Skip to content

Commit 316371d

Browse files
rjaegersrjaegers
committed
chore: decouple flavor from wc-build-push-test
1 parent 69de73f commit 316371d

File tree

2 files changed

+30
-23
lines changed

2 files changed

+30
-23
lines changed

.github/workflows/wc-build-push-test.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,8 @@ jobs:
3030
packages: write
3131
pull-requests: write
3232
with:
33-
flavor: ${{ matrix.flavor }}
33+
dockerfile: .devcontainer/${{ matrix.flavor }}/Dockerfile
34+
image-name: ${{ github.repository }}-${{ matrix.flavor }}
3435

3536
dependency-review:
3637
runs-on: ubuntu-latest

.github/workflows/wc-build-push.yml

Lines changed: 28 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,12 @@ name: Build & Push
44
on:
55
workflow_call:
66
inputs:
7-
flavor:
7+
dockerfile:
8+
description: "Path to the Dockerfile to build"
9+
required: true
10+
type: string
11+
image-name:
12+
description: "Name of the Docker image to build"
813
required: true
914
type: string
1015
registry:
@@ -37,8 +42,8 @@ permissions:
3742
contents: read
3843

3944
env:
40-
CONTAINER_FLAVOR: ${{ inputs.flavor }}
4145
REGISTRY: ${{ inputs.registry }}
46+
FULLY_QUALIFIED_IMAGE_NAME: ${{ inputs.registry }}/${{ inputs.image-name }}
4247

