Skip to content

Commit 47c5285

Browse files
WyriHaximusWyriHaximus
authored
Merge pull request #32 from WyriHaximusNet/introduce-improve-ci-with-multi-arch-builds
Introduce improve CI with multi arch builds
2 parents d240b27 + d3883d6 commit 47c5285

File tree

1 file changed

+132
-13
lines changed

1 file changed

+132
-13
lines changed

.github/workflows/ci.yml

Lines changed: 132 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,150 @@
11
name: Continuous Integration
22
env:
33
DOCKER_IMAGE: wyrihaximusnet/kubernetes-redis-db-assignment-operator
4-
DOCKER_BUILDKIT: 1
54
on:
65
push:
7-
branches:
8-
- master
9-
pull_request:
6+
schedule:
7+
- cron: '0 0 * * 0'
108
jobs:
11-
lint:
9+
supported-arch-matrix:
10+
name: Supported processor architectures
1211
runs-on: ubuntu-latest
13-
strategy:
14-
fail-fast: false
12+
needs:
13+
- lint-dockerfile
14+
outputs:
15+
arch: ${{ steps.supported-arch-matrix.outputs.arch }}
1516
steps:
16-
- uses: actions/checkout@v2
17+
- uses: actions/checkout@v4
18+
- id: supported-arch-matrix
19+
name: Generate Arch
20+
run: |
21+
echo "arch=[\"linux/amd64\",\"linux/arm64\"]" >> $GITHUB_OUTPUT
22+
lint-dockerfile:
23+
name: Lint Dockerfile
24+
runs-on: ubuntu-latest
25+
steps:
26+
- uses: actions/checkout@v4
1727
- name: Lint Dockerfile
1828
uses: docker://hadolint/hadolint:latest-debian
1929
with:
2030
entrypoint: hadolint
21-
args: Dockerfile
22-
build:
31+
args: ./Dockerfile
32+
build-docker-image:
33+
name: Build ${{ matrix.platform }} image
34+
strategy:
35+
fail-fast: false
36+
matrix:
37+
platform: ${{ fromJson(needs.supported-arch-matrix.outputs.arch) }}
2338
needs:
24-
- lint
39+
- supported-arch-matrix
40+
- lint-dockerfile
2541
runs-on: ubuntu-latest
42+
steps:
43+
- name: Prepare
44+
run: |
45+
platform=${{ matrix.platform }}
46+
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
47+
- name: Docker meta
48+
id: meta
49+
uses: docker/metadata-action@v5
50+
with:
51+
images: ${{ env.REGISTRY_IMAGE }}
52+
- name: Set up QEMU
53+
uses: docker/setup-qemu-action@v3
54+
- name: Set up Docker Buildx
55+
uses: docker/setup-buildx-action@v3
56+
- uses: actions/checkout@v4
57+
- run: mkdir ./docker-image
58+
- run: docker image build --platform=${{ matrix.platform }} --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` --build-arg VCS_REF=`git rev-parse --short HEAD` -t "${DOCKER_IMAGE}:${{ env.PLATFORM_PAIR }}" --no-cache .
59+
- run: docker save "${DOCKER_IMAGE}:${{ env.PLATFORM_PAIR }}" -o ./docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar
60+
- uses: actions/upload-artifact@v4
61+
with:
62+
name: docker-image-${{ env.PLATFORM_PAIR }}
63+
path: ./docker-image
64+
scan-vulnerability:
65+
name: Scan for vulnerabilities (${{ matrix.platform }})
2666
strategy:
2767
fail-fast: false
68+
matrix:
69+
platform: ${{ fromJson(needs.supported-arch-matrix.outputs.arch) }}
70+
needs:
71+
- supported-arch-matrix
72+
- build-docker-image
73+
runs-on: ubuntu-latest
74+
steps:
75+
- name: Prepare
76+
run: |
77+
platform=${{ matrix.platform }}
78+
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
79+
- uses: actions/checkout@v4
80+
- uses: actions/download-artifact@v4
81+
with:
82+
name: docker-image-${{ env.PLATFORM_PAIR }}
83+
path: /tmp/docker-image
84+
- run: docker load --input /tmp/docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar
85+
- run: rm -Rf /tmp/docker-image/
86+
- run: echo -e "${{ env.DOCKER_IMAGE }}:${{ env.PLATFORM_PAIR }}" | xargs -I % sh -c 'docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress --format table %'
87+
push-image:
88+
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
89+
name: Push
90+
needs:
91+
- supported-arch-matrix
92+
- scan-vulnerability
93+
runs-on: ubuntu-latest
94+
services:
95+
registry:
96+
image: registry:2
97+
ports:
98+
- 5000:5000
2899
steps:
29-
- uses: actions/checkout@v2
30-
- run: docker build . -t "${DOCKER_IMAGE}:ci-latest"
100+
- name: Get Time
101+
id: time
102+
uses: nanzm/get-time-action@v2.0
103+
with:
104+
format: 'YYYY.MM.DD'
105+
- name: Set up QEMU
106+
uses: docker/setup-qemu-action@v3
107+
- name: Set up Docker Buildx
108+
uses: docker/setup-buildx-action@v3
109+
with:
110+
driver-opts: network=host
111+
- uses: actions/download-artifact@v4
112+
with:
113+
pattern: docker-image-*
114+
path: /tmp/docker-image
115+
merge-multiple: true
116+
- run: ls -lasth /tmp/docker-image/
117+
- run: |
118+
for f in /tmp/docker-image/docker_image-*.tar; do
119+
docker load --input $f
120+
done
121+
- run: rm -Rf /tmp/docker-image/
122+
- run: docker images
123+
- run: |
124+
archs=${{ join(fromJson(needs.supported-arch-matrix.outputs.arch), ',') }}
125+
for arch in ${archs//,/ }
126+
do
127+
docker tag "${{ env.DOCKER_IMAGE }}:${arch//\//-}" "localhost:5000/${{ env.DOCKER_IMAGE }}:${arch//\//-}"
128+
docker push "localhost:5000/${{ env.DOCKER_IMAGE }}:${arch//\//-}"
129+
done
31130
- run: docker images
131+
- name: Login to GitHub Container Registry
132+
if: github.event_name != 'pull_request'
133+
uses: docker/login-action@v3
134+
with:
135+
registry: ghcr.io
136+
username: ${{ github.actor }}
137+
password: ${{ secrets.GHCR_TOKEN }}
138+
- name: Docker info
139+
run: docker info
140+
- name: Create merge Dockerfile
141+
run: echo "FROM localhost:5000/${{ env.DOCKER_IMAGE }}:\${TARGETOS}-\${TARGETARCH}" >> docker-file-${{ matrix.registry }}-wyrihaximusnet-github-action-runner
142+
- run: cat docker-file-${{ matrix.registry }}-wyrihaximusnet-github-action-runner
143+
- name: Merged different arch images into one
144+
uses: docker/build-push-action@v6
145+
with:
146+
push: ${{ github.event_name != 'pull_request' }}
147+
context: .
148+
file: docker-file-${{ matrix.registry }}-wyrihaximusnet-github-action-runner
149+
tags: ghcr.io/${{ env.DOCKER_IMAGE }}:latest,ghcr.io/${{ env.DOCKER_IMAGE }}:${{ steps.time.outputs.time }}
150+
platforms: ${{ join(fromJson(needs.supported-arch-matrix.outputs.arch), ',') }}

0 commit comments

Comments
 (0)