don’t pass commas or JSON to --set #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: docker-compose-ci | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ["master"] | |
| tags: ["v*.*.*"] | |
| pull_request: | |
| branches: ["master"] | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| concurrency: | |
| group: docker-compose-ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| REPO_SLUG: centralized-logging | |
| DOCKERHUB_NAMESPACE: "" # optional mirroring | |
| PLATFORMS: linux/amd64,linux/arm64 | |
| jobs: | |
| images: | |
| name: Build and Push Images (GHCR) | |
| runs-on: ubuntu-latest | |
| if: > | |
| github.event_name == 'workflow_dispatch' || | |
| startsWith(github.ref, 'refs/heads/master') || | |
| startsWith(github.ref, 'refs/tags/v') | |
| env: | |
| DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: { fetch-depth: 0 } | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Build *lines* of overrides like: | |
| # userapi.tags=ghcr.io/...:edge | |
| # userapi.tags=ghcr.io/...:latest | |
| - name: Compute tag override lines | |
| id: tags | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| OWNER_LC="${GITHUB_REPOSITORY_OWNER,,}" | |
| REPO_SLUG="${REPO_SLUG}" | |
| REF="${GITHUB_REF}" | |
| add_tags_lines() { | |
| local svc="$1"; shift | |
| local -a tags=( "$@" ) | |
| for t in "${tags[@]}"; do | |
| printf '%s.tags=%s\n' "$svc" "$t" | |
| done | |
| } | |
| user_tags=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/userapi:edge" ) | |
| api_tags=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/api:edge" ) | |
| web_tags=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/web:edge" ) | |
| if [[ "$REF" == "refs/heads/master" ]]; then | |
| user_tags+=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/userapi:latest" ) | |
| api_tags+=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/api:latest" ) | |
| web_tags+=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/web:latest" ) | |
| fi | |
| if [[ "$REF" == refs/tags/v* ]]; then | |
| ver="${REF#refs/tags/}" # vX.Y.Z | |
| short="${ver#v}" # X.Y.Z | |
| minor="${short%.*}" # X.Y | |
| user_tags+=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/userapi:${ver}" "ghcr.io/${OWNER_LC}/${REPO_SLUG}/userapi:${minor}" ) | |
| api_tags+=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/api:${ver}" "ghcr.io/${OWNER_LC}/${REPO_SLUG}/api:${minor}" ) | |
| web_tags+=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/web:${ver}" "ghcr.io/${OWNER_LC}/${REPO_SLUG}/web:${minor}" ) | |
| fi | |
| user_lines="$(add_tags_lines userapi "${user_tags[@]}")" | |
| api_lines="$(add_tags_lines api "${api_tags[@]}")" | |
| web_lines="$(add_tags_lines web "${web_tags[@]}")" | |
| { | |
| echo "user_set<<EOF" | |
| echo "${user_lines}" | |
| echo "EOF" | |
| echo "api_set<<EOF" | |
| echo "${api_lines}" | |
| echo "EOF" | |
| echo "web_set<<EOF" | |
| echo "${web_lines}" | |
| echo "EOF" | |
| } >> "$GITHUB_OUTPUT" | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: (Optional) Login to Docker Hub | |
| if: ${{ env.DOCKERHUB_NAMESPACE != '' && env.DOCKERHUB_USERNAME != '' && env.DOCKERHUB_TOKEN != '' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.DOCKERHUB_USERNAME }} | |
| password: ${{ env.DOCKERHUB_TOKEN }} | |
| - name: Restore build cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Bake and Push (multi-arch) | |
| uses: docker/bake-action@v5 | |
| with: | |
| files: ./docker-bake.hcl | |
| push: true | |
| set: | | |
| *.platform=${{ env.PLATFORMS }} | |
| *.cache-from=type=local,src=/tmp/.buildx-cache | |
| *.cache-to=type=local,dest=/tmp/.buildx-cache-new,mode=max | |
| *.labels.org.opencontainers.image.revision=${{ github.sha }} | |
| ${{ steps.tags.outputs.user_set }} | |
| ${{ steps.tags.outputs.api_set }} | |
| ${{ steps.tags.outputs.web_set }} | |
| - name: Save build cache | |
| if: always() | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| - name: Mirror to Docker Hub (optional) | |
| if: ${{ env.DOCKERHUB_NAMESPACE != '' && env.DOCKERHUB_USERNAME != '' && env.DOCKERHUB_TOKEN != '' }} | |
| run: | | |
| set -euo pipefail | |
| mirror() { local svc="$1"; shift; while read -r line; do | |
| img="${line#*=}" # take rhs after '=' | |
| tag="${img##*:}" | |
| hub="${DOCKERHUB_NAMESPACE}/${REPO_SLUG}-${svc}:${tag}" | |
| echo "Mirroring $img -> $hub" | |
| docker pull "$img" | |
| docker tag "$img" "$hub" | |
| docker push "$hub" | |
| done; } | |
| # reuse the same lines we fed to bake | |
| awk -F= '/^userapi\.tags=/{print}' <<<"${{ steps.tags.outputs.user_set }}" | mirror userapi | |
| awk -F= '/^api\.tags=/{print}' <<<"${{ steps.tags.outputs.api_set }}" | mirror api | |
| awk -F= '/^web\.tags=/{print}' <<<"${{ steps.tags.outputs.web_set }}" | mirror web |