diff --git a/.github/actions/docker-push-by-digest/action.yml b/.github/actions/docker-push-by-digest/action.yml new file mode 100644 index 00000000..d4348c49 --- /dev/null +++ b/.github/actions/docker-push-by-digest/action.yml @@ -0,0 +1,52 @@ +# Copyright 2023 Korandoru Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Docker push by digest + +inputs: + name: + description: The name of Docker image + required: true + file: + description: The name of Dockerfile in use + required: true + +outputs: + digest: + description: Docker image digest if pushed + value: ${{ steps.push.outputs.digest }} + +runs: + using: composite + steps: + - uses: docker/setup-buildx-action@v2 + - uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ github.token }} + - name: Docker meta + id: meta + uses: docker/metadata-action@v4 + with: + images: ghcr.io/${{ github.repository_owner }}/${{ inputs.name }} + - name: Build and push + id: push + uses: docker/build-push-action@v3 + with: + context: . + file: ${{ inputs.file }} + tags: ghcr.io/${{ github.repository_owner }}/${{ inputs.name }} + labels: ${{ steps.meta.outputs.labels }} + outputs: type=image,push=true,push-by-digest=true diff --git a/.github/actions/docker-release/action.yml b/.github/actions/docker-release/action.yml new file mode 100644 index 00000000..e37ab6da --- /dev/null +++ b/.github/actions/docker-release/action.yml @@ -0,0 +1,59 @@ +# Copyright 2023 Korandoru Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Docker release + +inputs: + name: + description: The name of Docker image + required: true + digests: + descriptions: The digest of images to be merged + required: true + +runs: + using: composite + steps: + - uses: docker/setup-buildx-action@v2 + - uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ github.token }} + - name: Docker meta + id: meta + uses: docker/metadata-action@v4 + with: + images: ghcr.io/${{ github.repository_owner }}/${{ inputs.name }} + sep-tags: ' ' + tags: | + type=semver,pattern={{raw}} + type=semver,pattern=v{{major}} + type=sha,format=long + type=edge,branch=main + - name: Build and push + if: ${{ inputs.push }} + uses: docker/build-push-action@v3 + with: + context: . + file: ${{ inputs.file }} + labels: ${{ steps.meta.outputs.labels }} + outputs: type=image,push=true,push-by-digest=true + - name: Push manifest + shell: bash + run: | + for tag in ${{ steps.meta.outputs.tags }}; do + echo "Preparing manifest for tag: $tag..." + docker buildx imagetools create -t $tag ${{ inputs.digests }} + done diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 03fddc7f..51452d87 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,7 +17,6 @@ name: CI on: push: branches: [main] - tags-ignore: ['v1.*'] pull_request: branches: [main] merge_group: @@ -72,18 +71,47 @@ jobs: - name: Maven verify run: ./mvnw clean verify + docker: + if: (github.event_name != 'schedule') || (github.repository == 'korandoru/hawkeye') + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, buildjet-4vcpu-ubuntu-2204-arm] + name: [hawkeye, hawkeye-native] + file: [Dockerfile, Dockerfile.native] + exclude: + - name: hawkeye + file: Dockerfile.native + - name: hawkeye-native + file: Dockerfile + runs-on: ${{matrix.os}} + name: Build and test ${{matrix.name}} ${{matrix.os}} + steps: + - uses: actions/checkout@v3 + - name: Build and load + uses: docker/build-push-action@v3 + with: + context: . + file: ${{matrix.file}} + tags: ${{matrix.name}}:ci + outputs: type=docker + - name: Sanity check + run: docker run --rm -v $(pwd):/github/workspace ${{matrix.name}}:ci check + required: name: Required runs-on: ubuntu-latest if: ${{ always() && ((github.event_name != 'schedule') || (github.repository == 'korandoru/hawkeye')) }} needs: - check + - docker - unittest steps: - name: Guardian run: | if [[ ! ( \ "${{ needs.check.result }}" == "success" \ + && "${{ needs.docker.result }}" == "success" \ && "${{ needs.unittest.result }}" == "success" \ ) ]]; then echo "Required jobs haven't been completed successfully." diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ab1c0abc..3993ea38 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,118 +18,94 @@ on: push: branches: ['main'] tags: ['v1.