Skip to content

ci: add workflow to deploy container images #405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kenhys merged 1 commit into from
Nov 30, 2024
Merged

ci: add workflow to deploy container images #405

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
256 changes: 256 additions & 0 deletions .github/workflows/docker-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,256 @@
name: Publish Docker Image

on:
push:
tags:
- v1.*

concurrency:
group: ${{ github.head_ref || github.sha }}-${{ github.workflow }}
cancel-in-progress: true

env:
REPOSITORY: ${{ secrets.DOCKER_HUB_ORGS }}/fluentd-docker-image
jobs:
define-matrix:
runs-on: ubuntu-latest
env:
ALL_COMPONENTS: >
[
"alpine",
"arm64",
"armhf",
"amd64",
]
outputs:
components: >
${{ steps.arrange-components.outputs.for_all == 'true' && env.ALL_COMPONENTS
|| format('["{0}"]', steps.arrange-components.outputs.component) }}
steps:
- id: arrange-components
run: |
echo "for_all=true" >> "$GITHUB_OUTPUT"
for component in ${{ join(fromJSON(env.ALL_COMPONENTS), ' ') }}; do
if [[ ${{ github.ref_name }} == *"$component"* ]]; then
echo "for_all=false" >> "$GITHUB_OUTPUT"
echo "component=$component" >> "$GITHUB_OUTPUT"
break
fi
done
build:
needs: define-matrix
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
component: ${{ fromJSON(needs.define-matrix.outputs.components) }}
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
platforms: linux/amd64,linux/arm64,linux/arm/v7 # armhf
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Setup tags
run: |
set -x
component=${{ matrix.component }}
for target in $(make echo-all-images); do
case $target in
*$component*)
;;
*)
continue
;;
esac
branch=$(echo $target | cut -d'/' -f1)
tags=$(echo $target | cut -d':' -f2-)
tag1=$(echo $tags | cut -d',' -f1)
tag2=$(echo $tags | cut -d',' -f2)
tag3=$(echo $tags | cut -d',' -f3)
case $component in
*alpine*)
echo "CONTEXT=${branch}/${component}" >> ${GITHUB_ENV}
echo "ALPINETAGS=${{ env.REPOSITORY }}:${tag1},${{ env.REPOSITORY }}:${tag2},${{ env.REPOSITORY }}:${tag3}" >> ${GITHUB_ENV}
;;
*arm64*)
echo "CONTEXT=${branch}/${component}/debian" >> ${GITHUB_ENV}
echo "ARM64TAGS=${{ env.REPOSITORY }}:${tag1},${{ env.REPOSITORY }}:${tag2},${{ env.REPOSITORY }}:${tag3}" >> ${GITHUB_ENV}
;;
*armhf*)
echo "CONTEXT=${branch}/${component}/debian" >> ${GITHUB_ENV}
echo "ARMHFTAGS=${{ env.REPOSITORY }}:${tag1},${{ env.REPOSITORY }}:${tag2},${{ env.REPOSITORY }}:${tag3}" >> ${GITHUB_ENV}
;;
*amd64*)
echo "CONTEXT=${branch}/debian" >> ${GITHUB_ENV}
echo "AMD64TAGS=${{ env.REPOSITORY }}:${tag1},${{ env.REPOSITORY }}:${tag2},${{ env.REPOSITORY }}:${tag3}" >> ${GITHUB_ENV}
;;
esac
done
- name: Build and push for alpine
if: ${{ env.ALPINETAGS }}
uses: docker/build-push-action@v6
with:
context: ${{ env.CONTEXT }}
provenance: false
push: true
platforms: linux/amd64
tags: ${{ env.ALPINETAGS }}
# dare to use old mediatype (application/vnd.docker.distribution.manifest.v2+json)
outputs: oci-mediatypes=false
- name: Build and push for amd64
if: ${{ env.AMD64TAGS }}
uses: docker/build-push-action@v6
with:
context: ${{ env.CONTEXT }}
provenance: false
push: true
platforms: linux/amd64
tags: ${{ env.AMD64TAGS }}
# dare to use old mediatype (application/vnd.docker.distribution.manifest.v2+json)
outputs: oci-mediatypes=false
- name: Build and push for arm64
if: ${{ env.ARM64TAGS }}
