Skip to content

update bake-file and ci, remove unused workflow #230

update bake-file and ci, remove unused workflow

update bake-file and ci, remove unused workflow #230

Workflow file for this run

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: ci
on:
push:
paths:
- '**/Dockerfile'
- '**/toolsets/*.json'
- '**/.github/workflows/ci.yml'
pull_request:
branches: [main]
workflow_dispatch:
permissions:
contents: read
packages: write
pull-requests: write
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
platforms: ${{ github.event_name == 'pull_request' && fromJson('["linux/amd64", "linux/arm64"]') || fromJson('["linux/amd64,linux/arm64"]') }}
env:
BUILDKIT_PROGRESS: plain
# FROM_IMAGE_PATH: /tmp/${{ matrix.distro }}-${{ matrix.from-version }}.tar
# IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }}
# IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', vars.DOCKERHUB_USER || github.repository_owner, matrix.distro, matrix.from-flavor) }}
REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }}
SHA: ${{ github.event.pull_request.head.sha || github.event.after || github.sha }}
# TO_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}', 'docker.io', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version) }}
steps:
- uses: actions/checkout@v4
- name: Free up disk space
uses: ./.github/actions/free-space
with:
deleteDotnet: 'true'
deleteAndroid: 'true'
- name: Set up QEMU
uses: docker/[email protected]
- name: Set up Docker Buildx
uses: docker/[email protected]
with:
driver: docker-container
driver-opts: image=moby/buildkit:v0.12.2
install: true
use: true
cleanup: true
platforms: ${{ matrix.platforms }}
# Login against a Docker registry
# https://github.com/docker/login-action
- name: Login to ${{ env.REGISTRY }}
uses: docker/[email protected]
with:
registry: ${{ env.REGISTRY }}
username: ${{ vars.DOCKERHUB_USER || github.repository_owner }}
password: ${{ secrets.DOCKERHUB_TOKEN || secrets.GITHUB_TOKEN }}
logout: true
# # Get the architecture to use for the cache tag
# - name: get arch
# id: cache-arch
# if: github.event_name == 'pull_request'
# run: >-
# printf "CACHE_ARCH=%s\n" "$(
# docker run
# --quiet
# --platform ${{ matrix.platforms }}
# --rm
# "${PULL_IMAGE}"
# /bin/bash -c "dpkg --print-architecture"
# )" >> "$GITHUB_OUTPUT"
# env:
# PULL_IMAGE: ${{ format('{0}:{1}', matrix.distro, matrix.codename) }}
- name: Build and Push
uses: docker/[email protected]
with:
files: docker-bake.hcl
set: |
ubuntu*.platform=${{ matrix.platforms }}
ubuntu*.output=type=${{ env.OUTPUT_TYPE }},${{ env.OUTPUT_KIND }}
${{ github.event_name == 'pull_request' && github.actor != 'nektos/act' && '*.cache-to=type=registry,mode=max' || '' }}
env:
OUTPUT_KIND: ${{ github.event_name != 'pull_request' && 'push=true' || format('dest={0}', env.FROM_IMAGE_PATH) }}
OUTPUT_TYPE: ${{ github.event_name != 'pull_request' && 'registry' || 'docker' }}
# REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }}
# # vulnerability scanning to verify PRs
# - name: Docker Scout
# id: docker-scout
# uses: docker/[email protected]
# if: github.event_name == 'pull_request'
# with:
# platform: ${{ matrix.platforms }}
# command: quickview
# image: ${{ env.FROM_IMAGE_PATH }}
# type: archive
# to: ${{ env.TO_TAG }}
# ignore-unchanged: true
# only-severities: critical
# write-comment: ${{ github.actor != 'nektos/act' }}
# summary: ${{ github.actor != 'nektos/act' }}
# github-token: ${{ secrets.GITHUB_TOKEN }}
# organization: ${{ vars.DOCKERHUB_USER || github.repository_owner }}
approve-pr:
name: Approve PR
runs-on: ubuntu-latest
needs: [build]
if: github.actor != 'nektos/act' && contains(fromJson('["mauwii","dependabot[bot]"]'), github.triggering_actor) && github.event_name == 'pull_request' && needs.build.result == 'success'
permissions:
contents: read
pull-requests: write
actions: write
steps:
# approve the PR (there is still a code-owner review necessary)
- name: Approve PR
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
# auto merge dependabot PRs
- name: Merge DependaBot
if: github.actor == 'dependabot[bot]' && needs.build.result == 'success'
run: gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}