feat(sync): implement state-based bootstrap detection to resolve gene… #498
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - development | |
| - 'feature/**' | |
| - 'AN-*' | |
| tags: [ 'v*.*.*' ] | |
| pull_request: | |
| branches: [ "main", "development", "feature/v2-network" ] | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build: | |
| # Select native arch runners per matrix entry | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - arch: amd64 | |
| runs_on: ubuntu-22.04 | |
| platform: linux/amd64 | |
| - arch: arm64 | |
| runs_on: ubuntu-22.04-arm | |
| platform: linux/arm64 | |
| runs-on: ${{ matrix.runs_on }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Normalize image name to lowercase | |
| run: echo "IMAGE_NAME_LOWER=${IMAGE_NAME,,}" >> $GITHUB_ENV | |
| - name: Normalize image name to lowercase | |
| run: echo "IMAGE_NAME_LOWER=${IMAGE_NAME,,}" >> $GITHUB_ENV | |
| # Buildx is still used, but no emulation needed since runners are native | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LOWER }} | |
| - name: Build and push by digest (${{ matrix.platform }}) | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./etc/Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| platforms: ${{ matrix.platform }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LOWER }},push-by-digest=true | |
| - name: Export digest | |
| if: ${{ github.event_name != 'pull_request' }} | |
| run: | | |
| mkdir -p /tmp/digests | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "/tmp/digests/${digest#sha256:}" | |
| echo "PLATFORM_SLUG=$(echo '${{ matrix.platform }}' | tr '/' '-')" >> $GITHUB_ENV | |
| - name: Upload digest | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: digests-${{ env.PLATFORM_SLUG }} | |
| path: /tmp/digests/* | |
| merge: | |
| if: ${{ github.event_name != 'pull_request' }} | |
| needs: build | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Normalize image name to lowercase | |
| run: echo "IMAGE_NAME_LOWER=${IMAGE_NAME,,}" >> $GITHUB_ENV | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Download digests | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: digests-* | |
| path: /tmp/digests | |
| merge-multiple: true | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LOWER }} | |
| - name: Create and push multi-arch manifest | |
| run: | | |
| tags="${{ steps.meta.outputs.tags }}" | |
| for tag in $tags; do | |
| args="" | |
| for file in /tmp/digests/*; do | |
| args="$args ${tag}@sha256:$(basename "$file")" | |
| done | |
| docker buildx imagetools create -t "$tag" $args | |
| done | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@v3.5.0 | |
| - name: Sign the published Docker images | |
| env: | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| run: echo "${TAGS}" | xargs -I {} cosign sign --yes {} |