uses: docker/build-push-action@v6
with:
context: ${{ env.CONTEXT }}
provenance: false
push: true
platforms: linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
tags: ${{ env.ARM64TAGS }}
# dare to use old mediatype (application/vnd.docker.distribution.manifest.v2+json)
outputs: oci-mediatypes=false
- name: Build and push for armhf
if: ${{ env.ARMHFTAGS }}
uses: docker/build-push-action@v6
with:
context: ${{ env.CONTEXT }}
provenance: false
push: true
platforms: linux/arm/v7
cache-from: type=gha
cache-to: type=gha,mode=max
tags: ${{ env.ARMHFTAGS }}
# dare to use old mediatype (application/vnd.docker.distribution.manifest.v2+json)
outputs: oci-mediatypes=false
manifest:
needs: [define-matrix, build]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
component: ${{ fromJSON(needs.define-matrix.outputs.components) }}
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Create manifest
if: ${{ matrix.component }} != "alpine"
run: |
component=${{ matrix.component }}
for target in $(make echo-all-images); do
tags=$(echo $target | cut -d':' -f2-)
tag1=$(echo $tags | cut -d',' -f1)
tag2=$(echo $tags | cut -d',' -f2)
tag3=$(echo $tags | cut -d',' -f3)
case $target in
*amd64*)
MULTIARCH_AMD64_TAG=${tag1/amd64-/}
MULTIARCH_AMD64_SHORT_TAG=${tag2/amd64-/}
AMD64TAG=${tag1}
SHORT_AMD64TAG=${tag2}
;;
*arm64*)
MULTIARCH_ARM64_TAG=${tag1/arm64-/}
MULTIARCH_ARM64_SHORT_TAG=${tag2/arm64-/}
ARM64TAG=${tag1}
SHORT_ARM64TAG=${tag2}
;;
*armhf*)
MULTIARCH_ARMHF_TAG=${tag1/armhf-/}
MULTIARCH_ARMHF_SHORT_TAG=${tag2/armhf-/}
ARMHFTAG=${tag1}
SHORT_ARMHFTAG=${tag2}
;;
*alpine*)
;;
esac
done
# v1.xx.y-debian-n.m
if [ ${MULTIARCH_AMD64_TAG} != ${MULTIARCH_ARM64_TAG} -o ${MULTIARCH_AMD64_TAG} != ${MULTIARCH_ARMHF_TAG} -o ${MULTIARCH_ARM64_TAG} != ${MULTIARCH_ARMHF_TAG} ]; then
echo "Multiarch tag (v1.x.y-debian-(ARCH)-n.m) must be same for amd64, arm64 and armhf: ${MULTIARCH_AMD64_TAG}, ${MULTIARCH_ARM64_TAG}, ${MULTIARCH_ARMHF_TAG}"
else
docker buildx imagetools create -t ${{ env.REPOSITORY }}:${MULTIARCH_AMD64_TAG} \
${{ env.REPOSITORY }}:${AMD64TAG} \
${{ env.REPOSITORY }}:${ARM64TAG} \
${{ env.REPOSITORY }}:${ARMHFTAG}
fi
# v1.xx-debian-n.m
if [ ${MULTIARCH_AMD64_SHORT_TAG} != ${MULTIARCH_ARM64_SHORT_TAG} -o ${MULTIARCH_AMD64_SHORT_TAG} != ${MULTIARCH_ARMHF_SHORT_TAG} -o ${MULTIARCH_ARM64_SHORT_TAG} != ${MULTIARCH_ARMHF_SHORT_TAG} ]; then
echo "Multiarch tag (v1.xx-debian-n.m must be same for amd64, arm64 and armhf: ${MULTIARCH_AMD64_SHORT_TAG}, ${MULTIARCH_ARM64_SHORT_TAG}, ${MULTIARCH_ARMHF_SHORT_TAG}"
else
docker buildx imagetools create -t ${{ env.REPOSITORY }}:${MULTIARCH_AMD64_SHORT_TAG} \
${{ env.REPOSITORY }}:${SHORT_AMD64TAG} \
${{ env.REPOSITORY }}:${SHORT_ARM64TAG} \
${{ env.REPOSITORY }}:${SHORT_ARMHFTAG}
fi
# edge-debian
docker buildx imagetools create -t ${{ env.REPOSITORY }}:edge-debian \
${{ env.REPOSITORY }}:edge-debian-amd64 \
${{ env.REPOSITORY }}:edge-debian-arm64 \
${{ env.REPOSITORY }}:edge-debian-armhf
echo "MULTIARCH_AMD64_TAG=${MULTIARCH_AMD64_TAG}" >> ${GITHUB_ENV}
echo "MULTIARCH_AMD64_SHORT_TAG=${MULTIARCH_AMD64_SHORT_TAG}" >> ${GITHUB_ENV}
echo "AMD64TAG=${AMD64TAG}" >> ${GITHUB_ENV}
echo "SHORT_AMD64TAG=${SHORT_ARM64TAG}" >> ${GITHUB_ENV}
echo "MULTIARCH_ARM64_TAG=${MULTIARCH_ARM64_TAG}" >> ${GITHUB_ENV}
echo "MULTIARCH_ARM64_SHORT_TAG=${MULTIARCH_ARM64_SHORT_TAG}" >> ${GITHUB_ENV}
echo "ARM64TAG=${ARM64TAG}" >> ${GITHUB_ENV}
