mirror of
https://forgejo.ellis.link/continuwuation/continuwuity.git
synced 2026-05-26 20:49:55 +00:00
Sebastian Spaeth
a7fc905490
Run it once a night for regular cleanup etc and after each release-image workflow instead of doing it blindly every 2 hours. This will only run the mirror job if BOTH build types were successful, but it is better than nothing, and we have the nightly run to pick up everything else. Thanks @jade for the quick feedback and hand-holding in creating this.
205 lines
7.4 KiB
YAML
205 lines
7.4 KiB
YAML
name: Release Docker Image
|
|
concurrency:
|
|
group: "release-image-${{ github.ref }}"
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths-ignore:
|
|
- "*.md"
|
|
- "**/*.md"
|
|
- ".gitlab-ci.yml"
|
|
- ".gitignore"
|
|
- "renovate.json"
|
|
- "pkg/**"
|
|
- "docs/**"
|
|
tags:
|
|
- "v*.*.*"
|
|
# Allows you to run this workflow manually from the Actions tab
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
BUILTIN_REGISTRY: forgejo.ellis.link
|
|
BUILTIN_REGISTRY_ENABLED: "${{ ((vars.BUILTIN_REGISTRY_USER && secrets.BUILTIN_REGISTRY_PASSWORD) || (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false)) && 'true' || 'false' }}"
|
|
IMAGE_PATH: forgejo.ellis.link/continuwuation/continuwuity
|
|
|
|
jobs:
|
|
build-release:
|
|
name: "Build ${{ matrix.slug }} (release)"
|
|
runs-on: dind
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
attestations: write
|
|
id-token: write
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- platform: "linux/amd64"
|
|
slug: "linux-amd64"
|
|
- platform: "linux/arm64"
|
|
slug: "linux-arm64"
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: Prepare Docker build environment
|
|
id: prepare
|
|
uses: ./.forgejo/actions/prepare-docker-build
|
|
with:
|
|
platform: ${{ matrix.platform }}
|
|
slug: ${{ matrix.slug }}
|
|
target_cpu: ""
|
|
profile: "release"
|
|
images: ${{ env.IMAGE_PATH }}
|
|
registry_user: ${{ vars.BUILTIN_REGISTRY_USER || github.actor }}
|
|
registry_password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
|
|
- name: Build and push Docker image by digest
|
|
id: build
|
|
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
|
|
with:
|
|
context: .
|
|
file: "docker/Dockerfile"
|
|
build-args: |
|
|
GIT_COMMIT_HASH=${{ github.sha }}
|
|
GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }}
|
|
GIT_REMOTE_URL=${{github.event.repository.html_url }}
|
|
GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }}
|
|
CARGO_INCREMENTAL=${{ env.BUILDKIT_ENDPOINT != '' && '1' || '0' }}
|
|
TARGET_CPU=
|
|
RUST_PROFILE=release
|
|
platforms: ${{ matrix.platform }}
|
|
labels: ${{ steps.prepare.outputs.metadata_labels }}
|
|
annotations: ${{ steps.prepare.outputs.metadata_annotations }}
|
|
cache-from: type=gha
|
|
# cache-to: type=gha,mode=max
|
|
sbom: true
|
|
outputs: |
|
|
${{ env.BUILTIN_REGISTRY_ENABLED == 'true' && format('type=image,"name={0}",push-by-digest=true,name-canonical=true,push=true', env.IMAGE_PATH) || format('type=image,"name={0}",push=false', env.IMAGE_PATH) }}
|
|
type=local,dest=/tmp/binaries
|
|
env:
|
|
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
|
|
- name: Upload Docker artifacts
|
|
uses: ./.forgejo/actions/upload-docker-artifacts
|
|
with:
|
|
slug: ${{ matrix.slug }}
|
|
cpu_suffix: ${{ steps.prepare.outputs.cpu_suffix }}
|
|
artifact_suffix: ""
|
|
digest_suffix: ""
|
|
digest: ${{ steps.build.outputs.digest }}
|
|
|
|
merge-release:
|
|
