Build and push images #112

Workflow file for this run

	name: Build and push images

	on:
	workflow_dispatch:
	inputs:
	REGISTRY:
	description: Target registry to push images
	required: true
	type: string
	default: ghcr.io
	NAMESPACE:
	description: Target namespace to the given registry
	required: true
	type: string
	default: this-is-tobi/tools
	IMAGES:
	description: Comma separated list of image to build (leave empty to build all)
	required: false
	type: string
	BUILD_AMD64:
	description: Build for amd64
	required: true
	type: boolean
	default: true
	BUILD_ARM64:
	description: Build for arm64
	required: true
	type: boolean
	default: true
	USE_QEMU:
	description: Use QEMU for non amd64 builds
	required: true
	type: boolean
	default: true

	permissions:
	packages: write

	jobs:
	infos:
	name: Generate matrix for build
	runs-on: ubuntu-latest
	outputs:
	build-matrix: ${{ steps.build-matrix.outputs.BUILD_MATRIX }}
	steps:
	- name: Checks-out repository
	uses: actions/checkout@v4

	- name: Generate matrix for build
	id: build-matrix
	run: \|
	if [ ! -z "${{ inputs.IMAGES }}" ]; then
	JQ_FILTER=$(echo "${{ inputs.IMAGES }}" \| jq -R 'split(",")')
	echo "BUILD_MATRIX=$(jq -c --argjson images "$JQ_FILTER" '[.[] \| select(.name \| IN($images[]))]' < ./ci/matrix.json)" >> $GITHUB_OUTPUT
	else
	echo "BUILD_MATRIX=$(jq -c '.' < ./ci/matrix.json)" >> $GITHUB_OUTPUT
	fi

	build:
	name: Build images
	runs-on: ${{ matrix.runners }}
	permissions:
	contents: read
	packages: write
	needs:
	- infos
	strategy:
	matrix:
	runners: ${{ (inputs.BUILD_AMD64 && inputs.BUILD_ARM64 && !inputs.USE_QEMU && fromJson('["ubuntu-latest", "ARM64"]')) \|\| (inputs.BUILD_ARM64 && !inputs.USE_QEMU && fromJson('["ARM64"]')) \|\| fromJson('["ubuntu-latest"]') }}
	images: ${{ fromJSON(needs.infos.outputs.build-matrix) }}
	steps:
	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ${{ inputs.REGISTRY }}
	username: ${{ inputs.REGISTRY == 'ghcr.io' && github.actor \|\| secrets.REGISTRY_USERNAME }}
	password: ${{ inputs.REGISTRY == 'ghcr.io' && secrets.GITHUB_TOKEN \|\| secrets.REGISTRY_PASSWORD }}
	logout: true

	- name: Get image status
	id: image-status
	run: \|
	IMAGE_STATUS=$(curl \
	--head \
	--silent \
	--write-out '%{http_code}' \
	--output /dev/null \
	-H "Authorization: Bearer $(echo -n '${{ secrets.GITHUB_TOKEN }}' \| base64)" \
	https://${{ inputs.REGISTRY }}/v2/${{ inputs.NAMESPACE }}/${{ matrix.images.name }}/manifests/${{ matrix.images.build.tag }})
	echo "IMAGE_STATUS=$IMAGE_STATUS" >> $GITHUB_OUTPUT

	- name: Checks-out repository
	if: ${{ steps.image-status.outputs.IMAGE_STATUS == '404' }}
	uses: actions/checkout@v4

	- name: Set up Docker buildx
	if: ${{ steps.image-status.outputs.IMAGE_STATUS == '404' }}
	uses: docker/setup-buildx-action@v3

	- name: Set up QEMU (for multi platform build)
	if: ${{ steps.image-status.outputs.IMAGE_STATUS == '404' && inputs.USE_QEMU }}
	uses: docker/setup-qemu-action@v3

	- name: Build docker image
	id: build
	uses: docker/build-push-action@v6
	if: ${{ steps.image-status.outputs.IMAGE_STATUS == '404' }}
	with:
	context: ${{ matrix.images.build.context }}
	file: ${{ matrix.images.build.dockerfile }}
	target: ${{ matrix.images.build.target }}
	platforms: ${{ (inputs.BUILD_AMD64 && inputs.BUILD_ARM64 && inputs.USE_QEMU && 'linux/amd64,linux/arm64') \|\| (contains(matrix.runners, 'ARM') && 'linux/arm64') \|\| 'linux/amd64' }}
	outputs: type=image,name=${{ inputs.REGISTRY }}/${{ inputs.NAMESPACE }}/${{ matrix.images.name }},push-by-digest=true,name-canonical=true,push=true
	provenance: false
	build-args: \|
	BASE_IMAGE=${{ matrix.images.build.base }}

	- name: Export digest
	if: ${{ steps.image-status.outputs.IMAGE_STATUS == '404' }}
	run: \|
	mkdir -p /tmp/digests/${{ matrix.images.name }}-v${{ matrix.images.build.tag }}
	digest="${{ steps.build.outputs.digest }}"
	touch "/tmp/digests/${{ matrix.images.name }}-v${{ matrix.images.build.tag }}/${digest#sha256:}"

