diff --git a/.github/workflows/base.yaml b/.github/workflows/base.yaml index 8b3e5b0..05f1e09 100644 --- a/.github/workflows/base.yaml +++ b/.github/workflows/base.yaml @@ -47,6 +47,9 @@ jobs: - [alpine3.15.1, linux/amd64, [self-hosted, linux, x64, ephemeral]] - [alpine3.15.1, linux/arm64, [self-hosted, linux, arm64, ephemeral]] + env: + REGISTRY_IMAGE: ghcr.io/${{ github.repository }}/base-${{ matrix.base_image_vsn }} + steps: - uses: actions/checkout@v3 - uses: aws-actions/configure-aws-credentials@v2 @@ -56,20 +59,20 @@ jobs: aws-region: ${{ secrets.AWS_DEFAULT_REGION }} - name: Get cache run: aws s3 sync s3://docker-buildx-cache/emqx-builder/${{ matrix.platform[0] }} /tmp/.docker-buildx-cache - - uses: docker/setup-buildx-action@v2 - - uses: docker/setup-qemu-action@v2 - - uses: docker/login-action@v2 + - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - - uses: docker/metadata-action@v4 + - uses: docker/metadata-action@v5 id: base_meta with: - images: ghcr.io/${{ github.repository }}/base-${{ matrix.base_image_vsn }} + images: ${{ env.REGISTRY_IMAGE }} tags: type=raw,value=${{ matrix.platform[0] }} - name: Build base image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: pull: true cache-from: type=local,src=/tmp/.docker-buildx-cache,mode=max @@ -78,6 +81,7 @@ jobs: tags: ${{ steps.base_meta.outputs.tags }} labels: ${{ steps.base_meta.outputs.labels }} file: ${{ matrix.platform[0] }}/Dockerfile + outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=false context: . - name: Update cache run: aws s3 sync --delete /tmp/.docker-buildx-cache-new s3://docker-buildx-cache/emqx-builder/${{ matrix.platform[0] }} diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 2a4b56d..3dd03f7 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -66,6 +66,9 @@ jobs: - [alpine3.15.1, linux/amd64, [self-hosted, linux, x64, ephemeral]] - [alpine3.15.1, linux/arm64, [self-hosted, linux, arm64, ephemeral]] + env: + REGISTRY_IMAGE: ghcr.io/${{ github.repository }}/base-${{ matrix.base_image_vsn }} + steps: - uses: actions/checkout@v3 - uses: aws-actions/configure-aws-credentials@v2 @@ -75,22 +78,22 @@ jobs: aws-region: ${{ secrets.AWS_DEFAULT_REGION }} - name: Get cache run: aws s3 sync s3://docker-buildx-cache/emqx-builder/${{ matrix.platform[0] }} /tmp/.docker-buildx-cache - - uses: docker/setup-buildx-action@v2 - - uses: docker/setup-qemu-action@v2 - - uses: docker/login-action@v2 + - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - - uses: docker/metadata-action@v4 + - uses: docker/metadata-action@v5 id: base_meta with: - images: ghcr.io/${{ github.repository }}/base-${{ matrix.base_image_vsn }} + images: ${{ env.REGISTRY_IMAGE }} tags: type=raw,value=${{ matrix.platform[0] }} - name: Build base image - uses: docker/build-push-action@v3 + id: build + uses: docker/build-push-action@v5 with: - push: true pull: true cache-from: type=local,src=/tmp/.docker-buildx-cache,mode=max cache-to: type=local,dest=/tmp/.docker-buildx-cache-new,mode=max @@ -98,15 +101,68 @@ jobs: tags: ${{ steps.base_meta.outputs.tags }} labels: ${{ steps.base_meta.outputs.labels }} file: ${{ matrix.platform[0] }}/Dockerfile + outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true context: . - name: Update cache run: aws s3 sync --delete /tmp/.docker-buildx-cache-new s3://docker-buildx-cache/emqx-builder/${{ matrix.platform[0] }} + - name: Export digests + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + - name: Upload digest + uses: actions/upload-artifact@v3 + with: + name: digests + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge-base: + runs-on: ubuntu-latest + needs: + - base + strategy: + fail-fast: false + matrix: + base_image_vsn: + - "5.0" + env: + REGISTRY_IMAGE: ghcr.io/${{ github.repository }}/base-${{ matrix.base_image_vsn }} + steps: + - name: Download digests + uses: actions/download-artifact@v3 + with: + name: digests + path: /tmp/digests + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY_IMAGE }} + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ github.token }} + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} build: runs-on: ${{ github.repository_owner == 'emqx' && matrix.platform[2] || '["ubuntu-latest"]' }} needs: - prepare - base + - merge-base strategy: fail-fast: false @@ -150,22 +206,26 @@ jobs: - name: Get ref id: ref run: echo "ref=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT - - uses: docker/setup-buildx-action@v2 - - uses: docker/setup-qemu-action@v2 - - uses: docker/login-action@v2 + - name: Set registry image + id: registry + run: | + echo "image=ghcr.io/${{ github.repository }}/${{ steps.ref.outputs.ref }}" | tee -a $GITHUB_OUTPUT + - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - - uses: docker/metadata-action@v4 + - uses: docker/metadata-action@v5 id: meta with: - images: ghcr.io/${{ github.repository }}/${{ steps.ref.outputs.ref }} + images: ${{ steps.registry.outputs.image }} tags: | type=raw,value=${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.platform[0] }} - - uses: docker/build-push-action@v3 + - uses: docker/build-push-action@v5 + id: build with: - push: true pull: true no-cache: true platforms: ${{ matrix.platform[1] }} @@ -177,10 +237,67 @@ jobs: ELIXIR_VERSION=${{ matrix.elixir }} file: ./Dockerfile context: . + outputs: type=image,name=${{ steps.registry.outputs.image }},push-by-digest=true,name-canonical=true,push=true + - name: Export digests + run: | + mkdir -p /tmp/digests-build + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + - name: Upload digest + uses: actions/upload-artifact@v3 + with: + name: digests-build + path: /tmp/digests-build/* + if-no-files-found: error + retention-days: 1 + + merge-build: + runs-on: ubuntu-latest + needs: + - build + strategy: + fail-fast: false + matrix: + base_image_vsn: + - "5.0" + steps: + - name: Get ref + id: ref + run: echo "ref=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT + - name: Set registry image + id: registry + run: | + echo "image=ghcr.io/${{ github.repository }}/${{ steps.ref.outputs.ref }}" | tee -a $GITHUB_OUTPUT + - name: Download digests + uses: actions/download-artifact@v3 + with: + name: digests-build + path: /tmp/digests-build + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ steps.registry.outputs.image }} + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ github.token }} + - name: Create manifest list and push + working-directory: /tmp/digests-build + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ steps.registry.outputs.image }}@sha256:%s ' *) + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ steps.registry.outputs.image }}:${{ steps.meta.outputs.version }} release: runs-on: ubuntu-latest - needs: build + needs: merge-build if: startsWith(github.ref, 'refs/tags/') diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index e5b1f78..371c9ae 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -82,19 +82,19 @@ jobs: aws-region: ${{ secrets.AWS_DEFAULT_REGION }} - name: Get cache run: aws s3 sync s3://docker-buildx-cache/emqx-builder/${{ matrix.platform[0] }} /tmp/.docker-buildx-cache - - uses: docker/setup-qemu-action@v2 - - uses: docker/setup-buildx-action@v2 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 with: driver-opts: network=host - name: Build base image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: push: true platforms: ${{ matrix.platform[1] }} tags: localhost:5000/${{ github.repository }}/base-${{ matrix.base_image_vsn }}:${{ matrix.platform[0] }} file: ${{ matrix.platform[0] }}/Dockerfile context: . - - uses: docker/build-push-action@v3 + - uses: docker/build-push-action@v5 with: platforms: ${{ matrix.platform[1] }} build-args: |