cabuild/.github/workflows/containers.yml at main · bus1/cabuild · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
#
# Container Images
#
# This workflow builds all container images on every PR and Push that modifies
# relevant paths. It verifies that the images can be built successfully, and
# then possibly runs tests to verify their correct behavior.
#
# If triggered by the deploy-hooks, the built images will be pushed out to
# the configured registries.
#

name: "Container Images"

on:
  pull_request:
    paths:
    - ".github/workflows/containers.yml"
    - "lib/containers/**"
  push:
    branches-ignore: ["pr/**"]
    tags: ["**"]
    paths:
    - ".github/workflows/containers.yml"
    - "lib/containers/**"
  workflow_dispatch:
    inputs:
      target:
        description: "Container Target"
        required: true
        default: "all-images"

defaults:
  run:
    shell: "bash"
    working-directory: "./lib/containers"

jobs:
  #
  # Configure Jobs
  #
  # This job prepares parameters for the further builds. Amongst other things,
  # it list all targets and provides this output as JSON array to other
  # jobs. This allows us to dynamically react to additions to the image list
  # and create new jobs for each image.
  #
  # Note that we have to split image builds across jobs since the individual
  # CI runners do not have enough disk capacity to build all images.
  #
  config:
    name: "Job Configuration"
    runs-on: ubuntu-latest
    outputs:
      deploy: ${{ steps.parameters.outputs.deploy }}
      images: ${{ steps.parameters.outputs.images }}
      now: ${{ steps.parameters.outputs.now }}
    steps:
    - name: "Clone Repository"
      uses: actions/checkout@v3
    - name: "Determine Build Parameters"
      id: parameters
      env:
        CTX_GITHUB_EVENT_NAME: ${{ github.event_name }}
        CTX_GITHUB_EVENT_INPUTS_TARGET: ${{ github.event.inputs.target }}
        IMG_DEPLOY: no
        IMG_TARGET: all-images
      run: |
        if [[ "${CTX_GITHUB_EVENT_NAME}" = "workflow_dispatch" ]] ; then
          IMG_DEPLOY="yes"
          IMG_TARGET=${CTX_GITHUB_EVENT_INPUTS_TARGET}
        fi

        echo "deploy=${IMG_DEPLOY}" >>$GITHUB_OUTPUT
        echo "images=$(docker buildx bake --print "${IMG_TARGET}" | jq -ce ".target | keys")" >>$GITHUB_OUTPUT
        echo "now=$(date -u '+%Y%m%d%H%M')" >>$GITHUB_OUTPUT
    - name: "Print Parameters"
      env:
        CTX_STEPS_PARAMETERS_OUTPUTS_DEPLOY: ${{ steps.parameters.outputs.deploy }}
        CTX_STEPS_PARAMETERS_OUTPUTS_IMAGES: ${{ steps.parameters.outputs.images }}
        CTX_STEPS_PARAMETERS_OUTPUTS_NOW: ${{ steps.parameters.outputs.now }}
      run: |
        echo "Deploy: ${CTX_STEPS_PARAMETERS_OUTPUTS_DEPLOY}"
        echo "Images:"
        echo "${CTX_STEPS_PARAMETERS_OUTPUTS_IMAGES}" | jq .
        echo "End of Images"
        echo "Now: ${CTX_STEPS_PARAMETERS_OUTPUTS_NOW}"

  #
  # Build/Test Images
  #
  # This job is run for each image-target. It builds the image locally and then
  # runs configured tests (if any).
  #
  ci:
    name: "Image Build/Test"
    runs-on: ubuntu-latest
    needs: config
    permissions:
      packages: write
    strategy:
      fail-fast: false
      matrix:
        image: ${{ fromJson(needs.config.outputs.images) }}
    env:
      CAB_UNIQUEID: ${{ needs.config.outputs.now }}
    steps:
    - name: "Clean up Disk Space"
      working-directory: "."
      run: |
        df -h
        sudo rm -rf \
          /opt/ghc \
          /opt/hostedtoolcache/CodeQL \
          /usr/local/lib/android \
          /usr/share/dotnet
        sudo docker image prune --all --force
        sudo docker builder prune -a
        df -h

    - name: "Clone Repository"
      uses: actions/checkout@v3

    - name: "Prepare QEMU Emulators"
      uses: docker/setup-qemu-action@v2
    - name: "Prepare Docker Buildx"
      id: buildx
      uses: docker/setup-buildx-action@v2

    - name: "Build Image"
      env:
        IMG_TARGET: ${{ matrix.image }}
      run: docker buildx bake --load "${IMG_TARGET}"

    - name: "Authenticate to GHCR"
      if: ${{ needs.config.outputs.deploy == 'yes' }}
      uses: docker/login-action@v2
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}

    - name: "Deploy Image"
      if: ${{ needs.config.outputs.deploy == 'yes' }}
      env:
        IMG_TARGET: ${{ matrix.image }}
      run: |
        docker buildx bake --print "${IMG_TARGET}" | \
            jq -cer '.target[].tags[] | select(test("^ghcr.io"))' | \
            xargs -L1 -- docker push