|
4 | 4 | push: |
5 | 5 | branches: |
6 | 6 | - '**' |
| 7 | + workflow_call: |
7 | 8 | workflow_dispatch: |
8 | 9 |
|
9 | | -env: |
10 | | - BUILD_SUFFIX: -build-${{ github.run_id }}_${{ github.run_attempt }} |
11 | | - DOCKER_METADATA_SET_OUTPUT_ENV: 'true' |
12 | | - |
13 | 10 | jobs: |
14 | | - build: |
15 | | - runs-on: ${{ matrix.runner }} |
16 | | - outputs: |
17 | | - image-arm64: ${{ steps.gen-output.outputs.image-arm64 }} |
18 | | - image-x64: ${{ steps.gen-output.outputs.image-x64 }} |
19 | | - strategy: |
20 | | - fail-fast: false |
21 | | - matrix: |
22 | | - runner: |
23 | | - - ubuntu-24.04 |
24 | | - - ubuntu-24.04-arm |
25 | | - steps: |
26 | | - - name: Checkout code |
27 | | - uses: actions/checkout@v4 |
28 | | - |
29 | | - - name: Set up Docker Buildx |
30 | | - uses: docker/setup-buildx-action@v3 |
31 | | - |
32 | | - - name: Login to GitHub Container Registry |
33 | | - uses: docker/login-action@v3 |
34 | | - with: |
35 | | - registry: ghcr.io |
36 | | - username: ${{ github.actor }} |
37 | | - password: ${{ secrets.GITHUB_TOKEN }} |
38 | | - |
39 | | - - id: build-meta |
40 | | - name: Docker meta |
41 | | - uses: docker/metadata-action@v5 |
42 | | - with: |
43 | | - images: ghcr.io/${{ github.repository }} |
44 | | - tags: type=sha,suffix=${{ env.BUILD_SUFFIX }} |
45 | | - |
46 | | - # Build cache is shared among all builds of the same architecture |
47 | | - - id: cache-meta |
48 | | - name: Docker meta |
49 | | - uses: docker/metadata-action@v5 |
50 | | - with: |
51 | | - images: ghcr.io/${{ github.repository }} |
52 | | - tags: type=raw,value=buildcache-${{ runner.arch }} |
53 | | - |
54 | | - - id: get-registry |
55 | | - name: Get the sanitized registry name |
56 | | - run: | |
57 | | - echo "registry=$(echo '${{ steps.build-meta.outputs.tags }}' | cut -f1 -d:)" | tee -a "$GITHUB_OUTPUT" |
58 | | -
|
59 | | - - id: build |
60 | | - name: Build/push the arch-specific image |
61 | | - uses: docker/build-push-action@v6 |
62 | | - with: |
63 | | - cache-from: type=registry,ref=${{ steps.cache-meta.outputs.tags }} |
64 | | - cache-to: type=registry,ref=${{ steps.cache-meta.outputs.tags }},mode=max |
65 | | - labels: ${{ steps.build-meta.outputs.labels }} |
66 | | - provenance: mode=max |
67 | | - sbom: true |
68 | | - tags: ${{ steps.get-registry.outputs.registry }} |
69 | | - outputs: type=image,push-by-digest=true,push=true |
70 | | - |
71 | | - - id: gen-output |
72 | | - name: Write arch-specific image digest to outputs |
73 | | - run: | |
74 | | - echo "image-${RUNNER_ARCH,,}=${{ steps.get-registry.outputs.registry }}@${{ steps.build.outputs.digest }}" | tee -a "$GITHUB_OUTPUT" |
75 | | -
|
76 | | - merge: |
77 | | - runs-on: ubuntu-24.04 |
78 | | - needs: build |
79 | | - env: |
80 | | - DOCKER_APP_IMAGE_ARM64: ${{ needs.build.outputs.image-arm64 }} |
81 | | - DOCKER_APP_IMAGE_X64: ${{ needs.build.outputs.image-x64 }} |
82 | | - outputs: |
83 | | - image: ${{ steps.meta.outputs.tags }} |
84 | | - steps: |
85 | | - - name: Checkout code |
86 | | - uses: actions/checkout@v4 |
87 | | - |
88 | | - - name: Set up Docker Buildx |
89 | | - uses: docker/setup-buildx-action@v3 |
90 | | - |
91 | | - - name: Login to GitHub Container Registry |
92 | | - uses: docker/login-action@v3 |
93 | | - with: |
94 | | - registry: ghcr.io |
95 | | - username: ${{ github.actor }} |
96 | | - password: ${{ secrets.GITHUB_TOKEN }} |
97 | | - |
98 | | - - id: meta |
99 | | - name: Generate tag for the app image |
100 | | - uses: docker/metadata-action@v5 |
101 | | - with: |
102 | | - images: ghcr.io/${{ github.repository }} |
103 | | - tags: type=sha,suffix=${{ env.BUILD_SUFFIX }} |
104 | | - |
