|
| 1 | +--- |
| 2 | +name: Test for "docker-build-images" workflow - Caching |
| 3 | +run-name: Test for "docker-build-images" workflow - Caching |
| 4 | + |
| 5 | +on: # yamllint disable-line rule:truthy |
| 6 | + workflow_call: |
| 7 | + |
| 8 | +permissions: |
| 9 | + contents: read |
| 10 | + issues: read |
| 11 | + packages: write |
| 12 | + pull-requests: read |
| 13 | + id-token: write |
| 14 | + |
| 15 | +# jscpd:ignore-start |
| 16 | +jobs: |
| 17 | + arrange: |
| 18 | + name: Arrange |
| 19 | + runs-on: ubuntu-latest |
| 20 | + outputs: |
| 21 | + matrix: ${{ steps.define-matrix.outputs.result }} |
| 22 | + steps: |
| 23 | + - run: | |
| 24 | + if [ -z "${{ secrets.GITHUB_TOKEN }}" ]; then |
| 25 | + echo "GitHub token secret is not set" |
| 26 | + exit 1 |
| 27 | + fi |
| 28 | +
|
| 29 | + - id: define-matrix |
| 30 | + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 |
| 31 | + with: |
| 32 | + result-encoding: json |
| 33 | + script: | |
| 34 | + const matrix = { |
| 35 | + include: [ |
| 36 | + { |
| 37 | + name: "mono-arch - registry", |
| 38 | + "image-name": `test-caching-mono-arch-registry`, |
| 39 | + platforms: '["linux/amd64"]', |
| 40 | + "cache-type": "registry" |
| 41 | + }, |
| 42 | + { |
| 43 | + name: "multi-arch - registry", |
| 44 | + "image-name": `test-caching-multi-arch-registry`, |
| 45 | + platforms: '["linux/amd64","linux/arm64"]', |
| 46 | + "cache-type": "registry" |
| 47 | + }, |
| 48 | + { |
| 49 | + name: "mono-arch - gha", |
| 50 | + "image-name": `test-caching-mono-arch-gha`, |
| 51 | + platforms: '["linux/amd64"]', |
| 52 | + "cache-type": "gha" |
| 53 | + }, |
| 54 | + { |
| 55 | + name: "multi-arch - gha", |
| 56 | + "image-name": `test-caching-multi-arch-gha`, |
| 57 | + platforms: '["linux/amd64","linux/arm64"]', |
| 58 | + "cache-type": "gha" |
| 59 | + } |
| 60 | + ] |
| 61 | + }; |
| 62 | + return matrix; |
| 63 | +
|
| 64 | + act-build-images-registry: |
| 65 | + name: Act - Build images - registry cache |
| 66 | + needs: arrange |
| 67 | + uses: ./.github/workflows/docker-build-images.yml |
| 68 | + secrets: |
| 69 | + oci-registry-password: ${{ secrets.GITHUB_TOKEN }} |
| 70 | + build-secret-github-app-key: ${{ secrets.CI_BOT_APP_PRIVATE_KEY }} |
| 71 | + with: |
| 72 | + cache-type: "registry" |
| 73 | + sign: false |
| 74 | + images: | |
| 75 | + [ |
| 76 | + { |
| 77 | + "name": "test-caching-mono-arch-registry", |
| 78 | + "context": ".", |
| 79 | + "dockerfile": "./tests/application/Dockerfile", |
| 80 | + "build-args": { "BUILD_RUN_ID": "${{ github.run_id }}" }, |
| 81 | + "target": "base", |
| 82 | + "platforms": ["linux/amd64"] |
| 83 | + }, |
| 84 | + { |
| 85 | + "name": "test-caching-multi-arch-registry", |
| 86 | + "context": ".", |
| 87 | + "dockerfile": "./tests/application/Dockerfile", |
| 88 | + "build-args": { "BUILD_RUN_ID": "${{ github.run_id }}" }, |
| 89 | + "target": "base", |
| 90 | + "platforms": ["linux/amd64","linux/arm64"] |
| 91 | + } |
| 92 | + ] |
| 93 | +
|
| 94 | + act-build-images-gha: |
| 95 | + name: Act - Build images - gha cache |
| 96 | + needs: arrange |
| 97 | + uses: ./.github/workflows/docker-build-images.yml |
| 98 | + secrets: |
| 99 | + oci-registry-password: ${{ secrets.GITHUB_TOKEN }} |
| 100 | + build-secret-github-app-key: ${{ secrets.CI_BOT_APP_PRIVATE_KEY }} |
| 101 | + with: |
| 102 | + cache-type: "gha" |
| 103 | + sign: false |
| 104 | + images: | |
| 105 | + [ |
| 106 | + { |
| 107 | + "name": "test-caching-mono-arch-gha", |
| 108 | + "context": ".", |
| 109 | + "dockerfile": "./tests/application/Dockerfile", |
| 110 | + "build-args": { "BUILD_RUN_ID": "${{ github.run_id }}" }, |
| 111 | + "target": "base", |
| 112 | + "platforms": ["linux/amd64"] |
| 113 | + }, |
| 114 | + { |
| 115 | + "name": "test-caching-multi-arch-gha", |
