@@ -42,27 +42,126 @@ jobs:
4242 result : ${{ steps.alls-green.outcome }}
4343 slack-webhook-url : ${{ secrets.SLACK_WEBHOOK_URL }}
4444
45+ matrix :
46+ name : Image Matrix
47+ runs-on : ubuntu-latest
48+ permissions :
49+ contents : read
50+ outputs :
51+ matrix : ${{ steps.images.outputs.matrix }}
52+
53+ steps :
54+ - name : Checkout
55+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
56+
57+ - name : Install
58+ uses : " posit-dev/images-shared/setup-bakery@main"
59+
60+ - name : Images
61+ id : images
62+ env :
63+ DEV_VERSIONS : " exclude"
64+ MATRIX_VERSIONS : " exclude"
65+ run : |
66+ echo "matrix=$(bakery ci matrix --quiet --dev-versions "$DEV_VERSIONS" --matrix-versions "$MATRIX_VERSIONS" | jq --compact-output .)" >> $GITHUB_OUTPUT
67+
4568build :
46- name : Build
47- # Build all images, excluding dev versions.
48- #
49- # Builds all versions of each image in parallel.
50- #
51- # Run on merges to main, or on weekly scheduled re-builds.
69+ name : " ${{ matrix.img.image }}:${{ matrix.img.version }}"
5270 permissions :
5371 contents : read
5472 packages : write
73+ id-token : write
74+ needs : matrix
75+ runs-on : ubuntu-latest-4x
76+ strategy :
77+ fail-fast : false
78+ matrix :
79+ img : ${{ fromJson(needs.matrix.outputs.matrix) }}
5580
56- uses : " posit-dev/images-shared/.github/workflows/bakery-build-native.yml@main"
57- secrets :
58- DOCKER_HUB_ACCESS_TOKEN : ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
59- DOCKER_HUB_README_USERNAME : ${{ secrets.DOCKER_HUB_README_USERNAME }}
60- DOCKER_HUB_README_PASSWORD : ${{ secrets.DOCKER_HUB_README_PASSWORD }}
61- with :
62- dev-versions : " exclude"
63- matrix-versions : " exclude"
64- # Push images only for merges into main and weekly schduled re-builds.
65- push : ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main' }}
81+ steps :
82+ - name : Checkout
83+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
84+
85+ - name : Setup bakery
86+ uses : " posit-dev/images-shared/setup-bakery@main"
87+
88+ - name : Setup goss
89+ uses : " posit-dev/images-shared/setup-goss@main"
90+
91+ - name : Setup QEMU
92+ uses : docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
93+
94+ - name : Login to GitHub Container Registry
95+ uses : docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
96+ with :
97+ registry : ghcr.io
98+ username : ${{ github.actor }}
99+ password : ${{ secrets.GITHUB_TOKEN }}
100+
101+ - name : Authenticate to GCP
102+ id : gcp-auth
103+ if : ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main' }}
104+ uses : google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
105+ with :
106+ workload_identity_provider : ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
107+ service_account : ${{ secrets.GCP_SERVICE_ACCOUNT }}
108+
109+ - name : Configure Docker for GCP Artifact Registry
110+ if : ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main' }}
111+ run : |
112+ gcloud auth configure-docker us-central1-docker.pkg.dev,us-docker.pkg.dev,europe-docker.pkg.dev,asia-docker.pkg.dev --quiet
113+
114+ name : Setup docker buildx
115+ uses : docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
116+
117+ - name : Build
118+ env :
119+ GIT_SHA : ${{ github.sha }}
120+ IMAGE_NAME : ${{ matrix.img.image }}
121+ IMAGE_VERSION : ${{ matrix.img.version }}
122+ DEV_VERSIONS : " exclude"
123+ MATRIX_VERSIONS : " exclude"
124+ REGISTRY : ghcr.io/${{ github.repository_owner }}
125+ run : |
126+ bakery build --load --pull \
127+ --retry 1 \
128+ --image-name "^${IMAGE_NAME}$" \
129+ --image-version "$IMAGE_VERSION" \
130+ --dev-versions "$DEV_VERSIONS" \
131+ --matrix-versions "$MATRIX_VERSIONS" \
132+ --cache-registry "$REGISTRY"
133+
134+ name : Test
135+ env :
136+ IMAGE_NAME : ${{ matrix.img.image }}
137+ IMAGE_VERSION : ${{ matrix.img.version }}
138+ DEV_VERSIONS : " exclude"
139+ MATRIX_VERSIONS : " exclude"
140+ run : |
141+ GOSS_PATH=${GITHUB_WORKSPACE}/tools/goss \
142+ DGOSS_PATH=${GITHUB_WORKSPACE}/tools/dgoss \
143+ bakery run dgoss \
144+ --image-name "^${IMAGE_NAME}$" \
145+ --image-version "$IMAGE_VERSION" \
146+ --dev-versions "$DEV_VERSIONS" \
147+ --matrix-versions "$MATRIX_VERSIONS"
148+
149+ name : Push
150+ # Push images only for merges into main and weekly scheduled re-builds.
151+ if : ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main' }}
152+ env :
153+ GIT_SHA : ${{ github.sha }}
154+ IMAGE_NAME : ${{ matrix.img.image }}
155+ IMAGE_VERSION : ${{ matrix.img.version }}
156+ DEV_VERSIONS : " exclude"
157+ MATRIX_VERSIONS : " exclude"
158+ run : |
159+ bakery build --push --pull \
160+ --retry 1 \
161+ --image-name "^${IMAGE_NAME}$" \
162+ --image-version "$IMAGE_VERSION" \
163+ --dev-versions "$DEV_VERSIONS" \
164+ --matrix-versions "$MATRIX_VERSIONS"
66165
67166clean :
68167 name : Clean
0 commit comments