FORK: add GHA to build image

Signed-off-by: Mathew Wicks <[email protected]>

Author: thesuperzapper

.github/workflows/build-commit.yml

@@ -0,0 +1,34 @@
+name: Build Commit
+
+on:
+  push:
+    branches:
+      - fork-*
+
+permissions:
+  packages: write
+
+jobs:
+  build__ml_metadata_server:
+    name: Build - ML Metadata Server
+    uses: ./.github/workflows/build_image_TEMPLATE.yml
+    secrets: inherit
+    with:
+      image_names: ghcr.io/${{ github.repository_owner }}/ci/ml_metadata_store_server
+
+      metadata_title: "ML-Metadata Server"
+      metadata_description: "Google ML Metadata Server"
+
+      tag_with_latest: false
+      tag_with_semver: false
+      tag_with_sha: true
+
+      build_file: ./ml_metadata/tools/docker_server/Dockerfile
+      build_context: .
+      build_platforms: |-
+        linux/amd64
+        linux/arm64
+      build_registry_cache: ghcr.io/${{ github.repository_owner }}/ci/ml_metadata_store_server:build-cache
+
+      login_to_ghcr: true
+      login_to_docker: false

.github/workflows/build_commit.yml

@@ -0,0 +1,128 @@
+name: Build Image (TEMPLATE)
+on:
+  workflow_call:
+    inputs:
+      image_names:
+        required: true
+        description: "the images to push, including registry prefix, whitespace separated"
+        type: string
+
+      metadata_title:
+        required: true
+        description: "the title of the image"
+        type: string
+      metadata_description:
+        required: true
+        description: "the description of the image"
+        type: string
+
+      tag_with_latest:
+        default: false
+        description: "if true, image tags will include 'latest'"
+        type: boolean
+      tag_with_semver:
+        default: false
+        description: "if true, image tags will include the version (from git tag event, without 'v' prefix)"
+        type: boolean
+      tag_with_sha:
+        default: false
+        description: "if true, image tags will include the commit SHA (both short and long)"
+        type: boolean
+
+      build_file:
+        required: true
+        description: "path to Dockerfile"
+        type: string
+      build_context:
+        required: true
+        description: "path to build context folder"
+        type: string
+      build_platforms:
+        required: true
+        description: "docker buildx platforms to build for, whitespace separated"
+        type: string
+      build_registry_cache:
+        required: true
+        description: "an image to use as a registry-type build cache (registry + image + tag)"
+        type: string
+
+      login_to_ghcr:
+        default: false
+        description: "if true, login to GitHub Container Registry with the GITHUB_TOKEN"
+        type: boolean
+      login_to_docker:
+        default: false
+        description: "if true, login to DockerHub using the DOCKER_USERNAME and DOCKER_PASSWORD secrets in the repository"
+        type: boolean
+
+jobs:
+  build_image:
+    name: Build '${{ inputs.metadata_title }}' Image
+    runs-on: ubuntu-latest
+    steps:
+      ## We need to sanitize some inputs before we can use them:
+      ##   - the `build_registry_cache` must be lowercase so we can safely use
+      ##     it in `cache-from` and `cache-to` options
+      - name: Sanitize Inputs
+        id: sanitize_inputs
+        env:
+          build_registry_cache: ${{ inputs.build_registry_cache }}
+        run: |
+          echo "build_registry_cache=${build_registry_cache@L}" >> "$GITHUB_OUTPUT"
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Install Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        if: ${{ inputs.login_to_ghcr }}
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        if: ${{ inputs.login_to_docker }}
+        with:
+          registry: docker.io
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Generate Image Metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ inputs.image_names }}
+          flavor: |
+            latest=${{ inputs.tag_with_latest }}
+          tags: |
+            type=semver,priority=1000,pattern={{version}},enable=${{ inputs.tag_with_semver }}
+            type=semver,priority=900,pattern={{major}}.{{minor}},enable=${{ inputs.tag_with_semver }}
+            type=sha,priority=200,prefix=sha-,format=short,enable=${{ inputs.tag_with_sha }}
+            type=sha,priority=100,prefix=sha-,format=long,enable=${{ inputs.tag_with_sha }}
+          labels: |
+            org.opencontainers.image.title=${{ inputs.metadata_title }}
+            org.opencontainers.image.description=${{ inputs.metadata_description }}
+          annotations: |
+            org.opencontainers.image.title=${{ inputs.metadata_title }}
+            org.opencontainers.image.description=${{ inputs.metadata_description }}
+
+      - name: Build and Push Image
+        uses: docker/build-push-action@v5
+        with:
+          annotations: ${{ steps.meta.outputs.annotations }}
+          cache-from: type=registry,ref=${{ steps.sanitize_inputs.outputs.build_registry_cache }}
+          cache-to: type=registry,ref=${{ steps.sanitize_inputs.outputs.build_registry_cache }},mode=max
+          context: ${{ inputs.build_context }}
+          file: ${{ inputs.build_file }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ inputs.build_platforms }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}

