Merge pull request #205 from smerschjohann/renovate/brave-brave-brows… #245
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Merge, and Push | |
| permissions: | |
| packages: write | |
| on: | |
| workflow_call: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| REGISTRY_REPO: 'ghcr.io/${{ github.repository }}' | |
| TAG: 'latest' | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| include: | |
| - os: "ubuntu-latest" | |
| platform: "linux/amd64" | |
| - os: "ARM64" | |
| platform: "linux/arm64" | |
| runs-on: "${{ matrix.os }}" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 2 | |
| - name: Build and push containers | |
| env: | |
| PLATFORM: ${{ matrix.platform }} | |
| ARCH: ${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: ghcr.io | |
| run: | | |
| runcmd=/bin/bash | |
| #if [[ $PLATFORM == 'linux/amd64' ]]; then | |
| # mkdir -p ../containers | |
| # runcmd="podman run -e=REGISTRY_REPO -e=TAG -e=PLATFORM -e=ARCH -e=username -e=password -e=registry -i \ | |
| # -u 0 --security-opt seccomp=unconfined --security-opt apparmor=unconfined \ | |
| # --net=host --privileged --device /dev/fuse:rw \ | |
| # -v ../containers:/var/lib/containers:Z \ | |
| # -v $PWD:/root:ro \ | |
| # ghcr.io/smerschjohann/containers/fedbox:latest /bin/bash" | |
| #fi | |
| $runcmd << 'EOF' | |
| #cd /root | |
| echo -n $password | buildah login -u $username --password-stdin $registry | |
| tasks=$(jq -c '.[]' images/tasks.json) | |
| for task in $tasks; do | |
| name=$(echo $task | jq -r '.name') | |
| dir=$(echo $task | jq -r '.dir') | |
| target=$(echo $task | jq -r '.target') | |
| nocache=$(echo $task | jq -c '.nocache') | |
| image_name="$REGISTRY_REPO/$name" | |
| if git diff --quiet --exit-code HEAD^ HEAD $dir; then | |
| echo "Keine Änderungen in $dir, überspringe den Build-Prozess für $name" | |
| continue | |
| fi | |
| cacheparams="" | |
| if [[ $nocache != true ]]; then | |
| cacheparams="--layers --cache-from $REGISTRY_REPO/cache --cache-to $REGISTRY_REPO/cache" | |
| fi | |
| buildah bud \ | |
| --platform $PLATFORM \ | |
| -f $dir/Dockerfile \ | |
| --format docker \ | |
| --tls-verify=true \ | |
| -t $image_name:$ARCH-$TAG \ | |
| --target $target \ | |
| $cacheparams \ | |
| $dir | |
| buildah push $image_name:$ARCH-$TAG docker://$image_name:$ARCH-$TAG | |
| done | |
| EOF | |
| merge: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 2 | |
| - name: Log in to ghcr.io | |
| env: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: ghcr.io | |
| run: | | |
| echo -n $password | buildah login -u $username --password-stdin $registry | |
| - name: Merge & push manifests | |
| env: | |
| TASKS: ${{ github.event_name == 'push' && env.DEFAULT_TASKS || github.event.inputs.tasks }} | |
| run: | | |
| tasks=$(jq -c '.[]' images/tasks.json) | |
| for task in $tasks; do | |
| name=$(echo $task | jq -r '.name') | |
| dir=$(echo $task | jq -r '.dir') | |
| autoTag=$(echo $task | jq -r '.autoTag // empty') | |
| tag=$(echo $task | jq -r '.tag // empty') | |
| image_name="$REGISTRY_REPO/$name" | |
| if [ "$autoTag" = "true" ]; then | |
| tag=$(grep -oP '(?<=:).+?(?=@)' $dir/Dockerfile) | |
| fi | |
| final_manifest="$image_name:${tag:-$TAG}" | |
| if git diff --quiet --exit-code HEAD^..HEAD $dir; then | |
| echo "Keine Änderungen in $dir, überspringe den Build-Prozess für $name" | |
| continue | |
| fi | |
| buildah manifest rm $final_manifest > /dev/null 2> /dev/null || true | |
| buildah manifest create $final_manifest | |
| for arch in "amd64" "arm64"; do | |
| buildah pull --arch $arch $image_name:$arch-$TAG | |
| buildah manifest add $final_manifest docker://$image_name:$arch-$TAG | |
| done | |
| buildah manifest push --rm --all $final_manifest docker://$final_manifest | |
| done |