ci: refactor workflows (#56)

1. Use jobs outputs to pass values 2. Check docker images in CI --------- Signed-off-by: tison <wander4096@gmail.com>
korandoru · Feb 21, 2023 · 9f042b5 · 9f042b5
1 parent cfdad90
commit 9f042b5
Show file tree

Hide file tree

Showing 4 changed files with 212 additions and 97 deletions.
diff --git a/.github/actions/docker-push-by-digest/action.yml b/.github/actions/docker-push-by-digest/action.yml
@@ -0,0 +1,52 @@
+# Copyright 2023 Korandoru Contributors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Docker push by digest
+
+inputs:
+ name:
+ description: The name of Docker image
+ required: true
+ file:
+ description: The name of Dockerfile in use
+ required: true
+
+outputs:
+ digest:
+ description: Docker image digest if pushed
+ value: ${{ steps.push.outputs.digest }}
+
+runs:
+ using: composite
+ steps:
+ - uses: docker/setup-buildx-action@v2
+ - uses: docker/login-action@v2
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ github.token }}
+ - name: Docker meta
+ id: meta
+ uses: docker/metadata-action@v4
+ with:
+ images: ghcr.io/${{ github.repository_owner }}/${{ inputs.name }}
+ - name: Build and push
+ id: push
+ uses: docker/build-push-action@v3
+ with:
+ context: .
+ file: ${{ inputs.file }}
+ tags: ghcr.io/${{ github.repository_owner }}/${{ inputs.name }}
+ labels: ${{ steps.meta.outputs.labels }}
+ outputs: type=image,push=true,push-by-digest=true
diff --git a/.github/actions/docker-release/action.yml b/.github/actions/docker-release/action.yml
@@ -0,0 +1,59 @@
+# Copyright 2023 Korandoru Contributors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Docker release
+
+inputs:
+ name:
+ description: The name of Docker image
+ required: true
+ digests:
+ descriptions: The digest of images to be merged
+ required: true
+
+runs:
+ using: composite
+ steps:
+ - uses: docker/setup-buildx-action@v2
+ - uses: docker/login-action@v2
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ github.token }}
+ - name: Docker meta
+ id: meta
+ uses: docker/metadata-action@v4
+ with:
+ images: ghcr.io/${{ github.repository_owner }}/${{ inputs.name }}
+ sep-tags: ' '
+ tags: |
+ type=semver,pattern={{raw}}
+ type=semver,pattern=v{{major}}
+ type=sha,format=long
+ type=edge,branch=main
+ - name: Build and push
+ if: ${{ inputs.push }}
+ uses: docker/build-push-action@v3
+ with:
+ context: .
+ file: ${{ inputs.file }}
+ labels: ${{ steps.meta.outputs.labels }}
+ outputs: type=image,push=true,push-by-digest=true
+ - name: Push manifest
+ shell: bash
+ run: |
+ for tag in ${{ steps.meta.outputs.tags }}; do
+ echo "Preparing manifest for tag: $tag..."
+ docker buildx imagetools create -t $tag ${{ inputs.digests }}
+ done
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -17,7 +17,6 @@ name: CI
 on:
  push:
  branches: [main]
- tags-ignore: ['v1.*']
  pull_request:
  branches: [main]
  merge_group:
@@ -72,18 +71,47 @@ jobs:
  - name: Maven verify
  run: ./mvnw clean verify
 
