generated from EVerest/everest-template
-
Notifications
You must be signed in to change notification settings - Fork 5
266 lines (263 loc) · 10 KB
/
deploy-single-docker-image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
name: Build and push single docker image
on:
workflow_call:
inputs:
image_name:
description: 'Name of the image to build and push'
required: true
type: string
directory:
description: 'Directory containing the Dockerfile'
required: true
type: string
docker_file_name:
description: 'Name of the Dockerfile'
required: false
default: 'Dockerfile'
type: string
docker_registry:
description: 'Docker registry to push to'
required: true
default: 'ghcr.io'
type: string
github_ref_before:
description: 'Github ref before the change'
required: true
type: string
github_ref_after:
description: 'Github ref after the change'
required: true
type: string
force_rebuild:
description: 'Forces rebuild of docker image, even if no changes are detected'
default: false
type: boolean
platforms:
description: 'Platforms to build for'
default: |
linux/amd64
linux/arm64
linux/arm/v7
type: string
depends_on_paths:
description: 'Directories that need to be checked for changes before building this image'
required: false
type: string
build_args:
description: 'Build arguments for the Dockerfile'
required: false
type: string
outputs:
rebuild:
description: 'Whether the image is rebuilt or not'
value: ${{ jobs.check.outputs.rebuild }}
image_tags:
description: 'Tags of the deployed image with image name'
value: ${{ jobs.build-and-push.outputs.image_tags }}
one_image_tag_short:
description: 'One tag of the deployed image without image name'
value: ${{ jobs.build-and-push.outputs.one_image_tag_short }}
one_image_tag_long:
description: 'One tag of the deployed image with image name'
value: ${{ jobs.build-and-push.outputs.one_image_tag_long }}
secrets:
SA_GITHUB_PAT:
description: 'Github PAT with access to the repository'
required: true
SA_GITHUB_USERNAME:
description: 'Github username'
required: true
jobs:
check:
name: Check for changes
outputs:
rebuild: ${{ steps.set-outputs.outputs.rebuild }}
runs-on: ubuntu-24.04
steps:
- name: Checkout Dockerfile
if: ${{ inputs.force_rebuild == false }}
uses: actions/checkout@v4
with:
repository: ${{ github.repository }}
path: source
ref: ${{ inputs.github_ref_after }}
token: ${{secrets.SA_GITHUB_PAT}}
fetch-depth: 0
- name: Validate github_ref_before and github_ref_after
if: ${{ inputs.force_rebuild == false }}
id: validate-inputs
run: |
echo "Check validity of github_ref_before.."
if git cat-file -e ${{ inputs.github_ref_before }}^{commit}; then
echo "github_ref_before='${{ inputs.github_ref_before }}' is a commit!✅"
else
echo "github_ref_before='${{ inputs.github_ref_before }}' is not a commit!❌ -> Rebuild image!"
echo "validation_failed=true" >> $GITHUB_OUTPUT
exit 0
fi
echo "Check validity of github_ref_after.."
if git cat-file -e ${{ inputs.github_ref_after }}^{commit}; then
echo "github_ref_after='${{ inputs.github_ref_after }}' is a commit!✅"
else
echo "github_ref_after='${{ inputs.github_ref_after }}' is not a commit!❌ -> Rebuild image!"
echo "validation_failed=true" >> $GITHUB_OUTPUT
exit 0
fi
echo "validation_failed=false" >> $GITHUB_OUTPUT
working-directory: source
- name: Parse depends_on_paths
if: ${{ inputs.force_rebuild == false && steps.validate-inputs.outputs.validation_failed == 'false' }}
id: setup-regex
shell: python3 {0}
working-directory: source
run: |
import os
list_of_paths = """${{ inputs.depends_on_paths }}""".split("\n")
# remove all empty lines
list_of_paths = list(filter(None, list_of_paths))
for path in list_of_paths:
if os.path.isdir(f"{path}"):
path = f"{path}/*"
elif os.path.isfile(f"{path}"):
path = f"{path}"
else:
print(f"Path {path} does not exist!❌")
exit(1)
if not "${{ inputs.directory }}" in list_of_paths:
list_of_paths.append("${{ inputs.directory }}/*")
regex = "|".join(list_of_paths)
# set the regex as an output
with open(os.environ["GITHUB_OUTPUT"], "a") as f:
f.write(f"regex={regex}\n")
print(f"Set regex={regex}")
- name: Get changed files
if: ${{ inputs.force_rebuild == false && steps.validate-inputs.outputs.validation_failed == 'false' }}
id: check
run: |
echo "Checking for changes in paths ${{ steps.setup-regex.outputs.regex }}.."
