ci: better docker handling

wolf31o2 · wolf31o2 · commit e8004ecf0661 · 2022-09-26T21:15:18.000-04:00
Signed-off-by: Chris Gianelloni &lt;cgianelloni@cloudstruct.net&gt;
diff --git a/.github/workflows/ci-docker.yml b/.github/workflows/ci-docker.yml
@@ -3,7 +3,7 @@ name: Docker CI
 on:
   pull_request:
     branches: ['main']
-    paths: ['Dockerfile','bin','config/**','.github/workflows/ci-docker.yml']
+    paths: ['Dockerfile','bin/**','config/**','.github/workflows/ci-docker.yml']
 
 env:
   REGISTRY: ghcr.io
@@ -17,36 +17,69 @@ jobs:
       - name: qemu
         uses: docker/setup-qemu-action@v1
       - uses: docker/setup-buildx-action@v1
+      - uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-${{ runner.arch }}-buildx-
       - id: meta
         uses: docker/metadata-action@v3
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          flavor: |
+            latest=false
+            suffix=-amd64
       - name: build
         uses: docker/build-push-action@v2
         with:
           context: .
           push: false
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+      # TEMP fix
+      # https://github.com/docker/build-push-action/issues/252
+      # https://github.com/moby/buildkit/issues/1896
+      - name: cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
   build-arm64:
     runs-on: self-hosted
     steps:
       - uses: actions/checkout@v2
       - name: qemu
         uses: docker/setup-qemu-action@v1
       - uses: docker/setup-buildx-action@v1
+      - uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-${{ runner.arch }}-buildx-
       - id: meta
         uses: docker/metadata-action@v3
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          flavor: |
+            latest=false
+            suffix=-arm64v8
       - name: build
         uses: docker/build-push-action@v2
         with:
           context: .
           push: false
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+      # TEMP fix
+      # https://github.com/docker/build-push-action/issues/252
+      # https://github.com/moby/buildkit/issues/1896
+      - name: cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -3,16 +3,15 @@ name: publish
 on:
   push:
     branches: ['main']
-  release:
-    types: ['published']
+    tags: ['v*.*.*']
 