105 | | - - name: Push the multi-platform app image |
106 | | - run: | |
107 | | - docker buildx imagetools create \ |
108 | | - --tag "$DOCKER_METADATA_OUTPUT_TAGS" \ |
109 | | - "$DOCKER_APP_IMAGE_ARM64" "$DOCKER_APP_IMAGE_X64" |
| 11 | + docker-build: |
| 12 | + uses: BerkeleyLibrary/.github/.github/workflows/docker-build.yml@v2.0.0 |
| 13 | + with: |
| 14 | + image: ghcr.io/${{ github.repository }} |
| 15 | + secrets: inherit |
110 | 16 |
|
111 | 17 | test: |
112 | 18 | runs-on: ubuntu-24.04 |
113 | | - needs: merge |
| 19 | + needs: docker-build |
114 | 20 | env: |
115 | 21 | COMPOSE_FILE: docker-compose.yml:docker-compose.ci.yml |
116 | | - DOCKER_APP_IMAGE: ${{ needs.merge.outputs.image }} |
| 22 | + DOCKER_APP_IMAGE: ${{ needs.docker-build.outputs.image }} |
117 | 23 | SECRET_KEY_BASE: ${{ secrets.SECRET_KEY_BASE }} |
118 | 24 | steps: |
119 | 25 | - name: Checkout code |
120 | | - uses: actions/checkout@v4 |
| 26 | + uses: actions/checkout@v6 |
121 | 27 |
|
122 | 28 | - name: Set up Docker Compose |
123 | | - uses: docker/setup-compose-action@v1 |
| 29 | + uses: docker/setup-compose-action@v2 |
124 | 30 |
|
125 | 31 | - name: Login to GitHub Container Registry |
126 | | - uses: docker/login-action@v3 |
| 32 | + uses: docker/login-action@v4 |
127 | 33 | with: |
128 | 34 | registry: ghcr.io |
129 | 35 | username: ${{ github.actor }} |
130 | 36 | password: ${{ secrets.GITHUB_TOKEN }} |
131 | 37 |
|
132 | 38 | - name: Setup the stack |
133 | 39 | run: | |
134 | | - docker compose build --quiet |
135 | | - docker compose pull --quiet |
136 | 40 | docker compose up --wait |
137 | 41 | docker compose exec app rails assets:precompile |
138 | 42 | docker compose exec -u root app chown -R nara:nara artifacts |
@@ -161,41 +65,19 @@ jobs: |
161 | 65 |
|
162 | 66 | - name: Upload the test report |
163 | 67 | if: ${{ always() }} |
164 | | - uses: actions/upload-artifact@v4 |
| 68 | + uses: actions/upload-artifact@v7 |
165 | 69 | with: |
166 | 70 | name: ruby-nara Build Report (${{ github.run_id }}_${{ github.run_attempt }}) |
167 | 71 | path: artifacts/* |
168 | 72 | if-no-files-found: error |
169 | 73 |
|
170 | 74 | push: |
171 | | - runs-on: ubuntu-24.04 |
172 | 75 | needs: |
173 | | - - merge |
| 76 | + - docker-build |
174 | 77 | - test |
175 | | - env: |
176 | | - DOCKER_APP_IMAGE: ${{ needs.merge.outputs.image }} |
177 | | - steps: |
178 | | - - name: Checkout code |
179 | | - uses: actions/checkout@v4 |
180 | | - |
181 | | - - name: Login to GitHub Container Registry |
182 | | - uses: docker/login-action@v3 |
183 | | - with: |
184 | | - registry: ghcr.io |
185 | | - username: ${{ github.actor }} |
186 | | - password: ${{ secrets.GITHUB_TOKEN }} |
187 | | - |
188 | | - - name: Produce permanent image tags |
189 | | - uses: docker/metadata-action@v5 |
190 | | - with: |
191 | | - images: ghcr.io/${{ github.repository }} |
192 | | - tags: | |
193 | | - type=sha |
194 | | - type=ref,event=branch |
195 | | - type=raw,value=latest,enable={{is_default_branch}} |
196 | | -
|
197 | | - - name: Retag and push the image |
198 | | - run: | |
199 | | - docker pull "$DOCKER_APP_IMAGE" |
200 | | - echo "$DOCKER_METADATA_OUTPUT_TAGS" | tr ' ' '\n' | xargs -n1 docker tag "$DOCKER_APP_IMAGE" |
201 | | - docker push --all-tags "$(echo "$DOCKER_APP_IMAGE" | cut -f1 -d:)" |
| 78 | + uses: BerkeleyLibrary/.github/.github/workflows/docker-push.yml@v2.0.0 |
| 79 | + with: |
| 80 | + image: ghcr.io/${{ github.repository }} |
| 81 | + build-image-arm64: ${{ needs.docker-build.outputs.image-arm64 }} |
| 82 | + build-image-x64: ${{ needs.docker-build.outputs.image-x64 }} |
| 83 | + secrets: inherit |
0 commit comments