Skip to content
Docker

fix(sync): replace tokio::sync::RwLock with std::sync::RwLock for Act… #501

Sign in to view logs

fix(sync): replace tokio::sync::RwLock with std::sync::RwLock for Act…

fix(sync): replace tokio::sync::RwLock with std::sync::RwLock for Act… #501

Workflow file for this run

.github/workflows/docker-publish.yml at 20cab1a
name: Docker
on:
push:
branches:
- main
- development
- 'feature/**'
- 'AN-*'
tags: [ 'v*.*.*' ]
pull_request:
branches: [ "main", "development", "feature/v2-network" ]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
# Select native arch runners per matrix entry
strategy:
fail-fast: false
matrix:
include:
- arch: amd64
runs_on: ubuntu-22.04
platform: linux/amd64
- arch: arm64
runs_on: ubuntu-22.04-arm
platform: linux/arm64
runs-on: ${{ matrix.runs_on }}
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Normalize image name to lowercase
run: echo "IMAGE_NAME_LOWER=${IMAGE_NAME,,}" >> $GITHUB_ENV
- name: Normalize image name to lowercase
run: echo "IMAGE_NAME_LOWER=${IMAGE_NAME,,}" >> $GITHUB_ENV
# Buildx is still used, but no emulation needed since runners are native
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LOWER }}
- name: Build and push by digest (${{ matrix.platform }})
id: build
uses: docker/build-push-action@v6
with:
context: .
file: ./etc/Dockerfile
push: ${{ github.event_name != 'pull_request' }}
platforms: ${{ matrix.platform }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LOWER }},push-by-digest=true
- name: Export digest
if: ${{ github.event_name != 'pull_request' }}
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
echo "PLATFORM_SLUG=$(echo '${{ matrix.platform }}' | tr '/' '-')" >> $GITHUB_ENV
- name: Upload digest
if: ${{ github.event_name != 'pull_request' }}
uses: actions/upload-artifact@v4
with:
name: digests-${{ env.PLATFORM_SLUG }}
path: /tmp/digests/*
merge:
if: ${{ github.event_name != 'pull_request' }}
needs: build
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Normalize image name to lowercase
run: echo "IMAGE_NAME_LOWER=${IMAGE_NAME,,}" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Download digests
uses: actions/download-artifact@v4
with:
pattern: digests-*
path: /tmp/digests
merge-multiple: true
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LOWER }}
- name: Create and push multi-arch manifest
run: |
tags="${{ steps.meta.outputs.tags }}"
for tag in $tags; do
args=""
for file in /tmp/digests/*; do
args="$args ${tag}@sha256:$(basename "$file")"
done
docker buildx imagetools create -t "$tag" $args
done
- name: Install cosign
uses: sigstore/cosign-installer@v3.5.0
- name: Sign the published Docker images
env:
TAGS: ${{ steps.meta.outputs.tags }}
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}