ci: more refactoring

rjaegers · rjaegers · commit b6a1ffe3e842 · 2025-10-14T11:57:32.000Z
diff --git a/.github/workflows/wc-build-push-test.yml b/.github/workflows/wc-build-push-test.yml
@@ -30,7 +30,7 @@ jobs:
       packages: write
       pull-requests: write
     with:
-      devcontainer-metadata: .devcontainer/${{ matrix.flavor }}/devcontainer-metadata.json
+      devcontainer-metadata-file: .devcontainer/${{ matrix.flavor }}/devcontainer-metadata.json
       dockerfile: .devcontainer/${{ matrix.flavor }}/Dockerfile
       image-name: ${{ github.repository }}-${{ matrix.flavor }}
 
diff --git a/.github/workflows/wc-build-push.yml b/.github/workflows/wc-build-push.yml
@@ -12,7 +12,7 @@ on:
         description: "Name of the Docker image to build, without registry or tag. E.g. 'my-image' or 'my-org/my-image'"
         required: true
         type: string
-      devcontainer-metadata:
+      devcontainer-metadata-file:
         description: "Path to a JSON file containing devcontainer metadata to add as a label to the built image"
         required: false
         type: string
@@ -75,6 +75,8 @@ jobs:
         with:
           persist-credentials: false
       - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        with:
+          cache-binary: false
       - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         env:
           USERNAME: ${{ secrets.DOCKER_REGISTRY_USERNAME || github.actor }}
@@ -93,16 +95,16 @@ jobs:
         run: |
           set -Eeuo pipefail
 
-          if [ -z "${DEVCONTAINER_METADATA:-}" ] || [ ! -f "${DEVCONTAINER_METADATA}" ]; then
-            echo "devcontainer-metadata input not set or file does not exist, skipping devcontainer.metadata label"
-            echo "metadata=" >> "$GITHUB_OUTPUT"
+          if [ -z "${DEVCONTAINER_METADATA_FILE:-}" ] || [ ! -f "${DEVCONTAINER_METADATA_FILE}" ]; then
+            echo "devcontainer-metadata-file input not set or file does not exist, skipping devcontainer.metadata label"
+            echo "label=" >> "$GITHUB_OUTPUT"
             exit 0
           fi
 
           # the sed expression is a workaround for quotes being eaten in arrays (e.g. ["x", "y", "z"] -> ["x",y,"z"])
-          echo "metadata=devcontainer.metadata=$(jq -cj '[.]' "${DEVCONTAINER_METADATA}" | sed 's/,"/, "/g')" >> "$GITHUB_OUTPUT"
+          echo "label=devcontainer.metadata=$(jq -cj '[.]' "${DEVCONTAINER_METADATA_FILE}" | sed 's/,"/, "/g')" >> "$GITHUB_OUTPUT"
         env:
-          DEVCONTAINER_METADATA: ${{ inputs.devcontainer-metadata }}
+          DEVCONTAINER_METADATA_FILE: ${{ inputs.devcontainer-metadata-file }}
         id: devcontainer-metadata
       - run: echo "git-commit-epoch=$(git log -1 --pretty=%ct)" >> "$GITHUB_OUTPUT"
         id: devcontainer-epoch
@@ -129,7 +131,6 @@ jobs:
           touch "${RUNNER_TEMP}/digests/${DIGEST#sha256:}"
         env:
           DIGEST: ${{ steps.build-and-push.outputs.digest }}
-          RUNNER_TEMP: ${{ runner.temp }}
       - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: digests-${{ needs.sanitize-image-name.outputs.image-basename }}-${{ steps.devcontainer-arch.outputs.arch }}
@@ -167,6 +168,8 @@ jobs:
           pattern: digests-${{ needs.sanitize-image-name.outputs.image-basename }}-*
           merge-multiple: true
       - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        with:
+          cache-binary: false
       - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         env:
           USERNAME: ${{ secrets.DOCKER_REGISTRY_USERNAME || github.actor }}
@@ -179,7 +182,6 @@ jobs:
         id: metadata
         env:
           DOCKER_METADATA_ANNOTATIONS_LEVELS: index
-          DOCKER_METADATA_SET_OUTPUT_ENV: false
         with:
           images: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}
           # Generate Docker tags based on the following events/attributes.
@@ -197,38 +199,16 @@ jobs:
         run: |
           set -Eeuo pipefail
 
-          CMD=(docker buildx imagetools create)
-
-          # Build tag and annotation lists from metadata action output
-          mapfile -t TAGS < <(jq -r '.tags[]? // empty' <<<"${METADATA_JSON}") || true
-          mapfile -t ANNOTATIONS < <(jq -r '.annotations[]? // empty' <<<"${METADATA_JSON}") || true
-
-          for ann in "${ANNOTATIONS[@]:-}"; do
-            [ -n "${ann}" ] && CMD+=( --annotation "${ann}" )
+          readarray -t lines <<< "$DOCKER_METADATA_OUTPUT_ANNOTATIONS"
+          annotations=()
+          for line in "${lines[@]}"; do
+            annotations+=(--annotation "$line")
           done
-          for tag in "${TAGS[@]:-}"; do
-            [ -n "${tag}" ] && CMD+=( --tag "${tag}" )
-          done
-
-          # Each file in the working directory represents a digest (either named sha256:<hash> or the 64-char digest itself)
-          for f in *; do
-            [ -f "$f" ] || continue
-            digest=""
-            if [[ "$f" == sha256:* ]]; then
-              digest="${f#sha256:}"
-            elif [[ ${#f} -eq 64 && "$f" =~ ^[a-f0-9]{64}$ ]]; then
-              digest="$f"
-            else
-              continue
-            fi
-            CMD+=( "${CONTAINER}@sha256:${digest}" )
-          done
-
-          echo "Creating manifest list with command:" >&2
-          printf ' %q' "${CMD[@]}" >&2; echo >&2
 
-          # Execute the command
-          "${CMD[@]}"
+          docker buildx imagetools create \
+            "${annotations[@]}" \
+            $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "${METADATA_JSON}") \
+            $(printf "${CONTAINER}@sha256:%s " *)
         env:
           CONTAINER: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}
           METADATA_JSON: ${{ steps.metadata.outputs.json }}
