CTSRD-CHERI · arichardson · Dec 1, 2025 · Dec 2, 2025 · Dec 3, 2025 · Dec 3, 2025
diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
@@ -0,0 +1,102 @@
+name: Build and Package
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ "main", "dev", "github-action-docker-image" ]
+
+jobs:
+  build_docker_image:
+    name: Build Docker Image for CI
+    if: github.repository_owner == 'CTSRD-CHERI'
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: write
+      checks: write
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Install Dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y ninja-build cmake build-essential lld
+
+    - name: ccache
+      uses: hendrikmuhs/[email protected]
+
+    - name: Configure CMake
+      run: |
+        # Build a minimal version of LLVM with features we do not need disabled
+        cmake -G Ninja -S llvm -B build \
+          -DLLVM_ENABLE_ASSERTIONS=TRUE \
+          -DCMAKE_BUILD_TYPE=Release \
+          -DCMAKE_INSTALL_PREFIX=/usr/local \
+          -DLLVM_ENABLE_PROJECTS="clang;lld" \
+          -DLLVM_TARGETS_TO_BUILD="all" \
+          -DLLVM_CCACHE_BUILD=TRUE \
+          -DLLVM_ENABLE_LLD=TRUE \
+          -DCLANG_ENABLE_STATIC_ANALYZER=FALSE -DCLANG_ENABLE_ARCMT=FALSE -DLLVM_ENABLE_Z3_SOLVER=FALSE \
+          -DLLVM_TOOL_LLVM_MCA_BUILD=FALSE -DLLVM_TOOL_LLVM_EXEGESIS_BUILD=FALSE -DLLVM_TOOL_LLVM_RC_BUILD=FALSE \
+          -DLLVM_LIT_ARGS="-v --xunit-xml-output=test-results.xml"
+
+    - name: Build
+      run: |
+        df -h
+        cmake --build build
+        df -h
+
+    - name: Run Tests
+      run: |
+        cmake --build build --target check-all
+        df -h
+
+    - name: Publish Test Results
+      uses: EnricoMi/publish-unit-test-result-action@v2
+      if: always()
+      with:
+        files: build/test-results.xml
+
+    - name: Install
+      run: |
+        DESTDIR=$GITHUB_WORKSPACE/install cmake --install build
+        df -h
+
+    - name: Create Dockerfile
+      run: |
+        cat <<EOF > Dockerfile
+        FROM ubuntu:24.04
+        COPY --chown=root install/usr/local /usr/local
+        EOF
+
+    - name: Prepare Docker Metadata
+      run: |
+        IMAGE_ID=ghcr.io/${{ github.repository }}
+        # Change all uppercase to lowercase
+        IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+        # Sanitize branch name for use as a docker tag (replace / with -)
+        TAG_NAME=$(echo "${{ github.ref_name }}" | tr '/' '-')
+        echo "IMAGE_ID=$IMAGE_ID" >> $GITHUB_ENV
+        echo "TAG_NAME=$TAG_NAME" >> $GITHUB_ENV
+
+    - name: Build Docker Image
+      run: |
+        # Free up disk space so that the docker build can succeed
+        rm -rf build
+        df -h
+        echo "Building $IMAGE_ID:$TAG_NAME"
+        docker build -t $IMAGE_ID:$TAG_NAME .
+        df -h
+
+    - name: Log in to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Push Docker Image
+      run: |
+        echo "Pushing $IMAGE_ID:$TAG_NAME"
+        docker push $IMAGE_ID:$TAG_NAME