| 116 | + "context": ".", |
| 117 | + "dockerfile": "./tests/application/Dockerfile", |
| 118 | + "build-args": { "BUILD_RUN_ID": "${{ github.run_id }}" }, |
| 119 | + "target": "base", |
| 120 | + "platforms": ["linux/amd64","linux/arm64"] |
| 121 | + } |
| 122 | + ] |
| 123 | +
|
| 124 | + assert-images-cache: |
| 125 | + name: Assert - Cached images (${{ matrix.name }}) |
| 126 | + needs: [arrange, act-build-images-registry, act-build-images-gha] |
| 127 | + runs-on: ubuntu-latest |
| 128 | + strategy: |
| 129 | + fail-fast: false |
| 130 | + matrix: ${{ fromJson(needs.arrange.outputs.matrix) }} |
| 131 | + steps: |
| 132 | + - name: Login to GitHub Container Registry |
| 133 | + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 |
| 134 | + with: |
| 135 | + registry: ghcr.io |
| 136 | + username: ${{ github.repository_owner }} |
| 137 | + password: ${{ github.token }} |
| 138 | + |
| 139 | + - name: Assert image and digest |
| 140 | + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 |
| 141 | + env: |
| 142 | + BUILT_IMAGES: ${{ needs[matrix.cache-type == 'registry' && 'act-build-images-registry' || 'act-build-images-gha' ].outputs.built-images }} |
| 143 | + EXPECTED_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image-name }} |
| 144 | + with: |
| 145 | + script: | |
| 146 | + const assert = require("assert"); |
| 147 | +
|
| 148 | + let expectedTag; |
| 149 | +
|
| 150 | + const isPullRequest = `${{ github.event_name }}` === "pull_request"; |
| 151 | + if (isPullRequest) { |
| 152 | + const shortSha = `${{ github.sha }}`.substring(0, 7); |
| 153 | + expectedTag = `pr-${{ github.event.pull_request.number }}-${shortSha}`; |
| 154 | + } else { |
| 155 | + expectedTag = `${{ github.ref_name }}`; |
| 156 | + } |
| 157 | +
|
| 158 | + const builtImages = JSON.parse(process.env.BUILT_IMAGES); |
| 159 | +
|
| 160 | + const imageName = `${{ matrix.image-name }}`; |
| 161 | + assert(builtImages[imageName], `"built-images" output does not contain "${imageName}" image`); |
| 162 | +
|
| 163 | + const digest = builtImages[imageName].digest; |
| 164 | + assert(digest.length, `"built-images" output does not contain digest for "${{ matrix.image-name }}" image`); |
| 165 | + assert.match(digest, /^sha256:[0-9a-f]{64}$/, `"built-images" output does not contain valid digest for "${{ matrix.image-name }}" image`); |
| 166 | +
|
| 167 | + const expectedImage = process.env.EXPECTED_IMAGE; |
| 168 | + const expectedImageTag = `${expectedImage}:${expectedTag}@${digest}`; |
| 169 | +
|
| 170 | + const image = builtImages[imageName].images[0]; |
| 171 | +
|
| 172 | + assert.equal(image, expectedImageTag, `"built-images" output is not valid. Expected "${expectedImage}", got "${image}"`); |
| 173 | +
|
| 174 | + await exec.exec('docker', ['pull', image]); |
| 175 | +
|
| 176 | + - name: Assert registry cache usage |
| 177 | + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 |
| 178 | + if: ${{ matrix.cache-type == 'registry' }} |
| 179 | + env: |
| 180 | + EXPECTED_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image-name }} |
| 181 | + EXPECTED_PLATFORMS: ${{ matrix.platforms }} |
| 182 | + EXPECTED_CACHE_TAG: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || github.ref_name }} |
| 183 | + with: |
| 184 | + script: | |
| 185 | + const expectedCacheImage = `${process.env.EXPECTED_IMAGE}/cache:${process.env.EXPECTED_CACHE_TAG}`; |
| 186 | + const expectedPlatforms = JSON.parse(process.env.EXPECTED_PLATFORMS); |
| 187 | + const expectedCacheImages = expectedPlatforms.map(platform => `${expectedCacheImage}-${platform.replace('/', '-')}`); |
| 188 | +
|
| 189 | + for (const cacheImage of expectedCacheImages) { |
| 190 | + await exec.exec('docker', ['manifest', 'inspect', cacheImage]); |
| 191 | + } |
| 192 | +
|
| 193 | +# jscpd:ignore-end |
0 commit comments