From a7b8778971723c310276d135530bf9ce7529e453 Mon Sep 17 00:00:00 2001 From: Matt Kilgore Date: Sun, 1 Dec 2024 17:18:27 -0500 Subject: [PATCH 01/12] fix: trying to solve the arm build process issue. --- .github/workflows/docker-publish-arm.yaml | 105 -------------- .../docker-publish-rootless-arm.yaml | 104 -------------- .../workflows/docker-publish-rootless.yaml | 132 ++++++++++++++---- .github/workflows/docker-publish.yaml | 121 +++++++++++++--- 4 files changed, 206 insertions(+), 256 deletions(-) delete mode 100644 .github/workflows/docker-publish-arm.yaml delete mode 100644 .github/workflows/docker-publish-rootless-arm.yaml diff --git a/.github/workflows/docker-publish-arm.yaml b/.github/workflows/docker-publish-arm.yaml deleted file mode 100644 index 0147fa1c..00000000 --- a/.github/workflows/docker-publish-arm.yaml +++ /dev/null @@ -1,105 +0,0 @@ -name: Docker publish ARM - -on: - schedule: - - cron: '00 0 * * *' - push: - branches: [ "main" ] - paths: - - 'backend/**' - - 'frontend/**' - - 'Dockerfile' - - 'Dockerfile.rootless' - - '.dockerignore' - - '.github/workflows' - # Publish semver tags as releases. - tags: [ 'v*.*.*' ] - pull_request: - branches: [ "main" ] - paths: - - 'backend/**' - - 'frontend/**' - - 'Dockerfile' - - 'Dockerfile.rootless' - - '.dockerignore' - - '.github/workflows' - -env: - # Use docker.io for Docker Hub if empty - REGISTRY: ghcr.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }} - -jobs: - build: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - attestations: write - id-token: write - - steps: - # Step 1: Checkout repository - - name: Checkout repository - uses: actions/checkout@v4 - - # Step 2: Set up Buildx without specifying driver - # Let it use default settings to avoid the 'no remote endpoint' issue - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3.0.0 - with: - install: true # Ensure Buildx is installed and set up properly - use: true # Use Buildx instance directly for this job - - # Step 3: Login against Docker registry except on PR - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@v3.0.0 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Step 4: Extract metadata for Docker images - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5.0.0 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=schedule,pattern=nightly - flavor: | - suffix=-arm,onlatest=true - - # Step 5: Build and push the Docker image - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@v5.0.0 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/arm64,linux/arm/v7 - cache-from: type=gha - cache-to: type=gha,mode=max - build-args: | - VERSION=${{ github.ref_name }} - COMMIT=${{ github.sha }} - - # Step 6: Attest built image to prove build provenance - - name: Attest - uses: actions/attest-build-provenance@v1 - id: attest - if: ${{ github.event_name != 'pull_request' }} - with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - subject-digest: ${{ steps.build-and-push.outputs.digest }} - push-to-registry: true diff --git a/.github/workflows/docker-publish-rootless-arm.yaml b/.github/workflows/docker-publish-rootless-arm.yaml deleted file mode 100644 index c40cd55b..00000000 --- a/.github/workflows/docker-publish-rootless-arm.yaml +++ /dev/null @@ -1,104 +0,0 @@ -name: Docker publish rootless ARM - -on: - schedule: - - cron: '00 0 * * *' - push: - branches: [ "main" ] - paths: - - 'backend/**' - - 'frontend/**' - - 'Dockerfile' - - 'Dockerfile.rootless' - - '.dockerignore' - - '.github/workflows' - # Publish semver tags as releases. - tags: [ 'v*.*.*' ] - pull_request: - branches: [ "main" ] - paths: - - 'backend/**' - - 'frontend/**' - - 'Dockerfile' - - 'Dockerfile.rootless' - - '.dockerignore' - - '.github/workflows' - -env: - # Use docker.io for Docker Hub if empty - REGISTRY: ghcr.