diff --git a/.github/workflows/__call-docker.yml b/.github/workflows/__call-docker.yml index 631c5b29..686a3daf 100644 --- a/.github/workflows/__call-docker.yml +++ b/.github/workflows/__call-docker.yml @@ -11,8 +11,7 @@ # Comma separated list of platforms to run for PR events, i.e. `# platforms_pr: linux/amd64`. This will take # precedence over the `# platforms: ` directive. # `# artifacts: ` -# `true` to build in two steps, stopping at `artifacts` build stage and extracting the image from there to the -# GitHub runner. +# `true` to extract artifacts from the `/artifacts` directory to the GitHub runner. name: Docker (called) permissions: @@ -27,6 +26,21 @@ on: - synchronize - reopened workflow_call: + inputs: + maximize_build_space: + description: 'Maximize build space.' + required: false + type: boolean + default: false + publish_release: + required: true + type: string + release_commit: + required: true + type: string + release_tag: + required: true + type: string secrets: DOCKER_HUB_USERNAME: description: 'Docker Hub username to use for the workflow.' @@ -89,68 +103,25 @@ jobs: echo $matrix | jq . echo "matrix=$matrix" >> $GITHUB_OUTPUT - - name: Find dotnet solution file - id: find_dotnet - run: | - solution=$(find . -maxdepth 1 -type f -iname "*.sln") - - echo "found solution: ${solution}" - - # do not quote to keep this as a single line - echo solution=${solution} >> $GITHUB_OUTPUT - - if [[ $solution != "" ]]; then - echo "dotnet=true" >> $GITHUB_OUTPUT - else - echo "dotnet=false" >> $GITHUB_OUTPUT - fi - outputs: dockerfiles: ${{ steps.find.outputs.dockerfiles }} matrix: ${{ steps.find.outputs.matrix }} - dotnet: ${{ steps.find_dotnet.outputs.dotnet }} - solution: ${{ steps.find_dotnet.outputs.solution }} - - setup_release: - name: Setup Release - if: needs.check_dockerfiles.outputs.dockerfiles - needs: check_dockerfiles - outputs: - publish_release: ${{ steps.setup_release.outputs.publish_release }} - release_body: ${{ steps.setup_release.outputs.release_body }} - release_commit: ${{ steps.setup_release.outputs.release_commit }} - release_generate_release_notes: ${{ steps.setup_release.outputs.release_generate_release_notes }} - release_tag: ${{ steps.setup_release.outputs.release_tag }} - release_version: ${{ steps.setup_release.outputs.release_version }} - permissions: - contents: write # read does not work to check squash and merge details - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Release - id: setup_release - uses: LizardByte/setup-release-action@v2025.612.120948 - with: - dotnet: ${{ needs.check_dockerfiles.outputs.dotnet }} - github_token: ${{ secrets.GH_TOKEN }} docker: name: Docker${{ matrix.tag }} if: needs.check_dockerfiles.outputs.dockerfiles needs: - check_dockerfiles - - setup_release permissions: + contents: read packages: write - contents: write runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: ${{ fromJson(needs.check_dockerfiles.outputs.matrix) }} steps: - name: Maximize build space + if: inputs.maximize_build_space uses: easimon/maximize-build-space@v10 with: root-reserve-mb: 30720 # https://github.com/easimon/maximize-build-space#caveats @@ -168,13 +139,13 @@ jobs: - name: Prepare id: prepare env: - NV: ${{ needs.setup_release.outputs.release_tag }} + NV: ${{ inputs.release_tag }} run: | # get branch name BRANCH=${GITHUB_HEAD_REF} - RELEASE=${{ needs.setup_release.outputs.publish_release }} - COMMIT=${{ needs.setup_release.outputs.release_commit }} + RELEASE=${{ inputs.publish_release }} + COMMIT=${{ inputs.release_commit }} if [ -z "$BRANCH" ]; then echo "This is a PUSH event" @@ -273,108 +244,72 @@ jobs: Docker-buildx${{ matrix.tag }}- - name: Log in to Docker Hub - if: needs.setup_release.outputs.publish_release == 'true' # PRs do not have access to secrets + if: inputs.publish_release == 'true' # PRs do not have access to secrets uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - name: Log in to the Container registry - if: needs.setup_release.outputs.publish_release == 'true' # PRs do not have access to secrets + if: inputs.publish_release == 'true' # PRs do not have access to secrets uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ secrets.GH_BOT_NAME }} password: ${{ secrets.GH_BOT_TOKEN }} - - name: Build artifacts - if: steps.prepare.outputs.artifacts == 'true' - id: build_artifacts - uses: docker/build-push-action@v6 - with: - context: ./ - file: ${{ matrix.dockerfile }} - target: artifacts - outputs: type=local,dest=artifacts - push: false - platforms: ${{ steps.prepare.outputs.platforms }} - build-args: | - BRANCH=${{ steps.prepare.outputs.branch }} - BUILD_DATE=${{ steps.prepare.outputs.build_date }} - BUILD_VERSION=${{ needs.setup_release.outputs.release_tag }} - COMMIT=${{ needs.setup_release.outputs.release_commit }} - CLONE_URL=${{ steps.prepare.outputs.clone_url }} - RELEASE=${{ needs.setup_release.outputs.publish_release }} - tags: ${{ steps.prepare.outputs.tags }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - no-cache-filters: ${{ steps.prepare.outputs.no_cache_filters }} - - name: Build and push id: build uses: docker/build-push-action@v6 with: context: ./ file: ${{ matrix.dockerfile }} - push: ${{ needs.setup_release.outputs.publish_release }} + push: ${{ inputs.publish_release }} platforms: ${{ steps.prepare.outputs.platforms }} build-args: | BRANCH=${{ steps.prepare.outputs.branch }} BUILD_DATE=${{ steps.prepare.outputs.build_date }} - BUILD_VERSION=${{ needs.setup_release.outputs.release_tag }} - COMMIT=${{ needs.setup_release.outputs.release_commit }} + BUILD_VERSION=${{ inputs.release_tag }} + COMMIT=${{ inputs.release_commit }} CLONE_URL=${{ steps.prepare.outputs.clone_url }} - RELEASE=${{ needs.setup_release.outputs.publish_release }} + RELEASE=${{ inputs.publish_release }} tags: ${{ steps.prepare.outputs.tags }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache no-cache-filters: ${{ steps.prepare.outputs.no_cache_filters }} + outputs: ${{ steps.prepare.outputs.artifacts == 'true' && 'type=local,dest=image' || '' }} - name: Arrange Artifacts if: steps.prepare.outputs.artifacts == 'true' - working-directory: artifacts run: | - # debug directory - echo "Current directory: $(pwd)" - echo "Directory contents: $(ls -Ra)" + # create artifacts directory + mkdir -p artifacts # artifacts will be in sub directories named after the docker target platform, e.g. `linux_amd64` # so move files to the artifacts directory # https://unix.stackexchange.com/a/52816 + echo "::group::Moving artifacts" find \ - ./ \ - -maxdepth 2 \ - -mindepth 2 \ - -type f \ - -not -name 'provenance.json' \ - -exec mv -t ./ -n '{}' + - - # remove provenance file - rm -f ./provenance.json + ./image \ + -mindepth 1 \ + -maxdepth 3 \ + -type d \ + -name 'artifacts' \ + -exec bash -c 'cp -rv {}/* ./artifacts/' \; + echo "::endgroup::" + + echo "::group::Artifacts" + ls -la ./artifacts/ + echo "::endgroup::" - name: Upload Artifacts if: steps.prepare.outputs.artifacts == 'true' uses: actions/upload-artifact@v4 with: - name: Docker${{ matrix.tag }} + name: build-Docker${{ matrix.tag }} path: artifacts/ if-no-files-found: error - - name: Create/Update GitHub Release - if: > - needs.setup_release.outputs.publish_release == 'true' && - steps.prepare.outputs.artifacts == 'true' - uses: LizardByte/create-release-action@v2025.612.13419 - with: - allowUpdates: true - artifacts: "*artifacts/*" - body: ${{ needs.setup_release.outputs.release_body }} - generateReleaseNotes: ${{ needs.setup_release.outputs.release_generate_release_notes }} - name: ${{ needs.setup_release.outputs.release_tag }} - prerelease: true - tag: ${{ needs.setup_release.outputs.release_tag }} - token: ${{ secrets.GH_BOT_TOKEN }} - - name: Update Docker Hub Description if: > github.event_name == 'push' && diff --git a/.github/workflows/__global-replicator.yml b/.github/workflows/__global-replicator.yml index 3176ab72..c7e38502 100644 --- a/.github/workflows/__global-replicator.yml +++ b/.github/workflows/__global-replicator.yml @@ -51,6 +51,7 @@ jobs: .codeql-prebuild-cpp-macOS.sh, .github/label-actions.yml, .github/pr_release_template.md, + .github/workflows/_docker.yml, .github/workflows/auto-create-pr.yml, .github/workflows/automerge.yml, .github/workflows/autoupdate.yml, diff --git a/.github/workflows/_docker.yml b/.github/workflows/_docker.yml deleted file mode 100644 index f9cd482f..00000000 --- a/.github/workflows/_docker.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# This workflow is centrally managed in https://github.com/LizardByte/.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -name: Docker -permissions: - contents: write - packages: write - -on: - pull_request: - branches: - - master - types: - - opened - - synchronize - - reopened - push: - branches: - - master - workflow_dispatch: - -concurrency: - group: "${{ github.workflow }}-${{ github.ref }}" - cancel-in-progress: true - -jobs: - call-docker: - name: Docker - uses: LizardByte/.github/.github/workflows/__call-docker.yml@master - if: ${{ github.repository != 'LizardByte/.github' }} - secrets: - DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} - DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} - DOCKER_HUB_ACCESS_TOKEN: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - GH_BOT_NAME: ${{ secrets.GH_BOT_NAME }} - GH_BOT_TOKEN: ${{ secrets.GH_BOT_TOKEN }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}