Build Release Image #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # --------------------------------- | |
| # This workflow is used to build release images | |
| # and push them to GitHub Container Registry | |
| # | |
| # Published at: | |
| # ghcr.io/ayaka-notes/overleaf-pro/ | |
| # | |
| # --------------------------------- | |
| name: Build Release Image | |
| # Controls when the workflow will run | |
| on: | |
| workflow_dispatch: | |
| env: | |
| GHCR_REGISTRY: ghcr.io | |
| REGISTRY_IMAGE: ghcr.io/${{ github.repository }} | |
| jobs: | |
| build: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - platform: linux/amd64 | |
| runner: ubuntu-latest | |
| - platform: linux/arm64 | |
| runner: ubuntu-24.04-arm | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - name: "Checkout Repository" | |
| uses: actions/checkout@main | |
| with: | |
| repository: ayaka-notes/overleaf-pro | |
| ref: server-pro | |
| - name: Resolve MONOREPO_REVISION | |
| run: | | |
| echo "MONOREPO_REVISION=$(git rev-parse HEAD)" >> "$GITHUB_ENV" | |
| - name: Prepare | |
| run: | | |
| platform=${{ matrix.platform }} | |
| echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY_IMAGE }} | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.GHCR_REGISTRY }} | |
| username: ${{github.actor}} | |
| password: ${{ secrets.ORGTOKEN }} | |
| # --- We need to sync package-lock.json/i18 to ensure consistency --- | |
| - name: "Sync package-lock.json And Prepare .dockerignore" | |
| run: | | |
| docker run --rm -v "$(pwd)":/workspace -w /workspace node:22.18.0 npm install --package-lock-only --ignore-scripts | |
| docker run --rm -v "$(pwd)/services/web/":/overleaf/services/web -w /overleaf/services/web node:22.18.0 sh -c "npm install -g i18next-scanner@4.4.0 && npm run extract-translations" | |
| cd ./server-ce/ | |
| cp .dockerignore ../ | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push by digest | |
| id: build_base | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./server-ce/Dockerfile-base | |
| platforms: ${{ matrix.platform }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| tags: ${{ env.REGISTRY_IMAGE }}-base | |
| outputs: type=image,push-by-digest=true,name-canonical=true,push=true | |
| provenance: false | |
| sbom: false | |
| - name: Build app and push by digest | |
| id: build_app | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./server-ce/Dockerfile | |
| platforms: ${{ matrix.platform }} | |
| build-args: | | |
| OVERLEAF_BASE_TAG=${{ env.REGISTRY_IMAGE }}-base@${{ steps.build_base.outputs.digest }} | |
| labels: | | |
| ${{ steps.meta.outputs.labels }} | |
| com.overleaf.pro.revision=${{ env.MONOREPO_REVISION }} | |
| tags: ${{ env.REGISTRY_IMAGE }} | |
| outputs: type=image,push-by-digest=true,name-canonical=true,push=true | |
| provenance: false | |
| sbom: false | |
| - name: Export digest | |
| run: | | |
| mkdir -p ${{ runner.temp }}/digests | |
| digest="${{ steps.build_app.outputs.digest }}" | |
| touch "${{ runner.temp }}/digests/${digest#sha256:}" | |
| - name: Upload digest | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: digests-${{ env.PLATFORM_PAIR }} | |
| path: ${{ runner.temp }}/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| merge: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| steps: | |
| - name: Download digests | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: ${{ runner.temp }}/digests | |
| pattern: digests-* | |
| merge-multiple: true | |
| - name: Login to GHCR Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.GHCR_REGISTRY }} | |
| username: ${{github.actor}} | |
| password: ${{ secrets.ORGTOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY_IMAGE }} | |
| tags: | | |
| type=raw,value=server-pro | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| - name: Create manifest list and push | |
| working-directory: ${{ runner.temp }}/digests | |
| run: | | |
| docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) | |
| - name: Inspect image | |
| run: | | |
| docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:server-pro |