+ docker:
+ if: (github.event_name != 'schedule') || (github.repository == 'korandoru/hawkeye')
+ strategy:
+ fail-fast: false
+ matrix:
+ os: [ubuntu-latest, buildjet-4vcpu-ubuntu-2204-arm]
+ name: [hawkeye, hawkeye-native]
+ file: [Dockerfile, Dockerfile.native]
+ exclude:
+ - name: hawkeye
+ file: Dockerfile.native
+ - name: hawkeye-native
+ file: Dockerfile
+ runs-on: ${{matrix.os}}
+ name: Build and test ${{matrix.name}} ${{matrix.os}}
+ steps:
+ - uses: actions/checkout@v3
+ - name: Build and load
+ uses: docker/build-push-action@v3
+ with:
+ context: .
+ file: ${{matrix.file}}
+ tags: ${{matrix.name}}:ci
+ outputs: type=docker
+ - name: Sanity check
+ run: docker run --rm -v $(pwd):/github/workspace ${{matrix.name}}:ci check
+
  required:
  name: Required
  runs-on: ubuntu-latest
  if: ${{ always() && ((github.event_name != 'schedule') || (github.repository == 'korandoru/hawkeye')) }}
  needs:
  - check
+ - docker
  - unittest
  steps:
  - name: Guardian
  run: |
  if [[ ! ( \
  "${{ needs.check.result }}" == "success" \
+ && "${{ needs.docker.result }}" == "success" \
  && "${{ needs.unittest.result }}" == "success" \
  ) ]]; then
  echo "Required jobs haven't been completed successfully."

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -18,118 +18,94 @@ on:
  push:
  branches: ['main']
  tags: ['v1.*']
- pull_request:
- workflow_dispatch:
 
 jobs:
- build-docker-image:
- name: Build - ${{matrix.name}} - ${{matrix.arch}}
- strategy:
- matrix:
- runner: [buildjet-4vcpu-ubuntu-2204, buildjet-4vcpu-ubuntu-2204-arm]
- arch: [amd64, arm64]
- name: [hawkeye, hawkeye-native]
- file: [Dockerfile, Dockerfile.native]
- exclude:
- - name: hawkeye
- file: Dockerfile.native
- - name: hawkeye-native
- file: Dockerfile
- - runner: buildjet-4vcpu-ubuntu-2204
- arch: arm64
- - runner: buildjet-4vcpu-ubuntu-2204-arm
- arch: amd64
- runs-on: ${{ matrix.runner }}
+ build-and-push-hawkeye-amd64:
+ runs-on: ubuntu-latest
  permissions:
- contents: read
  packages: write
  steps:
  - uses: actions/checkout@v3
- - uses: docker/setup-buildx-action@v2
- - uses: docker/login-action@v2
- if: ${{ github.event_name != 'pull_request' }}
- with:
- registry: ghcr.io
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
- - name: Docker meta
- id: meta
- uses: docker/metadata-action@v4
- with:
- images: ghcr.io/${{ github.repository_owner }}/${{ matrix.name }}
- - uses: docker/build-push-action@v3
- if: ${{ github.event_name == 'pull_request' }}
- with:
- context: .
- file: ./${{ matrix.file }}
- tags: ghcr.io/${{ github.repository_owner }}/${{ matrix.name }}
- labels: ${{ steps.meta.outputs.labels }}
- outputs: type=docker
- - uses: docker/build-push-action@v3
+ - name: Build and push by digest
+ uses: ./.github/actions/docker-push-by-digest
  id: build
- if: ${{ github.event_name != 'pull_request' }}
  with:
- context: .
- file: ./${{ matrix.file }}
- tags: ghcr.io/${{ github.repository_owner }}/${{ matrix.name }}
- labels: ${{ steps.meta.outputs.labels }}
- outputs: type=image,push=true,push-by-digest=true
- - name: Save digest
- if: ${{ github.event_name != 'pull_request' }}
- run: echo "${{ steps.build.outputs.digest }}" > ${{ matrix.name }}-${{ matrix.arch }}.txt
- - uses: actions/upload-artifact@v3
- if: ${{ github.event_name != 'pull_request' }}
+ name: hawkeye
+ file: Dockerfile
+ outputs:
+ digest: ${{ steps.build.outputs.digest }}
+
+ build-and-push-hawkeye-arm64:
+ runs-on: buildjet-4vcpu-ubuntu-2204-arm
+ permissions:
+ packages: write
+ steps:
+ - uses: actions/checkout@v3
+ - name: Build and push by digest
+ uses: ./.github/actions/docker-push-by-digest
+ id: build
  with:
- name: ${{ matrix.name }}-${{ matrix.arch }}
- path: ${{ matrix.name }}-${{ matrix.arch }}.txt
+ name: hawkeye
+ file: Dockerfile
+ outputs:
+ digest: ${{ steps.build.outputs.digest }}
 
