.github/workflows/main.yml #120
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - master | |
| repository_dispatch: | |
| types: [test workflow] | |
| workflow_dispatch: | |
| schedule: | |
| # Runs "At 04:15." (see https://crontab.guru) | |
| - cron: '15 4 * * *' | |
| env: | |
| IMAGE_REPO: containers.intersystems.com/intersystems | |
| IMAGE_NAME: iris-community | |
| TARGET_IMAGE: caretdev/iris-community-light | |
| TAG: | | |
| latest-em | |
| latest-cd | |
| latest-preview | |
| jobs: | |
| prepare: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| images: ${{ steps.collect.outputs.images }} | |
| tags: ${{ steps.collect.outputs.tags }} | |
| do_build: ${{ steps.collect.outputs.do_build }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - uses: actions/cache/restore@v4 | |
| id: restore-cache | |
| with: | |
| path: manifests.txt | |
| key: manifests | |
| restore-keys: | | |
| manifests- | |
| - name: collect manifests | |
| id: collect | |
| run: | | |
| TAG="${{ env.TAG }}" | |
| for tag in ${TAG[@]}; do | |
| image="${{ env.IMAGE_REPO }}/${{ env.IMAGE_NAME }}:${tag}" | |
| docker manifest inspect $image | jq ".manifests[] | ( .platform.architecture + \" $tag\" + \" \" + .digest )" -r | |
| done > latest_manifests.txt | |
| images=$(while IFS= read -r line; do | |
| if ! grep "$line" manifests.txt >/dev/null 2>&1; then | |
| echo $line | awk -F' ' '{printf "{\"platform\": \"linux/%s\", \"tag\": \"%s\"}\n", $1,$2}' | |
| fi | |
| done < "latest_manifests.txt" | jq -cs '.[] | (select(.platform == "linux/arm64" ) | .runner = "ubuntu-24.04-arm"), (select(.platform == "linux/amd64" ) | .runner = "ubuntu-latest")' | jq -cs '.' ) | |
| mv latest_manifests.txt manifests.txt | |
| echo $images | jq | |
| echo images="$images" >> $GITHUB_OUTPUT | |
| ([[ "$images" != "[]" ]] && echo do_build=true || echo do_build=false ) >> $GITHUB_OUTPUT | |
| tags=$(echo $images | jq '.[].tag' | sort | uniq | jq -cs '. | map({tag: .})' ) | |
| echo $tags | jq | |
| echo tags="$tags" >> $GITHUB_OUTPUT | |
| - name: Upload file | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: manifests | |
| path: manifests.txt | |
| - uses: actions/cache/save@v4 | |
| with: | |
| key: manifests-${{ github.run_id }} | |
| path: manifests.txt | |
| build: | |
| needs: prepare | |
| if: ${{ needs.prepare.outputs.do_build != 'false' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: ${{ fromJson(needs.prepare.outputs.images) }} | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Pull image | |
| id: image | |
| run: | | |
| base=${{ env.IMAGE_REPO }}/${{ env.IMAGE_NAME }}:${{ matrix.tag }} | |
| docker pull $base | |
| labels=$(docker image inspect --format '{{range $k, $v := .Config.Labels}}--label {{$k}}="{{$v}}" {{end}}' $base) | |
| version=$(docker image inspect --format '{{index .Config.Labels "com.intersystems.platform-version"}}' $base | cut -d'.' -f1-2) | |
| originalbase=$(docker history $base --format '{{.CreatedBy}}' --no-trunc | grep 'LABEL org.opencontainers.image.ref.name=' | cut -d'=' -f2 ) | |
| originalbase+=:$(docker history $base --format '{{.CreatedBy}}' --no-trunc | grep 'LABEL org.opencontainers.image.version=' | cut -d'=' -f2 ) | |
| echo base=$base >> $GITHUB_OUTPUT | |
| echo labels=$labels >> $GITHUB_OUTPUT | |
| echo version=$version >> $GITHUB_OUTPUT | |
| echo originalbase=$originalbase >> $GITHUB_OUTPUT | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push by digest | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| build-args: | | |
| BASE_IMAGE=${{ steps.image.outputs.base }} | |
| ORIGINAL_BASE=${{ steps.image.outputs.originalbase }} | |
| labels: ${{ steps.image.outputs.labels }} | |
| push: true | |
| tags: ${{ env.TARGET_IMAGE }} | |
| outputs: type=image,push-by-digest=true,name-canonical=true,push=true | |
| - name: Save digest as artifact | |
| run: | | |
| mkdir -p "$RUNNER_TEMP/digests" | |
| digest="${{ steps.build.outputs.digest }}" | |
| # strip "sha256:" prefix, use remainder as filename | |
| echo ${{ steps.image.outputs.version }} > "$RUNNER_TEMP/digests/${digest#sha256:}" | |
| shell: bash | |
| - name: Upload digest | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: digests-${{ matrix.tag }}-${{ matrix.runner }} | |
| path: ${{ runner.temp }}/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| merge: | |
| needs: | |
| - prepare | |
| - build | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: ${{ fromJson(needs.prepare.outputs.tags) }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download digests | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: ${{ runner.temp }}/digests | |
| pattern: digests-${{ matrix.tag }}-* | |
| merge-multiple: true | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Create multi-arch manifest and push | |
| working-directory: ${{ runner.temp }}/digests | |
| run: | | |
| # turn each file name (a sha256 without prefix) into IMAGE@sha256:... | |
| version=$(cat * | head -1) | |
| docker buildx imagetools create \ | |
| -t ${{ env.TARGET_IMAGE }}:${{ matrix.tag }} \ | |
| -t ${{ env.TARGET_IMAGE }}:$version \ | |
| $(printf '${{ env.TARGET_IMAGE }}@sha256:%s ' *) | |
| - name: Inspect final image (optional) | |
| run: docker buildx imagetools inspect ${{ env.TARGET_IMAGE }}:${{ matrix.tag }} |