Set up nightly GHA builds after fork syncs

N4Y-docker · May 20, 2024 · c2c8908 · c2c8908
1 parent 9231a43
commit c2c8908
Show file tree

Hide file tree

Showing 2 changed files with 198 additions and 0 deletions.
diff --git a/.github/workflows/ghcr-image-main-fork.yml b/.github/workflows/ghcr-image-main-fork.yml
@@ -0,0 +1,188 @@
+name: ghcr-image-main
+
+on:
+ push:
+ branches:
+ - main
+ workflow_dispatch:
+
+env:
+ REGISTRY: ghcr.io
+ IMAGE_NAME: ${{ github.repository }}
+ IMAGE_TAG: nightly
+
+jobs:
+ meta:
+ runs-on: ubuntu-latest
+ timeout-minutes: 5
+
+ outputs:
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}
+ annotations: ${{ steps.meta.outputs.annotations }}
+ json: ${{ steps.meta.outputs.json }}
+ image-name: ${{ steps.custom-meta.outputs.image-name }}
+
+ steps:
+ - name: Checkout current fork HEAD
+ uses: actions/[email protected]
+ with:
+ fetch-depth: 0
+ show-progress: false
+
+ - name: Set up upstream git remote
+ run: |
+ upstream="$(gh repo view "${{ github.repository }}" --json parent --jq '.parent.owner.login + "/" + .parent.name')"
+ echo "upstream=$upstream"
+ git remote add upstream "https://github.com/$upstream.git"
+ git fetch upstream "${{ github.event.repository.default_branch }}"
+ env:
+ GH_TOKEN: ${{ github.token }}
+
+ - name: Determine number of commits on top of upstream
+ id: check-extra-commits
+ run: |
+ commit_count="$(git rev-list --count "upstream/${{ github.event.repository.default_branch }}..$GITHUB_REF_NAME")"
+ echo "commit-count=$commit_count" | tee -a "$GITHUB_OUTPUT"
+
+ - name: Discard our commits
+ run: |
+ git reset --hard "HEAD~${{ steps.check-extra-commits.outputs.commit-count }}"
+
+ - name: Docker meta
+ id: meta
+ uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+ with:
+ context: git
+ images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+ tags: |
+ type=raw,value=${{ env.IMAGE_TAG }}
+ type=sha,format=long,priority=899
+ type=sha,format=short
+
+ - name: Extract image name
+ id: custom-meta
+ run: |
+ echo "image-name=${DOCKER_TAG%%:*}" | tee -a $GITHUB_OUTPUT
+ env:
+ DOCKER_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
+
+ build:
+ runs-on: ubuntu-latest
+ timeout-minutes: 15
+
+ needs:
+ - meta
+
+ strategy:
+ fail-fast: false
+ matrix:
+ platform:
+ - linux/amd64
+ - linux/arm64
+
+ env:
+ REGISTRY_IMAGE: ${{ needs.meta.outputs.image-name }}
+
+ steps:
+ - name: Prepare
+ id: meta
+ run: |
+ platform=${{ matrix.platform }}
+ echo "platform-pair=${platform//\//-}" | tee -a "$GITHUB_OUTPUT"
+
+ - name: Set up QEMU
+ uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+ with:
+ platforms: arm64
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+
+ - name: Log in to GHCR
+ uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.1.0
+ with:
+ registry: ${{ env.REGISTRY }}
+ username: ${{ github.repository_owner }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ # We can't build directly from git, as that will prevent .git from being available during the build process.
+ # lemmy-ui's Dockerfile requires the .git folder to set the version.
+ - name: Checkout git repository
+ uses: actions/[email protected]
+ with:
+ fetch-depth: 0
+ show-progress: false
+ submodules: recursive
+
+ - name: Build Docker image
+ id: build
+ uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.3.0
+ with:
+ context: .
+ platforms: ${{ matrix.platform }}
+ labels: ${{ needs.meta.outputs.labels }}
+ annotations: ${{ needs.meta.outputs.annotations }}
+ outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
+ cache-from: type=gha
+ cache-to: type=gha,mode=max
+ env:
+ SOURCE_DATE_EPOCH: 0
+
+ - name: Export image digest
+ run: |
+ mkdir -p /tmp/digests
+ digest="${{ steps.build.outputs.digest }}"
+ touch "/tmp/digests/${digest#sha256:}"
+
+ - name: Upload digest
+ uses: actions/[email protected]
+ with:
+ name: digests-${{ steps.meta.outputs.platform-pair }}
+ path: /tmp/digests/*
+ if-no-files-found: error
+ retention-days: 1
+
+ merge:
+ runs-on: ubuntu-latest
+ timeout-minutes: 5
+
+ needs:
+ - meta
+ - build
+
+ permissions:
+ contents: read
+ packages: write
+
+ env:
+ REGISTRY_IMAGE: ${{ needs.meta.outputs.image-name }}
+
+ steps:
+ - name: Download digests
+ uses: actions/[email protected]
+ with:
+ path: /tmp/digests
+ pattern: digests-*
+ merge-multiple: true
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+
+ - name: Log in to GHCR
+ uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.1.0
+ with:
+ registry: ${{ env.REGISTRY }}
+ username: ${{ github.repository_owner }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Create manifest list and push
+ working-directory: /tmp/digests
+ run: |
+ docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+ $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
+ env:
+ DOCKER_METADATA_OUTPUT_JSON: ${{ needs.meta.outputs.json }}
+
+ - name: Inspect image
+ run: |
+ docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}
diff --git a/.github/workflows/sync-fork.yml b/.github/workflows/sync-fork.yml
@@ -11,6 +11,7 @@ jobs:
 
  permissions:
  contents: write
+ actions: write
 
  timeout-minutes: 5
 
@@ -46,3 +47,12 @@ jobs:
  git push --force
  if: >-
  fromJSON(steps.check-missing-commits.outputs.commit-count) > 0
+
+ # GitHub doesn't trigger push events when commits are pushed with github.token
+ - name: Trigger builds
+ uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3
+ with:
+ ref: ${{ github.event.repository.default_branch }}
+ workflow: ghcr-image-main-fork.yml
+ if: >-
+ fromJSON(steps.check-missing-commits.outputs.commit-count) > 0