- release-docker-image:
- name: Release Docker images - ${{matrix.name}}
- strategy:
- matrix:
- name: [hawkeye, hawkeye-native]
- file: [Dockerfile, Dockerfile.native]
- exclude:
- - name: hawkeye
- file: Dockerfile.native
- - name: hawkeye-native
- file: Dockerfile
- if: ${{ github.event_name != 'pull_request' }}
+ build-and-push-hawkeye-native-amd64:
  runs-on: ubuntu-latest
  permissions:
- contents: read
  packages: write
- needs: [build-docker-image]
  steps:
  - uses: actions/checkout@v3
- - uses: docker/setup-buildx-action@v2
- - uses: docker/login-action@v2
+ - name: Build and push by digest
+ uses: ./.github/actions/docker-push-by-digest
+ id: build
  with:
- registry: ghcr.io
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
- - uses: actions/download-artifact@v3
+ name: hawkeye-native
+ file: Dockerfile.native
+ outputs:
+ digest: ${{ steps.build.outputs.digest }}
+
+ build-and-push-hawkeye-native-arm64:
+ runs-on: buildjet-4vcpu-ubuntu-2204-arm
+ permissions:
+ packages: write
+ steps:
+ - uses: actions/checkout@v3
+ - name: Build and push by digest
+ uses: ./.github/actions/docker-push-by-digest
+ id: build
  with:
- name: ${{ matrix.name }}-amd64
- - uses: actions/download-artifact@v3
+ name: hawkeye-native
+ file: Dockerfile.native
+ outputs:
+ digest: ${{ steps.build.outputs.digest }}
+
+ release-hawkeye:
+ runs-on: ubuntu-latest
+ permissions:
+ packages: write
+ needs:
+ - build-and-push-hawkeye-amd64
+ - build-and-push-hawkeye-arm64
+ steps:
+ - uses: actions/checkout@v3
+ - name: Merge and push manifest
+ uses: ./.github/actions/docker-release
  with:
- name: ${{ matrix.name }}-arm64
- - name: Docker meta
- id: meta
- uses: docker/metadata-action@v4
+ name: hawkeye
+ digests: ${{needs.build-and-push-hawkeye-amd64.outputs.digest}} ${{needs.build-and-push-hawkeye-arm64.outputs.digest}}
+
+ release-native:
+ runs-on: ubuntu-latest
+ permissions:
+ packages: write
+ needs:
+ - build-and-push-hawkeye-native-amd64
+ - build-and-push-hawkeye-native-arm64
+ steps:
+ - uses: actions/checkout@v3
+ - name: Merge and push manifest
+ uses: ./.github/actions/docker-release
  with:
- images: ghcr.io/${{ github.repository_owner }}/${{ matrix.name }}
- sep-tags: ' '
- tags: |
- type=semver,pattern={{raw}}
- type=semver,pattern=v{{major}}
- type=sha,format=long
- type=edge,branch=main
- - name: Push manifest
- run: |
- export DIGEST_AMD64=$( cat ${{ matrix.name }}-amd64.txt )
- export DIGEST_ARM64=$( cat ${{ matrix.name }}-arm64.txt )
- for tag in ${{ steps.meta.outputs.tags }}; do
- echo "Preparing manifest for tag: $tag..."
- docker buildx imagetools create -t $tag $DIGEST_AMD64 $DIGEST_ARM64
- done
+ name: hawkeye-native
+ digests: ${{needs.build-and-push-hawkeye-native-amd64.outputs.digest}} ${{needs.build-and-push-hawkeye-native-arm64.outputs.digest}}