forked from alchemydc/z3
-
Notifications
You must be signed in to change notification settings - Fork 9
151 lines (140 loc) · 5.5 KB
/
sub-build-docker-image.yaml
File metadata and controls
151 lines (140 loc) · 5.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# This workflow automates the building and pushing of Docker images based on user-defined inputs. It includes:
# - Accepting various inputs like image name, Dockerfile path, target, and additional Rust-related parameters.
# - Authenticates with GitHub Container Registry.
# - Uses Docker Buildx for improved build performance and caching.
# - Builds the Docker image and pushes it to GitHub Container Registry.
# TODO: Manages caching strategies to optimize build times across different branches.
name: Build docker image
on:
workflow_call:
inputs:
repository:
required: true
type: string
ref:
required: true
type: string
image_name:
required: true
type: string
dockerfile_path:
required: true
type: string
dockerfile_target:
required: true
type: string
short_sha:
required: false
type: string
rust_backtrace:
required: false
type: string
rust_lib_backtrace:
required: false
type: string
# defaults to: vars.RUST_LOG
rust_log:
required: false
type: string
features:
required: false
type: string
no_cache:
description: "Disable the Docker cache for this build"
required: false
type: boolean
default: false
outputs:
image_digest:
description: "The image digest to be used on a caller workflow"
value: ${{ jobs.build.outputs.image_digest }}
env:
FEATURES: ${{ inputs.features }}
RUST_LOG: ${{ inputs.rust_log || vars.RUST_LOG }}
CARGO_INCREMENTAL: ${{ vars.CARGO_INCREMENTAL }}
jobs:
build:
name: Build images
timeout-minutes: 30
runs-on: ubuntu-latest
environment: ${{ github.event_name == 'release' && 'prod' || 'dev' }}
outputs:
image_digest: ${{ steps.docker_build.outputs.digest }}
image_name: ${{ fromJSON(steps.docker_build.outputs.metadata)['image.name'] }}
permissions:
contents: "read"
id-token: "write"
packages: "write"
env:
DOCKER_BUILD_SUMMARY: ${{ vars.DOCKER_BUILD_SUMMARY }}
steps:
- name: Checkout ${{ inputs.repository }}
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
repository: ${{ inputs.repository }}
ref: ${{ inputs.ref }}
persist-credentials: false
- name: Checkout Z3
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: z3
persist-credentials: false
- name: Inject slug/short variables
uses: rlespinasse/github-slug-action@9e7def61550737ba68c62d34a32dd31792e3f429 # v5.5.0
with:
short-length: 7
# Automatic tag management and OCI Image Format Specification for labels
- name: Docker meta
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
with:
# list of Docker images to use as base name for tags
# We only publish images to DockerHub if a release is not a pre-release
# Ref: https://github.com/orgs/community/discussions/26281#discussioncomment-3251177
images: |
ghcr.io/${{ env.GITHUB_REPOSITORY_OWNER_PART }}/${{ inputs.image_name }}
# generate Docker tags based on the following events/attributes
tags: |
# - `pr-xxx`: Tags images with the pull request number.
# - `branch-name`: Tags images with the branch name (e.g., `main`, `dev`).
# - `edge`: Tags the latest build on the default branch (e.g., `main`)
# - `schedule`: Tags images built during scheduled workflows (e.g., nightly or periodic builds)
type=ref,event=pr
type=ref,event=branch
type=edge,enable={{is_default_branch}}
type=schedule
# - `sha-xxxxxx`: Uses the commit SHA (shortened) to tag images for precise identification.
type=sha,event=pr
type=sha,event=branch
- name: Login to GitHub Container Registry
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Setup Docker Buildx to use Docker Build Cloud
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
# Build and push image to GitHub Container Registry
- name: Build & push
id: docker_build
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
target: ${{ inputs.dockerfile_target }}
context: .
file: ${{ inputs.dockerfile_path }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
SHORT_SHA=${{ env.GITHUB_SHA_SHORT }}
push: true
# It's recommended to build images with max-level provenance attestations
# https://docs.docker.com/build/ci/github-actions/attestations/
provenance: mode=max
sbom: true
# Don't read from the cache if the caller disabled it.
# https://docs.docker.com/engine/reference/commandline/buildx_build/#options
no-cache: ${{ inputs.no_cache }}
cache-from: type=gha,scope=z3-${{ inputs.image_name }}
cache-to: type=gha,mode=max,scope=z3-${{ inputs.image_name }}