AS mpd #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Merge, and Push | |
| permissions: | |
| packages: write | |
| on: | |
| workflow_call: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| REGISTRY_REPO: 'ghcr.io/${{ github.repository }}' | |
| TAG: 'latest' | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| include: | |
| - os: "ubuntu-latest" | |
| platform: "linux/amd64" | |
| - os: "ARM64" | |
| platform: "linux/arm64" | |
| runs-on: "${{ matrix.os }}" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: "main" | |
| - name: Build and push containers | |
| env: | |
| PLATFORM: ${{ matrix.platform }} | |
| ARCH: ${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: ghcr.io | |
| run: | | |
| runcmd=/bin/bash | |
| if [[ $PLATFORM == 'linux/amd64' ]]; then | |
| mkdir -p ../images | |
| runcmd="podman run -e=REGISTRY_REPO -e=TAG -e=PLATFORM -e=ARCH -e=username -e=password -e=registry -i \ | |
| -u 0 --security-opt seccomp=unconfined --security-opt apparmor=unconfined \ | |
| --net=host --privileged --device /dev/fuse:rw \ | |
| -v ../images:/var/lib/containers:Z \ | |
| -v $PWD/images:/root/images:ro \ | |
| ghcr.io/smerschjohann/containers/fedbox:latest /bin/bash" | |
| fi | |
| $runcmd << 'EOF' | |
| cd /root | |
| echo -n $password | buildah login -u $username --password-stdin $registry | |
| tasks=$(jq -c '.[]' images/tasks.json) | |
| for task in $tasks; do | |
| name=$(echo $task | jq -r '.name') | |
| dir=$(echo $task | jq -r '.dir') | |
| target=$(echo $task | jq -r '.target') | |
| image_name="$REGISTRY_REPO/$name" | |
| source $dir/builddigests | |
| var_name="digest_$ARCH" | |
| echo $var_name | |
| digest=${!var_name} | |
| buildah bud \ | |
| --build-arg TAGORDIGEST="@$digest" \ | |
| --platform $PLATFORM \ | |
| -f $dir/Dockerfile \ | |
| --format docker \ | |
| --tls-verify=true \ | |
| -t $image_name:$ARCH-$TAG \ | |
| --target $target \ | |
| --layers \ | |
| --cache-from $REGISTRY_REPO/cache \ | |
| --cache-to $REGISTRY_REPO/cache \ | |
| $dir | |
| buildah push $image_name:$ARCH-$TAG docker://$image_name:$ARCH-$TAG | |
| done | |
| EOF | |
| merge: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: "main" | |
| - name: Log in to ghcr.io | |
| env: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: ghcr.io | |
| run: | | |
| echo -n $password | buildah login -u $username --password-stdin $registry | |
| - name: Merge & push manifests | |
| env: | |
| TASKS: ${{ github.event_name == 'push' && env.DEFAULT_TASKS || github.event.inputs.tasks }} | |
| run: | | |
| tasks=$(jq -c '.[]' images/tasks.json) | |
| for task in $tasks; do | |
| name=$(echo $task | jq -r '.name') | |
| image_name="$REGISTRY_REPO/$name" | |
| final_manifest="$image_name:$TAG" | |
| buildah manifest rm $final_manifest > /dev/null 2> /dev/null || true | |
| buildah manifest create $final_manifest | |
| for arch in "amd64" "arm64"; do | |
| buildah pull --arch $arch $image_name:$arch-$TAG | |
| buildah manifest add $final_manifest docker://$image_name:$arch-$TAG | |
| done | |
| buildah manifest push --rm --all $final_manifest docker://$final_manifest | |
| done |