EXIT_CODE=0
changed_files="$(git diff --name-only ${{ inputs.github_ref_before }} ${{ inputs.github_ref_after }} | grep -E '${{ steps.setup-regex.outputs.regex }}')" || EXIT_CODE=$?
if [ $EXIT_CODE -eq 1 ]; then
echo "No changes detected in ${{ steps.setup-regex.outputs.regex }}!🔍"
echo "changes_detected=false" >> $GITHUB_OUTPUT
exit 0
elif [ $EXIT_CODE -ne 0 ]; then
echo "Error while checking for changes in ${{ steps.setup-regex.outputs.regex }}!❌"
exit $EXIT_CODE
else
echo "🔍 Changes detected with regex ${{ steps.setup-regex.outputs.regex }} in the following files:"
echo "$changed_files"
echo "changes_detected=true" >> $GITHUB_OUTPUT
fi
working-directory: source
- name: Set outputs
if: ${{ inputs.force_rebuild == false }}
id: set-outputs
run: |
echo "rebuild=${{ steps.check.outputs.changes_detected == 'true' || steps.validate-inputs.outputs.validation_failed == 'true' }}" >> $GITHUB_OUTPUT
build-and-push:
name: Build and push
needs: check
runs-on: ubuntu-24.04
outputs:
image_tags: ${{ steps.meta.outputs.tags }}
one_image_tag_short: ${{ steps.extract-one-tag.outputs.tag_short }}
one_image_tag_long: ${{ steps.extract-one-tag.outputs.tag_long }}
steps:
- name: Checkout Dockerfile
uses: actions/checkout@v4
with:
repository: ${{ github.repository }}
path: source
ref: ${{github.ref}}
token: ${{secrets.SA_GITHUB_PAT}}
fetch-depth: 0
- name: Get context / Path of Dockerfile
id: get-context
run: |
if [ -f source/${{ inputs.directory }}/${{ inputs.docker_file_name }} ]; then
echo "path=source/${{ inputs.directory }}" >> $GITHUB_OUTPUT
elif [ -f source/${{ inputs.directory }}/.devcontainer/${{ inputs.docker_file_name }} ]; then
echo "path=source/${{ inputs.directory }}/.devcontainer" >> $GITHUB_OUTPUT
else
echo "No Dockerfile found for image ${{ inputs.image_name }} in dokcer_directory ${{ inputs.directory }} with docker_file_name ${{ inputs.docker_file_name }}!"
exit 1
fi
- name: Parse platforms
id: parse-platforms
run: |
# remove all empty lines
result=$(echo "${{ inputs.platforms }}" | sed '/^$/d')
# replace newlines with commas, remove trailing comma
result=$(echo "${result}" | tr '\n' ',' | sed 's/,$//')
echo "platforms=${result}" >> $GITHUB_OUTPUT
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
sep-tags: ','
images: |
${{ inputs.docker_registry }}/${{ github.repository_owner }}/${{ inputs.image_name }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
if: ${{ needs.check.outputs.rebuild == 'true' || inputs.force_rebuild }}
with:
image: tonistiigi/binfmt:latest
platforms: all
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
if: ${{ needs.check.outputs.rebuild == 'true' || inputs.force_rebuild }}
- name: Login to DockerHub
uses: docker/login-action@v3
if: ${{ needs.check.outputs.rebuild == 'true' || inputs.force_rebuild }}
with:
registry: ${{ inputs.docker_registry }}
username: ${{ secrets.SA_GITHUB_USERNAME }}
password: ${{ secrets.SA_GITHUB_PAT }}
- name: Build and push
uses: docker/build-push-action@v6
if: ${{ needs.check.outputs.rebuild == 'true' || inputs.force_rebuild }}
with:
context: ${{ steps.get-context.outputs.path }}
file: ${{ steps.get-context.outputs.path }}/${{ inputs.docker_file_name }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: ${{ steps.parse-platforms.outputs.platforms }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: ${{ inputs.build_args }}
- name: Extract one image tag
id: extract-one-tag
shell: python3 {0}
run: |
import os
tags = "${{ steps.meta.outputs.tags }}".split(",")
tags_short = [tag.split(":")[-1] for tag in tags]
if len(tags_short) == 0:
print("No tags found!❌")
exit(1)
tag_short = None
for t in tags_short:
if t.startswith("v"):
tag_short = t
break
if tag_short is None:
for t in tags_short:
if not t.startswith("latest"):
tag_short = t
break
if tag_short is None:
tag_short = tags_short[0]
if tag_short is None:
print("No tag found!❌")
exit(1)
for t in tags:
if t.endswith(tag_short):
tag_long = t
break
with open(os.environ["GITHUB_OUTPUT"], "a") as f:
f.write(f"tag_short={tag_short}\n")
print(f"Set tag_short={tag_short}")
f.write(f"tag_long={tag_long}\n")
print(f"Set tag_long={tag_long}")