.github/workflows/build_image_TEMPLATE.yml

@@ -9,73 +9,37 @@ permissions:
   contents: write
   packages: write
 
-env:
-  IMAGE_OWNER: "deploykf"
-  IMAGE_TITLE: "ml_metadata_store_server"
-  IMAGE_DESCRIPTION: "Google ML Metadata Server"
-  IMAGE_FOLDER: "ml_metadata/tools/docker_server"
-  IMAGE_PLATFORMS: |-
-    linux/amd64
-    linux/arm64
-
 jobs:
-  build_and_push_image:
+  build__ml_metadata_server:
+    name: Build - ML Metadata Server
+    uses: ./.github/workflows/build_image_TEMPLATE.yml
+    secrets: inherit
+    with:
+      image_names: ghcr.io/${{ github.repository_owner }}/ml_metadata_store_server
+
+      metadata_title: "ML-Metadata Server"
+      metadata_description: "Google ML Metadata Server"
+
+      tag_with_latest: false
+      tag_with_semver: true
+      tag_with_sha: false
+
+      build_file: ./ml_metadata/tools/docker_server/Dockerfile
+      build_context: .
+      build_platforms: |-
+        linux/amd64
+        linux/arm64
+      build_registry_cache: ghcr.io/${{ github.repository_owner }}/ci/ml_metadata_store_server:build-cache
+
+      login_to_ghcr: true
+      login_to_docker: false
+
+  create_release:
     runs-on: ubuntu-latest
+    needs: [ build__ml_metadata_server ]
     steps:
-      - name: Check out code
-        uses: actions/checkout@v3
-
-      - name: Install QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Install Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Generate Image Tags/Labels
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ghcr.io/${{ env.IMAGE_OWNER }}/${{ env.IMAGE_TITLE }}
-            docker.io/${{ env.IMAGE_OWNER }}/${{ env.IMAGE_TITLE }}
-          flavor: |
-            latest=true
-          tags: |
-            type=semver,priority=200,pattern={{major}}.{{minor}}
-            type=semver,priority=100,pattern={{version}}
-          labels: |
-            org.opencontainers.image.title=${{ env.IMAGE_TITLE }}
-            org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
-            org.opencontainers.image.url=https://github.com/${{ github.repository }}
-            org.opencontainers.image.source=https://github.com/${{ github.repository }}/tree/${{ github.ref_name }}/${{ env.IMAGE_FOLDER }}
-
-      - name: Build and Push Image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          file: ./${{ env.IMAGE_FOLDER }}/Dockerfile
-          push: true
-          platforms: ${{ env.IMAGE_PLATFORMS }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=registry,ref=ghcr.io/${{ env.IMAGE_OWNER }}/ci/${{ env.IMAGE_TITLE }}:build-cache
-          cache-to: type=registry,ref=ghcr.io/${{ env.IMAGE_OWNER }}/ci/${{ env.IMAGE_TITLE }}:build-cache,mode=max
-
       - name: Create GitHub Release
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             const { repo: { owner, repo }, ref: tag_ref } = context;
@@ -89,5 +53,6 @@ jobs:
               tag_name: tag_name,
               name: `ML Metadata Server - ${tag_version}`,
               draft: false,
-              prerelease: tag_name.includes('-'),
-            });
+              // NOTE: for this repo, we always have '-patch.X' in the tag name
+              //prerelease: tag_name.includes('-'),
+            });