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }} - -jobs: - build-rootless: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - attestations: write - id-token: write - - steps: - # Step 1: Checkout repository - - name: Checkout repository - uses: actions/checkout@v4 - - # Step 2: Set up Buildx without specifying driver - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3.0.0 - with: - install: true # Ensure Buildx is installed and set up properly - use: true # Use Buildx instance directly for this job - - # Step 3: Login to Docker registry except on PR - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@v3.0.0 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Step 4: Extract metadata for Docker images - - name: Extract Docker metadata - id: metadata - uses: docker/metadata-action@v5.0.0 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=schedule,pattern=nightly - flavor: | - suffix=-rootless-arm,onlatest=true - - # Step 5: Build and push the Docker image - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@v5.0.0 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.metadata.outputs.tags }} - labels: ${{ steps.metadata.outputs.labels }} - platforms: linux/arm64,linux/arm/v7 - cache-from: type=gha - cache-to: type=gha,mode=max - build-args: | - VERSION=${{ github.ref_name }} - COMMIT=${{ github.sha }} - - # Step 6: Attest built image to prove build provenance - - name: Attest - uses: actions/attest-build-provenance@v1 - id: attest - if: ${{ github.event_name != 'pull_request' }} - with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - subject-digest: ${{ steps.build-and-push.outputs.digest }} - push-to-registry: true diff --git a/.github/workflows/docker-publish-rootless.yaml b/.github/workflows/docker-publish-rootless.yaml index f5d022c6..f8853cdd 100644 --- a/.github/workflows/docker-publish-rootless.yaml +++ b/.github/workflows/docker-publish-rootless.yaml @@ -1,4 +1,4 @@ -name: Docker publish rootless +name: Docker publish on: schedule: @@ -24,7 +24,6 @@ on: - '.dockerignore' - '.github/workflows' - env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io @@ -33,9 +32,16 @@ env: jobs: - build-rootless: - + build: runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + - linux/arm/v7 + - linux/arm/v6 permissions: contents: read packages: write @@ -48,6 +54,24 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5.0.0 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=schedule,pattern=nightly + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3.0.0 + # Set up BuildKit Docker container builder to be able to build # multi-platform images and export cache # https://github.com/docker/setup-buildx-action @@ -64,40 +88,37 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: metadata - uses: docker/metadata-action@v5.0.0 # v5.0.0 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=schedule,pattern=nightly - flavor: | - suffix=-rootless,onlatest=true - - # Build and push Docker image with Buildx (don't push on PR) + # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@v5.0.0 # v5.0.0 + uses: docker/build-push-action@v6 # v6 with: - context: . + context: Dockerfile.rootless push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.metadata.outputs.tags }} - labels: ${{ steps.metadata.outputs.labels }} - platforms: linux/amd64 + outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + labels: ${{ steps.meta.outputs.labels }} + platforms: ${{ matrix.platform }} cache-from: type=gha cache-to: type=gha,mode=max build-args: | VERSION=${{ github.ref_name }} COMMIT=${{ github.sha }} + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + - name: Attest uses: actions/attest-build-provenance@v1 id: attest @@ -106,3 +127,60 @@ jobs: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.build-and-push.outputs.digest }} push-to-registry: true + show-summary: 