test: pin images to manifest digest #672
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| schedule: | |
| - cron: '0 8 */6 * *' # every 6 days | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| env: | |
| REPO_SLUG: tonistiigi/binfmt | |
| CACHE_GHA_SCOPE: binfmt | |
| CACHE_GHA_SCOPE_CROSS: binfmt-cross | |
| jobs: | |
| prepare: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - mainline | |
| - buildkit | |
| - desktop | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: Expose GitHub Runtime | |
| uses: crazy-max/ghaction-github-runtime@v3 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - | |
| name: Warm cache | |
| run: | | |
| ./hack/warm-cache ${{ matrix.target }} | |
| env: | |
| CACHE_FROM: type=gha,scope=${{ env.CACHE_GHA_SCOPE }}-${{ matrix.target }} | |
| CACHE_TO: type=gha,scope=${{ env.CACHE_GHA_SCOPE }}-${{ matrix.target }} | |
| validate: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| script: | |
| - ./hack/lint | |
| - ./hack/validate-vendor | |
| - ./hack/install-and-test | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: Expose GitHub Runtime | |
| uses: crazy-max/ghaction-github-runtime@v3 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - | |
| name: Run | |
| run: | | |
| ${{ matrix.script }} | |
| env: | |
| CACHE_FROM: type=gha,scope=${{ env.CACHE_GHA_SCOPE }}-mainline | |
| test: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - mainline | |
| - buildkit | |
| - desktop | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - | |
| name: Test buildkit | |
| if: matrix.target == 'buildkit' | |
| uses: docker/bake-action@v5 | |
| with: | |
| targets: buildkit-test | |
| set: | | |
| *.cache-from=type=gha,scope=${{ env.CACHE_GHA_SCOPE }}-${{ matrix.target }} | |
| - | |
| name: Load mainline for testing | |
| if: matrix.target == 'mainline' | |
| uses: docker/bake-action@v5 | |
| with: | |
| targets: mainline | |
| load: true | |
| set: | | |
| *.cache-from=type=gha,scope=${{ env.CACHE_GHA_SCOPE }}-${{ matrix.target }} | |
| mainline.tags=tonistiigi/binfmt:test | |
| - | |
| name: Test mainline | |
| if: matrix.target == 'mainline' | |
| run: | | |
| docker run --rm --privileged tonistiigi/binfmt:test --uninstall qemu-* | |
| docker run --rm --privileged tonistiigi/binfmt:test --install all | |
| docker run --rm arm64v8/alpine:latest@sha256:ea3c5a9671f7b3f7eb47eab06f73bc6591df978b0d5955689a9e6f943aa368c0 uname -a | |
| docker run --rm arm32v7/alpine:latest@sha256:4fdafe217d0922f3c3e2b4f64cf043f8403a4636685cd9c51fea2cbd1f419740 uname -a | |
| docker run --rm ppc64le/alpine:latest@sha256:0880443bffa028dfbbc4094a32dd6b7ac25684e4c0a3d50da9e0acae355c5eaf uname -a | |
| docker run --rm s390x/alpine:latest@sha256:b815fadf80495594eb6296a6af0bc647ae5f193e0044e07acec7e5b378c9ce2d uname -a | |
| docker run --rm tonistiigi/debian:riscv uname -a | |
| docker run --rm yangzewei2023/debian:loongarch64 uname -a | |
| docker run --rm --platform=linux/s390x s390x/ubuntu apt update | |
| docker run --rm --platform=linux/ppc64le ppc64le/ubuntu apt update | |
| docker run --rm --platform=linux/arm64 arm64v8/ubuntu apt update | |
| - | |
| name: Test Syscalls | |
| if: matrix.target == 'mainline' | |
| run: | | |
| set -x | |
| docker buildx build --platform=linux/amd64,linux/arm64,linux/386,linux/arm,linux/ppc64le,linux/s390x --target=run --allow security.insecure --build-arg CONFIG_RT_GROUP_SCHED=false ./test | |
| e2e: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - mainline | |
| - desktop | |
| dockerfile: | |
| - pip-youtube-dl | |
| - webpack | |
| platform: | |
