From e1893dc5d51f0d2e48da8a8e484d5bf36c3f64cb Mon Sep 17 00:00:00 2001 From: Igor Sarkisov Date: Wed, 11 Sep 2024 21:12:46 -0700 Subject: [PATCH] Create Docker Build action --- .github/actions/docker/action.yml | 71 ++++++++++++++++++++++++++++++ .github/workflows/main.yaml | 72 ++++++------------------------- 2 files changed, 85 insertions(+), 58 deletions(-) create mode 100644 .github/actions/docker/action.yml diff --git a/.github/actions/docker/action.yml b/.github/actions/docker/action.yml new file mode 100644 index 00000000000000..39d748b0efbdad --- /dev/null +++ b/.github/actions/docker/action.yml @@ -0,0 +1,71 @@ +name: Docker Image Build +description: Builds Cobalt build docker images. +inputs: + docker_service: + description: "Docker compose service." + required: true + +runs: + using: "composite" + steps: + - name: Checkout files + uses: actions/checkout@v4 + with: + fetch-depth: 1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + - name: Set env vars + run: | + set -x + tag=${{ github.event_name == 'pull_request' && github.event.pull_request.number || github.ref_name }} + tag=${tag//\//__} + tag="${tag%.1[+,-]}" + echo "FLOATING_TAG=${tag}" >> $GITHUB_ENV + full_git_sha=${{ github.sha }} + short_git_sha="${full_git_sha::7}" + echo "GIT_SHA=${short_git_sha}" >> $GITHUB_ENV + shell: bash + - name: Set Docker Tag + id: set-docker-tag-github + if: ${{ (github.event_name != 'pull_request') || (github.event.pull_request.head.repo.full_name == github.repository) }} + run: | + set -x + echo "DOCKER_TAG=ghcr.io/${{ github.repository }}/${{ inputs.docker_service }}:${GIT_SHA}" >> $GITHUB_ENV + echo "DOCKER_FLOATING_TAG=ghcr.io/${{ github.repository }}/${{ inputs.docker_service }}:${FLOATING_TAG}" >> $GITHUB_ENV + shell: bash + # Handle Google Artifact Registry used for pull requests off forked repos. + - name: Set up Cloud SDK + if: ${{ (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.full_name != github.repository) }} + uses: isarkis/setup-gcloud@40dce7857b354839efac498d3632050f568090b6 # v1.1.1 + - name: Login to GAR and set tag + if: ${{ (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.full_name != github.repository) }} + run: | + # Need to login to GAR to be able to push images created by fork based PR workflows. + PROJECT_NAME=$(gcloud config get-value project) + METADATA="http://metadata.google.internal./computeMetadata/v1" + SVC_ACCT="${METADATA}/instance/service-accounts/default" + ACCESS_TOKEN=$(curl -H 'Metadata-Flavor: Google' ${SVC_ACCT}/token | cut -d'"' -f 4) + printf ${ACCESS_TOKEN} | docker login -u oauth2accesstoken --password-stdin https://gcr.io + full_git_sha=${{ github.sha }} + echo "DOCKER_TAG=us-central1-docker.pkg.dev/${PROJECT_NAME}/${{ inputs.docker_service }}:${GIT_SHA}" >> $GITHUB_ENV + echo "DOCKER_FLOATING_TAG=us-central1-docker.pkg.dev/${PROJECT_NAME}/${{ inputs.docker_service }}:${FLOATING_TAG}" >> $GITHUB_ENV + shell: bash + # Proceed with docker pull, build, tag, and push. + - name: Docker Pull + run: | + docker pull "${DOCKER_TAG}" || true + docker pull "${DOCKER_FLOATING_TAG}" || true + shell: bash + - name: Docker Build + run: docker compose build ${{inputs.docker_service}} + shell: bash + - name: Docker Tag + run: | + docker tag ghcr.io/${{ github.repository }}/${{ inputs.docker_service }}:latest ${DOCKER_TAG} + docker tag ghcr.io/${{ github.repository }}/${{ inputs.docker_service }}:latest ${DOCKER_FLOATING_TAG} + shell: bash + - name: Docker Push + run: | + docker push ${DOCKER_TAG} + docker push ${DOCKER_FLOATING_TAG} + shell: bash diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 9e77f777c9fb19..35bdd66cc05b4f 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -84,84 +84,40 @@ jobs: docker-build-image: needs: [initialize] runs-on: [self-hosted, chrobalt-linux-runner] - env: - GITHUB_REGISTRY: ghcr.io - GAR_REGISTRY: gcr.io - DOCKER_SERVICE: ${{ needs.initialize.outputs.docker_service }} - FLOATING_TAG: ${{ github.event_name == 'pull_request' && github.event.pull_request.number || github.ref_name }} - FULL_GIT_SHA: ${{ github.sha }} steps: - - name: Dump GitHub context - env: - GITHUB_CONTEXT: ${{ toJson(github) }} - run: echo "$GITHUB_CONTEXT" - name: Checkout files uses: actions/checkout@v4 with: fetch-depth: 1 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - - name: Process Tags - run: | - tag=${{ env.FLOATING_TAG }} - tag=${tag//\//__} - tag="${tag%.1[+,-]}" - echo "FLOATING_TAG=${tag}" >> $GITHUB_ENV # Handle GitHub registry used for everything other than pull requests off forked repos. - - name: Login to GitHub Docker Registry ${{env.GITHUB_REGISTRY}} + - name: Login to GitHub Docker Registry if: ${{ (github.event_name != 'pull_request') || (github.event.pull_request.head.repo.full_name == github.repository) }} uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 with: - registry: ${{ env.GITHUB_REGISTRY }} + registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Set Docker Tag - id: set-docker-tag-github - if: ${{ (github.event_name != 'pull_request') || (github.event.pull_request.head.repo.full_name == github.repository) }} - run: | - echo "DOCKER_TAG=${GITHUB_REGISTRY}/${{ github.repository }}/${DOCKER_SERVICE}:${FULL_GIT_SHA::7}" >> $GITHUB_ENV - echo "DOCKER_FLOATING_TAG=${GITHUB_REGISTRY}/${{ github.repository }}/${DOCKER_SERVICE}:${FLOATING_TAG}" >> $GITHUB_ENV - shell: bash - # Handle Google Artifact Registry used for pull requests off forked repos. - - name: Set up Cloud SDK - if: ${{ (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.full_name != github.repository) }} - uses: isarkis/setup-gcloud@40dce7857b354839efac498d3632050f568090b6 # v1.1.1 - - name: Login to GAR and set tag - if: ${{ (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.full_name != github.repository) }} - run: | - # Need to login to GAR to be able to push images created by fork based PR workflows. - PROJECT_NAME=$(gcloud config get-value project) - METADATA="http://metadata.google.internal./computeMetadata/v1" - SVC_ACCT="${METADATA}/instance/service-accounts/default" - ACCESS_TOKEN=$(curl -H 'Metadata-Flavor: Google' ${SVC_ACCT}/token | cut -d'"' -f 4) - printf ${ACCESS_TOKEN} | docker login -u oauth2accesstoken --password-stdin https://gcr.io - echo "DOCKER_TAG=${GAR_REGISTRY}/${PROJECT_NAME}/${DOCKER_SERVICE}:${FULL_GIT_SHA::7}" >> $GITHUB_ENV - echo "DOCKER_FLOATING_TAG=${GAR_REGISTRY}/${PROJECT_NAME}/${DOCKER_SERVICE}:${FLOATING_TAG}" >> $GITHUB_ENV + - name: Build docker image + id: build-docker-image + uses: ./.github/actions/docker + with: + docker_service: ${{ needs.initialize.outputs.docker_service }} + - name: Set Docker Tag Output + id: set-docker-tag-output shell: bash - # Proceed with docker pull, build, tag, and push. - - name: Docker Pull - run: | - docker pull "${DOCKER_TAG}" || true - docker pull "${DOCKER_FLOATING_TAG}" || true - - name: Docker Build - run: docker compose build ${DOCKER_SERVICE} - - name: Docker Tag - run: | - docker tag ghcr.io/${{ github.repository }}/${DOCKER_SERVICE}:latest ${DOCKER_TAG} - docker tag ghcr.io/${{ github.repository }}/${DOCKER_SERVICE}:latest ${DOCKER_FLOATING_TAG} - - name: Docker Push run: | - docker push ${DOCKER_TAG} - docker push ${DOCKER_FLOATING_TAG} + set -u + echo $DOCKER_TAG + echo "docker_tag=$DOCKER_TAG" | head -n 1 >> $GITHUB_ENV outputs: - docker_tag: ${{ env.DOCKER_TAG }} + docker_tag: ${{ env.docker_tag }} # Runs builds. build: needs: [initialize, docker-build-image] permissions: {} runs-on: [self-hosted, chrobalt-linux-runner] - name: ${{matrix.name}}_${{matrix.config}} + name: ${{ matrix.name }}_${{ matrix.config }} strategy: fail-fast: false matrix: