Update all dependencies #1322
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| build: | |
| name: build | |
| permissions: | |
| contents: read | |
| packages: write | |
| strategy: | |
| matrix: | |
| image: | |
| - "abc-base:8.3" | |
| - "abc-base:8.4" | |
| - "abc-base:8.4-frankenphp" | |
| - "abc-base:8.5" | |
| - "abc-base:8.5-frankenphp" | |
| arch: | |
| - amd64 | |
| - arm64 | |
| include: | |
| - arch: amd64 | |
| runner: ubuntu-latest | |
| - arch: arm64 | |
| runner: ubuntu-24.04-arm | |
| runs-on: "${{ matrix.runner }}" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| - name: Prepare | |
| id: cfg | |
| run: | | |
| echo "image_repo=$(cut -d: -f1 <<< '${{ matrix.image }}')" >> $GITHUB_ENV | |
| echo "image_tag=$(cut -d: -f2 <<< '${{ matrix.image }}')" >> $GITHUB_ENV | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 | |
| - name: Login to GitHub | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Login to DockerHub | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and push | |
| id: build | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 | |
| with: | |
| context: "./${{ env.image_repo }}/${{ env.image_tag }}/" | |
| platforms: linux/${{ matrix.arch }} | |
| tags: | | |
| ghcr.io/angrybytes/${{ env.image_repo }} | |
| angrybytes/${{ env.image_repo }} | |
| pull: true | |
| outputs: "type=image,push-by-digest=true,name-canonical=true,push=${{ github.event_name == 'push' }}" | |
| cache-from: "type=registry,ref=ghcr.io/angrybytes/${{ matrix.image }}" | |
| cache-to: "type=inline" | |
| env: | |
| SOURCE_DATE_EPOCH: "0" | |
| BUILDX_NO_DEFAULT_ATTESTATIONS: "1" | |
| - name: Export digest | |
| run: | | |
| digests_dir="${{ runner.temp }}/digests/$image_repo/$image_tag" | |
| mkdir -p "$digests_dir" | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "$digests_dir/${digest#sha256:}" | |
| - name: Upload digest | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | |
| with: | |
| name: "digests-${{ env.image_repo }}-${{ env.image_tag }}-${{ matrix.arch }}" | |
| path: "${{ runner.temp }}/digests/" | |
| if-no-files-found: error | |
| retention-days: 1 | |
| merge: | |
| needs: [build] | |
| if: "${{ github.event_name == 'push' }}" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download digests | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 | |
| with: | |
| path: "${{ runner.temp }}/digests" | |
| pattern: "digests-*" | |
| merge-multiple: true | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 | |
| - name: Login to GitHub | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Login to DockerHub | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Create manifest list and push | |
| working-directory: "${{ runner.temp }}/digests" | |
| run: | | |
| for subdir in */*; do | |
| echo "::group::Processing $subdir" | |
| pushd "$subdir" | |
| image_repo="$(cut -d/ -f1 <<< "$subdir")" | |
| image_tag="$(cut -d/ -f2 <<< "$subdir")" | |
| # Push to GitHub Packages and docker.io | |
| for repo_base in ghcr.io/angrybytes angrybytes; do | |
| image_fullrepo="$repo_base/$image_repo" | |
| image_fullname="$image_fullrepo:$image_tag" | |
| echo "-- Pushing to $image_fullname" | |
| # Don't create a new manifest if nothing changed. | |
| new_hashes="$( | |
| echo * \ | |
| | sort | xargs printf 'sha256:%s ' | |
| )" | |
| old_hashes="$( | |
| (docker buildx imagetools inspect --raw "$image_fullname" || echo '{"manifests":[]}') \ | |
| | jq -r '.manifests[] | select(.platform.os != "unknown") | .digest' \ | |
| | sort | xargs printf '%s ' | |
| )" | |
| if [[ "$new_hashes" == "$old_hashes" ]]; then | |
| echo "No change" | |
| else | |
| docker buildx imagetools create -t "$image_fullname" $(printf "$image_fullrepo@sha256:%s " *) | |
| docker buildx imagetools inspect "$image_fullname" | |
| fi | |
| done | |
| popd | |
| echo "::endgroup::" | |
| done |