'true' + merge: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + attestations: write + id-token: write + needs: + - build + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@v3.0.0 # v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5.0.0 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=schedule,pattern=nightly + + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml index ab226bdb..fdb12e77 100644 --- a/.github/workflows/docker-publish.yaml +++ b/.github/workflows/docker-publish.yaml @@ -33,8 +33,15 @@ env: jobs: build: - runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + - linux/arm/v7 + - linux/arm/v6 permissions: contents: read packages: write @@ -47,6 +54,24 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5.0.0 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=schedule,pattern=nightly + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3.0.0 + # Set up BuildKit Docker container builder to be able to build # multi-platform images and export cache # https://github.com/docker/setup-buildx-action @@ -63,38 +88,37 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5.0.0 # v5.0.0 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=schedule,pattern=nightly - # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@v5.0.0 # v5.0.0 + uses: docker/build-push-action@v6 # v6 with: context: . push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} + outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64 + platforms: ${{ matrix.platform }} cache-from: type=gha cache-to: type=gha,mode=max build-args: | VERSION=${{ github.ref_name }} COMMIT=${{ github.sha }} - + + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + - name: Attest uses: actions/attest-build-provenance@v1 id: attest @@ -103,3 +127,60 @@ jobs: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.build-and-push.outputs.digest }} push-to-registry: true + show-summary: 'true' + merge: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + attestations: write + id-token: write + needs: + - build + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@v3.0.0 # v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5.0.0 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=schedule,pattern=nightly + + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} From 6c97dc0495330c5877a6b04e82d30fd6ed4d4b45 Mon Sep 17 00:00:00 2001 From: Matt Kilgore Date: Sun, 1 Dec 2024 17:22:07 -0500 Subject: [PATCH 02/12] fix: action name for rootless --- .github/workflows/docker-publish-rootless.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish-rootless.yaml b/.github/workflows/docker-publish-rootless.yaml index f8853cdd..496dcfd0 100644 --- a/.github/workflows/docker-publish-rootless.yaml +++ b/.github/workflows/docker-publish-rootless.yaml @@ -1,4 +1,4 @@ -name: Docker publish +name: Docker publish rootless on: schedule: From b59b666a57dc0e5587b5db5e9300accb8f0d0c97 Mon Sep 17 00:00:00 2001 From: Matt Kilgore Date: Sun, 1 Dec 2024 17:26:10 -0500 Subject: [PATCH 03/12] fix: not building PRs that change github workflows --- .github/workflows/docker-publish-rootless.yaml | 4 ++-- .github/workflows/docker-publish.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-publish-rootless.yaml b/.github/workflows/docker-publish-rootless.yaml index 496dcfd0..67f2ec29 100644 --- a/.github/workflows/docker-publish-rootless.yaml +++ b/.github/workflows/docker-publish-rootless.yaml @@ -11,7 +11,7 @@ on: - 'Dockerfile' - 'Dockerfile.rootless' - '.dockerignore' - - '.github/workflows' + - '.github/workflows/**' # Publish semver tags as releases. tags: [ 'v*.*.