arcodange-org/docker-build-workflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates for allhands (#3)

Browse Source
This commit is contained in:
Bret Fisher
2022-05-02 15:40:42 -04:00
committed by GitHub
parent 4678180549
commit 1820843fc8
10 changed files with 511 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

205
.github/workflows/reusable-docker-build.yaml vendored Normal file
View File

@@ -0,0 +1,205 @@
---
name: Docker Build and Push
on:
# REUSABLE WORKFLOW with INPUTS
# to keep this workflow simple, assumptions are made:
# - only able to push to Docker Hub and/or GHCR (GHCR by default)
# - Builds on PR with tag of `prNUMBER` (same tag each PR push)
# - Builds on push to main branch with tag of `latest`
# - Builds on tag push with semver
workflow_call:
# allow reuse of this workflow in other repos
inputs:
dockerhub-enable:
description: Log into Docker Hub
required: false
default: false
type: boolean
ghcr-enable:
description: Log into GHCR
required: false
default: true
type: boolean
comment-enable:
description: Create a PR comment with image tags and labels
required: false
default: false
type: boolean
context:
description: Docker context (path) to start build from
required: false
type: string
default: .
file:
description: Dockerfile to build, relative to context path
required: false
type: string
target:
description: Build stage to target
required: false
type: string
platforms:
description: Platforms to build for
required: false
type: string
# common ones: linux/amd64,linux/arm64,linux/arm/v7
default: linux/amd64
# TODO: does this work in calling repos?
image-names:
description: A list of the account/repo names for docker build
required: true
type: string
tag-rules:
# https://github.com/marketplace/actions/docker-metadata-action#tags-input
description: Use docker-metadata action to create tags from a key-value pair list in CSV format
required: true
type: string
default: |
type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }}
type=ref,event=pr
type=ref,event=branch
type=semver,pattern={{version}}
type=raw,value=gha-${{ github.run_id }}
flavor-rules:
# https://github.com/marketplace/actions/docker-metadata-action#flavor-input
description: Three rules to (optionally) set for tag-rules, latest, prefix, and suffix
required: false
type: string
default: |
latest=false
secrets:
dockerhub-username:
description: Docker Hub username
required: false
dockerhub-token:
description: Docker Hub token
required: false
outputs:
image-tags:
description: "all tags from docker build"
value: ${{ jobs.build-image.outputs.image-tags }}
ghcr-tag:
description: "single-use tag for ghcr.io"
value: ${{ jobs.build-image.outputs.ghcr-tag }}
# permissions: GITHUB_TOKEN are better set by the **calling** workflow
# but we'll set defaults here for reference
# https://docs.github.com/en/actions/using-workflows/reusing-workflows#supported-keywords-for-jobs-that-call-a-reusable-workflow
permissions:
contents: read
packages: write # needed to push docker image to ghcr.io
pull-requests: write # needed to create and update comments in PRs
jobs:
build-image:
name: Build+Push
runs-on: ubuntu-latest
outputs:
# all tags from docker build
image-tags: ${{ steps.docker_meta.outputs.tags }}
# only outputs the unique gha- image tag that's unique to each build
ghcr-tag: ${{ steps.ghcr-tag.outputs.tag }}
steps:
-
name: Checkout
uses: actions/checkout@v3
-
# we need qemu and buildx so we can build multiple platforms later
name: Set up QEMU
id: qemu
uses: docker/setup-qemu-action@v1
-
# BuildKit (used with `docker buildx`) is the best way to build images
name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
if: inputs.dockerhub-enable
uses: docker/login-action@v1
with:
username: ${{ secrets.dockerhub-username }}
password: ${{ secrets.dockerhub-token }}
-
name: Login to GHCR
if: inputs.ghcr-enable
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Docker meta
id: docker_meta
uses: docker/metadata-action@v3
with:
# list of Docker images to use as base name for tags
images: ${{ inputs.image-names }}
flavor: ${{ inputs.flavor-rules }}
tags: ${{ inputs.tag-rules }}
-
# this will build the images, once per platform,
# then push to one or more registries (based on image list above in docker_meta)
name: Docker Build and Push
id: build_image
uses: docker/build-push-action@v2
with:
platforms: ${{ inputs.platforms }}
context: ${{ inputs.context }}
file: ${{ inputs.file }}
target: ${{ inputs.target }}
builder: ${{ steps.buildx.outputs.name }}
# it uses github cache API for faster builds:
# https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#cache-backend-api
cache-from: type=gha
cache-to: type=gha,mode=max
push: true
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
-
# If PR, put image tags in the PR comments
# from https://github.com/marketplace/actions/create-or-update-comment
name: Find comment for image tags
uses: peter-evans/find-comment@v1
if: github.event_name == 'pull_request' && inputs.comment-enable
id: fc
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: Docker image tag(s) pushed
# If PR, put image tags in the PR comments
- name: Create or update comment for image tags
uses: peter-evans/create-or-update-comment@v1
if: github.event_name == 'pull_request' && inputs.comment-enable
with:
comment-id: ${{ steps.fc.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
body: |
Docker image tag(s) pushed:
```text
${{ steps.docker_meta.outputs.tags }}
```
Labels added to images:
```text
${{ steps.docker_meta.outputs.labels }}
```
edit-mode: replace
- name: Find the gha-run-based image tag we just pushed to ghcr.io
id: ghcr-tag
run: |
echo '::echo::on'
echo "::set-output name=tag::gha-${{ github.run_id }}"