Skip to content

Commit

Permalink
update ci.yml
Browse files Browse the repository at this point in the history
- change push trigger to main branch
- run local registry for PRs
- add env.CACHE_FROM_REGISTRY
- update env.IMAGE_REPOSITORY
- remove docker credentials from env
- use docker driver if PR
- update metadata-action to v4.6.0
- update docker tag priority, make sha highest
- fix label org.opencontainers.image.title
- don't write cache if PR
  • Loading branch information
mauwii committed Sep 15, 2023
1 parent 6cfe88c commit bc7b315
Showing 1 changed file with 32 additions and 23 deletions.
55 changes: 32 additions & 23 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ name: ci

on:
push:
branches: [main]
paths:
- '**/Dockerfile'
- '**/toolsets/*.json'
Expand Down Expand Up @@ -34,13 +35,17 @@ jobs:
distro: 'ubuntu'
codename: 'focal'
from-flavor: 'act'
services:
registry:
image: registry:2
ports: [5000]
# options: --entrypoint /bin/registry
env:
REGISTRY: docker.io
CACHE_FROM_REGISTRY: docker.io
IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }}
IMAGE_REPOSITORY: ${{ format('{0}/{1}', github.repository_owner, format('{0}-{1}', matrix.distro, matrix.from-flavor)) }}
IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', github.repository_owner, matrix.distro, matrix.from-flavor) }}
SHA: ${{ github.event.pull_request.head.sha || github.event.after }}
DOCKERHUB_USERNAME: ${{ github.repository_owner }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
REGISTRY: ${{ github.event_name == 'pull_request' && format('{0}:{1}','localhost', '5000') || 'docker.io' }}
steps:
- uses: actions/checkout@v4

Expand All @@ -55,10 +60,10 @@ jobs:

- name: Set up Docker Buildx
uses: docker/[email protected]
# with:
# driver-opts: |
# image=moby/buildkit:v0.12.2
# network=host
with:
driver: ${{ github.event_name == 'pull_request' && 'docker' || 'docker-container' }}
driver-opts: ${{ github.event_name == 'pull_request' && 'network=host,image=moby/buildkit:v0.12.2' || '' }}
install: ${{ github.event_name == 'pull_request' && true || false }}

# - name: Login to GitHub Container Registry
# uses: docker/[email protected]
Expand All @@ -71,24 +76,25 @@ jobs:
# https://github.com/docker/login-action
- name: Login to Docker Hub
uses: docker/[email protected]
if: vars.DOCKERHUB_USER != ''
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.DOCKERHUB_USERNAME }}
password: ${{ env.DOCKERHUB_TOKEN }}
registry: ${{ env.CACHE_FROM_REGISTRY }}
username: ${{ vars.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
logout: true

# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v4.4.0
uses: docker/metadata-action@v4.6.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
images: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }}
images: ${{ github.event_name != 'pull_request' && format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) || env.IMAGE_REPOSITORY }}
tags: |
type=sha,prefix=${{ matrix.from-version }}-,format=short,enable={{is_default_branch}},priority=1000
type=raw,value=${{ matrix.from-version }},enable={{is_default_branch}},priority=900
type=raw,value=${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }},priority=600
type=sha,prefix=${{ matrix.from-version }}-,format=short,enable={{is_default_branch}},priority=100
flavor: |
latest=${{ github.ref == format('refs/heads/{0}', 'main') && matrix.from-version == '22.04' }}
labels: |
Expand All @@ -97,7 +103,7 @@ jobs:
org.opencontainers.image.documentation=${{ env.REPOSITORY_LINK }}
org.opencontainers.image.revision=${{ env.SHA }}
org.opencontainers.image.source=${{ github.repositoryUrl }}
org.opencontainers.image.title=${{ env.IMAGE_REPOSITORY }}:${{ github.head_ref || github.ref_name }}
org.opencontainers.image.title=${{ env.IMAGE_REPOSITORY }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }}
org.opencontainers.image.url=${{ env.REPOSITORY_LINK }}/blob/${{ env.SHA }}/linux/${{ matrix.distro }}/Dockerfile
org.opencontainers.image.vendor=${{ github.repository_owner }}
env:
Expand Down Expand Up @@ -125,15 +131,15 @@ jobs:
CODENAME=${{ matrix.codename }}
# caching to speed up the build
cache-from: |
type=registry,ref=${{ env.REGISTRY_IMAGE }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }}
type=registry,ref=${{ env.REGISTRY_IMAGE }}:cache-${{ matrix.codename }}
${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY, matrix.from-version) }}
${{ format('type=registry,ref={0}:cache-{1}',env.CACHE_FROM_REGISTRY, matrix.codename) }}
# cache exporter doesn't work with docker driver
cache-to: |
type=registry,ref=${{ env.REGISTRY_IMAGE }}:cache-${{ matrix.codename }},mode=max
cache-to: ${{ github.event_name != 'pull_request' && format('type=registry,ref={0}:cache-{1},mode=max',env.REGISTRY_IMAGE, matrix.codename) || '' }}
# this will give us some useful information about the build
provenance: mode=max
push: true
# outputs: type=image,name=${{ env.REGISTRY_IMAGE }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }},push=true
# push if not a PR, load if a PR
push: ${{ github.event_name != 'pull_request' }}
load: ${{ github.event_name == 'pull_request' }}
env:
REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }}

Expand All @@ -145,14 +151,17 @@ jobs:
with:
command: sbom,compare
image: ${{ steps.meta.outputs.tags }}
to: ${{ format('{0}/{1}:{2}', env.REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }}
organization: ${{ github.repository_owner }}
# image: ${{ format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }}
to: ${{ format('{0}/{1}:{2}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }}
organization: ${{ vars.DOCKERHUB_USER }}
ignore-unchanged: true
only-severities: critical
write-comment: ${{ github.actor != 'nektos/act' }}
keep-previous-comments: true
summary: ${{ github.actor != 'nektos/act' }}
github-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-user: ${{ vars.DOCKERHUB_USER }}
dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}

# ToDo: Move into a separate workflow and depend on ci and mega-linter
approve-pr:
Expand Down

0 comments on commit bc7b315

Please sign in to comment.