*' ] pull_request: @@ -22,7 +22,7 @@ on: - 'Dockerfile' - 'Dockerfile.rootless' - '.dockerignore' - - '.github/workflows' + - '.github/workflows/**' env: # Use docker.io for Docker Hub if empty diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml index fdb12e77..b56770da 100644 --- a/.github/workflows/docker-publish.yaml +++ b/.github/workflows/docker-publish.yaml @@ -11,7 +11,7 @@ on: - 'Dockerfile' - 'Dockerfile.rootless' - '.dockerignore' - - '.github/workflows' + - '.github/workflows/**' # Publish semver tags as releases. tags: [ 'v*.*.*' ] pull_request: @@ -22,7 +22,7 @@ on: - 'Dockerfile' - 'Dockerfile.rootless' - '.dockerignore' - - '.github/workflows' + - '.github/workflows/**' env: # Use docker.io for Docker Hub if empty From 3e7318f7dc4555809c582ac2bc72f62f75221b93 Mon Sep 17 00:00:00 2001 From: Matt Kilgore Date: Sun, 1 Dec 2024 17:36:25 -0500 Subject: [PATCH 04/12] fix: trying a thing --- .github/workflows/docker-publish-rootless.yaml | 15 +++++---------- .github/workflows/docker-publish.yaml | 15 +++++---------- 2 files changed, 10 insertions(+), 20 deletions(-) diff --git a/.github/workflows/docker-publish-rootless.yaml b/.github/workflows/docker-publish-rootless.yaml index 67f2ec29..7759d09c 100644 --- a/.github/workflows/docker-publish-rootless.yaml +++ b/.github/workflows/docker-publish-rootless.yaml @@ -51,6 +51,11 @@ jobs: id-token: write steps: + - name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Checkout repository uses: actions/checkout@v4 @@ -61,13 +66,6 @@ jobs: uses: docker/metadata-action@v5.0.0 # v5.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=schedule,pattern=nightly - name: Set up QEMU uses: docker/setup-qemu-action@v3.0.0 @@ -95,12 +93,9 @@ jobs: uses: docker/build-push-action@v6 # v6 with: context: Dockerfile.rootless - push: ${{ github.event_name != 'pull_request' }} outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true labels: ${{ steps.meta.outputs.labels }} platforms: ${{ matrix.platform }} - cache-from: type=gha - cache-to: type=gha,mode=max build-args: | VERSION=${{ github.ref_name }} COMMIT=${{ github.sha }} diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml index b56770da..5d92f7e5 100644 --- a/.github/workflows/docker-publish.yaml +++ b/.github/workflows/docker-publish.yaml @@ -51,6 +51,11 @@ jobs: id-token: write steps: + - name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Checkout repository uses: actions/checkout@v4 @@ -61,13 +66,6 @@ jobs: uses: docker/metadata-action@v5.0.0 # v5.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=schedule,pattern=nightly - name: Set up QEMU uses: docker/setup-qemu-action@v3.0.0 @@ -95,12 +93,9 @@ jobs: uses: docker/build-push-action@v6 # v6 with: context: . - push: ${{ github.event_name != 'pull_request' }} outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true labels: ${{ steps.meta.outputs.labels }} platforms: ${{ matrix.platform }} - cache-from: type=gha - cache-to: type=gha,mode=max build-args: | VERSION=${{ github.ref_name }} COMMIT=${{ github.sha }} From 2526f7fe801b478f3cc273ea0946212967fbd2c4 Mon Sep 17 00:00:00 2001 From: Matt Kilgore Date: Sun, 1 Dec 2024 22:04:11 -0500 Subject: [PATCH 05/12] fix: only support the original matrix from initial release --- .github/workflows/docker-publish-rootless.yaml | 1 - .github/workflows/docker-publish.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/workflows/docker-publish-rootless.yaml b/.github/workflows/docker-publish-rootless.yaml index 7759d09c..1acb75e2 100644 --- a/.github/workflows/docker-publish-rootless.yaml +++ b/.github/workflows/docker-publish-rootless.yaml @@ -41,7 +41,6 @@ jobs: - linux/amd64 - linux/arm64 - linux/arm/v7 - - linux/arm/v6 permissions: contents: read packages: write diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml index 5d92f7e5..4d26c44e 100644 --- a/.github/workflows/docker-publish.yaml +++ b/.github/workflows/docker-publish.yaml @@ -41,7 +41,6 @@ jobs: - linux/amd64 - linux/arm64 - linux/arm/v7 - - linux/arm/v6 permissions: contents: read packages: write From 0841803824b4859b8c5d59dffe92654ad7226ece Mon Sep 17 00:00:00 2001 From: Matt Kilgore Date: Sun, 1 Dec 2024 22:15:20 -0500 Subject: [PATCH 06/12] feat: Add automated docker image cleanup --- .github/workflows/ghcr-cleanup.