artcraft/.github/workflows/docker-publish-cpu.yml at main · storytold/artcraft · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# Adapted from
# https://github.com/actions/starter-workflows/ci/docker-publish.yml
# If using base images, don't forget to add READ access, eg. from a package settings page like:
# https://github.com/orgs/storytold/packages/container/docker-base-images-rust-ssl/settings/actions_access
name: "[CPU] Build GHCR Docker artifact"
on:
  push:
    branches:
      # NB: Default-branch doesn't work, despite Github's documentation.
      #- $default-branch
      - main
      - test
    # Only build when files that affect the Docker image change.
    # This avoids expensive 15-25 min builds for docs-only or config-only changes.
    paths:
      # Individual files
      - '.github/workflows/docker-publish-cpu.yml'
      - 'Cargo.lock'
      - 'Cargo.toml'
      - 'build/service_cpu.Dockerfile'
      # Directories
      - '.sqlx/**'
      - '_database/**'
      - 'crates/**'
      - 'includes/**'
      - 'test_data/**'
env:
  IMAGE_NAME: storyteller-rust

jobs:
  # Push image to GitHub Packages.
  # See also https://docs.docker.com/docker-hub/builds/
  # See also https://depot.dev/blog/docker-layer-caching-in-github-actions
  # See also https://evilmartians.com/chronicles/build-images-on-github-actions-with-docker-layer-caching
  build-docker-image:
    name: "Build Docker Image"
    #runs-on: ubuntu-22.04 # runs-on: ubuntu-latest
    #runs-on: github-ubuntu-16core # NB: Premium GitHub runner with more cores
    runs-on: github-ubuntu-64core # NB: Premium GitHub runner with more cores
    if: github.event_name == 'push'
    permissions:
      packages: write
      contents: read

    steps:
      - uses: actions/checkout@v3

      # - uses: docker/setup-buildx-action@v1
      #   name: Set up Docker Buildx

      - uses: docker/login-action@v1
        name: Login to GitHub Container Registry
        with:
          registry: ghcr.io
          username: ${{ github.actor }} # username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Calculate short SHA
        id: vars
        # echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
        run: |
          echo "sha_short=$(echo ${{ github.sha }} | cut -c1-12)" >> $GITHUB_OUTPUT

      - name: Emit short SHA
        run: |
          echo "Full SHA: ${{ github.sha }}"
          echo "Short SHA: ${{ steps.vars.outputs.sha_short }}"

      #- uses: actions/cache@v2
      #  name: Cache Docker layers
      #  with:
      #    path: /tmp/.buildx-cache
      #    key: ${{ runner.os }}-buildx-${{ github.sha }}
      #    restore-keys: |
      #      ${{ runner.os }}-buildx-

      # Docs for this action are at https://github.com/marketplace/actions/build-docker-images-using-cache
      - uses: whoan/docker-build-with-cache-action@v6
        with:
          registry: ghcr.io
          username: ${{ github.actor }} # username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
          image_name: storytold/storyteller-rust
          dockerfile: ./build/service_cpu.Dockerfile
          # NB: The `git_push_tag: true` option does not work as expected, so we put the sha in `image_tag`:
          # https://github.com/whoan/docker-build-with-cache-action/issues/72
          image_tag: latest,${{ github.sha }},${{ steps.vars.outputs.sha_short }}
          # NB: Inject the Git SHA into the container so the servers can emit their own version:
          build_extra_args: "--build-arg=GIT_SHA=${{ github.sha }}"

      # - name: Build image
      #   run: |
      #     SHORT_SHA=$(echo ${GITHUB_SHA} | cut -c1-12)
      #     docker build . --file Dockerfile --tag $IMAGE_NAME --label "runnumber=${GITHUB_RUN_ID}" --build-arg GIT_SHA=${SHORT_SHA}

      # - name: Push image to GitHub Container Registry
      #   run: |
      #     IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME

      #     # Change all uppercase to lowercase
      #     IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')

      #     # Strip git ref prefix from version
      #     VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')

      #     # Strip "v" prefix from tag name
      #     [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')

      #     # Use Docker `latest` tag convention
      #     [ "$VERSION" == "$default-branch" ] && VERSION=latest

      #     echo IMAGE_ID=$IMAGE_ID
      #     echo VERSION=$VERSION

      #     docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
      #     docker push $IMAGE_ID:$VERSION

      #     SHORT_SHA=$(echo ${GITHUB_SHA} | cut -c1-12)

      #     docker tag $IMAGE_NAME $IMAGE_ID:$SHORT_SHA
      #     docker push $IMAGE_ID:$SHORT_SHA

      - name: Cleanup / Debug
        # This job will run even on failures to help with debugging.
        if: always()
        run: |
          echo "Report at final github action step:"
          echo "Disk usage:"
          pwd
          du -hsc * | sort -hr