	- name: Upload digest
	if: ${{ steps.image-status.outputs.IMAGE_STATUS == '404' }}
	uses: actions/upload-artifact@v4
	with:
	name: digests-${{ matrix.images.name }}-v${{ matrix.images.build.tag }}-${{ (inputs.BUILD_AMD64 && inputs.BUILD_ARM64 && inputs.USE_QEMU && 'multiarch') \|\| (contains(matrix.runners, 'ARM') && 'linux-arm64') \|\| 'linux-amd64' }}
	path: /tmp/digests/${{ matrix.images.name }}-v${{ matrix.images.build.tag }}/*
	if-no-files-found: error
	retention-days: 1

	merge:
	name: Merge digest
	runs-on: ubuntu-latest
	needs:
	- infos
	- build
	strategy:
	matrix:
	images: ${{ fromJSON(needs.infos.outputs.build-matrix) }}
	steps:
	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ${{ inputs.REGISTRY }}
	username: ${{ inputs.REGISTRY == 'ghcr.io' && github.actor \|\| secrets.REGISTRY_USERNAME }}
	password: ${{ inputs.REGISTRY == 'ghcr.io' && secrets.GITHUB_TOKEN \|\| secrets.REGISTRY_PASSWORD }}
	logout: true

	- name: Get image status
	id: image-status
	run: \|
	IMAGE_STATUS=$(curl \
	--head \
	--silent \
	--write-out '%{http_code}' \
	--output /dev/null \
	-H "Authorization: Bearer $(echo -n '${{ secrets.GITHUB_TOKEN }}' \| base64)" \
	https://${{ inputs.REGISTRY }}/v2/${{ inputs.NAMESPACE }}/${{ matrix.images.name }}/manifests/${{ matrix.images.build.tag }})
	echo "IMAGE_STATUS=$IMAGE_STATUS" >> $GITHUB_OUTPUT

	- name: Get image tags
	if: ${{ steps.image-status.outputs.IMAGE_STATUS == '404' }}
	id: image-tags
	run: \|
	MAJOR_TAG="$(echo '${{ matrix.images.build.tag }}' \| cut -d '.' -f 1)"
	MINOR_TAG="$(echo '${{ matrix.images.build.tag }}' \| cut -d '.' -f 2)"
	PATCH_TAG="$(echo '${{ matrix.images.build.tag }}' \| cut -d '.' -f 3)"

	echo "MAJOR_TAG: $MAJOR_TAG"
	echo "MINOR_TAG: $MINOR_TAG"
	echo "PATCH_TAG: $PATCH_TAG"

	echo "MAJOR_TAG=$MAJOR_TAG" >> $GITHUB_OUTPUT
	echo "MINOR_TAG=$MINOR_TAG" >> $GITHUB_OUTPUT
	echo "PATCH_TAG=$PATCH_TAG" >> $GITHUB_OUTPUT

	- name: Download digests
	if: ${{ steps.image-status.outputs.IMAGE_STATUS == '404' }}
	uses: actions/download-artifact@v4
	with:
	pattern: digests-${{ matrix.images.name }}-v${{ matrix.images.build.tag }}-*
	path: /tmp/digests/${{ matrix.images.name }}-v${{ matrix.images.build.tag }}
	merge-multiple: true

	- name: Set up Docker Buildx
	if: ${{ steps.image-status.outputs.IMAGE_STATUS == '404' }}
	uses: docker/setup-buildx-action@v3

	- name: Docker meta
	if: ${{ steps.image-status.outputs.IMAGE_STATUS == '404' }}
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ inputs.REGISTRY }}/${{ inputs.NAMESPACE }}/${{ matrix.images.name }}
	tags: \|
	type=raw,value=${{ steps.image-tags.outputs.MAJOR_TAG }}.${{ steps.image-tags.outputs.MINOR_TAG }}.${{ steps.image-tags.outputs.PATCH_TAG }},enable=true
	type=raw,value=${{ steps.image-tags.outputs.MAJOR_TAG }}.${{ steps.image-tags.outputs.MINOR_TAG }},enable=true
	type=raw,value=${{ steps.image-tags.outputs.MAJOR_TAG }},enable=true
	type=raw,value=latest,enable=true

	- name: Create manifest list and push
	if: ${{ steps.image-status.outputs.IMAGE_STATUS == '404' }}
	working-directory: /tmp/digests/${{ matrix.images.name }}-v${{ matrix.images.build.tag }}
	run: \|
	docker buildx imagetools create $(jq -cr '.tags \| map("-t " + .) \| join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
	$(printf '${{ inputs.REGISTRY }}/${{ inputs.NAMESPACE }}/${{ matrix.images.name }}@sha256:%s ' *)

	- name: Inspect image
	if: ${{ steps.image-status.outputs.IMAGE_STATUS == '404' }}
	run: \|
	docker buildx imagetools inspect ${{ inputs.REGISTRY }}/${{ inputs.NAMESPACE }}/${{ matrix.images.name }}:${{ steps.meta.outputs.version }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build and push images #112

Workflow file

Build and push images #112

Jobs

Run details

Workflow file for this run