♻️,🏋 Build an image and upload to ghcr #18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "♻️,🏋 Build an image and upload to ghcr" | |
| on: | |
| workflow_call: | |
| inputs: | |
| version: | |
| required: true | |
| type: string | |
| description: 'clams-python SDK version' | |
| buildfilename: | |
| required: true | |
| type: string | |
| description: 'name of the container build file to use' | |
| ref: | |
| required: false | |
| type: string | |
| description: 'git ref to checkout (defaults to version)' | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| required: true | |
| type: string | |
| description: 'clams-python SDK version' | |
| buildfilename: | |
| required: true | |
| type: string | |
| description: 'name of the container build file to use' | |
| ref: | |
| required: false | |
| type: string | |
| description: 'git ref to checkout (defaults to version)' | |
| env: | |
| REGISTRY: ghcr.io | |
| jobs: | |
| build: | |
| name: "🐳 Build (${{ matrix.platform }})" | |
| runs-on: ${{ matrix.runner }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - platform: linux/amd64 | |
| runner: ubuntu-latest | |
| - platform: linux/arm64 | |
| runner: ubuntu-24.04-arm | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: "🔧 Prepare" | |
| id: prepare | |
| run: | | |
| platform=${{ matrix.platform }} | |
| echo "pair=${platform//\//-}" >> $GITHUB_OUTPUT | |
| slug=$(echo "${{ inputs.buildfilename }}" | sed 's|[^a-zA-Z0-9]|-|g; s/^-*//; s/-*$//') | |
| echo "slug=${slug}" >> $GITHUB_OUTPUT | |
| - name: "🛍️ Checkout repository" | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref || inputs.version }} | |
| - name: "👷 Set up Docker Buildx" | |
| uses: docker/setup-buildx-action@v3 | |
| - name: "🏷 Prepare OCI annotations" | |
| id: getlabels | |
| run: | | |
| EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
| echo "EXISTING_LABELS<<$EOF" >> $GITHUB_ENV | |
| cat ${{ inputs.buildfilename }} | grep LABEL | sed -E 's/^LABEL\s+([^=]+)="?(.+)("|$)/\1=\2/g' >> $GITHUB_ENV | |
| echo "$EOF" >> $GITHUB_ENV | |
| echo $EXISTING_LABELS | |
| - name: "🏷 Get image build context" | |
| id: getcontext | |
| run: | | |
| echo "CONTEXT=$(dirname ${{ inputs.buildfilename }})" >> $GITHUB_ENV | |
| - name: "🏷 Get image name suffix" | |
| id: getsuffix | |
| run: | | |
| export filename=$(basename ${{ inputs.buildfilename }}) | |
| export nameonly="${filename%.*}" | |
| if [ ${nameonly} == ${filename} ]; then echo "SUFFIX=" >> $GITHUB_ENV ; else echo "SUFFIX=-${nameonly}" >> $GITHUB_ENV; fi | |
| - name: "🏷 Prepare docker labels" | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ github.repository }}${{ env.SUFFIX }} | |
| labels: | | |
| ${{ env.EXISTING_LABELS }} | |
| - name: "🔏 Log in to registry" | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "🏗 Build and push by digest" | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ${{ env.CONTEXT }} | |
| platforms: ${{ matrix.platform }} | |
| file: ${{ inputs.buildfilename }} | |
| labels: ${{ env.DOCKER_METADATA_OUTPUT_LABELS }} | |
| build-args: | | |
| clams_version=${{ inputs.version }} | |
| outputs: type=image,"name=${{ env.REGISTRY }}/${{ github.repository }}${{ env.SUFFIX }}",push-by-digest=true,name-canonical=true,push=true | |
| - name: "📤 Export digest" | |
| run: | | |
| mkdir -p /tmp/digests | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "/tmp/digests/${digest#sha256:}" | |
| - name: "📦 Upload digest" | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: digests-${{ steps.prepare.outputs.slug }}-${{ steps.prepare.outputs.pair }} | |
| path: /tmp/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| merge: | |
| name: "🔗 Create multi-platform manifest" | |
| runs-on: ubuntu-latest | |
| needs: build | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: "🔧 Prepare" | |
| id: prepare | |
| run: | | |
| slug=$(echo "${{ inputs.buildfilename }}" | sed 's|[^a-zA-Z0-9]|-|g; s/^-*//; s/-*$//') | |
| echo "slug=${slug}" >> $GITHUB_OUTPUT | |
| - name: "🏷 Get image name suffix" | |
| id: getsuffix | |
| run: | | |
| export filename=$(basename ${{ inputs.buildfilename }}) | |
| export nameonly="${filename%.*}" | |
| if [ ${nameonly} == ${filename} ]; then echo "SUFFIX=" >> $GITHUB_ENV ; else echo "SUFFIX=-${nameonly}" >> $GITHUB_ENV; fi | |
| - name: "📥 Download digests" | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: /tmp/digests | |
| pattern: digests-${{ steps.prepare.outputs.slug }}-* | |
| merge-multiple: true | |
| - name: "👷 Set up Docker Buildx" | |
| uses: docker/setup-buildx-action@v3 | |
| - name: "🏷 Prepare docker tags" | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ github.repository }}${{ env.SUFFIX }} | |
| tags: | | |
| type=pep440,pattern={{version}},value=${{ inputs.version }} | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| - name: "🔏 Log in to registry" | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "🔗 Create manifest list and push" | |
| working-directory: /tmp/digests | |
| run: | | |
| docker buildx imagetools create \ | |
| $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(printf '${{ env.REGISTRY }}/${{ github.repository }}${{ env.SUFFIX }}@sha256:%s ' *) |