pre-commit-terraform/.github/workflows/build-image-test.yaml at 5b9ce172fe24bbc0a574b8c016101354c7112800 · antonbabenko/pre-commit-terraform · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Build Dockerfile if changed and run smoke tests

on:
  merge_group:
  pull_request:

permissions:
  contents: read

env:
  IMAGE_TAG: pr-test

jobs:
  build:
    permissions:
      # for MaxymVlasov/dive-action to write comments to PRs
      pull-requests: write

    strategy:
      matrix:
        arch:
        - amd64
        - arm64
        include:
        - os-name: Ubuntu x64
          os: ubuntu-latest
          arch: amd64

        - os-name: Ubuntu ARM
          os: ubuntu-24.04-arm
          arch: arm64

    name: ${{ matrix.os-name }}
    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
      with:
        fetch-depth: 0
        persist-credentials: false

    - name: Get changed Docker related files
      id: changed-files-specific
      uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c  # v46.0.5
      with:
        files: |
          .dockerignore
          .github/workflows/build-image-test.yaml
          Dockerfile
          tools/entrypoint.sh
          tools/install/*.sh

    - name: Set IMAGE environment variable
      if: steps.changed-files-specific.outputs.any_changed == 'true'
      # Lowercase the org/repo name to allow for workflow to run in forks,
      # which owners have uppercase letters in username
      run: >-
        echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY@L}:${{ env.IMAGE_TAG }}"
        >> $GITHUB_ENV

    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435  # v3.11.1
      if: steps.changed-files-specific.outputs.any_changed == 'true'

    - name: Build if Dockerfile changed
      if: steps.changed-files-specific.outputs.any_changed == 'true'
      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83  # v6.18.0
      with:
        context: .
        build-args: |
          INSTALL_ALL=true
        push: false
        load: true
        tags: ${{ env.IMAGE }}
        # Fix multi-platform: https://github.com/docker/buildx/issues/1533
        provenance: false
        secrets: |
          "github_token=${{ secrets.GITHUB_TOKEN }}"

    - name: Setup Container Structure Tests
      if: steps.changed-files-specific.outputs.any_changed == 'true'
      env:
        # yamllint disable-line rule:line-length
        # renovate: datasource=github-releases depName=container-structure-test lookupName=GoogleContainerTools/container-structure-test
        CST_VERSION: 1.19.3
        CST_REPO: github.com/GoogleContainerTools/container-structure-test
      run: >-
        curl -L "https://${{ env.CST_REPO }}/releases/download/v${{
        env.CST_VERSION }}/container-structure-test-linux-${{ matrix.arch }}"
        > container-structure-test
        && chmod +x container-structure-test
        && mkdir -p $HOME/bin/
        && mv container-structure-test $HOME/bin/
        && echo $HOME/bin/ >> $GITHUB_PATH

    - name: Run structure tests
      if: steps.changed-files-specific.outputs.any_changed == 'true'
      env:
        IMAGE_NAME: ${{ env.IMAGE }}
      run: >-
        container-structure-test test
        --config ${{ github.workspace
        }}/.github/.container-structure-test-config.yaml
        --image "${IMAGE_NAME}"

    - name: Dive - check image for waste files
      if: steps.changed-files-specific.outputs.any_changed == 'true'
      uses: MaxymVlasov/dive-action@b08c8287e603d028c986d7044e83fa76bcca6a65  # v1.5.0
      with:
        image: ${{ env.IMAGE }}
        config-file: ${{ github.workspace }}/.github/.dive-ci.yaml
        github-token: ${{ secrets.GITHUB_TOKEN }}

    # Can't build both platforms and use --load at the same time
    # https://github.com/docker/buildx/issues/59#issuecomment-1433097926
    - name: Build Multi-arch docker-image
      if: >-
        steps.changed-files-specific.outputs.any_changed == 'true'
        && matrix.os == 'ubuntu-latest'
      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83  # v6.18.0
      with:
        context: .
        build-args: |
          INSTALL_ALL=true
        platforms: linux/amd64,linux/arm64
        push: false
        tags: ${{ env.IMAGE }}
        # Fix multi-platform: https://github.com/docker/buildx/issues/1533
        provenance: false
        secrets: |
          "github_token=${{ secrets.GITHUB_TOKEN }}"