 concurrency: ${{ github.ref }}
 
 env:
-  REGISTRY: ghcr.io
   IMAGE_NAME: cloudstruct/cardano-db-sync
 
 jobs:
+
   build-amd64:
     runs-on: ubuntu-latest
     permissions:
@@ -21,32 +20,56 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - uses: docker/setup-buildx-action@v1
-      - name: login
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: cloudstruct
+          password: ${{ secrets.DOCKER_PASSWORD }} # uses token
+      - name: Login to GHCR
         uses: docker/login-action@v1
         with:
-          registry: ${{ env.REGISTRY }}
+          registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-${{ runner.arch }}-buildx-
       - id: meta
         uses: docker/metadata-action@v3
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: |
+            ${{ env.IMAGE_NAME }}
+            ghcr.io/${{ env.IMAGE_NAME }}
           flavor: |
             latest=false
+            suffix=-amd64
           tags: |
-            type=schedule,suffix=-amd64
-            type=ref,event=branch,suffix=-amd64
-            type=ref,event=tag,suffix=-amd64
-            type=ref,event=pr,suffix=-amd64
+            # Only version, no revision
+            type=match,pattern=v(.*)-(.*),group=1
+            # branch
+            type=ref,event=branch
+            # semver
+            type=semver,pattern={{version}}
       - name: push
         uses: docker/build-push-action@v2
         with:
           context: .
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+      # TEMP fix
+      # https://github.com/docker/build-push-action/issues/252
+      # https://github.com/moby/buildkit/issues/1896
+      - name: cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
   build-arm64:
     runs-on: self-hosted
     permissions:
@@ -55,32 +78,56 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - uses: docker/setup-buildx-action@v1
-      - name: login
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: cloudstruct
+          password: ${{ secrets.DOCKER_PASSWORD }} # uses token
+      - name: Login to GHCR
         uses: docker/login-action@v1
         with:
-          registry: ${{ env.REGISTRY }}
+          registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-${{ runner.arch }}-buildx-
       - id: meta
         uses: docker/metadata-action@v3
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: |
+            ${{ env.IMAGE_NAME }}
+            ghcr.io/${{ env.IMAGE_NAME }}
           flavor: |
             latest=false
+            suffix=-arm64v8
           tags: |
-            type=schedule,suffix=-arm64v8
-            type=ref,event=branch,suffix=-arm64v8
-            type=ref,event=tag,suffix=-arm64v8
-            type=ref,event=pr,suffix=-arm64v8
+            # Only version, no revision
+            type=match,pattern=v(.*)-(.*),group=1
+            # branch
+            type=ref,event=branch
+            # semver
+            type=semver,pattern={{version}}
       - name: push
         uses: docker/build-push-action@v2
         with:
           context: .
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+      # TEMP fix
+      # https://github.com/docker/build-push-action/issues/252
+      # https://github.com/moby/buildkit/issues/1896
+      - name: cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
   multi-arch-manifest:
     runs-on: ubuntu-latest
     needs: [build-amd64, build-arm64]
@@ -90,22 +137,129 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - uses: docker/setup-buildx-action@v1
-      - name: login
+      - name: Login to Docker Hub
         uses: docker/login-action@v1
         with:
-          registry: ${{ env.REGISTRY }}
+          username: cloudstruct
+          password: ${{ secrets.DOCKER_PASSWORD }} # uses token
+      - name: Login to GHCR
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - id: meta
+      - id: meta-dockerhub
+        name: Metadata - Docker Hub
         uses: docker/metadata-action@v3
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: ${{ env.IMAGE_NAME }}
           flavor: |
             latest=false
           tags: |
+            # branch
             type=ref,event=branch
-            type=ref,event=tag
-      - name: manifest
-        run: docker manifest create ${{ steps.meta.outputs.tags }} --amend ${{ steps.meta.outputs.tags }}-amd64 --amend ${{ steps.meta.outputs.tags }}-arm64v8
-      - name: push
-        run: docker manifest push ${{ steps.meta.outputs.tags }}
+            # semver
+            type=semver,pattern={{version}}
+      - id: meta-dockerhub-tag
+        name: Metadata - Docker Hub (Tags)
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            ${{ env.IMAGE_NAME }}
+          flavor: |
+            latest=false
+          tags: |
+            # Only version, no revision
+            type=match,pattern=v(.*)-(.*),group=1
+      - id: meta-ghcr
+        name: Metadata - GHCR
+        uses: docker/metadata-action@v3
+        with:
+          images: ghcr.io/${{ env.IMAGE_NAME }}
+          flavor: |
+            latest=false
+          tags: |
+            # branch
+            type=ref,event=branch
+            # semver
+            type=semver,pattern={{version}}
+      - id: meta-ghcr-tag
+        name: Metadata - GHCR (Tags)
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            ghcr.io/${{ env.IMAGE_NAME }}
+          flavor: |
+            latest=false
+          tags: |
+            # Only version, no revision
+            type=match,pattern=v(.*)-(.*),group=1
+      # Manifest for either branch or semver
+      - name: manifest-dockerhub
+        run: docker manifest create ${{ steps.meta-dockerhub.outputs.tags }} --amend ${{ steps.meta-dockerhub.outputs.tags }}-amd64 --amend ${{ steps.meta-dockerhub.outputs.tags }}-arm64v8
+      - name: manifest-ghcr
+        run: docker manifest create ${{ steps.meta-ghcr.outputs.tags }} --amend ${{ steps.meta-ghcr.outputs.tags }}-amd64 --amend ${{ steps.meta-ghcr.outputs.tags }}-arm64v8
+      # Optional manifest for latest
+      - name: manifest-dockerhub-latest
+        run: docker manifest create ${{ env.IMAGE_NAME }}:latest --amend ${{ steps.meta-dockerhub.outputs.tags }}-amd64 --amend ${{ steps.meta-dockerhub.outputs.tags }}-arm64v8
+        if: startsWith(github.ref, 'refs/tags/')
+      - name: manifest-ghcr-latest
+        run: docker manifest create ghcr.io/${{ env.IMAGE_NAME }}:latest --amend ${{ steps.meta-ghcr.outputs.tags }}-amd64 --amend ${{ steps.meta-ghcr.outputs.tags }}-arm64v8
+        if: startsWith(github.ref, 'refs/tags/')
+      # Optional manifest for tag versions (includes revisions)
+      - name: manifest-dockerhub-tags
+        run: docker manifest create ${{ steps.meta-dockerhub-tag.outputs.tags }} --amend ${{ steps.meta-dockerhub-tag.outputs.tags }}-amd64 --amend ${{ steps.meta-dockerhub-tag.outputs.tags }}-arm64v8
+        if: startsWith(github.ref, 'refs/tags/')
+      - name: manifest-ghcr-tags
+        run: docker manifest create ${{ steps.meta-ghcr-tag.outputs.tags }} --amend ${{ steps.meta-ghcr-tag.outputs.tags }}-amd64 --amend ${{ steps.meta-ghcr-tag.outputs.tags }}-arm64v8
+        if: startsWith(github.ref, 'refs/tags/')
+      # Push various manifests
+      - name: push-dockerhub
+        run: docker manifest push ${{ steps.meta-dockerhub.outputs.tags }}
+      - name: push-ghcr
+        run: docker manifest push ${{ steps.meta-ghcr.outputs.tags }}
+      - name: push-dockerhub-latest
+        run: docker manifest push ${{ env.IMAGE_NAME }}:latest
+        if: startsWith(github.ref, 'refs/tags/')
+      - name: push-ghcr-latest
+        run: docker manifest push ghcr.io/${{ env.IMAGE_NAME }}:latest
+        if: startsWith(github.ref, 'refs/tags/')
+      - name: push-dockerhub-tags
+        run: docker manifest push ${{ steps.meta-dockerhub-tag.outputs.tags }}
+        if: startsWith(github.ref, 'refs/tags/')
+      - name: push-ghcr-tags
+        run: docker manifest push ${{ steps.meta-ghcr-tag.outputs.tags }}
+        if: startsWith(github.ref, 'refs/tags/')
+      # Update Docker Hub from README
+      - name: Docker Hub Description
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          username: cloudstruct
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          repository: ${{ env.IMAGE_NAME }}
+          readme-filepath: ./README.md
+          short-description: "Cardano Node built from source on Debian"
+
+  github-release:
+    runs-on: ubuntu-latest
+    needs: [multi-arch-manifest]
+    steps:
+      - run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV"
+      - uses: actions/github-script@v5
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            try {
+              await github.rest.repos.createRelease({
+                draft: false,
+                generate_release_notes: true,
+                name: process.env.RELEASE_TAG,
+                owner: context.repo.owner,
+                prerelease: false,
+                repo: context.repo.repo,
+                tag_name: process.env.RELEASE_TAG,
+              });
+            } catch (error) {
+              core.setFailed(error.message);
+            }
