Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multi arch matrix pipeline #341

Merged
merged 2 commits into from
Jun 20, 2024
Merged

Multi arch matrix pipeline #341

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c1830df
initial stab at multi-arch matrix
alcohol Jun 14, 2024
3db8658
simplify as legacy, lts and latest workflow
alcohol Jun 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
252 changes: 252 additions & 0 deletions .github/workflows/latest.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,252 @@
name: Latest

on:
pull_request:
paths:
- .github/workflows/latest.yaml
- latest/**
push:
branches:
- main
paths:
- .github/workflows/latest.yaml
- latest/**

env:
AWS_REGION: us-east-1
DOCKERHUB_SLUG: composer/composer
ECR_SLUG: public.ecr.aws/u0u1j5s3/composer
GHCR_SLUG: ghcr.io/composer/docker
DIRECTORY: latest

jobs:

prepare:

runs-on: ubuntu-latest

outputs:
full-annotations: ${{ steps.meta-full.outputs.annotations }}
full-labels: ${{ steps.meta-full.outputs.labels }}
full-json: ${{ steps.meta-full.outputs.json }}
bin-annotations: ${{ steps.meta-bin.outputs.annotations }}
bin-labels: ${{ steps.meta-bin.outputs.labels }}
bin-json: ${{ steps.meta-bin.outputs.json }}

steps:

- name: Checkout
uses: actions/checkout@v4

- name: Determine Composer version from Dockerfile
uses: ./.github/actions/determine-composer-version
with:
working-directory: ${{ env.DIRECTORY }}

- name: Docker metadata (full image)
id: meta-full
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKERHUB_SLUG }}
${{ env.ECR_SLUG }}
${{ env.GHCR_SLUG }}
flavor: |
latest=false
tags: |
type=semver,pattern={{version}},value=${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }}
type=semver,pattern={{major}}.{{minor}},value=${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }}
latest
labels: |
org.opencontainers.image.vendor=Composer
org.opencontainers.image.title=Composer
org.opencontainers.image.description=PHP runtime image with Composer

- name: Docker metadata (binary-only image)
id: meta-bin
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKERHUB_SLUG }}
${{ env.ECR_SLUG }}
${{ env.GHCR_SLUG }}
flavor: |
latest=false
suffix=-bin
tags: |
type=semver,pattern={{version}},value=${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }}
type=semver,pattern={{major}}.{{minor}},value=${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }}
latest
labels: |
org.opencontainers.image.vendor=Composer
org.opencontainers.image.title=Composer
org.opencontainers.image.description=Image with Composer binary only

build:

runs-on: ubuntu-latest
timeout-minutes: 20

needs:
- prepare

strategy:
matrix:
platform:
- linux/amd64
- linux/arm/v6
- linux/arm/v7
- linux/arm64/v8
- linux/i386
- linux/ppc64le
- linux/riscv64
- linux/s390x

defaults:
run:
working-directory: ${{ env.DIRECTORY }}

steps:

- name: Checkout
uses: actions/checkout@v4

- name: Prepare
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_SLUG=${platform//\//-}" >> $GITHUB_ENV

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: ${{ matrix.platform }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to Docker Hub
#if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}

- name: Login to Amazon Public ECR
#if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: public.ecr.aws
username: ${{ secrets.AWS_ECR_ACCESS_KEY }}
password: ${{ secrets.AWS_ECR_SECRET_KEY }}

- name: Login to Github Container Registry
#if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build full image
id: build-full
uses: docker/build-push-action@v5
with:
context: ${{ env.DIRECTORY }}
target: binary-with-runtime
annotations: ${{ needs.prepare.outputs.full-annotations }}
platforms: ${{ matrix.platform }}
outputs: type=image,"name=${{ env.DOCKERHUB_SLUG }},${{ env.ECR_SLUG }},${{ env.GHCR_SLUG }}",push-by-digest=true,name-canonical=true,push=true #if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request'

- name: Build binary-only image
id: build-bin
uses: docker/build-push-action@v5
with:
context: ${{ env.DIRECTORY }}
target: standalone-binary
annotations: ${{ needs.prepare.outputs.bin-annotations }}
platforms: ${{ matrix.platform }}
outputs: type=image,"name=${{ env.DOCKERHUB_SLUG }},${{ env.ECR_SLUG }},${{ env.GHCR_SLUG }}",push-by-digest=true,name-canonical=true,push=true #if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request'

- name: Export digests
run: |
mkdir -p /tmp/digests/{full,bin}
digest="${{ steps.build-full.outputs.digest }}"
touch "/tmp/digests/full/${digest#sha256:}"
digest="${{ steps.build-bin.outputs.digest }}"
touch "/tmp/digests/bin/${digest#sha256:}"

- name: Upload digests
uses: actions/upload-artifact@v4
with:
name: digests-${{ env.PLATFORM_SLUG }}
path: |
/tmp/digests/full/*
/tmp/digests/bin/*
if-no-files-found: error
retention-days: 1

merge:

#if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request'

runs-on: ubuntu-latest

needs:
- prepare
- build

steps:

- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}

- name: Login to Amazon Public ECR
uses: docker/login-action@v3
with:
registry: public.ecr.aws
username: ${{ secrets.AWS_ECR_ACCESS_KEY }}
password: ${{ secrets.AWS_ECR_SECRET_KEY }}

- name: Login to Github Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Create manifest list for full image and push
working-directory: /tmp/digests/full
env:
JSON: ${{ needs.prepare.outputs.full-json }}
run: |
docker buildx imagetools create $(jq -cr '.tags | map(select(startswith("${{ env.DOCKERHUB_SLUG }}")) | "--tag " + .) | join(" ")' <<< "$JSON") \
$(printf '${{ env.DOCKERHUB_SLUG }}@sha256:%s ' *)
docker buildx imagetools create $(jq -cr '.tags | map(select(startswith("${{ env.ECR_SLUG }}")) | "--tag " + .) | join(" ")' <<< "$JSON") \
$(printf '${{ env.ECR_SLUG }}@sha256:%s ' *)
docker buildx imagetools create $(jq -cr '.tags | map(select(startswith("${{ env.GHCR_SLUG }}")) | "--tag " + .) | join(" ")' <<< "$JSON") \
$(printf '${{ env.GHCR_SLUG }}@sha256:%s ' *)

- name: Create manifest list for binary-only image and push
working-directory: /tmp/digests/bin
env:
JSON: ${{ needs.prepare.outputs.bin-json }}
run: |
docker buildx imagetools create $(jq -cr '.tags | map(select(startswith("${{ env.DOCKERHUB_SLUG }}")) | "--tag " + .) | join(" ")' <<< "$JSON") \
$(printf '${{ env.DOCKERHUB_SLUG }}@sha256:%s ' *)
docker buildx imagetools create $(jq -cr '.tags | map(select(startswith("${{ env.ECR_SLUG }}")) | "--tag " + .) | join(" ")' <<< "$JSON") \
$(printf '${{ env.ECR_SLUG }}@sha256:%s ' *)
docker buildx imagetools create $(jq -cr '.tags | map(select(startswith("${{ env.GHCR_SLUG }}")) | "--tag " + .) | join(" ")' <<< "$JSON") \
$(printf '${{ env.GHCR_SLUG }}@sha256:%s ' *)
Loading