echo "SHORT_ARM64TAG=${SHORT_ARM64TAG}" >> ${GITHUB_ENV}
echo "MULTIARCH_ARMHF_TAG=${MULTIARCH_ARMHF_TAG}" >> ${GITHUB_ENV}
echo "MULTIARCH_ARMHF_SHORT_TAG=${MULTIARCH_ARMHF_SHORT_TAG}" >> ${GITHUB_ENV}
echo "ARMHFTAG=${ARMHFTAG}" >> ${GITHUB_ENV}
echo "SHORT_ARMHFTAG=${SHORT_ARMHFTAG}" >> ${GITHUB_ENV}
- name: Inspect manifest ${{ env.AMD64TAG }}
run: docker manifest inspect ${{ env.REPOSITORY }}:${{ env.AMD64TAG }}
- name: Inspect manifest ${{ env.ARM64TAG }}
run: docker manifest inspect ${{ env.REPOSITORY }}:${{ env.ARM64TAG }}
- name: Inspect manifest ${{ env.ARMHFTAG }}
run: docker manifest inspect ${{ env.REPOSITORY }}:${{ env.ARMHFTAG }}
- name: Inspect manifest ${{ env.MULTIARCH_AMD64_TAG }}
run: docker manifest inspect ${{ env.REPOSITORY }}:${{ env.MULTIARCH_AMD64_TAG }}
- name: Inspect manifest ${{ env.MULTIARCH_ARM64_TAG }}
run: docker manifest inspect ${{ env.REPOSITORY }}:${{ env.MULTIARCH_ARM64_TAG }}
- name: Inspect manifest ${{ env.MULTIARCH_ARMHF_TAG }}
run: docker manifest inspect ${{ env.REPOSITORY }}:${{ env.MULTIARCH_ARMHF_TAG }}
- name: Inspect manifest ${{ env.MULTIARCH_AMD64_SHORT_TAG }}
run: docker manifest inspect ${{ env.REPOSITORY }}:${{ env.MULTIARCH_AMD64_SHORT_TAG }}
- name: Inspect manifest ${{ env.MULTIARCH_ARM64_SHORT_TAG }}
run: docker manifest inspect ${{ env.REPOSITORY }}:${{ env.MULTIARCH_ARM64_SHORT_TAG }}
- name: Inspect manifest ${{ env.MULTIARCH_ARMHF_SHORT_TAG }}
run: docker manifest inspect ${{ env.REPOSITORY }}:${{ env.MULTIARCH_ARMHF_SHORT_TAG }}
- name: Inspect ${{ env.AMD64TAG }} with buildx
run: docker buildx imagetools inspect ${{ env.REPOSITORY }}:${{ env.AMD64TAG }}
- name: Inspect ${{ env.ARM64TAG }} with buildx
run: docker buildx imagetools inspect ${{ env.REPOSITORY }}:${{ env.ARM64TAG }}
- name: Inspect ${{ env.ARMHFTAG }} with buildx
run: docker buildx imagetools inspect ${{ env.REPOSITORY }}:${{ env.ARMHFTAG }}
- name: Inspect ${{ env.MULTIARCH_AMD64_TAG }} with buildx
run: docker buildx imagetools inspect ${{ env.REPOSITORY }}:${{ env.MULTIARCH_AMD64_TAG }}
- name: Inspect ${{ env.MULTIARCH_ARM64_TAG }} with buildx
run: docker buildx imagetools inspect ${{ env.REPOSITORY }}:${{ env.MULTIARCH_ARM64_TAG }}
- name: Inspect ${{ env.MULTIARCH_ARMHF_TAG }} with buildx
run: docker buildx imagetools inspect ${{ env.REPOSITORY }}:${{ env.MULTIARCH_ARMHF_TAG }}
- name: Inspect ${{ env.MULTIARCH_AMD64_SHORT_TAG }} with buildx
run: docker buildx imagetools inspect ${{ env.REPOSITORY }}:${{ env.MULTIARCH_AMD64_SHORT_TAG }}
- name: Inspect ${{ env.MULTIARCH_ARM64_SHORT_TAG }} with buildx
run: docker buildx imagetools inspect ${{ env.REPOSITORY }}:${{ env.MULTIARCH_ARM64_SHORT_TAG }}
- name: Inspect ${{ env.MULTIARCH_ARMHF_SHORT_TAG }} with buildx
run: docker buildx imagetools inspect ${{ env.REPOSITORY }}:${{ env.MULTIARCH_ARMHF_SHORT_TAG }}
5 changes: 3 additions & 2 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,8 @@ TAGS ?= $(word 2,$(subst :, ,$(word 1,$(ALL_IMAGES))))

no-cache ?= no


echo-all-images:
@echo $(X86_IMAGES) $(ARM_IMAGES) $(ARM64_IMAGES)

comma := ,
empty :=
Expand Down Expand Up @@ -139,7 +140,7 @@ sbom-all:
# Usage:
# make src [DOCKERFILE=] [VERSION=] [TAGS=t1,t2,...]

src: dockerfile fluent.conf entrypoint.sh post-push-hook post-checkout-hook
src: dockerfile fluent.conf entrypoint.sh post-checkout-hook



Expand Down