
| if: inputs.deploy && inputs.ghcruser != '' | ||
|
|
||
| env: | ||
| CTX_MATRIX_IMAGE: ${{ matrix.image }} | ||
|
|
||
| working-directory: ${{ inputs.source }} | ||
| run: | | ||
| docker buildx bake --print "${CTX_MATRIX_IMAGE}" | \ | ||
| jq -cer '.target[].tags[] | select(test("^ghcr.io"))' | \ | ||
| xargs -L1 -- docker push |