feat: make PROVIDER_TIMEOUT_MS configurable via environment variable #183
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "Optional version override (e.g. 5.38.1). Leave blank to use the current version from packages/manifest/package.json." | |
| required: false | |
| type: string | |
| workflow_call: | |
| inputs: | |
| version: | |
| description: "Optional version override. Leave blank to use the current version from packages/manifest/package.json." | |
| required: false | |
| type: string | |
| pull_request: | |
| branches: [main] | |
| paths: | |
| - ".github/workflows/docker.yml" | |
| - "docker/Dockerfile" | |
| - ".dockerignore" | |
| - "docker/docker-compose.yml" | |
| - "docker/.env.example" | |
| - "docker/install.sh" | |
| - "packages/backend/**" | |
| - "packages/frontend/**" | |
| - "packages/shared/**" | |
| - "package.json" | |
| - "package-lock.json" | |
| - "turbo.json" | |
| permissions: | |
| contents: read | |
| env: | |
| IMAGE: manifestdotbuild/manifest | |
| jobs: | |
| validate: | |
| name: Build (validate, ${{ matrix.platform.arch }}) | |
| if: github.event_name == 'pull_request' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: | |
| - { os: ubuntu-latest, arch: amd64 } | |
| - { os: ubuntu-24.04-arm, arch: arm64 } | |
| runs-on: ${{ matrix.platform.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: docker/Dockerfile | |
| push: false | |
| platforms: linux/${{ matrix.platform.arch }} | |
| cache-from: type=gha,scope=${{ matrix.platform.arch }} | |
| cache-to: type=gha,mode=max,scope=${{ matrix.platform.arch }} | |
| build: | |
| name: Build (${{ matrix.platform.arch }}) | |
| if: github.event_name != 'pull_request' | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| platform: | |
| - { os: ubuntu-latest, arch: amd64 } | |
| - { os: ubuntu-24.04-arm, arch: arm64 } | |
| runs-on: ${{ matrix.platform.os }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - uses: docker/metadata-action@v5 | |
| id: meta | |
| with: | |
| images: ${{ env.IMAGE }} | |
| - id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: docker/Dockerfile | |
| platforms: linux/${{ matrix.platform.arch }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| outputs: type=image,name=${{ env.IMAGE }},push-by-digest=true,name-canonical=true,push=true | |
| cache-from: type=gha,scope=${{ matrix.platform.arch }} | |
| cache-to: type=gha,mode=max,scope=${{ matrix.platform.arch }} | |
| sbom: true | |
| provenance: mode=max | |
| - name: Export digest | |
| run: | | |
| mkdir -p ${{ runner.temp }}/digests | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "${{ runner.temp }}/digests/${digest#sha256:}" | |
| - name: Upload digest | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: digests-${{ matrix.platform.arch }} | |
| path: ${{ runner.temp }}/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| merge: | |
| name: Merge & Publish | |
| if: github.event_name != 'pull_request' | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Resolve version | |
| id: version | |
| run: | | |
| if [ -n "${{ inputs.version }}" ]; then | |
| VERSION="${{ inputs.version }}" | |
| echo "Using version from workflow input: $VERSION" | |
| else | |
| VERSION=$(jq -r .version packages/manifest/package.json) | |
| echo "Using version from packages/manifest/package.json: $VERSION" | |
| fi | |
| echo "version=$VERSION" >> "$GITHUB_OUTPUT" | |
| - name: Download digests | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: ${{ runner.temp }}/digests | |
| pattern: digests-* | |
| merge-multiple: true | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - uses: docker/metadata-action@v5 | |
| id: meta | |
| with: | |
| images: ${{ env.IMAGE }} | |
| flavor: | | |
| latest=true | |
| tags: | | |
| type=semver,pattern={{version}},value=${{ steps.version.outputs.version }} | |
| type=semver,pattern={{major}}.{{minor}},value=${{ steps.version.outputs.version }} | |
| type=semver,pattern={{major}},value=${{ steps.version.outputs.version }} | |
| type=sha | |
| - name: Create manifest list and push | |
| working-directory: ${{ runner.temp }}/digests | |
| run: | | |
| docker buildx imagetools create \ | |
| $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(printf '${{ env.IMAGE }}@sha256:%s ' *) | |
| - name: Inspect image | |
| run: | | |
| docker buildx imagetools inspect ${{ env.IMAGE }}:${{ steps.meta.outputs.version }} | |
| - uses: sigstore/cosign-installer@v3 | |
| - name: Sign published image | |
| env: | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| VERSION: ${{ steps.meta.outputs.version }} | |
| run: | | |
| # Extract the manifest-list digest from the freshly-pushed tag. | |
| # Uses the pattern established by the dagger project and others: format | |
| # the full inspect output as JSON and pull .manifest.digest out with jq. | |
| DIGEST=$(docker buildx imagetools inspect "${{ env.IMAGE }}:${VERSION}" --format '{{json .}}' | jq -r '.manifest.digest') | |
| if [ -z "$DIGEST" ] || [ "$DIGEST" = "null" ]; then | |
| echo "::error::Failed to extract manifest-list digest for ${{ env.IMAGE }}:${VERSION}" | |
| docker buildx imagetools inspect "${{ env.IMAGE }}:${VERSION}" --format '{{json .}}' | |
| exit 1 | |
| fi | |
| echo "Signing manifest list digest: $DIGEST" | |
| for tag in ${TAGS}; do | |
| cosign sign --yes "${tag}@${DIGEST}" | |
| done |