name: "Create Multi-arch Release Manifest"
|
|
runs-on: dind
|
|
needs: build-release
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: Create multi-platform manifest
|
|
uses: ./.forgejo/actions/create-docker-manifest
|
|
with:
|
|
digest_pattern: "digests-linux-{amd64,arm64}"
|
|
tag_suffix: ""
|
|
images: ${{ env.IMAGE_PATH }}
|
|
registry_user: ${{ vars.BUILTIN_REGISTRY_USER || github.actor }}
|
|
registry_password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
|
|
|
|
build-maxperf:
|
|
name: "Build ${{ matrix.slug }} (max-perf)"
|
|
runs-on: dind
|
|
needs: build-release
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
attestations: write
|
|
id-token: write
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- platform: "linux/amd64"
|
|
slug: "linux-amd64"
|
|
target_cpu: "haswell"
|
|
- platform: "linux/arm64"
|
|
slug: "linux-arm64"
|
|
target_cpu: ""
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: Prepare max-perf Docker build environment
|
|
id: prepare
|
|
uses: ./.forgejo/actions/prepare-docker-build
|
|
with:
|
|
platform: ${{ matrix.platform }}
|
|
slug: ${{ matrix.slug }}
|
|
target_cpu: ${{ matrix.target_cpu }}
|
|
profile: "release-max-perf"
|
|
images: ${{ env.IMAGE_PATH }}
|
|
registry_user: ${{ vars.BUILTIN_REGISTRY_USER || github.actor }}
|
|
registry_password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
|
|
- name: Build and push max-perf Docker image by digest
|
|
id: build
|
|
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
|
|
with:
|
|
context: .
|
|
file: "docker/Dockerfile"
|
|
build-args: |
|
|
GIT_COMMIT_HASH=${{ github.sha }}
|
|
GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }}
|
|
GIT_REMOTE_URL=${{github.event.repository.html_url }}
|
|
GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }}
|
|
CARGO_INCREMENTAL=${{ env.BUILDKIT_ENDPOINT != '' && '1' || '0' }}
|
|
TARGET_CPU=${{ matrix.target_cpu }}
|
|
RUST_PROFILE=release-max-perf
|
|
platforms: ${{ matrix.platform }}
|
|
labels: ${{ steps.prepare.outputs.metadata_labels }}
|
|
annotations: ${{ steps.prepare.outputs.metadata_annotations }}
|
|
cache-from: type=gha
|
|
# cache-to: type=gha,mode=max
|
|
sbom: true
|
|
outputs: |
|
|
${{ env.BUILTIN_REGISTRY_ENABLED == 'true' && format('type=image,"name={0}",push-by-digest=true,name-canonical=true,push=true', env.IMAGE_PATH) || format('type=image,"name={0}",push=false', env.IMAGE_PATH) }}
|
|
type=local,dest=/tmp/binaries
|
|
env:
|
|
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
|
|
- name: Upload max-perf Docker artifacts
|
|
uses: ./.forgejo/actions/upload-docker-artifacts
|
|
with:
|
|
slug: ${{ matrix.slug }}
|
|
cpu_suffix: ${{ steps.prepare.outputs.cpu_suffix }}
|
|
artifact_suffix: "-maxperf"
|
|
digest_suffix: "-maxperf"
|
|
digest: ${{ steps.build.outputs.digest }}
|
|
|
|
merge-maxperf:
|
|
name: "Create Max-Perf Manifest"
|
|
runs-on: dind
|
|
needs: build-maxperf
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: Create max-perf manifest
|
|
uses: ./.forgejo/actions/create-docker-manifest
|
|
with:
|
|
digest_pattern: "digests-maxperf-linux-{amd64-haswell,arm64}"
|
|
tag_suffix: "-maxperf"
|
|
images: ${{ env.IMAGE_PATH }}
|
|
registry_user: ${{ vars.BUILTIN_REGISTRY_USER || github.actor }}
|
|
registry_password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
|
|
|
|
mirror_images:
|
|
needs:
|
|
- merge-maxperf
|
|
- merge-release
|
|
runs-on: ubuntu-latest
|
|
uses: ./.forgejo/workflows/mirror-images.yml
|