4348
jobs:
4449
build-push:
@@ -69,7 +74,7 @@ jobs:
6974
DOCKER_METADATA_SET_OUTPUT_ENV: false
7075
id: metadata
7176
with:
72-
images: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}
77+
images: ${{ env.FULLY_QUALIFIED_IMAGE_NAME }}
7378
# Generate image LABEL for devcontainer.metadata
7479
# the sed expression is a workaround for quotes being eaten in arrays (e.g. ["x", "y", "z"] -> ["x",y,"z"])
7580
- run: echo "metadata=$(jq -cj '[.]' ".devcontainer/${CONTAINER_FLAVOR}/devcontainer-metadata-vscode.json" | sed 's/,"/, "/g')" >> "$GITHUB_OUTPUT"
@@ -83,9 +88,9 @@ jobs:
8388
env:
8489
SOURCE_DATE_EPOCH: ${{ steps.devcontainer-epoch.outputs.git-commit-epoch }}
8590
with:
86-
file: .devcontainer/${{ inputs.flavor }}/Dockerfile
91+
file: ${{ inputs.dockerfile }}
8792
push: true
88-
tags: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}
93+
tags: ${{ env.FULLY_QUALIFIED_IMAGE_NAME }}
8994
labels: |
9095
${{ steps.metadata.outputs.labels }}
9196
devcontainer.metadata=${{ steps.devcontainer-metadata.outputs.metadata }}
@@ -102,7 +107,7 @@ jobs:
102107
RUNNER_TEMP: ${{ runner.temp }}
103108
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
104109
with:
105-
name: digests-${{ inputs.flavor }}-${{ steps.devcontainer-arch.outputs.arch }}
110+
name: digests-${{ inputs.image-name }}-${{ steps.devcontainer-arch.outputs.arch }}
106111
path: ${{ runner.temp }}/digests/*
107112
if-no-files-found: error
108113
retention-days: 1
@@ -130,21 +135,24 @@ jobs:
130135
- uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
131136
with:
132137
path: ${{ runner.temp }}/digests
133-
pattern: digests-${{ inputs.flavor }}-*
138+
pattern: digests-${{ inputs.image-name }}-*
134139
merge-multiple: true
135140
- uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
136141
- uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
142+
env:
143+
USERNAME: ${{ secrets.DOCKER_USERNAME || github.actor }}
144+
PASSWORD: ${{ secrets.DOCKER_PASSWORD || secrets.GITHUB_TOKEN }}
137145
with:
138146
registry: ${{ env.REGISTRY }}
139-
username: ${{ github.actor }}
140-
password: ${{ secrets.GITHUB_TOKEN }}
147+
username: ${{ env.USERNAME }}
148+
password: ${{ env.PASSWORD }}
141149
- uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
142150
id: metadata
143151
env:
144152
DOCKER_METADATA_ANNOTATIONS_LEVELS: index
145153
DOCKER_METADATA_SET_OUTPUT_ENV: false
146154
with:
147-
images: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}
155+
images: ${{ env.FULLY_QUALIFIED_IMAGE_NAME }}
148156
# Generate Docker tags based on the following events/attributes.
149157
# To prevent unnecessary image builds we simulate the `type=edge` tag
150158
# with `type=raw,value=edge,enable=...` which only enables the tag
@@ -162,7 +170,7 @@ jobs:
162170
import json
163171
import subprocess
164172
165-
CONTAINER = f"{os.getenv('REGISTRY')}/{os.getenv('GH_REPO')}-{os.getenv('CONTAINER_FLAVOR')}"
173+
CONTAINER = f"{os.getenv('FULLY_QUALIFIED_IMAGE_NAME')}"
166174
METADATA = json.loads(os.getenv('METADATA_JSON'))
167175
168176
digests = [f for f in os.listdir('.') if f.startswith('sha256:') or len(f) == 64]
@@ -177,53 +185,51 @@ jobs:
177185
subprocess.run(command, check=True)
178186
env:
179187
METADATA_JSON: ${{ steps.metadata.outputs.json }}
180-
GH_REPO: ${{ github.repository }}
181188
shell: python
182189
working-directory: ${{ runner.temp }}/digests
183190
- name: Inspect manifest and extract digest
184191
id: inspect-manifest
185192
run: |
186193
set -Eeuo pipefail
187-
output=$(docker buildx imagetools inspect "${REGISTRY}/${GH_REPO}-${CONTAINER_FLAVOR}:${CONTAINER_VERSION}" --format '{{json .}}')
194+
output=$(docker buildx imagetools inspect "${FULLY_QUALIFIED_IMAGE_NAME}:${CONTAINER_VERSION}" --format '{{json .}}')
188195
echo "digest=$(echo "$output" | jq -r '.manifest.digest // .manifests[0].digest')" >> "$GITHUB_OUTPUT"
189196
env:
190197
CONTAINER_VERSION: ${{ steps.metadata.outputs.version }}
191-
GH_REPO: ${{ github.repository }}
192198
- run: |
193199
set -Eeuo pipefail
194200
wget -O diffoci https://github.com/reproducible-containers/diffoci/releases/download/v0.1.7/diffoci-v0.1.7.linux-amd64
195201
chmod +x diffoci
196202
./diffoci diff --semantic --report-file=container-diff.json "${FROM_CONTAINER}" "${TO_CONTAINER}" || true
197203
env:
198-
FROM_CONTAINER: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}:edge
199-
TO_CONTAINER: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}:${{ steps.metadata.outputs.version }}
204+
FROM_CONTAINER: ${{ env.FULLY_QUALIFIED_IMAGE_NAME }}:edge
205+
TO_CONTAINER: ${{ env.FULLY_QUALIFIED_IMAGE_NAME }}:${{ steps.metadata.outputs.version }}
200206
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
201207
with:
202-
name: container-diff-${{ inputs.flavor }}
208+
name: container-diff-${{ inputs.image-name }}
203209
path: container-diff.json
204210
retention-days: 10
205211
- uses: ./.github/actions/container-size-diff
206212
id: container-size-diff
207213
with:
208-
from-container: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}:edge
209-
to-container: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}:${{ steps.metadata.outputs.version }}
214+
from-container: ${{ env.FULLY_QUALIFIED_IMAGE_NAME }}:edge
215+
to-container: ${{ env.FULLY_QUALIFIED_IMAGE_NAME }}:${{ steps.metadata.outputs.version }}
210216
- uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
211217
with:
212218
header: container-size-diff-${{ inputs.flavor }}
213219
message: |
214220
${{ steps.container-size-diff.outputs.size-diff-markdown }}
215221
- uses: anchore/sbom-action@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
216222
with:
217-
image: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}@${{ steps.inspect-manifest.outputs.digest }}
223+
image: ${{ env.FULLY_QUALIFIED_IMAGE_NAME }}@${{ steps.inspect-manifest.outputs.digest }}
218224
dependency-snapshot: true
219225
- uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
220226
with:
221-
subject-name: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}
227+
subject-name: ${{ env.FULLY_QUALIFIED_IMAGE_NAME }}
222228
subject-digest: ${{ steps.inspect-manifest.outputs.digest }}
223229
show-summary: false
224230
push-to-registry: true
225231
- name: Verify attestation
226-
run: gh attestation verify --repo "${GH_REPO}" "oci://${REGISTRY}/${GH_REPO}-${CONTAINER_FLAVOR}@${DIGEST}"
232+
run: gh attestation verify --repo "${GH_REPO}" "oci://${FULLY_QUALIFIED_IMAGE_NAME}@${DIGEST}"
227233
env:
228234
DIGEST: ${{ steps.inspect-manifest.outputs.digest }}
229235
GH_REPO: ${{ github.repository }}

0 commit comments

Comments
 (0)