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/ghcr-cleanup.yaml diff --git a/.github/workflows/ghcr-cleanup.yaml b/.github/workflows/ghcr-cleanup.yaml new file mode 100644 index 00000000..f32e852f --- /dev/null +++ b/.github/workflows/ghcr-cleanup.yaml @@ -0,0 +1,22 @@ +name: GHCR.IO Cleanup + +on: + schedule: + - cron: '00 0 * * *' + +jobs: + cleanup: + runs-on: ubuntu-latest + permissions: + packages: write + concurrency: + group: cleanup-images + steps: + - name: Cleanup + uses: dataaxiom/ghcr-cleanup-action@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.repository }} + delete-ghost-images: true + delete-untagged: true + older-than: 30d \ No newline at end of file From 146bd6ded30b4dfbb600210a43e05961acfeaea0 Mon Sep 17 00:00:00 2001 From: Matt Kilgore Date: Mon, 2 Dec 2024 14:07:38 -0500 Subject: [PATCH 07/12] fix: lets try this with some tags set and see what happens. --- .github/workflows/docker-publish-rootless.yaml | 4 ++++ .github/workflows/docker-publish.yaml | 2 ++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/docker-publish-rootless.yaml b/.github/workflows/docker-publish-rootless.yaml index 1acb75e2..6f1cce35 100644 --- a/.github/workflows/docker-publish-rootless.yaml +++ b/.github/workflows/docker-publish-rootless.yaml @@ -65,6 +65,8 @@ jobs: uses: docker/metadata-action@v5.0.0 # v5.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch - name: Set up QEMU uses: docker/setup-qemu-action@v3.0.0 @@ -91,8 +93,10 @@ jobs: id: build-and-push uses: docker/build-push-action@v6 # v6 with: + push: ${{ github.event_name != 'pull_request' }} context: Dockerfile.rootless outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} platforms: ${{ matrix.platform }} build-args: | diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml index 4d26c44e..23ae87a0 100644 --- a/.github/workflows/docker-publish.yaml +++ b/.github/workflows/docker-publish.yaml @@ -65,6 +65,8 @@ jobs: uses: docker/metadata-action@v5.0.0 # v5.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch - name: Set up QEMU uses: docker/setup-qemu-action@v3.0.0 From 25ef9d7b1f0c9bcf1bfb997833c9be43916cc18e Mon Sep 17 00:00:00 2001 From: Matt Kilgore Date: Mon, 2 Dec 2024 14:13:39 -0500 Subject: [PATCH 08/12] fix: try some slightly different tagging --- .github/workflows/docker-publish-rootless.yaml | 1 + .github/workflows/docker-publish.yaml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/.github/workflows/docker-publish-rootless.yaml b/.github/workflows/docker-publish-rootless.yaml index 6f1cce35..04f6988b 100644 --- a/.github/workflows/docker-publish-rootless.yaml +++ b/.github/workflows/docker-publish-rootless.yaml @@ -67,6 +67,7 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=branch + type=ref,event=pr - name: Set up QEMU uses: docker/setup-qemu-action@v3.0.0 diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml index 23ae87a0..d1213706 100644 --- a/.github/workflows/docker-publish.yaml +++ b/.github/workflows/docker-publish.yaml @@ -67,6 +67,7 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=branch + type=ref,event=pr - name: Set up QEMU uses: docker/setup-qemu-action@v3.0.0 @@ -95,6 +96,7 @@ jobs: with: context: . outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} platforms: ${{ matrix.platform }} build-args: | From 5c0f284750eba5a2921f8690f48bc10cfb4e220c Mon Sep 17 00:00:00 2001 From: Matt Kilgore Date: Mon, 2 Dec 2024 14:22:56 -0500 Subject: [PATCH 09/12] chore: put the caching back --- .github/workflows/docker-publish-rootless.yaml | 6 +++++- .github/workflows/docker-publish.yaml | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish-rootless.yaml b/.github/workflows/docker-publish-rootless.yaml index 04f6988b..27fe0bbe 100644 --- a/.github/workflows/docker-publish-rootless.yaml +++ b/.github/workflows/docker-publish-rootless.yaml @@ -95,11 +95,13 @@ jobs: uses: docker/build-push-action@v6 # v6 with: push: ${{ github.event_name != 'pull_request' }} - context: Dockerfile.rootless + context: . outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} platforms: ${{ matrix.platform }} + cache-from: type=gha + cache-to: type=gha,mode=max build-args: | VERSION=${{ github.ref_name }} COMMIT=${{ github.sha }} @@ -173,6 +175,8 @@ jobs: type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=schedule,pattern=nightly + flavor: | + suffix=-rootless,onlatest=true - name: Create manifest list and push working-directory: /tmp/digests diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml index d1213706..08bbfbb2 100644 --- a/.github/workflows/docker-publish.yaml +++ b/.github/workflows/docker-publish.yaml @@ -99,6 +99,8 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} platforms: ${{ matrix.platform }} + cache-from: type=gha + cache-to: type=gha,mode=max build-args: | VERSION=${{ github.ref_name }} COMMIT=${{ github.sha }} From cca5128db0e5643d60629ce82427328975a11bd1 Mon Sep 17 00:00:00 2001 From: Matt Kilgore Date: Mon, 2 Dec 2024 14:28:53 -0500 Subject: [PATCH 10/12] fix: tags should be right now? https://github.com/docker/build-push-action/discussions/1213#discussioncomment-10414120 --- .github/workflows/docker-publish-rootless.yaml | 2 +- .github/workflows/docker-publish.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-publish-rootless.yaml b/.github/workflows/docker-publish-rootless.yaml index 27fe0bbe..00d209cd 100644 --- a/.github/workflows/docker-publish-rootless.yaml +++ b/.github/workflows/docker-publish-rootless.yaml @@ -97,7 +97,7 @@ jobs: push: ${{ github.event_name != 'pull_request' }} context: . outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true - tags: ${{ steps.meta.outputs.tags }} + tags: ghcr.io/${{ github.repository }} labels: ${{ steps.meta.outputs.labels }} platforms: ${{ matrix.platform }} cache-from: type=gha diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml index 08bbfbb2..af39d4c6 100644 --- a/.github/workflows/docker-publish.yaml +++ b/.github/workflows/docker-publish.yaml @@ -96,14 +96,14 @@ jobs: with: context: . outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true - tags: ${{ steps.meta.outputs.tags }} + tags: ghcr.io/${{ github.repository }} labels: ${{ steps.meta.outputs.labels }} platforms: ${{ matrix.platform }} cache-from: type=gha cache-to: type=gha,mode=max build-args: | VERSION=${{ github.ref_name }} - COMMIT=${{ github.sha }} + COMMIT=${{ github.sha }} - name: Export digest run: | From 8849b1754f5189006daf51b9b2e8397085ba2bae Mon Sep 17 00:00:00 2001 From: Matt Kilgore Date: Mon, 2 Dec 2024 16:23:33 -0500 Subject: [PATCH 11/12] fix: Try this without limiting to only non-PRs --- .github/workflows/docker-publish-rootless.yaml | 4 ---- .github/workflows/docker-publish.yaml | 3 --- 2 files changed, 7 deletions(-) diff --git a/.github/workflows/docker-publish-rootless.yaml b/.github/workflows/docker-publish-rootless.yaml index 00d209cd..bb1cbea0 100644 --- a/.github/workflows/docker-publish-rootless.yaml +++ b/.github/workflows/docker-publish-rootless.yaml @@ -81,7 +81,6 @@ jobs: # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' uses: docker/login-action@v3.0.0 # v3.0.0 with: registry: ${{ env.REGISTRY }} @@ -94,7 +93,6 @@ jobs: id: build-and-push uses: docker/build-push-action@v6 # v6 with: - push: ${{ github.event_name != 'pull_request' }} context: . outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true tags: ghcr.io/${{ github.repository }} @@ -123,7 +121,6 @@ jobs: - name: Attest uses: actions/attest-build-provenance@v1 id: attest - if: ${{ github.event_name != 'pull_request' }} with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.build-and-push.outputs.digest }} @@ -154,7 +151,6 @@ jobs: # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' uses: docker/login-action@v3.0.0 # v3.0.0 with: registry: ${{ env.REGISTRY }} diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml index af39d4c6..5eb0e66e 100644 --- a/.github/workflows/docker-publish.yaml +++ b/.github/workflows/docker-publish.yaml @@ -81,7 +81,6 @@ jobs: # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' uses: docker/login-action@v3.0.0 # v3.0.0 with: registry: ${{ env.REGISTRY }} @@ -122,7 +121,6 @@ jobs: - name: Attest uses: actions/attest-build-provenance@v1 id: attest - if: ${{ github.event_name != 'pull_request' }} with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.build-and-push.outputs.digest }} @@ -153,7 +151,6 @@ jobs: # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' uses: docker/login-action@v3.0.0 # v3.0.0 with: registry: ${{ env.REGISTRY }} From 4f19ecfa0080f2c64444b728231546fba7ad40c3 Mon Sep 17 00:00:00 2001 From: Matt Kilgore Date: Mon, 2 Dec 2024 16:40:22 -0500 Subject: [PATCH 12/12] fix: Stupid oversight --- .github/workflows/docker-publish-rootless.yaml | 2 +- .github/workflows/docker-publish.yaml | 2 +- Dockerfile | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/docker-publish-rootless.yaml b/.github/workflows/docker-publish-rootless.yaml index bb1cbea0..9d6bb175 100644 --- a/.github/workflows/docker-publish-rootless.yaml +++ b/.github/workflows/docker-publish-rootless.yaml @@ -107,7 +107,7 @@ jobs: - name: Export digest run: | mkdir -p /tmp/digests - digest="${{ steps.build.outputs.digest }}" + digest="${{ steps.build-and-push.outputs.digest }}" touch "/tmp/digests/${digest#sha256:}" - name: Upload digest diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml index 5eb0e66e..ecf28e5d 100644 --- a/.github/workflows/docker-publish.yaml +++ b/.github/workflows/docker-publish.yaml @@ -107,7 +107,7 @@ jobs: - name: Export digest run: | mkdir -p /tmp/digests - digest="${{ steps.build.outputs.digest }}" + digest="${{ steps.build-and-push.outputs.digest }}" touch "/tmp/digests/${digest#sha256:}" - name: Upload digest diff --git a/Dockerfile b/Dockerfile index 878a1231..f77f277a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Node dependencies stage -FROM --platform=$TARGETPLATFORM node:18-alpine AS frontend-dependencies +FROM node:18-alpine AS frontend-dependencies WORKDIR /app # Install pnpm globally (caching layer) @@ -10,7 +10,7 @@ COPY frontend/package.json frontend/pnpm-lock.yaml ./ RUN pnpm install --frozen-lockfile --shamefully-hoist # Build Nuxt (frontend) stage -FROM --platform=$TARGETPLATFORM node:18-alpine AS frontend-builder +FROM node:18-alpine AS frontend-builder WORKDIR /app # Install pnpm globally again (it can reuse the cache if not changed) @@ -22,7 +22,7 @@ COPY --from=frontend-dependencies /app/node_modules ./node_modules RUN pnpm build # Go dependencies stage -FROM --platform=$TARGETPLATFORM golang:alpine AS builder-dependencies +FROM golang:alpine AS builder-dependencies WORKDIR /go/src/app # Copy go.mod and go.sum for better caching @@ -30,7 +30,7 @@ COPY ./backend/go.mod ./backend/go.sum ./ RUN go mod download # Build API stage -FROM --platform=$TARGETPLATFORM golang:alpine AS builder +FROM golang:alpine AS builder ARG BUILD_TIME ARG COMMIT ARG VERSION @@ -58,7 +58,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \ -v ./app/api/*.go # Production stage -FROM --platform=$TARGETPLATFORM alpine:latest +FROM alpine:latest ENV HBOX_MODE=production ENV HBOX_STORAGE_DATA=/data/ ENV HBOX_STORAGE_SQLITE_URL=/data/homebox.db?_pragma=busy_timeout=2000&_pragma=journal_mode=WAL&_fk=1