Update mbedtls from 3.5.0 to 3.6.1 #395
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ftl-build builds | |
on: | |
pull_request: | |
paths: | |
- 'ftl-build/**' | |
- '.github/workflows/ftl-build.yml' | |
push: | |
branches: | |
- '**' | |
tags: | |
- "**" | |
paths: | |
- 'ftl-build/**' | |
- '.github/workflows/ftl-build.yml' | |
- '.github/actions/**' | |
workflow_dispatch: | |
schedule: | |
# 1:30am UTC every Sunday, has no particular significance | |
- cron: "30 1 * * 0" | |
env: | |
DOCKER_REGISTRY_IMAGE: ${{ secrets.DOCKERHUB_NAMESPACE }}/ftl-build | |
GITHUB_REGISTRY_IMAGE: ghcr.io/${{ github.repository_owner }}/ftl-build | |
jobs: | |
build-and-test: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- platform: linux/amd64 | |
- platform: linux/386 | |
- platform: linux/arm/v6 | |
- platform: linux/arm/v7 | |
- platform: linux/arm64/v8 | |
- platform: linux/riscv64 | |
steps: | |
- | |
name: Prepare name for digest up/download | |
run: | | |
platform=${{ matrix.platform }} | |
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
- | |
name: Checkout Repo | |
uses: actions/checkout@v4 | |
- | |
name: Docker meta (Docker Hub and GitHub Container Registry) | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
images: | | |
${{ env.DOCKER_REGISTRY_IMAGE }},enable=${{ github.event_name != 'workflow_dispatch' }} | |
${{ env.GITHUB_REGISTRY_IMAGE }},enable=${{ github.event_name != 'workflow_dispatch' }} | |
foo/bar,enable=${{ github.event_name == 'workflow_dispatch' }} | |
tags: | | |
type=ref,event=branch,enable=${{ github.event_name != 'schedule' }} | |
- | |
name: Login to DockerHub and GitHub Container Registry | |
if: github.event_name != 'pull_request' | |
uses: ./.github/actions/login-repo | |
with: | |
docker_username: ${{ secrets.DOCKERHUB_USER }} | |
docker_password: ${{ secrets.DOCKERHUB_PASS }} | |
ghcr_username: ${{ github.repository_owner }} | |
ghcr_password: ${{ secrets.GITHUB_TOKEN }} | |
- | |
# Add support for more platforms with QEMU (optional) | |
# https://github.com/docker/setup-qemu-action | |
name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: all | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- | |
name: Build container and test-compile FTL | |
uses: docker/build-push-action@v6 | |
with: | |
context: ftl-build | |
platforms: ${{ matrix.platform }} | |
push: false | |
target: tester | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
build-args: | | |
CONTAINER=alpine:${{ ( github.event_name == 'scheduled' || matrix.platform == 'linux/riscv64' ) && 'edge' || 'latest' }} | |
- | |
name: Push builder target and push by digest | |
if: github.event_name != 'pull_request' | |
id: build_docker | |
uses: docker/build-push-action@v6 | |
with: | |
context: ftl-build | |
platforms: ${{ matrix.platform }} | |
push: ${{ github.event_name != 'workflow_dispatch' }} | |
target: builder | |
labels: ${{ steps.meta.outputs.labels }} | |
build-args: | | |
CONTAINER=alpine:${{ ( github.event_name == 'scheduled' || matrix.platform == 'linux/riscv64' ) && 'edge' || 'latest' }} | |
outputs: | | |
type=image,name=${{ env.DOCKER_REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true | |
type=image,name=${{ env.GITHUB_REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true | |
- | |
name: Export digests | |
if: github.event_name != 'pull_request' | |
run: | | |
mkdir -p /tmp/digests/ | |
digest_docker="${{ steps.build_docker.outputs.digest }}" | |
touch "/tmp/digests/${digest_docker#sha256:}" | |
- | |
name: Upload digest | |
if: github.event_name != 'pull_request' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: digests-${{ env.PLATFORM_PAIR }} | |
path: /tmp/digests/* | |
if-no-files-found: error | |
retention-days: 1 | |
# Merge all the digests into a single file | |
# If we would push immediately above, the individual runners would overwrite each other's images | |
# https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners | |
merge-and-deploy: | |
if: github.event_name != 'pull_request' | |
runs-on: ubuntu-latest | |
needs: | |
- build-and-test | |
steps: | |
- | |
name: Checkout Repo | |
uses: actions/checkout@v4 | |
- | |
name: Download digests | |
uses: actions/download-artifact@v4 | |
with: | |
path: /tmp/digests | |
pattern: digests-* | |
merge-multiple: true | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- | |
name: Login to DockerHub and GitHub Container Registry | |
uses: ./.github/actions/login-repo | |
with: | |
docker_username: ${{ secrets.DOCKERHUB_USER }} | |
docker_password: ${{ secrets.DOCKERHUB_PASS }} | |
ghcr_username: ${{ github.repository_owner }} | |
ghcr_password: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: Docker meta | |
id: meta_docker | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.DOCKER_REGISTRY_IMAGE }},enable=${{ github.event_name != 'workflow_dispatch' }} | |
${{ env.GITHUB_REGISTRY_IMAGE }},enable=${{ github.event_name != 'workflow_dispatch' }} | |
# We want to tag the image with the latest tag if the workflow was triggered by a tag | |
flavor: | | |
latest=${{ startsWith(github.ref, 'refs/tags/') }} | |
# tags: | |
# type=schedule means that a tag is applied when the workflow is triggered by a schedule event | |
# type=ref,event=branch means that a tag is applied when the workflow is triggered by a push to a branch | |
# type=ref,event=tag means that a tag is applied when the workflow is triggered by a push to a tag | |
tags: | | |
type=schedule,enable=${{ github.event_name == 'schedule' }} | |
type=ref,event=branch,enable=${{ github.event_name != 'schedule' }} | |
type=ref,event=tag | |
- | |
name: Create manifest list and push to repository DockerHub and GitHub Container Registry) | |
working-directory: /tmp/digests | |
run: | | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.GITHUB_REGISTRY_IMAGE }}@sha256:%s ' *) | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.DOCKER_REGISTRY_IMAGE }}@sha256:%s ' *) | |
- | |
name: Inspect images | |
shell: bash | |
run: | | |
docker buildx imagetools inspect ${{ env.DOCKER_REGISTRY_IMAGE }}:${{ steps.meta_docker.outputs.version }} | |
docker buildx imagetools inspect ${{ env.GITHUB_REGISTRY_IMAGE }}:${{ steps.meta_docker.outputs.version }} |