| - linux/arm/v7 | |
| include: | |
| - target: mainline | |
| dockerfile: ejabberd | |
| platform: linux/arm64 | |
| - target: desktop | |
| dockerfile: tini | |
| platform: linux/arm64 | |
| run_args: --rm | |
| - target: desktop | |
| dockerfile: postgis | |
| platform: linux/arm64 | |
| run_args: -d --name postgis | |
| logs_ctn_name: postgis | |
| logs_check: "UTC [1] LOG: database system is ready to accept connections" | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - | |
| name: Load for testing | |
| uses: docker/bake-action@v5 | |
| with: | |
| targets: ${{ matrix.target }} | |
| load: true | |
| set: | | |
| *.cache-from=type=gha,scope=${{ env.CACHE_GHA_SCOPE }}-${{ matrix.target }} | |
| *.tags=tonistiigi/binfmt:test | |
| - | |
| name: Set up QEMU | |
| run: | | |
| docker run --privileged --rm tonistiigi/binfmt --uninstall qemu-* | |
| docker run --rm --privileged tonistiigi/binfmt:test --install all | |
| - | |
| name: Test | |
| working-directory: test/dockerfiles/${{ matrix.dockerfile }} | |
| run: | | |
| docker buildx build --platform ${{ matrix.platform }} --output type=cacheonly . | |
| - | |
| name: Load image | |
| if: ${{ matrix.run_args != '' }} | |
| working-directory: test/dockerfiles/${{ matrix.dockerfile }} | |
| run: | | |
| docker buildx build --platform ${{ matrix.platform }} -t ${{ matrix.dockerfile }}:local --load . | |
| - | |
| name: Run | |
| if: ${{ matrix.run_args != '' }} | |
| working-directory: test/dockerfiles/${{ matrix.dockerfile }} | |
| run: | | |
| docker run ${{ matrix.run_args }} --platform ${{ matrix.platform }} ${{ matrix.dockerfile }}:local | |
| - | |
| name: Check container logs | |
| if: ${{ matrix.logs_ctn_name != '' && matrix.logs_check != '' }} | |
| uses: crazy-max/.github/.github/actions/container-logs-check@main | |
| with: | |
| container_name: ${{ matrix.logs_ctn_name }} | |
| log_check: ${{ matrix.logs_check }} | |
| timeout: 120 | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - validate | |
| - test | |
| - e2e | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - mainline | |
| - buildkit | |
| - desktop | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REPO_SLUG }} | |
| tags: | | |
| type=ref,event=branch,enable=${{ matrix.target == 'mainline' }} | |
| type=ref,event=branch,prefix=${{ matrix.target }}-,enable=${{ matrix.target != 'mainline' }} | |
| flavor: | | |
| latest=false | |
| labels: | | |
| org.opencontainers.image.title=Binfmt | |
| org.opencontainers.image.description=Cross-platform emulator collection distributed with Docker images | |
| bake-target: meta-helper | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| config: .github/buildkit.toml | |
| buildkitd-flags: --allow-insecure-entitlement=security.insecure | |
| - | |
| name: Login to DockerHub | |
| if: startsWith(github.ref, 'refs/heads/') | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERIO_USERNAME }} | |
| password: ${{ secrets.DOCKERIO_PASSWORD }} | |
| - | |
| name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - | |
| name: Build ${{ matrix.target }} | |
| uses: docker/bake-action@v5 | |
| with: | |
| files: | | |
| ./docker-bake.hcl | |
| ${{ steps.meta.outputs.bake-file }} | |
| targets: ${{ matrix.target }}-all | |
| push: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| set: | | |
| *.cache-from=type=gha,scope=${{ env.CACHE_GHA_SCOPE_CROSS }}-${{ matrix.target }} | |
| *.cache-from=type=gha,scope=${{ env.CACHE_GHA_SCOPE }}-${{ matrix.target }} | |
| *.cache-to=type=gha,scope=${{ env.CACHE_GHA_SCOPE_CROSS }}-${{ matrix.target }} |