*'] - pull_request: - workflow_dispatch: jobs: - build-docker-image: - name: Build - ${{matrix.name}} - ${{matrix.arch}} - strategy: - matrix: - runner: [buildjet-4vcpu-ubuntu-2204, buildjet-4vcpu-ubuntu-2204-arm] - arch: [amd64, arm64] - name: [hawkeye, hawkeye-native] - file: [Dockerfile, Dockerfile.native] - exclude: - - name: hawkeye - file: Dockerfile.native - - name: hawkeye-native - file: Dockerfile - - runner: buildjet-4vcpu-ubuntu-2204 - arch: arm64 - - runner: buildjet-4vcpu-ubuntu-2204-arm - arch: amd64 - runs-on: ${{ matrix.runner }} + build-and-push-hawkeye-amd64: + runs-on: ubuntu-latest permissions: - contents: read packages: write steps: - uses: actions/checkout@v3 - - uses: docker/setup-buildx-action@v2 - - uses: docker/login-action@v2 - if: ${{ github.event_name != 'pull_request' }} - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - images: ghcr.io/${{ github.repository_owner }}/${{ matrix.name }} - - uses: docker/build-push-action@v3 - if: ${{ github.event_name == 'pull_request' }} - with: - context: . - file: ./${{ matrix.file }} - tags: ghcr.io/${{ github.repository_owner }}/${{ matrix.name }} - labels: ${{ steps.meta.outputs.labels }} - outputs: type=docker - - uses: docker/build-push-action@v3 + - name: Build and push by digest + uses: ./.github/actions/docker-push-by-digest id: build - if: ${{ github.event_name != 'pull_request' }} with: - context: . - file: ./${{ matrix.file }} - tags: ghcr.io/${{ github.repository_owner }}/${{ matrix.name }} - labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,push=true,push-by-digest=true - - name: Save digest - if: ${{ github.event_name != 'pull_request' }} - run: echo "${{ steps.build.outputs.digest }}" > ${{ matrix.name }}-${{ matrix.arch }}.txt - - uses: actions/upload-artifact@v3 - if: ${{ github.event_name != 'pull_request' }} + name: hawkeye + file: Dockerfile + outputs: + digest: ${{ steps.build.outputs.digest }} + + build-and-push-hawkeye-arm64: + runs-on: buildjet-4vcpu-ubuntu-2204-arm + permissions: + packages: write + steps: + - uses: actions/checkout@v3 + - name: Build and push by digest + uses: ./.github/actions/docker-push-by-digest + id: build with: - name: ${{ matrix.name }}-${{ matrix.arch }} - path: ${{ matrix.name }}-${{ matrix.arch }}.txt + name: hawkeye + file: Dockerfile + outputs: + digest: ${{ steps.build.outputs.digest }} - release-docker-image: - name: Release Docker images - ${{matrix.name}} - strategy: - matrix: - name: [hawkeye, hawkeye-native] - file: [Dockerfile, Dockerfile.native] - exclude: - - name: hawkeye - file: Dockerfile.native - - name: hawkeye-native - file: Dockerfile - if: ${{ github.event_name != 'pull_request' }} + build-and-push-hawkeye-native-amd64: runs-on: ubuntu-latest permissions: - contents: read packages: write - needs: [build-docker-image] steps: - uses: actions/checkout@v3 - - uses: docker/setup-buildx-action@v2 - - uses: docker/login-action@v2 + - name: Build and push by digest + uses: ./.github/actions/docker-push-by-digest + id: build with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/download-artifact@v3 + name: hawkeye-native + file: Dockerfile.native + outputs: + digest: ${{ steps.build.outputs.digest }} + + build-and-push-hawkeye-native-arm64: + runs-on: buildjet-4vcpu-ubuntu-2204-arm + permissions: + packages: write + steps: + - uses: actions/checkout@v3 + - name: Build and push by digest + uses: ./.github/actions/docker-push-by-digest + id: build with: - name: ${{ matrix.name }}-amd64 - - uses: actions/download-artifact@v3 + name: hawkeye-native + file: Dockerfile.native + outputs: + digest: ${{ steps.build.outputs.digest }} + + release-hawkeye: + runs-on: ubuntu-latest + permissions: + packages: write + needs: + - build-and-push-hawkeye-amd64 + - build-and-push-hawkeye-arm64 + steps: + - uses: actions/checkout@v3 + - name: Merge and push manifest + uses: ./.github/actions/docker-release with: - name: ${{ matrix.name }}-arm64 - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 + name: hawkeye + digests: ${{needs.build-and-push-hawkeye-amd64.outputs.digest}} ${{needs.build-and-push-hawkeye-arm64.outputs.digest}} + + release-native: + runs-on: ubuntu-latest + permissions: + packages: write + needs: + - build-and-push-hawkeye-native-amd64 + - build-and-push-hawkeye-native-arm64 + steps: + - uses: actions/checkout@v3 + - name: Merge and push manifest + uses: ./.github/actions/docker-release with: - images: ghcr.io/${{ github.repository_owner }}/${{ matrix.name }} - sep-tags: ' ' - tags: | - type=semver,pattern={{raw}} - type=semver,pattern=v{{major}} - type=sha,format=long - type=edge,branch=main - - name: Push manifest - run: | - export DIGEST_AMD64=$( cat ${{ matrix.name }}-amd64.txt ) - export DIGEST_ARM64=$( cat ${{ matrix.name }}-arm64.txt ) - for tag in ${{ steps.meta.outputs.tags }}; do - echo "Preparing manifest for tag: $tag..." - docker buildx imagetools create -t $tag $DIGEST_AMD64 $DIGEST_ARM64 - done + name: hawkeye-native + digests: ${{needs.build-and-push-hawkeye-native-amd64.outputs.digest}} ${{needs.build-and-push-hawkeye-native-arm64.outputs.digest}}